A cyber–physical system-based approach for industrial automation systems

Industrial automation systems (IASs) are commonly developed using the languages defined by the IEC 61131 standard and are executed on programmable logic controllers (PLCs). Their software part is commonly considered only after the development and integration of mechanics and electronics. However, this approach narrows the solution space for software; thus, it is considered inadequate to address the complexity of today's systems. In this paper, we adopt a system-based approach for the development of IASs. Based on this, the UML model of the software part of the system is extracted from the SysML system model and it is then refined to get the implementation code. Two implementation alternatives are considered to exploit both PLCs and the recent deluge of embedded boards in the market. For PLC targets, the new version of IEC 61131 that supports object-orientation is adopted, while Java is used for embedded boards. The case study used to illustrate our approach was developed as a lab exercise, which aims to introduce to students a number of technologies used to address challenges in the domain of cyber–physical systems and highlights the role of the Internet of Things (IoT) as a glue for their cyber interfaces.     

A security and authentication layer for SCADA/DCS applications

Mid 2010, a sophisticated malicious computer worm called Stuxnet targeted major ICS systems around the world causing severe damages to Siemens automation products. Stuxnet proved its ability to infect air-gapped-segregated critical computers control system. After this attack, the whole ICS industry security was thrust into spotlight. Automation suppliers have already started to re-think their business approach to cyber security. The OPC foundation have made also significant changes and improvements on its new design OPC-UA to increase security of automation applications but, what is still missing and seems to be not resolved any time soon is having security in depth for industrial automation applications. In this paper, we propose a simple but strong security control solution to be implemented as a logic level security on SCADA and DCS systems. The method presented in this work enforces message integrity to build trusts between DCS system components, but it should not be viewed as the main nor the only protection layer implemented on an industrial automation system. The proposed solution can be viewed as a low-level security procedure to avoid malicious attacks such as Stuxnet.     

Cyber risk management for autonomous passenger ships using threat-informed defense-in-depth

Recent innovations in the smart city domain have led to the proposition of a new mode of transportation utilizing Autonomous Passenger Ships (APS) or ferries in inland waterways. The novelty of the APS concept influenced the cyber risk paradigm and led to different considerations regarding attack objectives, techniques as well as risk management approaches. The main factor that has led to this is the autoremote operational mode, which refers to autonomous operations and remote supervision and control in case of emergency. The autoremote operational mode influences the risk of cyber attacks due to the increased connectivity and reliance on technology for automating navigational functions. On the other hand, the presence of passengers without crew members imposes a safety risk factor in cyber attacks. In this paper, we propose a new cyber risk management approach for managing the cyber risks against cyber physical systems in general and Autonomous Passenger Ships in particular. Our proposed approach aims to improve the Defense-in-Depth risk management strategy with additional components from the Threat-Informed Defense strategy allowing for more evolved cyber risk management capabilities. Moreover, we have utilized the proposed cyber risk management approach for the proposition of a cybersecurity architecture for managing the cyber risks against an APS use case named milliAmpere2. Additionally, we present our results after conducting a Systematic Literature Review (SLR) in cybersecurity evaluation in the maritime domain. Then, the findings of the SLR were utilized for a suitable evaluation of the proposed risk management approach. Our findings suggest that our proposed risk management approach named Threat-Informed Defense-in-Depth is capable of enriching several risk management activities across different stages in the system development life cycle. Additionally, a comprehensive evaluation of the cybersecurity posture of milliAmpere2 has been conducted using several approaches including risk evaluation, simulation, checklist, and adversary emulation. Our evaluation has uncovered several limitations in the current cybersecurity posture and proposed actions for improvement.

     

A cyber-physical experimentation environment for the security analysis of networked industrial control systems

Although many studies address the security of Networked Industrial Control Systems (NICSs), today we still lack an efficient way to conduct scientific experiments that measure the impact of attacks against both the physical and the cyber parts of these systems. This paper presents an innovative framework for an experimentation environment that can reproduce concurrently physical and cyber systems. The proposed approach uses an emulation testbed based on Emulab to recreate cyber components and a real-time simulator, based on Simulink, to recreate physical processes. The main novelty of the proposed framework is that it provides a set of experimental capabilities that are missing from other approaches, e.g. safe experimentation with real malware, flexibility to use different physical processes. The feasibility of the approach is confirmed by the development of a fully functional prototype, while its applicability is proven through two case studies of industrial systems from the electrical and chemical domain.     

