This paper presents a systemofsystems (SoS) approach to the formal modeling of a cyberphysical system (CPS) for simulationbased analysis. The approach is based on a convergence technology for modeling and simulation of a highly complex system in which SoS modeling methodology, hybrid systems modeling theory, and simulation interoperation technology are merged. The methodology maps each constituent system of a CPS to a disparate model of either continuous or discrete types. The theory employs two formalisms for modeling of the two model types with formal specification of interfaces between them. Finally, the technology adapts a simulation bus called DEVS BUS whose protocol synchronizes time and exchange messages between subsystems simulation. Benefits of the approach include reusability of simulation models and environments, and simulationbased analysis of subsystems of a CPS in an interrelational manner.
I. Introduction
A cyberphysical system (CPS) is an integration of physical subsystems together with computing and networking
[1]
. It can be seen as an intelligent realtime distributed monitoring and control system with multiple feedback loops. Since disparate physical and cyber subsystems of a CPS are in operational independence, a CPS is a system of systems (SoS). From the point of view of system taxonomy, physical subsystems can be either continuous or discrete dynamic systems; computation subsystems are discrete dynamic systems. Thus, a CPS itself is a hybrid dynamic system. Since a CPS is a hybrid dynamic SoS, the analysis of its behavior and performance with either formal or informal models is highly complex. Being done by interaction between disparate subsystem models, a simulationbased technique may be more advantageous than formal methods in the analysis.
This paper presents an SoS approach to formal modeling of CPSs for simulationbased analysis. The approach first maps each subsystem of computation or physical process in a CPS to an independent model, which is similar to the SoS concept. Then, it provides an interface between component models for their interaction. Thus, a set of component models in either continuous or discrete dynamics along with their interfaces constitutes a hybrid model. To be unified in a model representation of continuous and discrete dynamic models, we employ the systemtheoretic view in the specifications of both models. More specifically, the view represents a system model in three sets (namely, input, output, and state) and associated operations (namely, state transition function/equation, and output function/equation).
With the proposed modeling approach, simulation of the hybrid model would be done by interoperation between simulators, each being associated with a disparate component model. Each simulator interprets formal semantics for the model. Interoperation between simulators can be performed via DEVS BUS
[2]
, which may be implemented in a standard simulation middleware of HLA/RTI
[3]
–
[5]
. The main advantage of simulation interoperation is reusability of modeling and simulation (M&S) environments for continuous and discrete event dynamic systems. Moreover, analysis of CPSs in simulation interoperation would be done based on independent subsystems. Indices for a computation model are a function of the variables contained within, with variable parameters in the physical process model; and vice versa. We call such an analysis a joint analysis, because indices for the computation and physical process models are related to each other; thus, they should be analyzed in a joint manner.
The remainder of this paper is organized as follows. The next section presents types of systems and modeling formalisms. Section III describes the simulationbased analysis of complex systems such as CPSs. Sections IV, V, and VI present our approach to the formal modeling of a CPS as an SoS and associated concepts of simulation interoperation using DEVS BUS. A case study is shown in Section VII. Finally, a conclusion is drawn in Section VIII.
II. Types of Systems and Modeling Formalisms
Systems M&S processes vary according to the types of systems and modeling objectives. The state of a system can be either continuous or discrete — a factor that can change over time.
Table 1
shows the systemtheoretic view of the input, state, and output of a system with continuous, discrete, and hybrid dynamics.
Types of systems: CS, discrete event system (DES), and hybrid system (HS = CS + DES).
 Input  State  Output  Example  Modeling formalism 
HS (CS+DES)  CS     Continuous physical process (e.g. variation of temperature)  Differential equation 
DES  Timebased     Computation at H/W level  See Fig. 1 
Eventbased     Computation at S/W level 
A continuous (dynamic) system is one that is operating in continuous time and in which its input, state, and output variables are all real values. Examples of a continuous system (CS) include analog circuits/systems, vehicle dynamics, and continuous physical processes in a CPS such as variation of temperature.
A discrete (dynamic) system is one that changes its state in a piecewise constant manner by either timebased or eventbased time advances. Input, state, and output variables of the system are all discrete values. Viewing timebased advances as a special case of eventbased advances, we classify a discrete system as a discrete event (dynamic) system. Examples of a discrete system include digital systems for timebased, communication networks for eventbased, and CPS computation at the H/W level (that is, digital system) for timebased and at the S/W level (that is, algorithm) for eventbased. A hybrid (dynamic) system is a combination of continuous and discrete (dynamic) systems. A typical example of a hybrid system includes a CPS in which a computation subsystem is a DES and a physical subsystem is a CS. Of course, a physical subsystem of a CPS may be a DES, such as a flexible manufacturing process. The physical process in combination with the computation of intelligent decisionmaking, constitutes a CPS that can be classed as a DES.
The representation of systems may be formal or informal. Informal models depend on a modeler’s views and experiences of systems. One of the main problems of informal modeling is the lack of mathematical semantics. Thus, such models should not be employed in the modeling of complex systems such as CPSs. On the other hand, formal modeling should be based on sound semantics, called formalisms, to specify the model’s behavior without incompleteness or ambiguity.
