Fractionated Software for Networked Cyber-Physical Systems: Research Directions and Long-Term Vision

  • Mark-Oliver Stehr
  • Carolyn Talcott
  • John Rushby
  • Pat Lincoln
  • Minyoung Kim
  • Steven Cheung
  • Andy Poggio
Part of the Lecture Notes in Computer Science book series (LNCS, volume 7000)


An emerging generation of mission-critical systems employs distributed, dynamically reconfigurable open architectures. These systems may include a variety of devices that sense and affect their environment and the configuration of the system itself. We call such systems Networked Cyber-Physical Systems (NCPS). NCPS can provide complex, situation-aware, and often critical services in applications such as distributed sensing and surveillance, crisis response, self-assembling structures or systems, networked satellite and unmanned vehicle missions, or distributed critical infrastructure monitoring and control.

In this paper we lay out research directions centered around a new paradigm for the design of NCPS based on a notion of software fractionation that we are currently exploring which can serve as the basis for a new generation of runtime assurance techniques. The idea of software fractionation is inspired by and complementary to hardware fractionation — the basis for the fractionated satellites of DARPA’s F6 program. Fractionated software has the potential of leading to software that is more robust, leveraging both diversity and redundancy. It raises the level of abstraction at which assurance techniques are applied. We specifically propose research in just-in-time verification and validation techniques, which are agile — adapting to changing situations and requirements, and efficient — focusing on properties of immediate concern in the context of locally reachable states, thus largely avoiding the state space explosion problem. We propose an underlying reflective architecture that maintains models of itself, the environment, and the mission that is key for adaptation, verification, and validation.


Sensor Network Model Check Multiagent System Fractionate Software Logical Framework 
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.


Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.


