Upload
others
View
2
Download
0
Embed Size (px)
Citation preview
Institute for Software Integrated SystemsVanderbilt University
MODEL-INTEGRATED DESIGN IN SOFTWARE, SYSTEMS AND CONTROL
ENGINEERING
Janos SztipanovitsISIS, Vanderbilt University
ISIS
Established by the School ofEstablished by the School of Engineering of Vanderbilt University in 1998 A d i / f i l hAcademic/professional researchorganization Personnel:
- 38 Research Scientists & Staff Engineers
- 7 Faculty (EECS)7 Faculty (EECS)- 6 Admin Staff- 50+ Graduate students
2
Overview
Cyber-Physical Systems (CPS)Model-Based DesignModel-Based Design
Structural SemanticsBehavioral Semantics
ConvergenceTowards Agile Design Automationg gTowards Composition in Heterogeneous SystemsExamples
Summary
Overview
Cyber-Physical Systems (CPS)Model-Based DesignModel-Based Design
Structural SemanticsBehavioral Semantics
ConvergenceTowards Agile Design Automationg gTowards Composition in Heterogeneous SystemsExamples
Summary
Trends in Systems IndustrySectors Opportunities
Aircraft that fly faster and further on less energy. Air traffic control systems that make more efficient se of
Transportationthat make more efficient use of airspace.Automobiles that are more capable and safer but use less energy.
More capable defense systems; defense systems that make better use of networked fleets of autonomousDefense of networked fleets of autonomous vehicles.
New and renewable energy sourcesBoston Dynamics: BigDog
Energy and Industrial
A t ti
New and renewable energy sources. Homes, office, buildings and vehicles that are more energy efficient and cheaper to operate.
Automation
What Are the Drivers of These Trends?
Networking and Information Technology (NIT) h b i i l d i lhave been increasingly used as universal system integrator in human – scale and societal – scale systemssystemsFunctionality and salient system characteristics emerge through the interaction of networkedemerge through the interaction of networked physical and computational objectsEngineered products turn into Cyber-PhysicalEngineered products turn into Cyber Physical Systems (CPS): networked interaction of physical and computational processes
Why Is CPS Significant?
The share of value of embedded computing components in p g pdifferent industries:
2003 2009
Automotive and airspace systems 52% 56%Aerospace 52% 54%Health/Medical equipment 50% 52%I d t i l t ti 43% 48%Industrial automation 43% 48%Telecommunications 56% 58%Consumer electronics and Intelligent Homes 60% 62%Intelligent Homes 60% 62%
Source: “Study of Worldwide Trends and R&D Programmes in Embedded Systems in View of Maximising the
7
Impact of a Technology Platform in the Area” EU Commission, 2005
Why is CPS Hard?
Control SystemsSoftwareNetwork
package org.apache.tomcat.session;
import org.apache.tomcat.core.*;import org.apache.tomcat.util.StringManager;
import java.io.*;import java.net.*;import java.util.*;
import javax.servlet.*;import javax.servlet.http.*;
/*** Core implementation of a server session
** @author James Duncan Davidson [[email protected]]
* @author James Todd [[email protected]]*/
public class ServerSession {
private StringManager sm =StringManager.getManager("org.apache.tomcat.session");
private Hashtable values = new Hashtable();private Hashtable appSessions = new Hashtable();
private String id;private long creationTime = System.currentTimeMillis();;
private long thisAccessTime = creationTime;private long lastAccessed = creationTime;
private int inactiveInterval = -1;
ServerSession(String id) {this.id = id;
}
public String getId() {return id;
}
public long getCreationTime() {return creationTime;
}
public long getLastAccessedTime() {return lastAccessed;
}
public ApplicationSession getApplicationSession(Context context,boolean create) {
ApplicationSession appSession =(ApplicationSession)appSessions.get(context);
if (appSession == null && create) {
// XXX// sync to ensure valid?