The application of the methodology for secure cyber–physical systems design to improve the semi-natural model of the railway infrastructure

The paper suggests a new methodology for secure cyber–physical systems design. The proposed methodology consists of two main cycles. The main goal of the first cycle is in design of the system model, while the second one is about development of the system prototype. The key idea of the methodology is in providing of the most rational solutions that are improving the security of cyber–physical systems. Such solutions are called alternatives and built according to functional requirements and non-functional limitations to the system. Each cycle of the methodology consists of the verification process and seven stages that are associated with the used cyber–physical system model. The objective of the verification process is in checking of constructed models and prototypes in terms of their correctness and compatibility. The model represents cyber–physical systems as sets of building blocks with network between them, takes elements internal structure into account and allows direct and reverse transformations. The novelty of the suggested methodology is in the combination of design, development and verification techniques within a single approach. To provide an example of the design methodology application, in this paper it is used to improve the semi-natural model of the railway infrastructure.     

Model continuity in cyber-physical systems: A control-centered methodology based on agents

A Cyber Physical System (CPS) is given by the integration of cyber and physical components, usually with feedback loops, where physical processes affect computations and vice versa. Design and implementation of complex CPSs is a multidisciplinary and demanding task. Challenges arise especially for the exploitation of heterogeneous and different models during the various phases of system life cycle. This paper proposes an agent-based and control-centric methodology which is well suited for the development of complex CPSs. The approach is novel and supports model continuity which enables the use of a unique model along all the development stages of a system ranging from analysis, by simulation, down to real-time implementation and execution. In the paper, basic concepts of the methodology are provided together with implementation details. Effectivenesses of the approach is demonstrated through a case study concerning a prototyped CPS devoted to the optimization of power consumption in a smart micro-grid automation system.     

带输入饱和的不确定非线性系统自适应模糊触发式补偿控制

针对一类带有输入饱和特性的不确定非线性系统,为了在保证系统跟踪性能的同时最大限度节省系统通讯资源,结合Backstepping技术,提出一种自适应模糊触发式补偿控制方法.由于安全需求或者物理限制等因素,输入饱和特性往往不可避免地存在于实际物理系统中,给系统的控制性能和稳定性造成不利影响.为有效解决该问题,将光滑的双曲正切函数融入自适应控制设计过程,以实现对系统输入饱和约束的补偿.此外,由于实际系统模型难以精确建立,系统描述中难免会存在未知不确定部分,对此,利用模糊逻辑系统对系统的未知不确定部分进行逼近处理.为节省系统的通讯资源,引入一种基于相对阈值的事件触发控制策略,以减小系统传输压力.通过Lyapunov 稳定性理论分析,系统的所有信号都是半全局一致最终有界的.仿真结果验证了所提出方法的有效性.     

Digital twin-driven rapid reconfiguration of the automated manufacturing system via an open architecture model

Increasing individualization demands in products call for high flexibility in the manufacturing systems to adapt changes. This paper proposes a novel digital twin-driven approach for rapid reconfiguration of automated manufacturing systems. The digital twin comprises two parts, the semi-physical simulation that maps data of the system and provides input data to the second part, which is optimization. The results of the optimization part are fed back to the semi-physical simulation for verification. Open-architecture machine tool (OAMT) is defined and developed as a new class of machine tools comprising a fixed standard platform and various individualized modules that can be added and rapidly swapped. Engineers can flexibly reconfigure the manufacturing system for catering to process planning by integrating personalized modules into its OAMTs. Key enabling techniques, including how to twin cyber and physical system and how to quickly bi-level program the production capacity and functionality of manufacturing systems to adapt rapid changes of products, are detailed. A physical implementation is conducted to verify the effectiveness of the proposed approach to achieving improved system performance while minimizing the overheads of the reconfiguration process by automating and rapidly optimizing it.     