  1. 1.
  2. 2.
  3. 3.
    PCE User Guide, Version 1.0. Technical manual, Computer Science Laboratory, SRI International (July 2009)Google Scholar
  4. 4.
    Akyildiz, I.F., Kasimoglu, I.H.: Wireless sensor and actor networks: Research challenges. Ad Hoc Networks 2(4), 351–367 (2004)Google Scholar
  5. 5.
    Belhaouari, H., Peschanski, F.: A lightweight container architecture for runtime verification. In: Leucker, M. (ed.) RV 2008. LNCS, vol. 5289, pp. 173–187. Springer, Heidelberg (2008)Google Scholar
  6. 6.
    Barringer, H., Goldberg, A., Havelund, K., Sen, K.: Rule-based runtime verification. In: Steffen, B., Levi, G. (eds.) VMCAI 2004. LNCS, vol. 2937, pp. 44–57. Springer, Heidelberg (2004)Google Scholar
  7. 7.
    Bloomfield, R.E., Littlewood, B., Wright, D.: Confidence: Its role in dependability cases for risk assessment. In: 37th Annual IEEE/IFIP Int. Conf. Dependable Systems and Networks, DSN 2007, pp. 338–346 (2007)Google Scholar
  8. 8.
    Blochinger, W.: Towards robustness in parallel SAT solving. In: Parallel Computing: Current & Future Issues of High-End Computing, Proc. Int. Conf. ParCo 2005, pp. 301–308 (2005)Google Scholar
  9. 9.
    Brown, O., Eremenko, P.: Fractionated space architectures: A vision for responsive space. In: 4th Responsive Space Conf. (2006)Google Scholar
  10. 10.
    Burleigh, S.: Interplanetary overlay network: An implementation of the DTN bundle protocol. In: Consumer Communications and Networking Conf. (2007)Google Scholar
  11. 11.
    Watterson, C., Heffernan, D.: Runtime verification and monitoring of embedded systems. IET Software 1(5), 172–179 (2007)Google Scholar
  12. 12.
    Chen, L., Avizienis. A.: N-version programming: A fault-tolerance approach to reliability of software operation. In: Twenty-Fifth International Symposium on Fault-Tolerant Computing, 1995, ‘Highlights from Twenty-Five Years’ (1995)Google Scholar
  13. 13.
    Cherkassky, V., Mulier, F.M.: Learning from Data: Concepts, Theory, and Methods, 2nd edn. Wiley-IEEE Press (2007)Google Scholar
  14. 14.
    Chrabakh, W., Wolski, R.: GridSAT: A Chaff-based distributed SAT solver for the Grid. In: SC 2003: Proc. 2003 ACM/IEEE Conf. Supercomputing, p. 37. IEEE Computer Society, Washington (2003)Google Scholar
  15. 15.
    Clarke, E., Grumberg, O., Jha, S., Lu, Y., Veith, H.: Counterexample-guided abstraction refinement for symbolic model checking. J. ACM 50(5), 752–794 (2003)Google Scholar
  16. 16.
    Clavel, M., Durán, F., Eker, S., Lincoln, P., Martí-Oliet, N., Meseguer, J., Talcott, C.: All About Maude - A High-Performance Logical Framework. How to Specify, Program and Verify Systems in Rewriting Logic. LNCS, vol. 4350. Springer, Heidelberg (2007)Google Scholar
  17. 17.
    James, C.: Stochastic logic programs: Sampling, inference and applications. In: UAI 2000: Proc. 16th Conf. Uncertainty in Artificial Intelligence, pp. 115–122. Morgan Kaufmann Publishers Inc., San Francisco (2000)Google Scholar
  18. 18.
    Denker, G., Talcott, C.L.: A formal framework for goal net analysis. In: Workshop on Verification and Validation of Planning Systems. AAAI (2005)Google Scholar
  19. 19.
    Dressler, F.: Self-Organization in Sensor and Actor Networks. Wiley (2008)Google Scholar
  20. 20.
    Dutertre, B., de Moura, L.: The YICES SMT solver (August 2006), tool paper
  21. 21.
    Dvorak, D., Rasmussen, R., Reeves, G., Sacks, A.: Software architecture themes in JPL’s Mission Data System. In: IEEE Aerospace Conf. USA (2000)Google Scholar
  22. 22.
    Adams, E.W.: A primer of probability logic. CSLI Publications (1998)Google Scholar
  23. 23.
    Eker, S., Meseguer, J., Sridharanarayanan, A.: The Maude LTL Model Checker and Its Implementation. In: Ball, T., Rajamani, S.K. (eds.) SPIN 2003. LNCS, vol. 2648, pp. 230–234. Springer, Heidelberg (2003)Google Scholar
  24. 24.
    Fagin, R., Halpern, J.Y., Megiddo, N.: A logic for reasoning about probabilities. Information and Computation 87, 78–128 (1990)Google Scholar
  25. 25.
