ACM Transactions on

Cyber-Physical Systems (TCPS)

Latest Articles

Cyber-Physical Specification Mismatches

Embedded systems use increasingly complex software and are evolving into cyber-physical systems (CPS) with sophisticated interaction and coupling between physical and computational processes. Many CPS operate in safety-critical environments and have stringent certification, reliability, and correctness requirements. These systems undergo changes... (more)

Distributed Scheduling of Event Analytics across Edge and Cloud

Internet of Things (IoT) domains generate large volumes of high-velocity event streams from sensors, which need to be analyzed with low latency to... (more)

Cyber-Physical System for Energy-Efficient Stadium Operation: Methodology and Experimental Validation

The environmental impacts of medium to large-scale buildings receive substantial attention in research, industry, and media. This article studies the... (more)

OS-Aware Automotive Controller Design Using Non-Uniform Sampling

Automotive functionalities typically consist of a large set of periodic/cyclic tasks scheduled under a real-time operating system (OS). Many of the... (more)

RSimplex: A Robust Control Architecture for Cyber And Physical Failures

As the complexity of Cyber-Physical Systems (CPS) increases, it becomes increasingly challenging to ensure CPS reliability, especially in the presence of software and/or physical failures. The Simplex architecture is shown to be an efficient tool to address software failures in such systems. When physical failures exist, however, Simplex may not... (more)

Modeling and Detecting False Data Injection Attacks against Railway Traction Power Systems

Modern urban railways extensively use computerized sensing and control technologies to achieve safe, reliable, and well-timed operations. However, the... (more)

A Mobile Health System for Neurocognitive Impairment Evaluation Based on P300 Detection

A new mobile healthcare system for neuro-cognitive function monitoring and treatment is presented. The architecture of the system features sensors to... (more)

Towards the Emulation of the Cardiac Conduction System for Pacemaker Validation

The heart is a vital organ that relies on the orchestrated propagation of electrical stimuli to coordinate each heartbeat. Abnormalities in the... (more)

Closed-Loop Quantitative Verification of Rate-Adaptive Pacemakers

Rate-adaptive pacemakers are cardiac devices able to automatically adjust the pacing rate in patients with chronotropic incompetence, i.e., whose... (more)

A Cyber-Physical System to Improve the Management of a Large Suite of Operating Rooms

Cyber-physical systems have been deployed with considerable success in many industries. However, the... (more)

Formal Verification of Medical CPS: A Laser Incision Case Study

The use of robots in operating rooms improves safety and decreases patient recovery time and surgeon fatigue, but it introduces new potential hazards that can lead to severe injury or even the loss of human life. Thus, safety has been perceived as a crucial system property since the early days by... (more)


CFP: Special Issue on User-Centric Security and Safety for Cyber-Physical Systems
This special issue focuses on user-centric security and safety aspects of cyber-physical systems (CPS), with the aims of filling gaps between the user behaviour and the design of complex cyber-physical systems. For more information, visit the Special Issue webpage.

CFP: Special Issue on Human-Interaction-Aware Data Analytics for Cyber-Physical Systems
This special issue focuses on fundamental problems involving human-interaction-aware data analytics with future CPS. The aim of this special issue is to provide a platform for researchers and practitioners from academia, government and industry to present their state-of-the-art research results in the area of human-interaction-aware data analytics for CPS. For more information, visit the Special Issue webpage.

CFP: Special Issue on Self-Awareness in
Resource Constrained Cyber-Physical Systems

This special issue seeks original manuscripts which will cover recent development on methods, architecture, design, validation and application of resource-constrained cyber-physical systems that exhibit a degree of self-awareness. For more information, visit the Special Issue webpage.

CFP: Special Issue on Real-Time aspects in Cyber-Physical Systems
This special issue invites original, high-quality work that report the latest advances in real-time aspects in CPSs. Featured articles should present novel strategies that address real-time issues in different aspects of CPS design and implementation, including theory, system software, middleware, applications, network, tool chains, test beds, and case studies. For more information, visit the Special Issue webpage.