具有随机网络攻击的切换信息物理系统的事件触发控制（英文）

本文研究了随机网络攻击下切换信息物理系统的事件触发控制问题.将信息物理系统描述为一种切换线性系统形式.引入事件触发机制来节省系统资源和减轻网络负载,当误差超过给定阈值时传感器中的采样数据才通过通信网络传输到控制器中.考虑在传感器与控制器的通信网络中受到两种不同特征的随机网络攻击.在网络攻击和所设计的事件触发控制器下,建立了切换随机信息物理系统模型.利用模态依赖平均驻留时间方法构建了相应的切换信号.在设计的事件触发控制器和模态依赖平均驻留时间切换信号下实现了系统的均方指数稳定性,并给出了控制器增益.最后,通过实例验证了所得理论结果的有效性.     

基于能量控制与资源调度的信息物理系统建模

数据中心作为信息物理系统的一种,消耗着巨大的能量。通过对信息物理系统的能量特点进行分析,根据信息物理系统中有大量的具有计算能力的信息设备,将信息物理系统的构件分为两类：计算部件和非计算部件,并以此进行能量系统建模。通过分析信息物理系统资源调度的特点,针对其资源调度的三要素：资源实体能力、资源实时状态和资源上所执行的任务类型进行资源调度建模。最后,以信息物理系统的数据中心为例,针对数据中心的计算部件,给出了一个对能量控制与资源调度进行结合的信息物理系统模型。     

Specification and automated validation of staged reconfiguration processes for dynamic software product lines

Dynamic software product lines (DSPLs) propose elaborated design and implementation principles for engineering highly configurable runtime-adaptive systems in a sustainable and feature-oriented way. For this, DSPLs add to classical software product lines (SPL) the notions of (1) staged (pre-)configurations with dedicated binding times for each individual feature, and (2) continuous runtime reconfigurations of dynamic features throughout the entire product life cycle. Especially in the context of safety- and mission-critical systems, the design of reliable DSPLs requires capabilities for accurately specifying and validating arbitrary complex constraints among configuration parameters and/or respective reconfiguration options. Compared to classical SPL domain analysis which is usually based on Boolean constraint solving, DSPL validation, therefore, further requires capabilities for checking temporal properties of reconfiguration processes. In this article, we present a comprehensive approach for modeling and automatically verifying essential validity properties of staged reconfiguration processes with complex binding time constraints during DSPL domain engineering. The novel modeling concepts introduced are motivated by (re-)configuration constraints apparent in a real-world industrial case study from the automation engineering domain, which are not properly expressible and analyzable using state-of-the-art SPL domain modeling approaches. We present a prototypical tool implementation based on the model checker SPIN and present evaluation results obtained from our industrial case study, demonstrating the applicability of the approach.     

信息抽取中领域本体建模方法研究

近几年来,本体作为一种知识重用、知识共享和建模的重要工具,尤其是领域本体,在信息抽取系统中扮演着越来越重要的角色。但是,目前领域本体的创建还缺乏系统的、工程化的方法。首先介绍了本体的概念及本体的建模准则,然后分析了现有的几种常见的本体建模方法,并通过对比分析各种方法的优缺点,再结合信息抽取的原理以及软件工程的思想,提出了一种新的领域本体的建模方法。该方法具有很强的逻辑性和可操作性,可被一些领域本体在建立时采用。     

面向电子商务的信息需求本体

提出一个信息需求本体,用以描述电子商务的信息需求。该需求本体的要素有角色、特征、参数和约束。首先讨论了传统需求管理过程中存在的问题,然后介绍了需求本体对这些问题的适用性。使用一阶谓词逻辑来定义信息需求本体的角色及其特征,确立参数、约束以及角色之间的关系,并阐释了需求本体在满足网上购物信息需求时的作用。     

Verification and analysis of domain-specific models of physical characteristics in embedded control software