appSession = new ApplicationSession(id, this, context);appSessions.put(context, appSession);
}
// XXX// make sure that we haven't gone over the end of our// inactive interval -- if so, invalidate and create
// a new appSession
return appSession;}
void removeApplicationSession(Context context) {appSessions.remove(context);
}
/*** Called by context when request comes in so that accesses and
* inactivities can be dealt with accordingly.*/
void accessed() {// set last accessed to thisAccessTime as it will be left over
// from the previous access
lastAccessed = thisAccessTime;thisAccessTime = System currentTimeMillis();thisAccessTime = System.currentTimeMillis();
}
void validate()
Crosses Interdisciplinary Boundaries
• Disciplinary boundaries need to be realigned• New fundamentals need to be created• New technologies and tools need to be developed
8
New technologies and tools need to be developed• Education need to be restructured
Foundation for Convergence: Model-Based Design
Control SystemsSoftwareNetwork
package org.apache.tomcat.session;
import org.apache.tomcat.core.*;import org.apache.tomcat.util.StringManager;
import java.io.*;import java.net.*;import java.util.*;
import javax.servlet.*;import javax.servlet.http.*;
/*** Core implementation of a server session
** @author James Duncan Davidson [[email protected]]
* @author James Todd [[email protected]]*/
public class ServerSession {
private StringManager sm =StringManager.getManager("org.apache.tomcat.session");
private Hashtable values = new Hashtable();private Hashtable appSessions = new Hashtable();
private String id;private long creationTime = System.currentTimeMillis();;
private long thisAccessTime = creationTime;private long lastAccessed = creationTime;
private int inactiveInterval = -1;
ServerSession(String id) {this.id = id;
}
public String getId() {return id;
}
public long getCreationTime() {return creationTime;
}
public long getLastAccessedTime() {return lastAccessed;
}
public ApplicationSession getApplicationSession(Context context,boolean create) {
ApplicationSession appSession =(ApplicationSession)appSessions.get(context);
if (appSession == null && create) {
// XXX// sync to ensure valid?
appSession = new ApplicationSession(id, this, context);appSessions.put(context, appSession);
}
// XXX// make sure that we haven't gone over the end of our// inactive interval -- if so, invalidate and create
// a new appSession
return appSession;}
void removeApplicationSession(Context context) {appSessions.remove(context);
}
/*** Called by context when request comes in so that accesses and
* inactivities can be dealt with accordingly.*/
void accessed() {// set last accessed to thisAccessTime as it will be left over
// from the previous access
lastAccessed = thisAccessTime;thisAccessTime = System currentTimeMillis();thisAccessTime = System.currentTimeMillis();
}
void validate()
Modeling LayerS t E i i M d l b d d i h b th t t f ti• Systems Engineering: Model-based design has been the state of practice
• Control Engineering: Wide acceptance (MathWorks Simulink/StateFlow)• Software Engineering: Increasing acceptance due to OMG’s MDA push and
wider availability of tool suites
9
wider availability of tool suites• Network Engineering: modeling networks in abstraction layers (TCP/IP),
research linking structural and behavioral properties
Overview
Cyber-Physical Systems (CPS)Model-Based DesignModel-Based Design
Structural SemanticsBehavioral Semantics
ConvergenceTowards Agile Design Automationg gTowards Composition in Heterogeneous SystemsExamples
Summary
Define Domain-Specific Modeling Languages
Key Concept: Modeling languages define a set of well- formed models and their interpretations. The interpretations are mappings from one domain to another domain.
Abstract syntax of DSML-s are defined b d l by metamodels.
Basic metamodeling notation: UML Class Diagram + OCL
OCL Constraints:self.transTo->forAll(s | s <> self)
A metamodeling language is one of the DSML-s: the the DSML s: the same tool can be used for modeling and metamodeling.
Model-editor generated from metamodelMetaGME metamodel of simple statecharts
Use Precise Structural Semantics…
Key Concept: DSML syntax is understood as a constraint system that identifies behaviorally meaningful models. Structural semantics provides mathematical formalism
[ ]( )( ) { }
[ ]||,
,,,
Y
JiiY
CrRrCYD
CRYL
=∈=
= ∈
pfor interpreting models as well-formed structures.
Structural Semantics defines modeling domains using a mathematical structure This mathematical structure isY t f t
[ ] ': YY RR
a mathematical structure. This mathematical structure is the semantic domain of metamodeling languages.
