[论文解读] Compositional Cyber-Physical Systems Theory
本文提出了一种基于范畴论的组合式信息物理系统理论,通过形式化统一并验证不同建模层级(需求、行为、架构)之间的关系,实现经验证的垂直组合。通过将系统建模为布线图上的代数结构,并应用范畴论构造(如Yoneda引理),该理论建立了一个严格的框架,以通过合约确保安全性,并通过攻击建模实现安全性,最终实现复杂、关键安全系统在数学上可靠的组合。
A major impedance to engineering safe and secure cyber-physical systems is the lack of formal relationships between different types of models necessary for design. These various models are necessary because of the coupled physical and computational dynamics present in cyber-physical systems as well as the different properties system designers want to assure about a system. Each of the individual models has a set of rules describing what operations are allowed and which are not, including how to compose elements together in a way that is correct. These can mathematically be seen as algebras. However, the algebras in the engineering of correct and complete requirements, the specification and validation of dynamical behavior, and the identification of software and hardware architectures to carry out the necessary functions are distinct and can potentially lead to designing-in hazardous behavior in safety critical cyber-physical systems. This dissertation builds a compositional cyber-physical systems theory to develop concrete semantics relating the above diverse views necessary for safety and security assurance. In this sense, composition can take two forms. The first is composing larger models from smaller ones within each individual formalism of requirements, behaviors, and architectures which can be thought of as horizontal composition—a problem which is largely solved. The second and main contribution of this theory is vertical composition, meaning relating or otherwise providing verified composition across requirement, behavioral, and architecture models and their associated algebras. In this dissertation, we show that one possible solution to vertical composition is to use tools from category theory. Category theory is a natural candidate for making both horizontal and vertical composition formally explicit because it can relate, compare, and/or unify different algebras. Ultimately, category theory reframes the problem of abstraction, either in the management of mathematical structures or system models by positioning a problem in its most natural domain. Category theory does not model the internal structure of the objects it acts upon. Instead, a categorical formalism perceives an object through its relationships with other objects and not by what the object is individually. Indeed, in this context we focus on abstraction, which we see as determining only what is essential in each layer of a given model. This allows us to talk about how things are related instead of focusing on how things are. This mindset as applied to systems theory gives rise to a circumspection of the system where we do not examine a system by its individual elements but by looking at the compositional structure of the system, which includes both the individual constituents and their interconnections. This is all to say that through compositional cyber-physical systems theory we can give concrete meaning to abstraction and refinement in cyber-physical system models, which can assist with the specification (and eventual validation) of increasingly complex systems. Using this relational understanding of modeling we formalize categorically behavior and architecture using the systems as algebras framework, where boxes are subsystems and wires are connections between subsystems. This is a two step process. First we define the interface of each box as well as the way in which the boxes ought to be interconnected to compose the total system. Second, we assume a behavioral formalism for each box that is congruent with the behavior of other boxes based on the way they are interfaced and connected. We apply this framework to safety through the means of contracts and to security through the means of tests and actions. Finally, we show how these different algebras and categorical structures can be used to mathematically implement verified composition.
研究动机与目标
- 。该研究解决了信息物理系统工程中异构系统模型之间缺乏正式且经验证关系的问题。
- 旨在克服安全与安全保证中所用不同建模形式化方法之间的阻抗失配问题。
- 目标是开发一种统一的组合理论,以实现跨建模层级的经验证垂直组合。
- 旨在使用范畴语义形式化系统模型中的抽象与细化。
- 目标是通过数学上严谨的组合方法,支持设计日益复杂、安全且可信的信息物理系统。
提出的方法
- 。本文使用范畴论作为基础框架,以关联表示系统需求、行为和架构的不同代数结构。
- 它将系统建模为范畴W上的代数结构,其中盒子表示子系统,导线表示连接。
- 行为模型通过W上的代数结构形式化,包括Moore机、线性时不变系统以及组合状态空间模型。
- 安全性通过静态、独立的合约形式化,且与子系统的范畴组合兼容。
- 安全性通过Yoneda引理建模,将攻击者学习(探索)与劫持(利用)形式化为范畴中的态射。
- 该框架通过确保行为与架构模型与其接口和连接在范畴结构下保持一致,实现经验证的组合。
实验结果
研究问题
- RQ1。如何在信息物理系统的不同建模形式化方法之间建立正式关系,特别是跨需求、行为与架构之间?
- RQ2哪些范畴结构能够实现跨不同抽象层级的系统模型的经验证垂直组合?
- RQ3如何通过与组合式系统设计兼容的合约,正式保证安全性?
- RQ4如何使用范畴推理对安全性态势进行建模与分析,特别是从攻击者行为的角度?
- RQ5范畴论能否为系统建模中的抽象与细化提供统一的语义?
主要发现
- 。本文证明了范畴论为实现系统建模层级之间的垂直组合提供了自然且形式化的框架。
- 它表明布线图以及范畴W上的代数结构能够以保持组合正确性的方式建模系统行为与架构。
- Yoneda引理被应用于将攻击者学习与利用形式化为态射,从而实现对安全性态势的范畴理解。
- 安全合约被形式化为与系统组合兼容的代数结构,确保子系统间的一致性与正确性。
- 该框架通过确保行为与架构模型与其接口和连接保持一致,实现经验证的组合。
- 该方法为抽象与细化提供了具体的语义,使得能够对日益复杂的信息物理系统进行规格说明与验证。
更好的研究,从现在开始
从论文设计到论文写作,大幅缩短您的研究时间。
无需绑定信用卡
本解读由 AI 生成,并经人工编辑审核。