The process of modeling formalisms in CS and DES differs depending on the type of system. This is due to the heterogeneous types of input, output, and state variables of the two types of systems. Although modeling formalisms for CS relies on differential equations, a variety of formalisms have been employed in DES modeling. This is mainly because each formalism has its own semantics, which is convenient for modelers to express their domainspecific system to be modeled. Furthermore, such semantics are based on different mathematical bases.
Figure 1
summaries such formalisms along with their mathematical bases.
Math formalisms for DES modeling [communication sequential process (CSP), calculus of communicating system (CCS), generalized semiMarkov process (GSMP), finite state machine (FSM), and petri net (PN)].
III. SimulationBased Analysis of Complex Systems
Analysis of complex systems, such as CPSs, should be performed for the whole life cycle of a system, ranging from the design phase to the operational/maintenance phase. The purpose of such analysis should be design/correctness verification and performance/effectiveness evaluation. In general, a system model for behavioral analysis and that for performance analysis do not have to be the same. Accordingly, formal models for the two may be different, as is also shown in
Fig. 1
. Note that behavioral analysis with formal models should be done either by formal methods or by simulation, but performance analysis should be done mainly by simulation.
The main advantage of formal methods, such as the checking of models
[18]
–
[19]
and the proving of theorems
[20]
–
[21]
, for behavior analysis is completeness — in the sense of the formal methods’ coverage of the verified state trajectories of a system model. However, formal methods are not practically applicable to a largescale SOS such as a CPS, due to the cost in both time and space for a complete exploration of the state space of the system model. It is known that formal methods are applied to the correctness/design verification of hardware (in most advanced industries) and moderately sized software (in academia). Moreover, formal methods have limitations in performance analysis, for which simulation is the most suited. This is why the proposed method employs simulationbased analysis as opposed to formal methods.
Simulation is a process to execute a formal model, in which a predefined input scenario is given and a corresponding output is observed. Thus, a range of input scenarios is limited to the coverage of state trajectories of the model under simulation. Simulation of a formal model requires simulation algorithms, or simulation engines, which may not be unique for a given formal model. A main function of any simulation engine is to interpret the semantics of a model, which is divided into three subfunctions — namely, execution of each component (model), time synchronization, and data exchange between components. Thus, each formal model has to have its own simulation engine to interpret the semantics specific to the model.
Consider a CPS model that has a collection of component models in different semantics, which is very natural in CPS modeling. Then, CPS simulation would require a collection of local simulation engines, whereby each of which would have to interpret an associated component model. Moreover, the simulation needs to coordinate all of the local simulation engines, for which time synchronization and data exchange between them are necessary
[22]
. Alternatively, a CPS model may be specified by a unified set of semantics, which is applicable to all component models. In such a case, a simulation engine may be enough to interpret the semantics
[23]
. The latter is a singlesystem M&S approach; the former is an SoS M&S approach, which will be discussed in the next section.
IV. Convergence Technology for CPS M&S
 1. CPS as Hybrid SoS
A CPS has two basic components: physical process and computation.
Figure 2
shows various logical coupling structures of such components to form a CPS. A CPS implementation would map such structures in a physical network in an appropriate manner.
Figure 3
shows one such mapping of a CPS in a networkcentric SoS. Such a CPS interconnects CPSs and components of CPSs via networks, each of which is considered to be independent and disparate, yet they should work together to achieve a common goal
[24]
–
[27]
. Note that computations and physical processes may be either centralized or distributed.
Coupling structure of C and P in CPS.
CPS as networkcentric SoS.
A CPS is an HS with diverse subsystems of heterogeneous type
[28]
.
Figure 4
shows the types of such subsystems. Formal modeling of these subsystems requires clear, welldefined semantics that are specialized enough to represent their behavior. Whereas differential equations are used for CS modeling, various formalisms are in existence for DES modeling (see
Fig 1
). Formalisms for the modeling of an HS should have sound semantics to specify both CS and DES dynamics, and interfaces between them.
CPS system types in modeling view: (a) hybrid CPS and (b) DES CPS.
Several efforts have been made in the field of modeling and simulation of HS. Basically, two approaches are possible from the point of view of a number of formalisms used in modeling.
Figure 5
summarizes the concepts and features of the two approaches. The first approach employs a formalism that represents a mixture of continuous and discrete event dynamics
[29]
–
[31]
. As shown in
Fig. 5(a)
, this approach should have a new tool to support modeling and simulation of HSs using the formalism. Examples of this particular approach with associated tools include MATLAB/Simulink, Ptolemy II
[32]
, AnyLogic
[33]
, and PowerDEVS
[34]
. One of the main hurdles for domainspecific simulation practitioners wishing to use this approach is the difficulty in understanding the semantics for the formalism.
HS modeling approaches: (a) use of a unified formalism and (b) use of two formalisms.
The remaining approach employs two formalisms with interfaces between them — one for continuous models, and the other for discrete event models (as shown in
Fig. 5(b)
). Unlike the first approach, this approach aims to explicitly separate different types of dynamics in different formalisms. However, a simulation approach may not be unique. One approach simulates continuous and discrete event models with appropriate interfaces in an environment
[35]
–
[36]
. The other approach simulates the two models in a set of interoperable environments in which each model is simulated by its own environment and is capable of communicating with the other model