Y: set of concepts, RY : set of possible
model realizationsC: set of constraints
R
Arguments for investigating structural semantics: • Conformance testing: Dx∈
over RYD(Y,C): domain of well-formed models[ ]: interpretations
Co o a ce test g• Non-emptiness checking: • DSML composing: • Model finding:
Transforming:
}{),( nilCYD ≠... '2121 DincludesDDDDD +∗
}|{ PsDsS =∈=YmXmmTm ∈∈= ;');('
Notes on the selected formalism: • Term algebra semantics extended with Logic Programming (LP)Jackson & Sztipanovits
• Transforming: YmXmmTm ∈∈= ;);(
Programming (LP)• Fragment of LP is equivalent to full first-order logic • Provide semantic domain for model transformations.
- EMSOFT 2006- MODELS 2007- SOSYM 2009
Example Application: Policy Aware Health Information Systems
Models of information flows, documents, agents, roles
Nurses should tag health questions
Models of privacy policies (HIPAA)
Definition of roles and permissions
G ∀p, q, s, m. inrole(p, nurse) ∧ send(p, q, m) ∧ contains(m, s, health-question) ⇒ tagged(m, s, health-question)
Definitionof people
Policy expressions
G ∀p, q, s, m. inrole(p, doctor) ∧ send(q, p, m) ∧ contains(m, s, health-question) ⇒ F ∃m’. send(p, s, m’)
∧ contains(m’, s, health-answer)
Doctors should answer health ques.
Definition of people and documents
Common Semantic DomainMitchell et al, 2006 Werner, Mathe
Sztipanovits, 2009
Semantic domain for policies and information models are matched: • structural constraints on models -> structural semantics
(these policies can be expressed in the context of models using OCLli d l t l t i t t b h i > b h i l ti + LTL
13
• policy models temporal constraints on system behavior -> behavioral semantics + LTL• the generated system controls information flows and monitors policy violations
Overview
Cyber-Physical Systems (CPS)Model-Based DesignModel-Based Design
Structural SemanticsBehavioral Semantics
ConvergenceTowards Agile Design Automationg gTowards Composition in Heterogeneous SystemsExamples
Summary
Use Precise Behavioral Semantics
Given a DSML [ ]( ),,, JiiY CRYL = ∈
( ) { }[ ] ':
||,
YY
Y
RRCrRrCYD =∈=
Behavioral semantics will be defined by
[ ] YY
yspecifying the transformation between the DSML and a modeling language with behavioral
tisemantics.
Implicit Methods for Specifying Behavioral Semantics
Representation as AST
( ) { }CrRrCYD Y =∈= ||, Implicit
[ ]: RR
( ) { }Y ||,C++ Interpreter/Generator Graph rewriting rules
Implicit
[ ] ': YY RR
( ) { }[ ]
' '||',' Y
RRCrRrCYD =∈= Executable
ModelExecutable Code Executable
Specification[ ] ''': YY RR Model(Simulators)
p
Explicit Methods for Specifying Behavioral Semantics
Representation as AST
( ) { }CrRrCYD Y =∈= ||, Explicit
[ ]: RR
( ) { }Y ||,C++ Interpreter/Generator Graph rewriting rules
Explicit
[ ] ': YY RR
( ) { }[ ]
' '||',' Y
RRCrRrCYD =∈= Executable
ModelExecutable Code Executable
Specification[ ] ''': YY RR Model(Simulators)
p
Specifying Behavioral Semantics With Semantic Anchoring
Representation as AST
MIC-UDM
( ) { }CrRrCYD Y =∈= ||,
MIC-GME
[ ]: RR
( ) { }Y ||,Graph rewriting rules
MIC-GReAT[ ] ': YY RR MIC-GReAT
structure Event
eventType as String
class State
id as String
initial as Boolean
var active as Boolean = false
class Transition
id as String
abstract class FSM
id as String
React (e as Event) as Event?
step
let CS as State = GetCurrentState ()
step
let enabledTs as Set of Transition = {t | t in outTransitions (CS) where
e.eventType = triggerEventType(t)}
step
if Size (enabledTs) = 1 then
choose t in enabledTs
step
// WriteLine ("Execute transition: " + t.id)
CS.active := false
( ) { }[ ]
' '||',' Y
RRCrRrCYD =∈=
structure Event
eventType as String
class State
id as String
initial as Boolean
var active as Boolean = false
class Transition
id as String
abstract class FSM
React (e as Event) as Event?