ContextA considerable portion of the software systems today are adopted in the embedded control domain. Embedded control software deals with controlling a physical system, and as such models of physical characteristics become part of the embedded control software.ObjectiveDue to the evolution of system properties and increasing complexity, faults can be left undetected in these models of physical characteristics. Therefore, their accuracy must be verified at runtime. Traditional runtime verification techniques that are based on states/events in software execution are inadequate in this case. The behavior suggested by models of physical characteristics cannot be mapped to behavioral properties of software. Moreover, implementation in a general-purpose programming language makes these models hard to locate and verify. Therefore, this paper proposes a novel approach to perform runtime verification of models of physical characteristics in embedded control software.MethodThe development of an approach for runtime verification of models of physical characteristics and the application of the approach to two industrial case studies from the printing systems domain.ResultsThis paper presents a novel approach to specify models of physical characteristics using a domain-specific language, to define monitors that detect inconsistencies by exploiting redundancy in these models, and to realize these monitors using an aspect-oriented approach. We complement runtime verification with static analysis to verify the composition of domain-specific models with the control software written in a general-purpose language.ConclusionsThe presented approach enables runtime verification of implemented models of physical characteristics to detect inconsistencies in these models, as well as broken hardware components and wear and tear of hardware in the physical system. The application of declarative aspect-oriented techniques to realize runtime verification monitors increases modularity and provides the ability to statically verify this realization. The complementary static and runtime verification techniques increase the reliability of embedded control software.     

On temporal logic constraint solving for analyzing numerical data time series

Temporal logics and model-checking have proved successful in expressing biological properties of complex biochemical systems, and automatically verify their satisfaction, in both qualitative and quantitative models. In this article, we go beyond model-checking and present a constraint solving algorithm for quantifier-free first-order temporal logic formulae, with constraints over the reals. This algorithm computes the domain of the real valued variables occurring in a formula that makes it true in a model. We illustrate this approach for the automatic generation of a temporal logic specification from biological data time series. We provide a set of biologically relevant patterns of formulae, and apply them to numerical data time series of models of the cell cycle control and MAPK signal transduction. We show in these examples that this approach infers automatically semi-qualitative, semi-quantitative information about concentration thresholds, amplitude of oscillations, stability properties, checkpoints and influences between species.     

How to model and prove hybrid systems with KeYmaera: a tutorial on safety

This paper is a tutorial on how to model hybrid systems as hybrid programs in differential dynamic logic and how to prove complex properties about these complex hybrid systems in KeYmaera, an automatic and interactive formal verification tool for hybrid systems. Hybrid systems can model highly nontrivial controllers of physical plants, whose behaviors are often safety critical such as trains, cars, airplanes, or medical devices. Formal methods can help design systems that work correctly. This paper illustrates how KeYmaera can be used to systematically model, validate, and verify hybrid systems. We develop tutorial examples that illustrate challenges arising in many real-world systems. In the context of this tutorial, we identify the impact that modeling decisions have on the suitability of the model for verification purposes. We show how the interactive features of KeYmaera can help users understand their system designs better and prove complex properties for which the automatic prover of KeYmaera still takes an impractical amount of time. We hope this paper is a helpful resource for designers of embedded and cyber–physical systems and that it illustrates how to master common practical challenges in hybrid systems verification.     

Systems analysis of life cycle of large-scale information-control systems

Results of analysis of problems associated with life cycle cost reduction for large-scale information-control systems are presented. Rational design concepts with application of an aspect-oriented method for large-scale systems are described. An approach to life cycle organization corresponding to the ISO/IEC 12207-2008 standard on the basis of domain engineering and model-driven engineering technologies is proposed. The paper shows a necessity of using the approach within a unified mathematical semantic base supplied by category theory. The approach has been tested during development of application information-control systems in energy production.     

A universal digital motion controller design for servo positioning mechanisms in industrial manufacturing

A parameterized design of universal motion controller is proposed in discrete-time domain using composite nonlinear control approach for high-performance servo mechanisms in industrial automation. First, the model of servo mechanisms is converted into discrete-time state-space form, and a linear control law is designed, consisting of state feedback, reference feed-forward and disturbance compensation. Next, a nonlinear control law is constructed to smoothly modulate the closed-loop damping as the system output approaches the reference. To estimate the unmeasurable velocity and disturbance, a reduced-order extended-state observer is adopted. The final controller is a combination of the above three parts and is fully parameterized in some fundamental tuning parameters. The controller was applied to a permanent magnet synchronous motor (PMSM) drive, which usually serves as the actuator for high-performance motion control systems. After MATLAB simulation, experimental test using a digital signal processing board was conducted, to verify the effectiveness of the proposed design.