[37]
–
[38]
. Note that the former reuses only models and that the latter reuses both models and simulation environments. Of course, both approaches need to define formal semantics for interfaces, which will be presented later.
 2. Joint Analysis of CPS Subsystems
Constituent systems of CPSs perform disparate functions of their own to achieve a given CPS goal
[39]
–
[40]
. Thus, analysis of CPSs should be done in such a way that a computation system is analyzed as a function of a physical system, and vice versa. We call such an analysis a joint analysis for an SoS, as opposed to a single analysis for systems
[41]
.
Figure 6
shows the differences between single analysis and joint analysis with a modeling and simulation process. Associated with single analysis is a conventional modeling and simulation approach in which a modeler views a complex system as one (Approach I in
Fig. 6
). In the approach, an analysis should be carried out either for computation or for physical process.
Analysis view of CPS: single analysis vs. joint analysis (taken from [41]).
On the other hand, joint analysis employs a set of disparate simulations, each of which simulates its own constituent system in an independent manner. Thus, an appropriate experimental design for simulation allows modelers to measure analysis indices for one subsystem model with the parameters of another. For example, the performance of a computation (or physical process) subsystem is measured by simulating a computation model while simulating a physical process (or computation) model with various parameters (Approach II in
Fig. 6
). Joint analysis is effective when one is interested in the analysis of a constituent system with a function of parameters for another constituent system
[42]
.
 3. Overview of Proposed Approach
We are now ready to propose our approach to CPS modeling for simulationbased analysis. As described earlier, CPS modeling is closely related to such perspectives as SoS modeling, hybrid modeling formalism, and joint analysis. Although each of these three perspectives has been studied rigorously in its field, requirements for CPS modeling cannot be attained by one perspective alone. Taking the three perspectives into consideration, we propose an approach to CPS modeling (see
Fig. 7
).
Proposed convergence approach to CPS M&S.
As shown in the figure, our approach in SoS modeling is to employ different formalisms for the modeling of disparate, constituent systems. Accordingly, our approach to hybrid modeling is explicit separation of continuous and discrete event models with sound interfaces. Finally, simulation of hybrid models is done by simulations interoperation in which continuous models, and that for discrete event models, are simulated in their own environment. The M&S approach allows one to perform a joint analysis of a CPS in which the analysis of subsystems is done interrelationally.
V. Formal Specification of CPS Model
The proposed approach to the formal modeling of a CPS requires mathematical semantics for continuous models and discrete event models, as well as coupling schemes between them.
Figure 8
shows a systemtheoretic approach to the modeling of a system where continuous and discrete event dynamics are modeled in a unified view. The view is unified in that a model is represented by three sets (namely, input, output, and state) and operations on them (called state equation and output equation). Once a model is defined by the three sets and their respective associated operations, it should be refined to appropriately represent continuous and discrete event dynamics.
Systemtheoretic modeling of dynamic system.
More specifically, the types of input, output, and state sets for a continuous model are all given in terms of real values; those for a discrete event model are all discrete (ranged) values. Accordingly, operations on the three sets for a continuous model are specified by a differential equation; those for a discrete event model are specified by a DEVS equation. Note that in
Fig. 8
the state equation (2) in the DEVS equation for a discrete event model is a quantized form of that of the differential equation (1) in a continuous model. Likewise, output equations for the differential equation and the DEVS equation have the same form. Although
Fig. 8
shows linear state/output equations for a CS, it may have nonlinear dynamics represented by nonlinear differential equations.
Note that the state equation (1) of a linear differential equation model has the form d
Q
/ d
t
=
AQ
(
t
) +
BX
, where d
Q
/ d
t
=
AQ
(
t
) represents a state transition with no input and d
Q
/ d
t
=
BX
represents a state transition with an external input. Discrete forms corresponding to d
Q
/ d
t
=
AQ
(
t
) and d
Q
/ d
t
=
BX
are
q
′ =
δ
_{int}
(
q
) and
q
′ =
δ
_{ext}
(
q
,
x
) , in the DEVS equations, respectively. Such a correspondence is natural because both the differential equation and DEVS equation are based on systemtheoretic representation in system modeling. Recall that
Fig. 1
listed a variety of formalisms for modeling DES. However, only DEVS formalism corresponds to the differential equation model in the systemtheoretic state transition representation. Moreover, DEVS formalism should be applicable to both behavior and performance analysis using simulation.
DEVS formalism specifies DES in a hierarchical modular manner. The formalism has two classes — atomic model and coupled model. An atomic model represents state transition and output for a DES at a nondecomposable level. The DEVS equation shown in
Fig. 8
is an equation form of an atomic model. A coupled model represents how models of atomic or coupled are coupled together to construct another model in a hierarchical form. The DEVS formalism itself is not the main topic of this paper. Details for the formalism can be found in
[43]
.
An overall CPS model requires the specification of a coupling scheme that describes how one model is connected to the other. The scheme specifies a map from an output of a model to an input of another. The system coupling scheme (SCS) includes internal coupling (IC), external input coupling (EIC), and external output coupling (EOC) relations. These relations were adopted by DEVS coupledmodel semantics, which do not consider the heterogeneity of input and output types.
Figure 9
shows the semantics for the interfaces for all possible cases to couple between a discrete event model and a continuous model.
Formal specification of data conversion interface.
We now present the proposed formalism for CPS modeling.
 1. Formal Specification of CPS Model