step
let CS as State = GetCurrentState ()
step
let enabledTs as Set of Transition = {t | t in outTransitions (CS) where
e.eventType = triggerEventType(t)}
step
if Size (enabledTs) = 1 then
choose t in enabledTs
step
// WriteLine ("Execute transition: " + t.id)
i f l ASML
Abstract State Machine Formalism
id as String
abstract property states as Set of State
get
abstract property transitions as Set of Transition
get
abstract property outTransitions as Map of <State, Set of Transition>
get
abstract property dstState as Map of <Transition, State>
get
abstract property triggerEventType as Map of <Transition, String>
get
abstract property outputEventType as Map of <Transition, String>
step
dstState(t).active := true
step
if t in me.outputEventType then
return Event(outputEventType(t))
else
return null
else
if Size(enabledTs) > 1 then
error ("NON-DETERMINISM ERROR!")
else
return null
[ ] ''': YY RR id as String
abstract property states as Set of State
get
abstract property transitions as Set of Transition
get
abstract property outTransitions as Map of <State, Set of Transition>
get
abstract property dstState as Map of <Transition, State>
get
abstract property triggerEventType as Map of <Transition, String>
get
abstract property outputEventType as Map of <Transition, String>
CS.active := false
step
dstState(t).active := true
step
if t in me.outputEventType then
return Event(outputEventType(t))
else
return null
else
if Size(enabledTs) > 1 then
error ("NON-DETERMINISM ERROR!")
else
return null
Abstract Data Model Model Interpreter
ASML
Chen, Sztipanovits, Neema, DATE 2007
Status Report
Much work needs to be doneCompositionality and scalingBetter link between denotational and operational
happroachesApproachable formal framework (such as ASM, SLP, other?)SLP, other?)Probabilistic modelsDesign automation tools for composing DSMLsg p gTransitioning…
Overview
Cyber-Physical Systems (CPS)Model-Based DesignModel-Based Design
Structural SemanticsBehavioral Semantics
ConvergenceTowards Agile Design Automationg gTowards Composition in Heterogeneous SystemsExamples
Summary
Model-Based Tool ChainsK Id U d l i d i ifi d i fl d
Domain Specific Design Automation E i t
Key Idea: Use models in domain-specific design flows and ensure that final design models are rich enough to enable production ofartifacts with sufficiently predictable properties.Impact: decoupling design technology from production technology
Domain-Specific Environments
Environments:• Automotive• Avionics• Sensors…
p p g g gy p gy
Design Requirements
Production Facilities
Tools:• Behavioral Sim.• Analysis
Requirements
y• Verification• Synthesis
doTransition (fsm as FSM, s as State, t as Transition) =require s.active step exitState (s)step if t.outputEvent <> null then
emitEvent (fsm, t.outputEvent)step activateState (fsm, t.dst)
Mathematical and physical foundations
Tool Chain CompositionK Id E f hi h l t l i d i ifiKey Idea: Ensure reuse of high-value tools in domain-specific design flows by introducing a metaprogrammable tool infrastructure.VU-ISIS implementation: Model Integrated Computing (MIC) tool suite
Domain Specific Design Automation E i t
Domain-Specific Environments
Environments:• Automotive• Avionics• Sensors…
Design Requirements
Production Facilities
MetaprogrammableTool Infrastructure
New
Requirements
Metaprogrammable Tools, Environments
• Model Building• Model Transform.• Model Mngmt• Tool IntegrationTool Integration
Semantic FoundationS l
doTransition (fsm as FSM, s as State, t as Transition) =require s.active step exitState (s)step if t.outputEvent <> null then
emitEvent (fsm, t.outputEvent)step activateState (fsm, t.dst)
Semantic FoundationComponent Libraries
• Structural• Behavioral
Tool Chain Example: VCPKey Idea: Use best-of-breed tools and multiple modeling languagesin design flows.Abstraction layers are
defined by DSML-sf sim l ti lysis Common Semantic Domain: Hybrid Automata
Abstract Syntax and Transformations: Meta-Models
Domain Models and Model Interchange:AIRES
Vehicle Control Platform (VCP)
of simulation, analysisAnd synthesis tools.
Design models are AIRESDesign models are refined, transformed and analyzed in thedesign flow.