    Farrell, S., Cahill, V.: Delay- and Disruption-Tolerant Networking. Artech House, Inc., Norwood (2006)Google Scholar
  26. 26.
    Gerkey, B.P., Mailler, R., Morisset, B.: Commbots: Distributed control of mobile communication relays. In: Proc. AAAI Workshop on Auction Mechanisms for Robot Coordination (AuctionBots), Boston, MA, pp. 51–57 (July 2006)Google Scholar
  27. 27.
    Goldsby, H.J., Cheng, B.H., Zhang, J.: AMOEBA-RT: run-time verification of adaptive software. In: Models in Software Engineering: Workshops and Symposia at MoDELS 2007, Reports and Revised Selected Papers, pp. 212–224. Springer, Heidelberg (2008)Google Scholar
  28. 28.
    Goodloe, A., Gunter, C.A., Stehr, M.-O.: Formal prototyping in early stages of protocol design. In: Meadows, C. (ed.) Proc. POPL 2005 Workshop on Issues in the Theory of Security, WITS 2005, pp. 67–80 (2005)Google Scholar
  29. 29.
    Gordon, D., Spears, W., Sokolsky, O., Lee, I.: Distributed spatial control, global monitoring and steering of mobile physical agents. In: Proc. IEEE Int. Conf. Information, Intelligence, and Systems, pp. 681–688 (1999)Google Scholar
  30. 30.
    Gottwald, S.: A Treatise on Many-Valued Logics. Research Studies Press (2001)Google Scholar
  31. 31.
    Susanne, G., Hassen, S.: Construction of abstract state graphs with PVS. In: Grumberg, O. (ed.) CAV 1997. LNCS, vol. 1254, pp. 72–83. Springer, Heidelberg (1997)Google Scholar
  32. 32.
    Gutierrez-Nolasco, S., Venkatasubramanian, N., Stehr, M.-O., Talcott, C.L.: Towards adaptive secure group communication: Bridging the gap between formal specification and network simulation. In: 12th IEEE Pacific Rim International Symposium on Dependable Computing (PRDC 2006), December 18-20, pp. 113–120. University of California, Riverside (2006)Google Scholar
  33. 33.
    Guo, Z., Colombi, G., Wang, B., Cui, J.-H., Maggiorini, D., Rossi, G.P.: Adaptive Routing in Underwater Delay/Disruption Tolerant Sensor Networks. In: Fifth IEEE/IFIP Annual Conf. on Wireless On Demand Network Systems and Services, WONS 2008 (2008)Google Scholar
  34. 34.
    Kautz, H.: Satplan04: Planning as satisfiability. In: IPC4, ICAPS (2004)Google Scholar
  35. 35.
    Havelund, K.: Using runtime analysis to guide model checking of Java programs. In: Havelund, K., Penix, J., Visser, W. (eds.) SPIN 2000. LNCS, vol. 1885, pp. 245–264. Springer, Heidelberg (2000)Google Scholar
  36. 36.
    Heras, F., Larrosa, J., Oliveras, A.: MiniMaxSat: A new weighted Max-SAT solver. In: Marques-Silva, J., Sakallah, K.A. (eds.) SAT 2007. LNCS, vol. 4501, pp. 41–55. Springer, Heidelberg (2007)Google Scholar
  37. 37.
  38. 38.
    Intanagonwiwat, C., Govindan, R., Estrin, D., Heidemann, J., Silva, F.: Directed diffusion for wireless sensor networking. IEEE/ACM Trans. Netw. 11(1), 2–16 (2003)Google Scholar
  39. 39.
    Ivancic, W., Eddy, W., Wood, L., Stewart, D., Jackson, C., Northam, J., da Silva Curiel, A.: Delay/disruption-tolerant network testing using a LEO satellite. In: Eighth Annual NASA Earth Science Technology Conf. (2008)Google Scholar
  40. 40.
    Janakiram, V.K., Agrawal, D.P., Mehrotra, R.: A randomized parallel backtracking algorithm. IEEE Trans. Comput. 37(12), 1665–1676 (1988)Google Scholar
  41. 41.
    Kautz, H., Selman, B.: Pushing the envelope: Planning, propositional logic, and stochastic search. In: Shrobe, H., Senator, T. (eds.) Proc. Thirteenth National Conf. Artificial Intelligence and the Eighth Innovative Applications of Artificial Intelligence Conf., pp. 1194–1201. AAAI Press, Menlo Park (1996)Google Scholar
  42. 42.
    Kim, M., Stehr, M.-O., Kim, J., Ha, S.: An application framework for loosely coupled networked cyber-physical systems. In: Proc. 8th IEEE Intl. Conf. on Embedded and Ubiquitous Computing, EUC 2010 (2010)Google Scholar
  43. 43.
    Kim, M., Stehr, M.-O., Talcott, C., Dutt, N., Venkatasubramanian, N.: Combining formal verification with observed system execution behavior to tune system parameters. In: Raskin, J.-F., Thiagarajan, P.S. (eds.) FORMATS 2007. LNCS, vol. 4763, pp. 257–273. Springer, Heidelberg (2007)Google Scholar