MCPS= .

X=Xdisc∪Xcont: a set of hybrid inputs.

Xdisc: a set of discrete event inputs.

Xcont: a set of continuous inputs.

Y=Ydisc∪Ycont: a set of hybrid outputs.

Ydisc: a set of discrete event outputs.

Ycont: a set of continuous outputs.

M=MDES∪MCS∪MHS: a set of all component models.

MDES: a set of discrete event models.

MCS: a set of continuous models.

MHS: a set of hybrid models.

SCS⊆(IC∪EIC∪EOC) × IF: system coupling scheme.

IC⊆∪Mi.Y× ∪Mj.X: internal coupling relation.

EIC⊆(Xdisc×∪MDESi.X) ∪ (Xcont×∪MCSi.X) ∪ (X×∪MHSi.X): external input coupling relation.

EOC ⊆ (∪MDESi.Y×Ydisc) ∪ (∪MCSi.Y×Ycont) ∪ (∪MHSi.Y×Y): external output coupling relation.

IF ∈ {fEE,fSS,fSE,fES}: data conversion interface.
 2. Formal Specification of Interface (IF)

IF ∈ {fEE,fSS,fSE,fES}.

∑ =Xdisc∪Ydisc: a set of discrete events.

Ω: a set of time segment functions (intput and output ofMCSin time interval).

fEE: event to event interface.

fSS: signal to signal interface.

fSE: signal to event interface.

fES: event to signal interface.

SeeFig. 9.
 3. Formal Specification of CS (MCS)

MCS= .

Xcont: a set of continuous inputs.

Qcont: a set of continuous states.

Ycont: a set of continuous outputs.

δcont:ddtQcont(t) =δcont(Qcont(t),Xcont(t),t): state transition function.

λcont:Ycont=λcont(Qcont,Xcont,t): output function.
 4. Formal Specification of DEVS Atomic Model (dAM ofMDES)[43]

dAM = .

Xdisc: a set of discrete event inputs.

Sdisc: a set of discrete event states.

Ydisc: a set of discrete event outputs.

δext:Q×Xdisc→Sdisc: external transition function.

Q= {(s,e) s∈Sdiscand 0 ≤e≤ ta(s)}

δint:Q→Sdisc: internal transition function.

λ:Q→Ydisc: output function.

ta:Sdisc→R0,∞+: time advance function.
 5. Formal Specification of DEVS Coupled Model (dCM ofMDES)[43]

dCM = .

Xdisc: a set of discrete event inputs.

Ydisc: a set of discrete event outputs.

M: a set of all component models.

EIC ⊆Xdisc× ∪Mi.X: external input coupling.

EOC ⊆ ∪Mi.Y×Ydisc: external output coupling.

IC ⊆ ∪Mi.Y× ∪Mj.X: internal coupling.