ECSL-DPGME
SimulinkStateflow
SL/SF ECSL-DP
ECSL-DPMOML
Analysis tools are integrated in the
OSEK/
SL/S
FD
SE
ED
PC
integrated in thedesign flow bymodel transformationcomponents
DESERT OSEK/Code
Integration of VCPKey Idea: Integrate domain and tool specific models through metamodeling and model transformations. Abstraction layers are
defined by formally sp ifi d DSML s Common Semantic Domain: Hybrid Automata
AIRES
Abstract Syntax and Transformations: Meta-Models
AIRES
specified DSML-s.
Metamodels are used Domain Models and Tool Interchange Formats: Tool Chains AIRESVehicle Control Platform (VCP) Meta-Model
ECSL-DPAIF
Metamodels are used for expressing relationship among models used in theh d i fl
ECSL-DPGME
SimulinkStateflow
SL/SF ECSL-DP
ECSL-DPMOML
SL/SFMeta-Model
ECSL-DP Meta-Model
CANOESL/SFECSL-DP
ECSL-DPMOML
the design flow.
Models of model transformations
OSEK/
SL/S
FD
SE
ED
PC
DESERT SFC
ECSL-DPSFC
SL/SFDESERT
transformations specify the “glue” that connect analysis tools to the design flow.
DESERT OSEK/Code
DESERTMeta-Model
SFCMeta-Model
Integrated MIC Tool SuiteM d li
GME
ModelingDomain independent metaprogrammable tool base for domain
ifi d i fl
UDM
Model Data Management
Design Space Exploration
specific design flows
Application diversity of the MIC tool suite
MetaModels OTIF
TOOL TOOL TOOL
DESERTComponent
Abstraction (TA)Design SpaceModeling (MD)
Design SpaceEncoding (TE)
Design SpacePruning
Design Decoding
ComponentReconstruction
of the MIC tool suiteis huge:- Aerospace- Automotive
GR AT Open Tool Integration
BACKPLANE REGISTRATION/NOTIFICATION/TRANSFER SERVICES
SEMANTIC TRANSLATOR
SEMANTIC TRANSLATOR
TOOL
TOOL ADAPTOR
TOOL
TOOL ADAPTOR
TOOL
TOOL ADAPTOR MANAGER
Standard interface/ Protocol
METADATA
- Health InformationSystems- Networked system
integration GReAT Open Tool IntegrationFramework
integration- System security-….
Th MIC l i Model Transformation
ESCHER Quality Controlled Repository:http://escher.isis.vanderbilt.edu
The MIC tool suite has been evolving over 20 years
Status Report
Significant and sustained research effortU.S.: Berkeley (Ptolemy, Metropolis); CMU (Checkmate); Eclipse tools (IBM, many contributors); MIT (Alloy); UPenn (Charon); Vanderbilt (MIC)EU: Verimag (BIP); BUTE (VIATRA); TU ViennaEU: Verimag (BIP); BUTE (VIATRA); TU Vienna, OFFIS; TU Munich, …
Lack of major transitioning success in new j gdomains (DARPA’s Meta 2 program is a hope for breakthrough)Need for broadening application domains (medical, SoS,…)Need for significant scaling up model management tools
Overview
Cyber-Physical Systems (CPS)Model-Based DesignModel-Based Design
Structural SemanticsBehavioral Semantics
ConvergenceTowards Agile Design Automationg gTowards Composition in Heterogeneous SystemsExamples
Summary
K Id M d i l it b ti
Model-Based DesignKey Idea: Manage design complexity by creating abstraction layers in the design flow.
Abstraction layers define platforms.
Physical Platform
Abstractions are linked through
Software Platform
mapping.
Abstraction layers allow the verification of different properties .
Computation/Communication Platform
Frameworks and Tools for High-Confidence Design of Adaptive,Distributed Embedded Control SystemsMURI Project; Vanderbilt – UC Berkeley, CMU and Stanford
Integration Inside AbstractionLayers: Composition
Plant DynamicsModels
Controller Models
Dynamics: • Properties: stability, safety, performance• Abstractions: continuous time, functions,
signals, flows,…Ph i l d i
1( ) ( ( ), ..., ( ))p jB t B t B tκ=
s g a s, o s,Physical design
SoftwareArchitecture
Models
Software Component
CodeS ft d i
Software : • Properties: deadlock, invariants,
security,…• Abstractions: logical-time concurrency
1( ) ( ( ), ..., ( ))c kB i B i B iκ=
Software design Abstractions: logical time, concurrency, atomicity, ideal communication,..