CFP: Special Issue on Transportation Cyber-Physical Systems
The aim of this special issue will be to feature articles on new technologies that will impact future transportation systems. They might span across vehicular technologies – such as autonomous vehicles, vehicle platooning and electric cars, communication technologies to enable vehicle-to-vehicle and vehicle-to-infrastructure communication, security mechanisms, infrastructure-level technologies to support transportation, as well as management systems and policies such as traffic light control, intersection management, dynamic toll pricing and parking management. In addition to terrestrial transportation, traffic control and autonomous management of aerial vehicles and maritime ships are also of interest. For more information, visit the Special Issue webpage.

About TCPS

Cyber-Physical Systems (CPS) has emerged as a unifying name for systems where the cyber parts, i.e., the computing and communication parts, and the physical parts are tightly integrated, both at the design time and during operation. Such systems use computations and communication deeply embedded in and interacting with physical processes to add new capabilities to physical systems. These cyber-physical systems range from miniscule (pace makers) to large-scale (a national power-grid). There is an emerging consensus that new methodologies and tools need to be developed to support cyber-physical systems.  READ MORE

Forthcoming Articles
Cross-Domain Noise Impact Evaluation for Black Box Two-Level Control CPS

Control Cyber-Physical System (CPS) is a major category of CPS. In control CPS, in addition to the well-studied noises within the physical subsystem, we are interested in evaluating the impacts of cross-domain noise: the noise that comes from the physical subsystem, propagates through the cyber subsystem, and goes back to the physical subsystem. Impact of cross-domain noise is hard to evaluate when the cyber subsystem is a black box, which cannot be explicitly modeled. To address this challenge, this paper focuses on two-level control CPS, a widely adopted control CPS architecture, and proposes an emulation based evaluation methodology framework. The framework uses hybrid model reachability to quantify cross-domain noise impact, and exploits Lyapunov stability theories to reduce the evaluation benchmark size. We validated the effectiveness and efficiency of our proposed framework on a representative control CPS testbed. Particularly, 24.1% of evaluation effort is saved using the proposed benchmark shrinking technology.

CSIP: A Synchronous Protocol for Automated Vehicles at Road Intersections

Road intersection management is one of the main challenging issues for safety, because intersections are a leading cause of traffic congestion and accidents. In fact, more than 44 % of all reported crashed in the U.S. occur around intersection areas, which, in turn, lead 8,500 fatalities and approximately 1 million injuries every year. With the expected self-driving vehicles, the question is whether high throughput can be obtained through intersections while keeping them safe. A spatio-temporal intersection protocol named the Ballroom Intersection Protocol (BRIP) was recently proposed in the literature to address this situation. Under this protocol, automated and connected vehicles arrive at and go through an intersection in a cooperative fashion with no vehicle needing to stop, while maximizing the intersection throughput. Though no vehicles run into one another under ideal environments with BRIP, vehicle accidents can occur when the self-driving vehicles have location errors and/or control system failure. In this paper, we present a safe and practical intersection protocol named the Configurable Synchronous Intersection Protocol (CSIP) that is a more general and resilient version of BRIP. CSIP utilizes a certain inter-vehicle distance to meet safety requirements against GPS inaccuracy and control failure. The inter-vehicle distances under CSIP are much more acceptable and comfortable to human passengers due to longer inter-vehicle distances that do not cause fear. With CSIP, the inter-vehicle distances can also be changed at each intersection to account for different traffic volumes, GPS accuracy levels, and geographical layout of intersections. Our simulation results show that CSIP never leads to traffic accidents even when the system has typical location errors, and that CSIP increases the traffic throughput of the intersections compared to common signalized intersections.

Real-Time Middleware for Cyber-Physical Event Processing

Cyber-physical systems (CPS) involve tight integration of cyber (computation) and physical domains, and both the effectiveness and correctness of a CPS application may rely on successful enforcement of constraints such as bounded latency and temporal validity subject to physical conditions. For many such systems (e.g., edge computing in the Industrial Internet of Things), it is desirable to enforce such constraints within a common middleware service (e.g., during event processing). In this article, we introduce CPEP, a new real-time middleware for cyber-physical event processing, with (1) extensible support for complex event processing operations, (2) execution prioritization and sharing, (3) enforcement of time consistency with load shedding, and (4) efficient memory management and concurrent data processing. We present the design, implementation, and empirical evaluation of CPEP and show that it can (1) support complex operations needed by many applications, (2) schedule data processing according to consumers' priority levels, (3) enforce temporal validity, and (4) reduce processing delay and improve throughput of time-consistent events.