SELECT: : 2M–∅→M:tiebreaking function.
VI. DEVS BUS for Simulation Interoperation
As shown in
Fig. 10
, our approach employs the interoperation of simulations, each of which simulates a constituent model corresponding to a disparate CPS subsystem. Such interoperation requires data exchange and time synchronization between simulations. The DEVS BUS has been proposed to provide a common simulation infrastructure for the interoperation
[2]
. The DEVS BUS architecture, shown in
Fig. 10
, consists of a time synchronization bus controller and a data bus controller.
Table 2
presents four messages; namely, (*,
t
), (done,
t
_{N}
), (
x
,
t
), and (
y
,
t
) used in the DEVS BUS protocol.
DEVS BUS architecture (taken from [2]).
Message type for DEVS BUS protocol.
Message  Implication 
(*, t)  Time advance grant notification for the previous requested schedule reservation 
(done, t_{N})  Schedule reservation for the next (*, t) 
(x, t)  Externally received input message at time t 
(y, t)  Internally generated output message at time t 
The DEVS BUS protocol underlies the simulation algorithm, or simulator, of DEVS models
[43]
. However, the protocol is for interoperation between heterogeneous simulators, whereas the algorithm is for the simulation of DEVS models. The protocol employs (*,
t
) and (done,
t
_{N}
) for time synchronization and (
x
,
t
) and (
y
,
t
) for message delivery between heterogeneous simulators. The time synchronization bus controller maintains the global simulation time of interoperation. The controller receives (done,
t
_{N}
) from simulators and generates one (*,
t
) at a time. When receiving (*,
t
), a simulator updates its local simulation time by
t
. Consequently, the global causality constraint can be easily obtained. Messages between simulators pass only through the data bus controller in DEVS BUS. A simulator that wants to send a message to another simulator is necessitated to send the message (
y
,
t
) to the data bus controller instead of to the destination simulator. Then, the data bus controller forwards (
y
,
t
) to the destination simulator as an input (
x
,
t
) by referring to the coupling scheme. The coupling scheme is a relation in which all pairs of source and destination simulators are specified. Such a coupling scheme is defined at the SCS of the proposed CPS modeling formalism.
Figure 11
shows an execution sequence of the messages on DEVS BUS.
Execution sequence of models in DEVS BUS.
VII. Case Study: Defense CPS
 1. Torpedo as CPS
A torpedo is a selfpropelled underwater weapon carrying high explosives in its warhead. Being launched from submarines, warships, or aircrafts it tracks a target with its own search strategy. Our case study analyzes the dynamic behavior of an acoustic torpedo, which is launched from a submarine and homes in on the emissions of a target. The torpedo is mainly divided into two subsystems: a controller and a maneuver process. The controller, as a computation of the CPS, takes the role of a dynamic decisionmaker under some uncertainty and tracks targets by its own algorithm. The dynamics of the maneuver process, as a physical process of the CPS, is represented by the continuous trajectory of the torpedo, which is controlled by the controller.
An objective of torpedo modeling is to analyze hybrid dynamics via simulation of a hybrid dynamic system model using the proposed approach.
Figure 12
shows a simplified torpedo model. The controller model controls an elevation of the maneuver model with a feedback of a depth of the process to hit a target position. The maneuver model specifies the dynamic behavior of the torpedo over time. The model employs six state variables (
u
,
v
,
w
,
p
,
q
,
r
), which represent a velocity and an angular velocity of each of the
x
,
y
, and
z
axes. The state transition function
δ
_{cont}
of the model is a differential equation based on the Newton equation and is employed with various parameters such as thrust force, gravity force, drag force, and so on
[44]
. The maneuver model delivers events to the controller model by the interface
f
_{SE}
when crossing a predefined target path. Likewise, the controller model sends a control signal to the interface
f
_{ES}
to guide the torpedo to the target. A formal specification of the torpedo model is given in the next subsection.
Overall structure of torpedo CPS Model.
 2. Model Formal Specification
A. Formal Specification of Torpedo Model
(
M
_{CPS}
)

MCPS= .

X= {W,B,L, ... ,X′PP, ...}.

Y= ∅.

M=MDES∪MCS.

MDES: a controller model.

MCS: a maneuver model.

SCS ⊆ (IC ∪ EIC ∪ EOC) × IF: system coupling scheme.

IC = {(MDES.Eup,MCS.δs), (MDES.Edown,MCS.δs), (MCS.Z,MDES.Eup), (MCS.Z,MDES.Edown)}.

EIC = {(W,MCS.W), … , (X′PP,MCS.X′PP), ... }.

EOC = ∅.

IF = {fSE,fES}.

fSE(Z(t)) =Eup(t) ifZ(t) < −15 m.

fSE(Z(t)) =Edown(t) ifZ(t) > −15 m.

fES(Eup,t) = −δs(t).

fES(Edown,t) =δs(t).
B. Formal Specification of Controller Model
(
M
_{DES}
)

MDES= .

Xdisc= {Eup,Edown}.

Sdisc= {WAIT, UP, DOWN}.

Ydisc= {Eup,Edown}.

δext(WAIT,Eup) = UP.

δext(WAIT,Edown) = DOWN.

δint(UP) =δint(DOWN) = WAIT.

λ(UP) =Eup.

λ(DOWN) =Edown.

ta(WAIT) = ∞.

ta(UP) = ta(DOWN) = 0.
C. Formal Specification of Maneuver Model
(
M
_{CS}
)

MCS= .

Xcont= {RPM,δs,δr,W,B,L, … ,X′PP, … }.

Qcont= (u(t),v(t),w(t),p(t),q(t),r(t)).

u(t): surge motion,v(t): sway motion,

w(t): heave motion,p(t): roll motion,

q(t): pitch motion,r(t): yaw motion.

Ycont= {X(t),Y(t),Z(t),ϕ(t),θ(t),ψ(t)}.

δcont:ddtQcont(t) =f(RPM,δs,δr,u,v,w,p,q,r,ϕ,ψ,θ).