System Architecture
Models
ResourceManagement
Models
Systems : • Properties: timing, power, security, fault
toleranceAb t ti di t ti d l
1( ) ( ( ), ..., ( ))j p i k iB t B t B tκ=
System/Platform Design • Abstractions: discrete-time, delays, resources, scheduling,
Integration Across Abstraction Layers: Much Unsolved Problems
Plant DynamicsModels
Controller Models
Ph i l d i
Controller dynamics is developedwithout considering implementation uncertainties (e.g. word length, clock accuracy ) optimizing performancePhysical design accuracy ) optimizing performance.
Assumption: Effects of digital implementationcan be neglectedX
SoftwareArchitecture
Models
Software Component
Code
Software architecture models are developed without explicitly consideringsystems platform characteristics, eventhough key behavioral properties
Software design depend on it.
Assumption: Effects of platform properties can be neglectedX
System Architecture
Models
ResourceManagement
Models
System-level architecture defines implementation platform configuration. Scheduling, network uncertainties, etc. are introduce time variant delays that may
XSystem/Platform Design introduce time variant delays that may
require re-verification of key properties on all levels.
Challenge to Compositionality: Heterogeneity
Consequence of the lack of composability across system layers
intractable interactionsunpredictable system level behaviorfull-system verification does not scale
Active research: simplification strategiesDecoupling: Use design concepts thatdecouple systems layers for selectedproperties p pCross-layer Abstractions: Develop methods that can handle effects of cross-layer i t tiinteractions
K id P i i b d d i f k d
Physical layer: Passivity-based design
Key idea: Passivity-based design of networked control systems provides robustness to time-varying delaysvarying delays
Various mathematical definitionsA passive system only stores and dissipates energy but p y y p gycannot generate energy of its own
Passive systems interact in a stable manner When connected in either a parallel or negative feedbackWhen connected in either a parallel or negative feedback manner the overall system remains passive
Passive control theory applies to Linear and nonlinear systemsContinuous and discrete-time systems
Easier and safer to controlEasier and safer to controlIndependent joint PD controller for robotic manipulator Asymptotic stability for set-point tracking
Background on Passivity
Milestones:Wave digital filters (Fettweis, 70’s)Dissipative dynamical systems (Willems, 70’s)Resonator bank implementation structuresResonator-bank implementation structures (Peceli, 80’s)Teleoperation over the Internet (Niemmeyer, 04)p ( y )Power junctions (Kottenstette, Antsaklis, 08)
Work at ISIS:Design tool suite for high confidence systems (Eyisi, Hall, Hemingway, Porter, Karsai, Kottenstette Koutsoukos Sztipanovits)Kottenstette, Koutsoukos, Sztipanovits)
33
Illustration of Passive Dynamics
Experimental Setup Joint Angle and Reference
Two CrustCrawler robotic arms Time delay (Robot 2 and PJ)arms
4 DOF with AX-12 smart servos at each joint
Novint haptic paddleNovint haptic paddleFive networked Windows PCs with Matlab/Simulink
Status Report
Need to address more fundamentals:extending theories for decouplingdeveloping theory of compositionality among system layers (vertical composition)layers (vertical composition)extending compositionality for multiple properties, e.g. stability, safety and invariants
Early signs of increased attentionCPS research programs in US (NSF Center at V d bil /N D /U M l d S i fVanderbilt/Notre Dame/U. Maryland on Science of System Integration)New conference sequenceNew conference sequence