Inferring Smart Schedules for Dumb Thermostats

Heating, ventilation, and air conditioning (HVAC) accounts for over 50% of a typical homes energy usage. A thermostat generally controls HVAC usage in a home to ensure user comfort. In this paper, we focus on making existing dumb programmable thermostats smart by applying energy analytics on smart meter data to infer home occupancy patterns and compute an optimized thermostat schedule. Utilities with smart meter deployments are capable of immediately applying our approach, called iProgram, to homes across their customer base. iProgram addresses new challenges in inferring home occupancy from smart meter data where i) training data is not available and ii) the thermostat schedule may be misaligned with occupancy, frequently resulting in high power usage during unoccupied periods. iProgram translates occupancy patterns inferred from opaque smart meter data into a custom schedule for existing types of programmable thermostats, e.g., 1-day, 7-day, etc. We implement iProgram as a web service and show that it reduces the mismatch time between the occupancy pattern and the thermostat schedule by a median value of 44.28 minutes (out of 100 homes) when compared to a default 8am-6pm weekday schedule, with a median deviation of 30.76 minutes off the optimal schedule. Further, iProgram yields a daily energy savings of 0:42kWh on average across the 100 homes. Moreover, the schedules generated from iProgram converge to optimal schedules within a couple of weeks for most homes. We also show that homeowners having multiple HVAC zones can utilize iProgram and potentially increase unconditioned times of less occupied parts of their homes by 70%. Utilities may use iProgram to recommend thermostat schedules to customers and provide them estimates of potential energy savings in their energy bills.

Physical Layer Key Generation: Securing Wireless Communication in Automotive Cyber-Physical Systems

Modern automotive Cyber-Physical Systems (CPS) are increasingly adopting wireless communications for Intra-Vehicular, Vehicle-to-Vehicle (V2V) and Vehicle-to-Infrastructure (V2I) protocols as a promising solution for challenges such as the wire harnessing problem, collision detection, and collision avoidance, traffic control, and environmental hazards. Regrettably, this new trend results in new security challenges that can put the safety and privacy of the automotive CPS and passengers at great risk. In addition, automotive wireless communication security is constrained by strict energy and performance limitations of electronic controller units and sensors. As a result, the key generation and management for secure automotive CPS wireless communication is an open research challenge. This paper aims to help solve these security challenges by presenting a practical key generation technique based on the reciprocity and high spatial and temporal variation properties of the automotive wireless communication channel. Accompanying this technique is also a key length optimization algorithm to improve performance (in terms of time and energy) for safety-related applications constrained by small communication windows. To validate the practicality and effectiveness of our approach, we have conducted simulations alongside real-world experiments with vehicles and RC cars. Lastly, we demonstrate through simulations that we can generate keys with high security strength (keys with 67% min-entropy) with up to 10X improvement in performance and 20X reduction in code size overhead in comparison to the state-of-the-art security techniques.

Anonymous, Fault-Tolerant Distributed Queries for Smart Devices

Applications that aggregate and query data from distributed client devices are of interest in many settings (smart buildings and cities, the smart power grid, mobile health). However, such devices also pose serious privacy concerns due to the personal nature of the data being collected. In this paper, we present an algorithm for aggregating data in a distributed manner that keeps the data on the devices themselves, releasing only sums and other aggregates to centralized operators. We offer two privacy-preserving configurations of our solution, one limited to crash failures and supporting a basic kind of aggregation; the second supporting a wider range of queries and also tolerating Byzantine behavior by compromised nodes. The former is quite fast and scalable, the latter more robust against attack and capable of offering full differential privacy for an important class of queries, but it costs more and injects noise that makes the query results slightly inaccurate. Other configurations are also possible. At the core of our approach is a new kind of overlay network (a superimposed routing structure operated by the endpoint computers). This overlay is optimally robust and convergent, and our protocols use it both for aggregation and as a general-purpose infrastructure for peer-to-peer communications.