λcont:ddtX(t) =u(t)cosθcosϕ

+v(t)(−cosϕsinψ+ sinϕsinθcosψ)

+w(t)(sinϕsinψ+ cosϕsinθcosψ)

ddtY(t) =u(t)cosθsinϕ+v(t)(cosϕcosψ+ sinϕsinθsinψ)

+w(t)(−sinϕsinψ+ cosϕsinθsinψ).

ddtZ(t) = −u(t)sinθ+v(t)sinϕcosθ+w(t)cosϕcosθ.

ddtϕ(t) =p(t) +q(t)sinϕtanθ+r(t)cosϕtanθ.

ddtθ(t) =q(t)cosϕ−r(t)sinϕ.

ddtψ(t) = [q(t)sinϕ+r(t)cosϕ]/cosθ.
Refer to
[44]
for details of equations and coefficients.
 3. Behavior Analysis of Torpedo CPS Model
The torpedo CSP model specified in the previous subsection is implemented and simulated. The torpedo is launched from a submarine and steered onto the target by controlling its position. When the depth of the maneuver model is located to be within 15 meters of the surface, a “down” event occurs and the controller model increases the elevation angle of the maneuver model. In contrast, when the torpedo sinks to below 15 meters deep, an “up” event is activated and the controller model controls the depth of the maneuver model by decreasing the elevation angle. The computation model (
M
_{DES}
) and the physical process model (
M
_{CS}
) of the torpedo CPS model (
M
_{CPS}
) are implemented by DEVSim++
[45]
and C++, respectively.
Figure 13
shows the dynamic behavior of the torpedo CPS model during simulation.
Dynamic behavior of torpedo CPS model: (a) state transition of computation model (M_{DES}), (b) elevation angle (δ_{s}(t)) applied to physical process model (M_{CS}), and (c) depth (Z(t)) of physical process model (M_{CS}).
VIII. Conclusion
A CPS consists of a collection of disparate subsystems of heterogeneous types. Since a CPS is a highly complex hybrid dynamic system of systems, simulation modeling is a practical means to analyze the behavior or performance of a CPS. The proposed formal modeling approach is a convergence technology in which concepts of SoS, modeling formalism of hybrid systems, and simulations interoperation are merged. The approach maps each subsystem of a CPS to an independent simulation model of either continuous or discrete event type, which should be simulated in a separate environment but interoperated together. Benefits of the approach include reusability of models and simulation environments/tools and analysis of subsystems in a flexible and interrelational manner. The proposed approach would be still applicable if a nonDEVS formalism is used for the modeling of discrete event systems. In such a case, the formalism should support explicit input and output specifications to be compliant with the proposed interface specification. A simple case study shows an application of the proposed approach for modeling, simulation, and analysis of a CPS.
This work was supported by the Inje Research and Scholarship Foundation in 2011.
BIO
Corresponding Author kyou@inje.ac.kr
Kyou Ho Lee received his BS and MS degrees in electronics engineering from Kyungpook National University, Daegu, Rep. of Korea, in 1980 and 1982, respectively and his PhD degree in information and computer engineering from the University of Gent, Belgium, in 1998. From 1983 to 2005, he was a team leader and principal member of the research staff at ETRI, Daejeon, Rep. of Korea. He also worked as a researcher with AIT Inc., San Jose, CA, USA, from 1986 to 1988 and was a visiting scholar at the Department of Computer Science and Systems, University of Washington, Tacoma, USA, from 2011 to 2012. Since 2005, he joined Inje University, Gimhae, Rep. of Korea, as a full professor with the Department of Information and Communications Engineering. He is also a member of the High Safety Vehicle Core Technology Research Center and Ubiquitous Healthcare Research Center. His current research interests include cyber physical systems, variable structure systems, digital embedded systems, and ubiquitous and healthcare systems.
jhhong@smslab.kaist.ac.kr
Jeong Hee Hong received her BS degree in electrical engineering from Pusan National University, Busan, Rep. of Korea, in 2005. She received her MS and PhD degrees in electrical engineering from KAIST, Daejeon, Rep. of Korea, in 2007 and 2013, respectively. She is currently a postdoctoral researcher with the Department of Industrial and Systems Engineering, KAIST. Her theoretic research focuses on systems engineering. In particular, she is interested in discrete event systems modeling and simulation; simulationbased optimization; and distributed systems development. Her practical research includes highlevel architecture and largescale system simulation, such as defense systems.