Overview
Cyber-Physical Systems (CPS)Model-Based DesignModel-Based Design
Structural SemanticsBehavioral Semantics
ConvergenceTowards Agile Design Automationg gTowards Composition in Heterogeneous SystemsExamples
Summary
Example 1: System of System Integration
Future Combat System
Distributed DatabaseInformation LayerInteroperable
Standards-BasedOpen SoftwareArchitectureCommon Operating
PictureJoint CommonDatabase
Information ManagementInformation ManagementVehicle Applications Mission Applications Business Applications Administration Applications
Human Machine Interface /Machine-Machine Interface
lann
ing
& P
rep
Und
erst
andi
ngm
man
d
d Su
stai
nmen
t co
gniti
on
usio
n
d M
issi
on T
rain
ing
n n nage
men
t
ng ent
atio
n
anag
emen
ter
ver M
gtD
istr
ibut
ion
agem
ent
Upg
rade
nsta
ll
roub
lesh
oot
Vehicle Applications Mission Applications Business Applications Administration Applications
Human Machine Interface /Machine-Machine Interface
lann
ing
& P
rep
Und
erst
andi
ngm
man
d
d Su
stai
nmen
t co
gniti
on
usio
n
d M
issi
on T
rain
ing
n n nage
men
t
ng ent
atio
n
anag
emen
ter
ver M
gtD
istr
ibut
ion
agem
ent
Upg
rade
nsta
ll
roub
lesh
oot
• Heterogeneous
COP
Interoperableexport
HQESO
lann
ing
& Pr
ep
Und
erst
andi
ng
mt &
Exe
cutio
n
usio
n
cogn
ition
d Su
stai
nmen
t
d Tr
aini
ng
Warfighter Interface
DB Synchronization
InteroperabilityInteroperabilityFIOP
Foundation Infrastructure –(e.g, Network with: COMSEC Crypto Services, Mobility Enhancements, IP Network Appliqué's, )
Operating System
Operating System Abstraction Services
Network InfrastructureServices
SOS Framework ServicesCOTSNDI
SOS Operations ServicesInformation Assurance (IA) Network Mgt (NM) Information Dissemination Mgt (IDM)
Application Program Interfaces –Common Services
COTSNDI
Mis
sion
PS
ituat
ion
UB
attle
Com
Inte
grat
edTa
rget
Rec
Sen
sor
Fu
Em
bedd
ed
Nav
igat
ion
Con
trol
s
Pro
puls
ion
Hyd
raul
icE
lect
rical
Fuel
Sys
Hea
lth M
a
Eng
inee
rinP
rocu
rem
eFa
cilit
ies
Logi
stic
sP
erso
nnel
Tran
spor
ta
Dis
posa
l
Sys
tem
Ma
Rem
ote
SeS
oftw
are
D
Use
r Man
aS
oftw
are
US
oftw
are
I
Rem
ote
Tr
Foundation Infrastructure –(e.g, Network with: COMSEC Crypto Services, Mobility Enhancements, IP Network Appliqué's, )
Operating System
Operating System Abstraction Services
Network InfrastructureServices
SOS Framework ServicesCOTSNDI
SOS Operations ServicesInformation Assurance (IA) Network Mgt (NM) Information Dissemination Mgt (IDM)
SOS Operations ServicesInformation Assurance (IA) Network Mgt (NM) Information Dissemination Mgt (IDM)
Application Program Interfaces –Common Services
COTSNDI
Mis
sion
PS
ituat
ion
UB
attle
Com
Inte
grat
edTa
rget
Rec
Sen
sor
Fu
Em
bedd
ed
Nav
igat
ion
Con
trol
s
Pro
puls
ion
Hyd
raul
icE
lect
rical
Fuel
Sys
Hea
lth M
a
Eng
inee
rinP
rocu
rem
eFa
cilit
ies
Logi
stic
sP
erso
nnel
Tran
spor
ta
Dis
posa
l
Sys
tem
Ma
Rem
ote
SeS
oftw
are
D
Use
r Man
aS
oftw
are
US
oftw
are
I
Rem
ote
Tr
• Open Dynamic Architecture - heterogeneousnetworking
UE/HQESO
EPLRSSINCGARSVHF
Link 4ALink 11Link 16WIN T
Mis
sion
Pl
Situ
atio
n U
Battl
e M
gm
Sens
or F
u
Targ
et R
e
Inte
grat
ed
Embe
dded
Common Services
Information Management
Computing and Networking
HQ
BattleCommand
Reachback
HHQ XX
networking - heterogeneouscomponents
WIN-T Hierarchical Ad-Hoc Network
DataImagesVoiceVideo V t i
UGS
WNW WNW
stubnetJTRS
• Very high level concurrency with complex interactions
L COP L COP L COP L COP
Video Vetronics
Common VehicleSubsystems
EO/IR EO/IRSAR/MTI
Networked CommandNetworked Command
• Challenges: – understanding and– predicting behavior
How to achieve predictability with limited/partial compositionality?
