CPS: Small: Reconciling Safety with the Internet for Cyber-Physical Systems

CPS：小型：协调网络物理系统的安全与互联网

• 批准号: 1836601
• 负责人: Edward Lee
• 金额: $ 49.9万
• 依托单位: University of California-Berkeley
• 依托单位国家: 美国
• 项目类别: Standard Grant
• 财政年份: 2018
• 资助国家: 美国
• 起止时间: 2018-10-01 至 2021-09-30
• 项目状态: 已结题
• 来源: https://www.nsf.gov/awardsearch/showAward?AWD_ID=1836601&HistoricalAwards=false
• 关键词: CPS; Small; Reconciling; Safety; Internet

Internet technology, originally developed to convey information, is increasingly being used to control and operate physical devices in homes, factories, medical facilities, and transportation systems, to name just a few application domains. In these more physically-grounded applications, the consequences of misbehavior of a system can be dire, involving not just loss or leakage of information, but loss of life. Historically, computers used in safety-critical systems have been completely isolated from the Internet to protect them from malicious hackers and unpredictable demands for their resources. But the benefits that Internet connectivity offers are irresistible, enabling far more sophisticated services. This project is developing a suite of mathematically-grounded design patterns and open-source software that leverages Internet technology while guaranteeing safety, reliability, and resilience to malicious attacks. One of these patterns endows a networked system with a stronger coordinated notion of time to ensure consistent behavior of the system even in face of unpredictable and uncontrollable delays in the network. Another of these patterns leverages edge computing, placement of computing services near the devices that use them, in hospitals, onboard in cars and trains, and in factories, for example, to mitigate the risks of relying on remote cloud-based services. Edge computers can ensure continuous safe operation even in face of Internet infrastructure collapse, as has occasionally happened under malicious attack.Technical Description:The Internet of Things (IoT) leverages Internet technology in cyber-physical systems, but the protocols and principles of the Internet were not designed for interacting with the physical world. For example, timeliness is not a factor in any widespread Internet technology, with Quality-of-Service (QoS) features having been routinely omitted for decades. Nevertheless, properties of the Internet could prove valuable in CPS, including a global namespace, reliable (eventual) delivery of messages, end-to-end security through asymmetric encryption, certificate-based authentication, and the ability to aggregate data from a multiplicity of sources in cloud-based warehouses. This proposal leverages recent developments that hold promise to bridge the gap, enabling the use of Internet technologies even in safety-critical, timing-sensitive applications such as factory automation and transportation. Specifically, we leverage time-sensitive network (TSN) technology; the use of smart gateways to isolate safety-critical services from best-effort services and to provide local proxies for cloud-based services; locally centralized, globally distributed authentication and authorization; and the development of coherent time-based semantics for distributed real-time services. The focus of this project will be on sound concurrent models of computation, on type-theoretic methods for ensuring correct composition, and on the realization of these formalisms in a software architecture that reconciles widely-used mechanisms in Internet services to hide uncontrollable latencies with the need for repeatable, testable, and robust real-time services in safety-critical systems. An open-source reference implementation will be delivered together with analytical papers on the formal properties of the models.This award reflects NSF's statutory mission and has been deemed worthy of support through evaluation using the Foundation's intellectual merit and broader impacts review criteria.

互联网技术最初是为了传递信息而开发的，现在越来越多地被用于控制和操作家庭、工厂、医疗设施和交通系统中的物理设备，仅举几个应用领域。在这些更有物理基础的应用中，系统行为不当的后果可能是可怕的，不仅涉及信息的丢失或泄漏，而且还会造成生命损失。从历史上看，用于安全关键系统的计算机完全与互联网隔离，以保护它们免受恶意黑客和对其资源的不可预测的要求。但互联网连接带来的好处是不可抗拒的，它可以提供更复杂的服务。该项目正在开发一套基于数学的设计模式和开源软件，在利用互联网技术的同时确保安全性、可靠性和对恶意攻击的恢复能力。其中一种模式赋予网络系统更强的协调时间概念，以确保即使在网络中面临不可预测和不可控的延迟时系统的一致行为。其中另一种模式利用边缘计算，将计算服务放置在使用它们的设备附近，例如在医院、汽车和火车上以及工厂中，以降低依赖基于云的远程服务的风险。边缘计算机即使在互联网基础设施崩溃的情况下也能确保连续安全运行，就像在恶意攻击下偶尔发生的情况一样。技术描述：物联网(IoT)在网络物理系统中利用互联网技术，但互联网的协议和原理并不是为与物理世界交互而设计的。例如，在任何广泛使用的互联网技术中，及时性都不是一个因素，几十年来，服务质量(Qos)功能经常被省略。然而，互联网的特性在CP中可能被证明是有价值的，包括全局命名空间、可靠的(最终)消息传递、通过非对称加密实现的端到端安全性、基于证书的身份验证以及在基于云的仓库中聚合来自多种来源的数据的能力。这项提议利用了有望弥合差距的最新发展，使互联网技术即使在工厂自动化和交通运输等对安全至关重要、对时间敏感的应用中也能使用。具体地说，我们利用时间敏感型网络(TSN)技术；使用智能网关将安全关键服务与尽力而为服务分开，并为基于云的服务提供本地代理；本地集中、全球分布式的身份验证和授权；以及为分布式实时服务开发一致的基于时间的语义。该项目的重点将放在合理的并发计算模型、确保正确组合的类型理论方法以及在软件体系结构中实现这些形式主义，该软件体系结构将Internet服务中广泛使用的隐藏不可控延迟的机制与安全关键系统中对可重复、可测试和健壮的实时服务的需求相协调。开放源码参考实现将与关于模型形式属性的分析论文一起提供。该奖项反映了NSF的法定使命，并通过使用基金会的智力优势和更广泛的影响审查标准进行评估，被认为值得支持。

项目成果

Toward a Lingua Franca for Deterministic Concurrent Systems

• DOI: 10.1145/3448128
• 发表时间: 2021-06-01
• 期刊: ACM TRANSACTIONS ON EMBEDDED COMPUTING SYSTEMS
• 影响因子: 2
• 作者: Lohstroh, Marten;Menard, Christian;Lee, Edward A.
• 通讯作者: Lee, Edward A.

Opportunities for Industrial Control

工业控制的机遇

• 发表时间: 2020
• 期刊: Proc. of 21st IFAC World Congress
• 作者: Witte, Martin;Sehr, Martin A.;Ugalde, Ines;Neidig, Joerg;Niknami, Mehrdad;Hoeme, Stephan;Lee, Edward A.
• 通讯作者: Lee, Edward A.

Reactors: A Deterministic Model for Composable Reactive Systems

• DOI: 10.1007/978-3-030-41131-2_4
• 发表时间: 2019-10
• 作者: Marten Lohstroh;Í. Í. Romeo-Í.;Andrés Goens;P. Derler;J. Castrillón;Edward A. Lee;A. Sangiovanni-Vincentelli-A.-Sangiovanni

On Enabling Technologies for the Internet of Important Things

• DOI: 10.1109/access.2019.2901509
• 发表时间: 2019-02
• 期刊: IEEE Access
• 影响因子: 3.9
• 作者: Marten Lohstroh;Hokeun Kim;J. Eidson;Chadlia Jerad;Beth Osyk;Edward A. Lee

Resilient Authentication and Authorization for the Internet of Things (IoT) Using Edge Computing

• DOI: 10.1145/3375837
• 发表时间: 2020-03
• 期刊: ACM Transactions on Internet of Things
• 作者: Hokeun Kim;Eunsuk Kang;David Broman;Edward A. Lee