Holistic Cyber-Physical Management for Dependable Wireless Control Systems

Wireless sensor-actuator networks (WSAN) is gaining momentum in industrial process automation as a communication infrastructure for lowering deployment and maintenance costs. In traditional wireless control systems the plant controller and the network manager operates in isolation, which ignores the significant influence of network reliability on plant control performance. To enhance the dependability of industrial wireless control, we propose a holistic cyber-physical management framework that employs run-time coordination between the plant control and network management. Our design includes a holistic controller that generates actuation signals to physical plants and reconfigures the WSAN to maintain desired control performance while saving wireless resources. As a concrete example of holistic control, we design a holistic manager that dynamically reconfigures the number of transmissions in the WSAN based on online observations of physical and cyber variables. We have implemented the holistic management framework in the Wireless Cyber-Physical Simulator (WCPS). A systematic case study has been presented based on two 5-state plants sharing a 16-node WSAN. Simulation results show that the holistic management design has significantly enhanced the resilience of the system against both wireless interferences and physical disturbances, while effectively reducing the number of wireless transmissions.

Guest Editorial: Special Issue on Medical Cyber-Physical Systems

A Dependable Time Series Analytic Framework for Cyber-Physical Systems of IoT-based Smart Grid

With the emergence of cyber-physical systems (CPS), we are now at the brink of next computing revolution. As one of the foundations for this CPS revolution, IoT (Internet of Things) based Smart Grid (SG) is defined as a power grid integrated with a large network of smart objects. The volume of time series of SG equipments is tremendous and the raw time series are very likely to contain missing values because of undependable network transferring. The problem of storing tremendous volume of raw time series thereby providing a solid support for precise time series analytics is now become tricky. In this paper we propose a dependable time series analytics (DTSA) framework for IoT based SG. Our proposed DTSA framework is capable of proving a dependable data transforming from CPS to target database with an extraction engine to preliminary refining raw data and further cleansing the data with a correction engine built on top of a sensor-network-regularization based matrix factorization (SnrMF) method. The experimental results reveal that our proposed DTSA framework is capable of effectively increasing the dependability of raw time series transforming between CPS and the target database system through the online light-weight extraction engine and the offline correction engine. Our proposed DTSA framework would be useful for other industrial big data practices.

Threat Analysis in Systems-of-Systems: an Emergence-oriented Approach

Cyber-physical Systems of Systems (SoSs) are large-scale systems made of independent and autonomous cyber-physical Constituent Systems (CSs) which may interoperate to achieve high-level goals also with the intervention of humans. Providing security in such SoSs means, among other features, forecasting and anticipating evolving SoS functionalities, ultimately identifying possible detrimental phenomena that may come into existence out of the interactions of CSs and humans. Such phenomena, usually called emergent phenomena, are often complex and difficult to capture: the first appearance of an emergent phenomenon in a cyber-physical SoS is often a surprise to the observers. Adequate support to understand emergent phenomena will assist in reducing both the likelihood of design or operational flaws, and the time needed to analyze the relations amongst the CSs, which always has a key economic significance. This paper presents a threat analysis methodology and a supporting tool aimed at i) identifying (emerging) threats in evolving SoSs, ii) reducing the cognitive load required to understand an SoS and the relations among CSs, and iii) facilitating SoS risk management by proposing mitigation strategies for SoS administrators. The proposed methodology, as well as the tool, is empirically validated on a Smart Grid case study by submitting questionnaires to a user base composed of 18 BSc and MSc students.

TORUS: Scalable Requirements Traceability for Large-Scale Cyber-Physical Systems

Cyber-Physical Systems (CPS) contain intertwined and distributed software, hardware and physical components to control complex physical processes. They are now finding wider application in smart grids, such as in addressing the increasingly complex communication and computation needs of substation protection functions. Due to the scale and complexity of the interactions that occur within CPS, tracing requirements through to the system components and software code that implement them is often hard. Existing requirements management systems do not scale well and traceability is difficult to implement and maintain in highly heterogeneous systems. However, the information traces provide is crucial for supporting testing and certification activities in safety-critical environments such as smart grids. The well-formed models of power systems provided by the IEC 61850 standard, and software design structure provided by the IEC 61499 Function Blocks standard, can be leveraged to automate many traceability operations. We present TORUS (Traceability Of Requirements Using Splices), a novel traceability framework for the development of large-scale safety-critical CPS. TORUS introduces splices, autonomous graph-based data structures that automatically create and manage traces between requirements and components through the inevitable changes that occur during system development. The formal, graph-based structure of TORUS lends itself well to the development of sophisticated algorithms to automate the extraction of useful traceability information such as historical records and metrics for requirements coverage and component coupling. By capturing not only the current state of the system but also historical information, TORUS allows project teams to see a much richer view of the system and its artifacts. We apply TORUS to the development of a protection system for smart grid substations. In addition, through a number of experiments in splice creation, modification and applying automated algorithms, we show that TORUS scales easily to large systems containing hundreds of thousands of requirements and system components, and millions of possible traceability links.