PlatformPlatformNetworked CommandNetworked Command
Real-Life SoS Development
All integration categories are present (component, layer, SoS)SoS)Systems are evolving along “spiral-outs”New technical challenges are emerging and potentialNew technical challenges are emerging and potential solutions need to be rapidly exploredAll layers of the system are subject to modifications, there are no well defined synchronization points in the development processIntegration is inherently incremental; deployedIntegration is inherently incremental; deployed systems need to be integrated with components on different level of maturity: prototypical and with i l t d t / tsimulated systems/components.
How Is It Solved Today?
Systems are integrated when all components are delivered
– Acquisition pushes in this directionIntegration means: “Make it working somehow” System Integration Labs do not offer support for spiral developmentThere is no approach to deal with incomplete specifications and components
System Integration is the highest risk mostSystem Integration is the highest risk, most expensive, least predictable step in SoS development
Emerging Solution: Model-Based Integration
Apply Models Earlypp y yApply Models OftenUse Every OpportunityUse Every Opportunity
Requirements/Architecture IntegrationArchitecture/Design IntegrationDesign Assessment/VerificationPrototyping/ScalingImplementationScalingTestingTesting
Tool Chain for Architecture Exploration in FCS
ADeVS, IONS RELEX
Excel
Component
SystemModelSegment
IDD
GReATTransform
SystemIntegration
SystemComponentAdapters
C++______________________________
IDL______________________________
SystemIntegrationTest Harness
C++______________________________
IDL________________________
GReATTransform
XML______
RoseCAT file
RuntimeGlue(Deployed)
______
IntegrationLaboratoryTools
________________________
With Boeing FCS Program
Risk Mitigation: SurrogateModeling and Synthesis
GME System Models
GME Component ModelsDeployment Instance Topology Networks
GME Component Models
Interfaces,Business
Interfaces
Code GeneratorCode Generator
BusinessLogic
InputInterfaces
OutputInterfaces
BusinessLogic(Generated)
InputInterfaces
OutputInterfaces
AcquiredBusinessLogic
“Real”BC
“Real”BC
BC Surrogate Component
(Generated)
System Of Systems Common Operating Environment
BC Surrogate Component
Logic ComponentComponent
With Boeing FCS Program
Example 2: Heterogeneous Simulation Integration
Processing (Tracking) 3-D Environment (Sensors)Organization/Coordination Controller/Vehicle Dynamics
Devs Delta3DCPN SL/SFCPNAdaptive Human
Organization
MixedInitiative
Controller
Context Dep.Command
Interpretation
AdaptiveResourceAllocation
Coordination Decision Support
HCI AbstractCommands
PlatformCommands
AssignedPlatform
Commands
Devs Delta3D
How can we integrate the models?How can we integrate the simulated heterogeneous system components?H i t t th i l ti i ?
CPN SL/SFCPN
Data Distribution Network
Support
PlatformStatus
COPElements
COPElements
COPElements
Model-Integrated System and Software Laboratory Environment: C2 Windtunnel
How can we integrate the simulation engines?
GME GMESimulation Interaction Simulation Architecture
OMNETNetwork ArchitectureAFOSR PRET: C2 Wind Tunnel
Model-based Integration Architecture
“Virtual”
Model Integration LayerComponents
ExperimentSpecification
& ConfigurationController
ModelsNetworkModels
Org.Models
FusionModels
Models
Env.Models
Si l ti I t ti Pl tf (HLA)
Instrumentation Layer
DEVSFederate.
OmNet++Federate
CPNFederate.
OGREFederate
SimulinkFederate
Instrumentation Layer
Run-time
Simulation Data Distribution/Communication Middleware
Simulation Integration Platform (HLA)
Distributed Simulation PlatformDistributed Simulation Platform
https://wiki.isis.vanderbilt.edu/OpenC2WT
Experiments: Impact of Cyber Attacks
Network attack:A sub-network with hundreds of zombie nodes attacks a critical router on the main network.Flood attack on udp, tcp or ping p, p p g
Full Zombie subnet
network
Summary
Penetration of networking and computing in all engineered systems forces a broad basedengineered systems forces a broad based convergence across engineering disciplines. Signs of this convergence is present in many g g p yareas from which we discussed two:
Design Automation – emergence of bl l d l d lmetaprogrammable tool suites and multimodeling
System Integration – re-integration of computer and systems sciencesystems science
Model-based design facilitates a necessary convergence among software, system, control co e ge ce a o g so t a e, syste , co t oand network engineering