CPS: Small: Reconciling Safety with the Internet for Cyber-Physical Systems

Abstract: Internet technology, originally developed to convey information, is increasingly being used to control and operate physical devices in homes, factories, medical facilities, and transportation systems, to name just a few application domains. In these more physically-grounded applications, the consequences of misbehavior of a system can be dire, involving not just loss or leakage of information, but loss of life. Historically, computers used in safety-critical systems have been completely isolated from the Internet to protect them from malicious hackers and unpredictable demands for their resources. But the benefits that Internet connectivity offers are irresistible, enabling far more sophisticated services. This project is developing a suite of mathematically-grounded design patterns and open-source software that leverages Internet technology while guaranteeing safety, reliability, and resilience to malicious attacks. One of these patterns endows a networked system with a stronger coordinated notion of time to ensure consistent behavior of the system even in face of unpredictable and uncontrollable delays in the network. Another of these patterns leverages edge computing, placement of computing services near the devices that use them, in hospitals, onboard in cars and trains, and in factories, for example, to mitigate the risks of relying on remote cloud-based services. Edge computers can ensure continuous safe operation even in face of Internet infrastructure collapse, as has occasionally happened under malicious attack. Technical Description: The Internet of Things (IoT) leverages Internet technology in cyber-physical systems, but the protocols and principles of the Internet were not designed for interacting with the physical world. For example, timeliness is not a factor in any widespread Internet technology, with Quality-of-Service (QoS) features having been routinely omitted for decades. Nevertheless, properties of the Internet could prove valuable in CPS, including a global namespace, reliable (eventual) delivery of messages, end-to-end security through asymmetric encryption, certificate-based authentication, and the ability to aggregate data from a multiplicity of sources in cloud-based warehouses. This proposal leverages recent developments that hold promise to bridge the gap, enabling the use of Internet technologies even in safety-critical, timing-sensitive applications such as factory automation and transportation. Specifically, we leverage time-sensitive network (TSN) technology; the use of smart gateways to isolate safety-critical services from best-effort services and to provide local proxies for cloud-based services; locally centralized, globally distributed authentication and authorization; and the development of coherent time-based semantics for distributed real-time services. The focus of this project will be on sound concurrent models of computation, on type-theoretic methods for ensuring correct composition, and on the realization of these formalisms in a software architecture that reconciles widely-used mechanisms in Internet services to hide uncontrollable latencies with the need for repeatable, testable, and robust real-time services in safety-critical systems. An open-source reference implementation will be delivered together with analytical papers on the formal properties of the models.