tkim@ee.kaist.ac.kr
Tag Gon Kim received his PhD degree in computer engineering with specialization in systems M&S from the University of Arizona, Tucson, USA, in 1988. He was an assistant professor in electrical and computer engineering at the University of Kansas, Lawrence, USA, from 1989 to 1991. He joined the Department of Electrical Engineering, KAIST, Daejeon, Rep. of Korea, in the autumn of 1991 and has been a full professor with the EECS department since 1998. He was the president of the Korea Society for Simulation. He was the editorinchief for Simulation: Transactions for the Society for Computer Modeling and Simulation International. He is a coauthor of the book Theory of Modeling and Simulation, Academic Press, 2000; the author of the edited book Artificial Intelligence and Simulation, Springer, 2004; and a coauthor of the book Modeling and Simulating Command and Control, Springer, 2013. He has published about 200 papers in M&S theory and practice in international journals and conference proceedings. He is very active in defense M&S in the Rep. of Korea. He was, and still is, a consultant for defense M&S technology at various Korean government organizations, including the Ministry of Defense; Defense Agency for Technology and Quality; Korea Institute for Defense Analysis; and Agency for Defense Development. He is a fellow of the SCS and a senior member of the IEEE.
Lee E.A.
“Cyber Physical Systems: Design Challenges,”
IEEE Int. Symp., Object Oriented RealTime Distrib. Comput.
Orlando, FL, USA
May 5–7, 2008
363 
369
DOI : 10.1109/ISORC.2008.25
Kim Y.J.
,
Kim J.H.
,
Kim T.G.
“Heterogeneous Simulation Framework Using DEVS BUS,”
SIMULATION : Trans. Soc. Modeling Simulation Int.
79
(1)
3 
18
DOI : 10.1177/0037549703253543
2001
IEEE Std. 15162000, IEEE Standard for Modeling and Simulation (M&S) High Level Archit. (HLA)  Framework and Rules
IEEE
New York, NY, USA
2001
IEEE Std. 15162000, IEEE Standard for Modeling and Simulation (M&S) High Level Archit. (HLA)  Federate Interface Specification
IEEE
New York, NY, USA
2001
IEEE Std. 15162000, IEEE Standard for Modeling and Simulation (M&S) High Level Archit. (HLA)  Object Model Template (OMT) Specification
IEEE
New York, NY, USA
Manna Z.
,
Pnueli A.
1992
“The Temporal Logic of Reactive and Concurrent Systems,”
SpringerVerlag New York
New York, NY, USA
DOI : 10.1007/9781461209317
Koymans R.
1990
“Specifying RealTime Properties with Metric Temporal Logic,”
RealTime Syst.
2
(4)
255 
299
DOI : 10.1007/BF01995674
Hoare C.A.R.
1985
“Communicating Sequential Processes,”
Prentice Hall
Upper Saddle River, NJ, USA
Milner R.
1989
“Communication and Concurrency,”
Prentice Hall
Upper Saddle River, Nj, USA
Glynn P.W.
1989
“A GSMP Formalism for Discrete Event Systems,”
Proc. IEEE
77
(1)
14 
23
DOI : 10.1109/5.21067
CuninghameGreen R.
1979
“Minimax Algebra, Lecture Notes in Economics and Mathematical Systems 166,”
SpringerVerlag New York
New York, NY, USA
Gill A.
1962
“Introduction to the Theory of FiniteState Machines,”
McGraw Hill
New York, NY, USA
Kohavi Z.
1978
“Switching and Finite Automata Theory,”
2nd ed.
McGrawHill
New York, NY, USA
Peterson J.L.
1981
“Petri Net Theory and the Modeling of Systems,”
Prentice Hall
Upper Saddle River, NJ, USA
Noubir G.
,
Stephens D.R.
,
Raja P.
“Specification of Timed Finite State Machine in Z for Distributed RealTime Systems,”
Proc. IEEE Workshop Future Trends Distrib. Comput. Syst.
Lisbon, Portugal
Sept. 22–24, 1993
319 
325
Holliday M.A.
,
Vernon M.K.
1987
“A Generalized Timed Petri Net Model for Performance Analysis,”
IEEE Trans. Softw. Eng.
13
(12)
1297 
1310
DOI : 10.1109/TSE.1987.233141
Concepcion A.I.
,
Zeigler B.F.
1988
“DEVS Formalism: A Framework for Hierarchical Model Development,”
IEEE Trans. Softw. Eng.
14
(2)
228 
241
Clarke E.M.
,
Grumberg O.
,
Peled D.A.
1999
“Model Checking,”
MIT Press
Cambridge, MA, USA
1999 
Owre S.
1996
“PVS: Combining Specification, Proof Checking, and Model Checking,”