On Reliability Analysis of Smart Grids under Topology Attacks: A Stochastic Petri Net Approach

Building an efficient, smart, and multifunctional power grid while maintaining high reliability and security is an extremely challenging task, particularly in the ever-evolving cyber threat landscape. The challenge is also compounded by the increasing complexity of power grids in both cyber and physical domains. In this article, we develop a stochastic Petri net based analytical model to assess and analyze the system reliability of smart grids, specifically against topology attacks, and system countermeasures (i.e., intrusion detection systems and malfunction recovery techniques). Topology attacks, evolving from false data injection attacks, are growing security threats to smart grids. In our analytical model, we define and consider both conservative and aggressive topology attacks, and two types of unreliable consequences (i.e., system disturbances and failures). The IEEE 14-bus power system is employed as a case study to clearly explain the model construction and parameterization process. The benefit of having this analytical model is the capability to measure the system reliability from both transient- and steady-state analysis. Finally, intensive simulation experiments are conducted to demonstrate the feasibility and efficiency of our proposed model.

Accounting for Reliability in Unacknowledged Time-Constrained WSNs

Wireless sensor networks (WSNs) typically consist of nodes that collect and transmit data periodically. In this context, we are concerned with unacknowledged communication, i.e., where data packets are not confirmed upon successful reception. This allows reducing traffic on the communication channel --- neither acknowledgments nor retransmissions are sent --- and results in less overhead and less energy consumption, which are meaningful goals in the era of Internet of Things (IoT). On the other hand, packets can be lost and, hence, we do not know how long it takes to convey data from one node to another, which hinders any form of real-time operation and/or quality of service. To overcome this problem, we propose a medium access control (MAC) protocol, which consists in transmitting each packet at a random instant, but within a specified time interval from the last transmission. In contrast to existing approaches from the literature, the proposed MAC can be configured to meet reliability requirements --- given by the probability that at least one data packet reaches its destination within a specified deadline --- in the absence of acknowledgments. We illustrate this and other benefits of the proposed approach based on an detailed OMNeT++ simulation.

Extensive Analysis of a Real-Time Dense Wired Sensor Network Based on Traffic Shaping

XDense is a novel wired 2D-mesh grid sensor network system for application scenarios that benefit from densely deployed sensing (e.g. thousands of sensors per square meter). It was conceived for closed-loop cyber-physical systems (CPS) that require real-time actuation, like active flow control (AFC) on aircraft wing surfaces. XDense communication and distributed processing capabilities are designed to enable complex feature extraction within bounded time and in a responsive manner. In this paper we tackle the issue of deterministic behavior of XDense. We present a methodology allows using traffic shaping heuristics to guarantee bounded communication delays and the fulfillment of memory requirements. We evaluate the model for varied network configurations and workload, and present results on link utilization, queue size and execution time. With this comparative performance analysis of the traffic shaping heuristics, we demonstrate the effectiveness of running real-time applications on XDense.

Determining Timing Parameters for the Code Generation from Platform-Independent Timed Models

Safety-critical embedded systems often need to meet dependability requirements such as strict input/output timing constraints. To meet the timing requirements, the code generation (e.g., C code) from timed models needs to determine the timing parameters that indicate when the code has to perform I/O with its platform. We propose a novel framework to determine such timing parameters from platform-independent timed models. Our framework involves two transformations. The first transformation systematically extends the platform-independent model by explicitly modeling input/output processing (e.g., sampling or interrupt-based) and the code invocation (e.g., periodic or aperiodic) mechanisms. Then, we verify if the resulting platform-specific model meets the timing requirements. In the case that the resulting model does not satisfy the timing requirements, we apply the second transformation to compensate the platform delay via adjusting the timing parameters at the code level. We formulate the adjustment mechanism using integer linear programming. If such an adjustment is feasible, generating the code with the new timing parameters guarantees the implemented system to meet the timing requirements. We validate our framework with case studies running on Patient-Controlled Analgesia (PCA) infusion pump platforms.

All ACM Journals | See Full Journal Index

Search TCPS
enter search term and/or author name