Distributed Sense and Control Systems


Text Box:  Team and Organization
Motivation: Applications of truly distributed sense and control systems combining large numbers (100s to millions) of heterogeneous tightly interacting components range from energy and environmental management (e.g., power grid monitoring and control), traffic monitoring and control (e.g., the Nokia-Berkeley Bay Area cell-phone based traffic-monitoring experiment), autonomous vehicles and aircraft, to biomedical and health care systems. However, most of these applications come with a broad range of concerns in terms of intended and accomplished behavior, reliability (and liability), longevity and survivability, security, and constrained energy availability. These concerns are aggravated by the spatial separation of the components that requires control systems using communication networks to exchange information. While progress has been made over the years in the design of large-scale systems, we are far from having access to design methodologies and technologies that can provide guarantees on behavior and execution. Recent significant delays in the delivery of advanced aircraft both for civil and military use due to unexpected interactions of a large number of heterogeneous and strongly interdependent subsystems, the difficulties faced in designing nano-scale micro-systems and the necessity of reducing energy consumption expose the urgency of developing sense and control algorithms and architectures, methodologies, models and tools for the design of closed loop systems. The inherent fragility of large-scale distributed systems with respect to malfunctioning of their components as well as to malicious attacks requires the development and deployment of fault-tolerant techniques as well as novel trust and security concepts before catastrophic problems surface in systems such as the energy infrastructures in vehicles, buildings and regional grids. The issues with the design of complex systems are compounded by the lack of a clear set of metrics to optimize and of constraints to satisfy. More often than not designers rely on approximate, qualitative assessments obtained using experience and intuition, a strategy that worked in the past, when complexity was manageable. The need of identifying quantities that can be used to assess in rigorous ways the results of the design activity is now acute to prevent endless and prohibitively expensive re-cycles.

Vision: We envision a design process that will support the embedding of large numbers of unreliable, sporadically connected, dynamically reconfigurable computational nodes into an application domain, coupled with closed-loop control systems that react at appropriate timescales as events arise. The relevant timescale may vary by problem area, but all the areas we target have demanding reactivity constraints coupled with limited power, bandwidth, or communication topologies. Our focus on closed-loop scenarios differentiates this proposal from the research agenda of the sensor networks community while at the same time leveraging it; while sensor networks have been studied and deployed mostly for monitoring applications, we believe that the future will be about behavior control and autonomous operations that require closed loop systems (as is clearly visible in the research agenda of the large- and small-scale systems themes). Our contention is that the only way to address the challenges of distributed control and sensor multi-scale systems is to employ structured and formal design methodologies that seamlessly and coherently combine the various dimensions of the multi-scale design space, and that provide the appropriate design metrics augmented with methods for computing them unambiguously, and the abstractions, control algorithms and system architectures to manage the inherent complexity. We believe that this approach will form the necessary methodological infrastructure to develop and test innovative system architectures that address issues such as validation, reliability and long-term robustness, security and run-time resiliency, and guarantee functionality and efficient operation. The design of systems consisting of a multitude of components will be carried out with rigorous quantitative analysis of performance figures including energy consumption as an essential part while making sure that functionality is as expected.

This research forms the methodological scaffolding of the other MuSyC themes. As such it will drive, and be driven by, the energy-smart applications of the other themes (in the large and the small). While the primary focus of this theme will be on energy-metrics, its fundamental nature makes it possible to extend the results to multiple design issues in different industrial domains.

In this respect, avionics for modern aircraft serve as an excellent application for the technologies developed in this theme. Modern commercial and military aircraft are rapidly increasing in complexity and functionality, and have hundreds of IT components that interact to manage the flight control, environmental control and energy-generation subsystems. Together, these systems are responsible for maintaining highly reliable, agile and efficient operation of the aircraft and, increasingly, are part of an even larger system-of-systems consisting of the overall air traffic control systems (for commercial airspaces) or air operations center (for military systems). Future airborne systems that are designed to dynamically optimize their operational performance and energy efficiency rely on increased levels of complexity to coordinate energy flows within a vehicle as well as operational tasks across a fleet of vehicles (including combinations of manned and unmanned vehicles). To help set identifiable goals and quantifiable metrics, this theme will use large airborne platforms as the guiding case study in the development of its methodologies and techniques (in addition, of course, to the application drivers of the large-scale and small-scale systems themes.

Measures of Success. As in all efforts that involve improving the state-of-the-art in methodology and tools, measuring the success of the research listed in this Theme is a challenge. In EDA, there is still debate as to how much productivity improvement design tools have produced even though by now, no one questions that the impact was great. By the same token, the benefits of platform-based design as developed by the GSRC team have not been easy to measure albeit there is a general consensus that this methodology is impacting the industry in a major way. Nevertheless, the SCS Theme has made an effort to provide metrics to assess success in its endeavors. The metrics related to design time and quality will have to be computed defining the conditions for the test, which will have to involve either legacy designs or new designs but where the comparison is carried out with past designs of similar characteristics.


Measures of Success and Outcomes


Partially-ordered models of time that are robust and distributed; Demonstration of multiple coexisting time scales on models of physical dynamics; Definition of energy-centric semantic annotations; Definition of timing repeatability metric; Algorithms to generate quantitative models (so that the accuracy of prediction improves super-linearly with the number of steps of the algorithm.

Verification and Diagnostics

Algorithms to either prove that the system is correct or generate a test plan that demonstrates how the quantitative property is violated; these algorithms will scale to > 10X larger systems than possible with current verification methods; Heterogeneous simulation technologies for multi-scale physical dynamics that can handle 10X more complex cyber-physical systems; Localize the source of a failure with low false alarm rate (< 5%) and using polynomially-many steps. Testing tools to compute coverage metrics for semantic annotations and energy usage.

Distributed Control

Increased efficiency of operations through at least 20% better manage ment of power. Communication architectures with low energy consumption while improving by 10X the speed of distributed control algorithms for multiple tasks.

Trust and Security

Incorporation of physical-layer security and authentication mechanisms at multiple scales allowing >10X resiliency to a set of common attacks, while expending no more than 2% higher energy and scaling to >10X larger systems than possible with current software-only security methods. Dynamic establishment of trusted nodes enabling UCS for all distributed control and operation schemes, with less than 5% communication overhead, less than 2% additional energy consumption, capable of maintaining >80% performance despite the existence of >35% corrupt nodes or agents.

Distributed Architectures

Overall 2X improvement in performance and reliability of the system and 50% decrease in design time to achieve these results.

Avionics Systems

Reduction of the development time by 2X required for design, implementation and verification of complex, distributed control systems through the increased use of formal methods for specification, design and verification. Reduction of the number of fault conditions by 2X that require the system to be taken out of service for inspection or repair, through the increase used of onboard models and dynamic reconfiguration to provide enhanced fault tolerance.

The team consists of world-renowned experts in distributed control, sensor network design, system level design methodologies, tools and models including verification, simulation and synthesis, security and design-space exploration. In tune with the nature of this theme, we will connect and interact closely with other FCRP centers including Platforms (GSRC), Connectivity (IFC) and Modules and Circuits (C2S2).


767 Electric Power System Modeling in SysML by John Finn, Mohammad Mostafizur Rahman Mozumdar, Alberto Sangiovanni Vincentelli, University of California, Berkeley, Ver.02, April 19, 2011.


This document provides a preliminary description for SysML modeling of the 767 electrical power system, a part of the design methodology to the MuSyC/DSCS avionics challenge problem. It starts with a short overview of the aircraft’s electric power system and then highlights the components that have been modeled. Rational Rhapsody is used as a SysML modeling interface.

Copyright 2011