411 
414
Havelund K.
,
Shankar N.
1996
“Experiments in Theorem Proving and Model Checking for Protocol Verification,”
Springer Berlin Heidelberg
Berlin, Germany
662 
681
DOI : 10.1007/3540609733_113
Rushby J.
2001
Modeling and Verification of Parallel Processes
Springer Berlin Heidelberg
Berlin, Germany
“Theorem Proving for Verification,”
39 
57
DOI : 10.1007/3540455108_2
Kim J.Y.
“Abstracted CPS Model: A Model for Interworking between Physical System and Simulator for CPS Simulation (WIP),”
SCS/ACM
Proc. Symp. Theory Modeling Simulation  DEVS Integr. M&S Symp.
Orlando, FL, USA
Mar. 26–29, 2012
Henriksson D.
,
Elmqvist H.
2011
“CyberPhysical Systems Modeling and Simulation with Modelica,”
Proc. Int. Modelica Conf.
Dresden, Germany
502 
509
Jamshidi M.
2008
“System of Systems Engineering  New Challenges for the 21st Century,”
IEEE Aerosp. Electron. Syst. Mag.
23
(5)
4 
19
DOI : 10.1109/MAES.2008.4523909
Campbell J.E.
2005
System of Systems Modeling and Analysis
Sandia National Laboratories
White S.M.
“Modeling a System of Systems to Analyze Requirements,”
Annual IEEE Int. Syst. Conf.
Vancouver, Canada
Mar. 23–26, 2009
83 
89
DOI : 10.1109/SYSTEMS.2009.4815777
Boily P.
,
Harrison N.
“A Simulation System of Systems to Assess Military Aircraft Protection,”
IEEE Int. Syst. Conf.
Vancouver, Canada
Mar. 19–22, 2012
1 
6
DOI : 10.1109/SysCon.2012.6189501
Wang B.
,
Baras J.S.
“HybridSim: A Modeling and Cosimulation Toolchain for CyberPhysical Systems,”
Proc. IEEE/ACM Int. Symp. Distrib. Simulation Real Time Appl.
Delft, Netherlands
Oct. 30–Nov. 1, 2013
33 
40
DOI : 10.1109/DSRT.2013.12
Antsaklis P.J.
,
Koutsoukos X.D.
2003
“Hybrid Systems: Review and Recent Progress,”
John Wiley & Sons, Inc.
Hoboken, NJ, USA
273 
298
Johansson K.H.
,
Lygeros J.
,
Sastry S.
Contr. Syst., Robot. Autom.
UNESCO Encyclopedia of Life Support Systems (EOLSS)
“Modeling of Hybrid Systems,”
Zheng H.
2007
“Operational Semantics of Hybrid System,” Ph.D. dissertation
Department of EECS, University of California
Berkeley, CA, USA
Borshchev A.
,
Karpov Y.
,
Kharitonov V.
2002
“Distributed Simulation of Hybrid Systems with AnyLogic and HLA,”
Future Generation Comput. Syst.
18
(6)
829 
839
DOI : 10.1016/S0167739X(02)000559
Kofman E.
,
Lapadula M.
,
Pagliero E.
2003
“PowerDEVS: A DEVSBased Environment for Hybrid System Modeling and Simulation,”
School of Electronic Engineering, Universidad Nacional de Rosario
Bouchhima F.
2007
“Generic DiscreteContinuous Simulation Model for Accurate Validation in Heterogeneous Systems Design,”
Microelectron. J.
38
(67)
805 
815
DOI : 10.1016/j.mejo.2007.04.001
Wetter M.
,
Haves P.
2008
“A Modular Building Controls Virtual Test Bed for the Integration of Heterogeneous Systems,”
SimBuild National Conf. IBPSAUSA
Berkeley, CA, USA
69 
76
Sung C.
,
Kim T.G.
“Framework for Simulation of Hybrid Systems: Interoperation of Discrete Event and Continuous Simulators Using HLA/RTI,”
IEEE Workshop Principles Adv. Distrib. Simulation
Nice, France
June 14–17, 2011
1 
8
DOI : 10.1109/PADS.2011.5936768
Kwon S.J.
2013
“Integrated Hybrid Systems Modeling and Simulation Methodology Based on HDEVS Formalism,”
Proc. Summer Comput. Simulation Conf.
Toronto, Canada
410 
417
Kim T.G.
“Simulations Interoperation Approach for Modeling and Simulation of Defense System as System of Systems,”
SpringSim, TMS Symp., Plenary Talk
San Diego, CA, USA
Apr. 7–10, 2013
Kim T.G.
,
Kim D.S.
“Joint Analysis of Combat Power and Communication System via Interoperation of War Game Simulator with Communication Network Simulator,”
ROKUS Defense Anal. Seminar
Seoul, Rep. of Korea
Apr. 23–25, 2012
Kim J.H.
,
Moon I.C.
,
Kim T.G.
2012
“New Insight into Doctrine via Simulation Interoperation of Heterogeneous Levels of Models in Battle Experimentation,”
SIMULATION : Trans. Soc. Modeling Simulation Int.
88
(6)
649 
667
DOI : 10.1177/0037549711414773
Zeigler B.P.
,
Kim T.G.
,
Praehofer H.
2000
“Theory of Modeling and Simulation,”
Academic
Orlando, FL, USA
Fossen T.I.
1994
“Guidance and Control of Ocean Vehicles,”
Wiley
New York, NY, USA
Kim T.G.
2011
“DEVSim++ Toolset for Defense Modeling and Simulation and Interoperation,”
J. Defense Modeling Simulation: Appl., Methodology, Technol.
8
(3)
129 
142