Demo Abstract: Contract-based Hierarchical Resilience Framework for Cyber-Physical Systems

This demonstration presents a framework for building a resilient Cyber-Physical Systems (CPS) cyber-infrastructure through the use of hierarchical parametric assume-guarantee contracts. A Fischertechnik Sorting Line with Color Detection training model is used to showcase our framework.


page 1

page 2


Automatic Generation of Hierarchical Contracts for Resilience in Cyber-Physical Systems

With the growing scale of Cyber-Physical Systems (CPSs), it is challengi...

Contract-based Hierarchical Resilience Management for Cyber-Physical Systems

Orchestrated collaborative effort of physical and cyber components to sa...

Next Generation Resilient Cyber-Physical Systems

Cyber-Physical Systems (CPS) consist of distributed engineered environme...

On Critical Infrastructures, Their Security and Resilience - Trends and Vision

This short paper is presented in observance and promotion of November, t...

Advanced Symbolic Time Series Analysis in Cyber Physical Systems

This paper presents advanced symbolic time series analysis (ASTSA) for l...

Governance Autonomy: Towards a Governance-based Analysis of Autonomy in Cyber-Physical Systems-of-Systems

One of the main challenges in integrating Cyber-Physical System-of-Syste...

An Ontological Metamodel for Cyber-Physical System Safety, Security, and Resilience Coengineering

System complexity has become ubiquitous in the design, assessment, and i...

1. Introduction

Industry 4.0 (of Education and Research, ) has garnered much interest in the manufacturing industry to create smart factories. This move towards smart factories requires incorporating more computational devices for decentralized decision-making and more sensors on the factory floors. The availability of more data provides better transparency in making the appropriate decisions during runtime and for fault recovery. With all of these devices interconnected, a robust networking infrastructure becomes crucial for system monitoring and ensuring the availability and timely arrival of priority packets.

Disruptions to the above cyber-infrastructure due to faults will be of severe consequence and thus there is a need for a resilient infrastructure. As these manufacturing systems become increasingly complex with distributed infrastructure, it also becomes harder to develop and maintain large amounts of application as well as fault handling code.

To overcome these problems, we propose our Contract-based Hierarchical Resilience Framework for Cyber-Physical Systems as shown in Figure 2. Our framework consists of system components (e.g. sensors, actuators and controllers), Resilience Managers (RM) and observers (Andalam et al., 2018). We use assume-guarantee contracts (Benveniste et al., 2012) to capture the guarantees provided by system components (i.e., requirements) which are monitored by observers during runtime. Deviations from these guarantees trigger a fault by the observers and this is reported to the RM associated to it. A set of contracts is managed by an RM in the framework and the RM decides on the recovery response. The RMs and contracts are also structured in a hierarchy and we use parametric assume-guarantee contracts (Kim et al., 2017) to allow for scalability and to reduce communication overheads between RMs (Haque et al., 2018). The recovery response depends on the combination and extent of contract violations; an RM may either respond by changing contract parameters (i.e., modify and hence potentially degrade component performance) or propagating the fault to a higher level RM. With a hierarchy, we can decompose contracts into sub-contracts which allow for independent lower-level decision-making by the RMs. This hierarchy also enforces a strict coordination protocol among the RMs when recovery solutions cannot be found at lower levels. Further details of this framework can be obtained from related publications (Andalam et al., 2018; Haque et al., 2018).

Figure 1. Hierarchical Contract-based Resilience Framework
Figure 2. Fischertechnik Sorting Line with Colour Detection
Figure 1. Hierarchical Contract-based Resilience Framework

2. Demonstrator

We illustrate our resilience framework on a Fischertechnik Sorting Line with Color Detection training model as shown in Figure 2.

It has two light sensors (, ), a color sensor, a conveyor belt, three ejectors and three bins for token storage. A motor controller (MC) regulates the belt’s rotation and a pulse counter (PC) tracks the belt’s steps. Tokens are placed on the conveyor belt at and it goes through the color sensor, triggered by the color processor (CP). A decision-making component, a bin selector (BS), determines the color of the token and sends the information to the ejector controller (EC). The EC then determines when to eject the token into its designated bin. This inter-component dependency creates an end-to-end latency requirement from the start where is located, to the end where the bin resides. The operation flow of the testbed and its latency requirement are illustrated in Figure 3.