  44. 44.
    Kim, M., Stehr, M.-O., Talcott, C., Dutt, N., Venkatasubramanian, N.: A probabilistic formal analysis approach to cross layer optimization in distributed embedded systems. In: Bonsangue, M.M., Johnsen, E.B. (eds.) FMOODS 2007. LNCS, vol. 4468, pp. 285–300. Springer, Heidelberg (2007)Google Scholar
  45. 45.
    Kim, M., Talcott, C.L., Stehr, M.-O.: A distributed logic for networked cyber-physical systems. To appear in Proc. Intl. Conf. on Fundamentals of Software Engineering (FSEN 2011). LNCS (2011)Google Scholar
  46. 46.
    Kim, M., Stehr, M.-O., Talcott, C., Dutt, N., Venkatasubramanian, N.: Constraint refinement for online verifiable cross-layer system adaptation. In: DATE 2008: Proc. Design, Automation and Test in Europe Conference and Exposition (2008)Google Scholar
  47. 47.
    Kim, M., Viswanathan, M., Kannan, S., Lee, I., Sokolsky, O.: Java-mac: A run-time assurance approach for Java programs. Form. Methods Syst. Des. 24(2), 129–155 (2004)Google Scholar
  48. 48.
    Kwiatkowska, M., Norman, G., Parker, D.: Probabilistic symbolic model checking with PRISM: A hybrid approach. Int. J. Softw. Tools Technol. Transf. 6(2), 128–142 (2004)Google Scholar
  49. 49.
    Larrosa, J., Heras, F., de Givry, S.: A logical approach to efficient max-sat solving. Artif. Intell. 172(2-3), 204–233 (2008)Google Scholar
  50. 50.
    Leucker, M.: Checking and enforcing safety: Runtime verification and runtime reflection. ERCIM News (75), 35–36 (2008)Google Scholar
  51. 51.
    Leucker, M., Schallhart, C.: A brief account of runtime verification. Logic and Algebraic Programming 78(5), 293–303 (2009)Google Scholar
  52. 52.
    Li, X., Shu, W., Li, M., Huang, H., Wu, M.-Y.: DTN routing in vehicular sensor networks. In: Global Telecommunications Conf., IEEE GLOBECOM 2008i, pp. 1–5 (2008)Google Scholar
  53. 53.
    Lowry, M.R., Philpot, A., Pressburger, T., Underwood, I.: A formal approach to domain-oriented software design environments. In: KBSE, pp. 48–57 (1994)Google Scholar
  54. 54.
    Lyu, M.R. (ed.): Software Fault Tolerance. John Wiley and Sons, Inc. (1995)Google Scholar
  55. 55.
    Maes, P.: Concepts and experiments in computational reflection. SIGPLAN Not. 22(12), 147–155 (1987)Google Scholar
  56. 56.
    Mailler, R.: Using prior knowledge to improve distributed hill climbing. In: IAT 2006: Proc. IEEE/WIC/ACM Int. Conf. Intelligent Agent Technology, pp. 514–521. IEEE Computer Society, Washington, DC (2006)Google Scholar
  57. 57.
    Mailler, R., Lesser, V.: Solving distributed constraint optimization problems using cooperative mediation. In: AAMAS 2004: Proc. Third Int. Joint Conf. Autonomous Agents and Multiagent Systems, pp. 438–445. IEEE Computer Society, Washington, DC (2004)Google Scholar
  58. 58.
    Martonosi, M.: ZebraNet and beyond: Applications and systems support for mobile, dynamic networks. In: CASES 2008: Proc. 2008 Int. Conf. Compilers, Architectures and Synthesis for Embedded Systems, p. 21. ACM, New York (2008)Google Scholar
  59. 59.
  60. 60.
    Modi, P.J., Tambe, M., Yokoo, M.: Adopt: Asynchronous distributed constraint optimization with quality guarantees. Artificial Intelligence 161, 149–180 (2005)Google Scholar
  61. 61.
    Murphy, A.L., Picco, G.P., Roman, G.-C.: Lime: A coordination model and middleware supporting mobility of hosts and agents. ACM Trans. Softw. Eng. Methodol. 15(3), 279–328 (2006)Google Scholar
  62. 62.
    Muscetolla, N., Pandurang, P., Pell, B., Williams, B.: Remote Agent: To Boldly Go Where No AI System Has Gone Before. Artificial Intelligence 103(1-2), 5–48 (1998)Google Scholar
  63. 63.
    Networked Cyber-Physcial Systems at SRI,
  64. 64.
    Richardson, M., Domingos, P.: Markov logic networks. Machine Learning 62, 107–136 (2006)Google Scholar
  65. 65.
    Rosu, G., Havelund, K.: Monitoring Java programs with Java PathExplorer. In: Proc. Runtime Verification (RV), pp. 97–114. Elsevier (2001)Google Scholar
  66. 66.
