Cyber Physical Systems – Situation Analysis - Energetics Meetings ...

Cyber Physical Systems – Situation AnalysisDRAFT – March 9, 2012lies a vast array of competences (procedures, software, firmware) that facilitate the analysis. At the sametime, these procedures and data structures become indispensible tools in the evaluation of CPS.Verification, Validation, and CertificationVerification, validation, and certification is a primary problem for future transportation CPS. Currentmethods and techniques for verification and validation are challenged by the scale of emerging systems,greater demand for advanced capabilities, and the combination of discrete and continuous aspects in CPS.Aerospace systems are becoming more software intensive, and the size of software is increasingexponentially, reaching 100 million and likely to exceed one billion lines of code. There is a similar trendin the automotive field. As the level of software increases, so does the cost of verification and validation.As a result, software verification is becoming one of the leading components of system cost. 252As systems become more integrated, verification and validation will become an even larger challenge.Scalability is also an issue when verification and validation must be applied to larger systems of systems,as the components and interactions increase and become more complex. The challenge is to ensure thevehicle will operate correctly before it is physically tested. 253 Verification and validation techniques thatapply to both humans and the environment they interact with must be developed. Future transportationCPS will be evolutionary, and software changes could occur often. This will necessitate the ability tointegrate or replace new subsystems and technologies without having to recertify the entire system toavoid repeating high costs. 254Shared Resources/Mixed CriticalityAs transportation CPS become more complex, it will be necessary for the system to assess criticality. Thismeans, for example, not allowing a lower criticality process (e.g., passenger entertainment) to inhibit ahigher criticality process (e.g., flight control communications). Systems that are mixed-criticalitytypically comprise hardware, operating system, middleware services, and application software all on asingle computing platform. In this arrangement, system safety-critical and non-safety-critical data coexiston a shared network.As vehicles and infrastructure age, ideally they would be easily upgraded tocompensate for changes in criticality or function. Many of these systems rely on human decisions, whichare informed by data from the computing and communication components of the vehicles. Automatedvehicles also make functional decisions based upon this data, often located on the same processor. Thus afailure in the onboard reasoning or high-processing capability could damage the vehicle or surroundings.New system development approaches are needed for mixed criticality CPS in which less-tested, lowercriticalitycode can safely exist on the same processor as the more safety-critical, well-tested code. 255ModelingCPS are incredibly complex, making it difficult to create formal models. CPS are high-dimensional, spanmultiple time scales, are dynamic, and can reconfigure to adapt to certain situations. They are alsocomposed of multiple entities including humans. Transportation sectors are migrating toward the use ofmodel-based development that relies on sophisticated tool chains to automate the development process.Because most existing model-based development approaches focus on specific aspects, such as controlmodels or component connection models, there is a need to develop approaches that take multiple system252 Winter. ―CPS in Aerospace.‖253 Poovendran et al. ―2008 HCTCPS Workshop Report.‖254 Feron and Balakrishnan. ―CPS and NextGen.‖255 Poovendran et al. ―2008 HCTCPS Workshop Report.‖51