A fault could lead to a longer computation time of a component, violating its latency contract. As a result, the end-to-end latency requirement may no longer be satisfied. In our case study in (Andalam et al., 2018), the ejector failed to push the token into the designated bin as the PC component was unable to meet its latency requirement of 10ms, resulting in a delay of providing an accurate step reading of the conveyor belt to EC. The resilience manager’s recovery response was to change the behavior of PC to shorten its response time, rectifying the fault. In (Haque et al., 2018), components CP, BS or EC each have a latency contract to guarantee their response times. When faults occur, leading to longer computation times, our resilience framework could rectify this problem by adjusting multiple contracts’ latency parameters at runtime. This ensures that the end-to-end requirement is once again satisfied. In this scenario, the higher level RM may choose to reduce the conveyor belt’s speed to satisfy the end-to-end timing requirement, whenever the underlying fault is significant. However, because of the flexibility offered by the contract hierarchy, it is also possible that this RM is able to compensate for a timing fault in one component using slack from another, thus avoiding this degradation in some cases.

Figure 3. Operation flow

The testbed is coupled with four Raspberry Pi 3s (RPIs) shown in Figure 4 which serve as the computational devices for the five components mentioned. The software implementation of the resilience framework, as well as the sorting line application is done on 4DIAC (Zoitl et al., 2013)

, an open source framework for industrial automation and control that follows the IEC 61499 standard 

(Zoitl, 2008). It provides a development environment shown in Figure 5 which has the function blocks for the CP component as well as a runtime environment FORTE which runs on the RPIs. The lower three pink function blocks shown belongs to the Resilience Manager; the top left block represents the application logic and the rightmost block shows the observer. This arrangement allows for segregation between application code and fault handling code, thus enabling systematic development. Communication between function blocks is handled through the use of an in-built Publisher/Subscriber mechanism where the RPIs are interconnected using an Ethernet network switch.

Figure 4. Computation Nodes
Figure 5. 4DIAC Integrated Development Environment
This research work under project SLI-RP4 was conducted within the Delta-NTU Corporate Lab for Cyber-Physical Systems with funding support from Delta Electronics Int’l (Singapore) Pte. Ltd. and the National Research Foundation (NRF) Singapore under the CorpLab@University Scheme.


  • S. Andalam, D. J. X. Ng, A. Easwaran, and K. Thangamariappan (2018) CLAIR: a contract-based framework for developing resilient cps architectures. In 2018 IEEE 21st International Symposium on Real-Time Distributed Computing (ISORC), Vol. , pp. 33–41. External Links: Document, ISSN 2375-5261 Cited by: §1, §2.
  • A. Benveniste, B. Caillaud, D. Nickovic, R. Passerone, J. Raclet, P. Reinkemeier, A. Sangiovanni-Vincentelli, W. Damm, T. Henzinger, and K. G. Larsen (2012) Contracts for System Design. Research Report Technical Report RR-8147, INRIA. External Links: Link Cited by: §1.
  • M. S. Haque, D. J. X. Ng, A. Easwaran, and K. Thangamariappan (2018) Contract-based hierarchical resilience management for cyber-physical systems. Computer 51 (11), pp. 56–65. External Links: Document, Link, ISSN 0018-9162 Cited by: §1, §2.
  • E. S. Kim, M. Arcak, and S. A. Seshia (2017) A small gain theorem for parametric assume-guarantee contracts. In Proceedings of the 20th International Conference on Hybrid Systems: Computation and Control, pp. 207–216. Cited by: §1.
  • [5] F. M. of Education and Research ()(Website) External Links: Link Cited by: §1.
  • A. Zoitl, T. Strasser, and G. Ebenhofer (2013) Developing modular reusable iec 61499 control applications with 4diac. In 2013 11th IEEE International Conference on Industrial Informatics (INDIN), Vol. , pp. 358–363. External Links: Document, ISSN 1935-4576 Cited by: §2.
  • A. Zoitl (2008) Real-time execution for iec 61499. ISA. External Links: ISBN 1934394270, 9781934394274 Cited by: §2.