    Rushby, J.: The design and verification of secure systems. In: Eighth ACM Symposium on Operating System Principles (SOSP), Asilomar, CA, pp. 12–21 (December 1981); ACM Operating Systems Review 15(5)Google Scholar
  67. 67.
    Rueß, H., Shankar, N.: Introducing Cyberlogic (2003)Google Scholar
  68. 68.
    Rushby, J.: Partitioning for Avionics Architectures: Requirements, Mechanisms, and Assurance. NASA Contractor Report CR-1999-209347, NASA Langley Research Center (June 1999), also to be issued by the FAA as DOT/FAA/AR-99/58
  69. 69.
    Rushby, J.: Just-in-time certification. In: 12th IEEE Int. Conf. Engineering of Complex Computer Systems (ICECCS), Auckland, New Zealand, pp. 15–24. IEEE Computer Society (2007),
  70. 70.
    Saïdi, H., Shankar, N.: Abstract and model check while you prove. In: Halbwachs, N., Peled, D. (eds.) CAV 1999. LNCS, vol. 1633, pp. 443–454. Springer, Heidelberg (1999)Google Scholar
  71. 71.
    Rushby, J.: Software verification and system assurance (invited paper). SEFM (2009)Google Scholar
  72. 72.
    Sen, K., Vardhan, A., Agha, G., Rosu, G.: Efficient decentralized monitoring of safety in distributed systems. In: 26th Int. Conf. Software Engineering (ICSE 2004), pp. 418–427 (2004)Google Scholar
  73. 73.
    Sen, K., Viswanathan, M., Agha, G.: Statistical model checking of black-box probabilistic systems. In: Alur, R., Peled, D.A. (eds.) CAV 2004. LNCS, vol. 3114, pp. 202–215. Springer, Heidelberg (2004)Google Scholar
  74. 74.
    Stehr, M.-O., Kim, M., Talcott, C.: Toward distributed declarative control of networked cyber-physical systems. In: Yu, Z., Liscano, R., Chen, G., Zhang, D., Zhou, X. (eds.) UIC 2010. LNCS, vol. 6406, pp. 397–413. Springer, Heidelberg (2010)Google Scholar
  75. 75.
    Stehr, M.-O., Talcott, C.: Planning and learning algorithms for routing in disruption-tolerant networks. In: Proc. IEEE Military Communications Conference, MILCOM 2008 (2008)Google Scholar
  76. 76.
    Sutton, R.S., Barto, A.G.: Reinforcement Learning: An introduction. MIT Press (1998)Google Scholar
  77. 77.
    Toorian, S., Diaz, K., Lee, S.: The CubeSet approach to space access. In: IEEE Aerospace Conf. (2008)Google Scholar
  78. 78.
    Torres-Pomales, W.: Software Fault Tolerance: A Tutorial. Technical report, NASA (October 2000)Google Scholar
  79. 79.
    Jacobson, V., Smetters, D.K., Thornton, J.D., Plass, M.F., Briggs, N., Braynard, R.: Networking named content. In: Fifth ACM Int. Conf. Emerging Networking EXperiments and Technologies, CoNEXT 2009 (2009)Google Scholar
  80. 80.
  81. 81.
    Wang, G., Zhou, H.: Quantitative logic. Inf. Sci. 179(3), 226–247 (2009)Google Scholar
  82. 82.
    Williams, B.C., Ingham, M., Chung, S.H., Elliott, P.H.: Model-based programming of intelligent embedded systems and robotic space explorers. Proc. IEEE 91(3), 212–237 (2003)Google Scholar
  83. 83.
    Williams, B.C., Pandurang Nayak, P.: A model-based approach to reactive self-configuring systems. In: Proc. AAAI 1996, pp. 971–978 (1996)Google Scholar
  84. 84.
  85. 85.
    xTune Framework,
  86. 86.
    Yang, Y., Chen, X., Gopalakrishnan, G., Kirby, R.M.: Runtime Model Checking of Multithreaded C/C++ Programs. Technical report, University of Utah (March 2007)Google Scholar
  87. 87.
    Yokoo, M.: Distributed constraint satisfaction: Foundations of cooperation in multi-agent systems. Springer, London (2001)Google Scholar
  88. 88.
    Younes, H.L.S., Simmons, R.G.: Statistical probabilistic model checking with a focus on time-bounded properties. Inf. Comput. 204(9), 1368–1409 (2006)Google Scholar
  89. 89.
    Zhang, W., Wang, G., Xing, Z., Wittenburg, L.: Distributed stochastic search and distributed breakout: Properties, comparison and applications to constraint optimization problems in sensor networks. Artif. Intell. 161(1-2), 55–87 (2005)Google Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2011

Authors and Affiliations

  • Mark-Oliver Stehr
    • 1
  • Carolyn Talcott
    • 1
  • John Rushby
    • 1
  • Pat Lincoln
    • 1
  • Minyoung Kim
    • 1
  • Steven Cheung
    • 1
  • Andy Poggio
    • 1
  1. 1.SRI InternationalUSA

Personalised recommendations