Edge Computing for Cyber-physical Systems: A Systematic Mapping Study Emphasizing Trustworthiness

Adding to the landscape of embedded systems, cloud computing, networking, and telecommunications—edge computing is proposed to provide solutions for various cyber-physical systems (CPS) and applications, such as augmented reality, predictive functions, e.g., for anomaly detection, and collaborative CPS, to name a few. These applications often share requirements on high availability, real-time behavior, domain-specific sensitive data, while more and more involving huge amounts of data and corresponding processing demands.

A key advantage of edge computing is localized and enhanced computational performance, which reduces costs on the device/embedded systems side because of less computing and storage resources and overcomes the shortcoming on latency, bandwidth, and privacy issues of the centralized cloud-based solutions. By adding a new third tier of computing to address these requirements and limitations, edge computing is projected to have profound implications in the coming decades, [8, 42, 47, 56, 66].

As a consequence, edge computing is today driven by strong market forces stemming from IT/cloud, telecom, and networking—with corresponding multiple interpretations of “edge computing,” including in terms of where the edge lies, e.g., device edge, network edge, distributed cloud, and so on. Such interpretations include.

The focus of this study lies in the intersection of the various edge-computing paradigms and cyber-physical systems and applications. CPS represent the “Integration of computation, networking, and physical processes,” ranging from minuscule (e.g., pacemakers) to large-scale (e.g., national power-grid) and typically involving feedback [24, 54, 63, 66]. While CPS have been around at least since the late 1970s (depending on how you interpret the term), they are today provided with entirely new capabilities due to improvements in various technologies, ranging from sensors, communication, computation, and artificial intelligence (AI) and machine learning (ML), algorithms, to new materials, batteries, and additive manufacturing. Corresponding trends for CPS include operation in more complex environments, higher levels of automation, electrification, and CPS-cloud and development/operation integration. This paves the way for unprecedented market opportunities, leading to CPS deployment in more open environments in all kinds of application domains such as transportation, manufacturing, healthcare, and smart cities. This can be seen as letting the “robots out of their cages,” as exemplified with automated driving and co-bots (robots collaborating with humans [14, 24, 66]).

CPS are often associated with critical applications where failures may jeopardize lives or where the lack of availability—for example, of infrastructure and manufacturing—may have severe cost and/or safety implications. As an example of an integration between CPS and edge computing, Figure 1 depicts a scenario with an intelligent transportation system (ITS) following the OpenFog reference architecture [1]. This ITS scenario brings the opportunity to examine the interactions among fog domains and cloud domains such as element management systems (EMS), service provider (SP), metro traffic services, and system manufacturer clouds. By leveraging fog architecture, the strict requirements of this ITS application can be accommodated. For instance, fog computing can be utilized to compute tasks obtained from a traffic control system or an autonomous vehicle. Therefore, the task can be performed in real-time to ensure the optimal and safe operations of the ITS.

Motivation. The strong potential of future CPS comes along with new needs for computation, aligning with the strong drivers for edge computing. Future CPS are therefore likely to integrate edge computing in various forms, from device edge to the network edge (likely adapted to the needs and constraints of the respective domains), in essence adding a new tier to existing embedded systems and cloud computing on the cyber-side. This cyber-enhancement will enable to deploy new, enhanced, and integrated cyber-physical capabilities.

Our interests lie in the applications of edge computing as part of Cyber-Physical Systems (CPS), where the introduction of edge-based CPS for critical systems requires an emphasis on trustworthiness and dependability. We note that both trustworthiness and dependability represent multifaceted properties, strongly related to CPS, security and human perception of trust [10, 17, 34, 48]. While the concept of dependability in its current form has been around for some 40 years, the concept of trustworthiness is now emerging as an umbrella term associated with how we, as humans, perceive the operation of increasingly advanced and complex CPS [48, 63]). This use of the term is further underpinned by the relatively recent adoption of the term in the context of trustworthy AI, visible, for example, through the EU efforts towards trustworthy AI (see, e.g., Reference [37] for an overview of work by the “High-level expert group on artificial intelligence” initiated by the European Commission). The technological shift is also implying that current methodologies and standards are partly inadequate to address challenges of future CPS [67]. This is clearly seen in the multitude of ongoing standardization efforts related to automated driving, cyber-security, and introduction of advanced perception and AI in the context of safety critical systems[2, 3, 4, 41, 68]—reflecting different aspects of designing and assuring safety and security for highly automated CPS² as well as in updated editions of traditional safety standards [40].

In this article, we have chosen to emphasize the following attributes (or sub-properties) of trustworthiness: Safety, Security, and Predictability. The rationale for this choice of attributes stems from industrial needs as derived in the TECoSA research center [50]; industry sees these three attributes as vital for introducing new edge-based CPS. Each of the attributes (safety, security and predictability) is facing new challenges as CPS expand to become edge-based, collaborative autonomous, and “filled with” AI. Moreover, the mutual dependencies and tradeoffs between these attributes also need to be explicitly considered. The selection of these attributes, and at this granularity, also provides a delimitation of the scope of our survey. We detail and elaborate on how we use Trustworthiness and its attributes as part of the survey in Section 4.

Contribution. This article, therefore, investigates the directions and concerns for the use of edge computing in CPS that need to be trustworthy. Considering the strong drivers and the relative novelty of the field, it becomes important to understand the specific requirements and characteristics of edge-based CPS, and to ensure that research is guided adequately to address specific gaps.

We present the results of a systematic mapping study [43], a kind of systematic literature survey, investigating the use of edge computing for CPS with a special emphasis on trustworthiness.

The main contributions of this study are:

We first review related surveys of edge computing, CPS, and overlapping studies in Section 2. We use a mapping study (this type of systematic literature survey is described in Section 3) and a classification to structure and characterize research literature in the intersection between edge computing and CPS, as described in Section 4. We present the results in Section 5, where a link to the data can also be found. Next, we discuss the findings, identify research gaps, and treat validity in Section 6. We elaborate on future work and recommendations for research in Section 7 and provide concluding remarks in Section 8.

To the best of our knowledge, no previous paper has provided a broader systematic literature survey on the connection between edge computing and CPS research. However, several studies have addressed fog-computing for specific CPS domains such as smart cities and Industry 4.0, and many literature studies were carried out in related areas of edge computing and CPS. In the following, we briefly describe surveys with some relation to our survey and the specific perspectives they provide. As elaborated in the following, the surveys indicate needs to further address trustworthiness-related properties of relevance for the use of edge computing in CPS [8, 30, 42, 56, 64].

Surveys on Edge Computing in CPS. In Reference [51] a survey of fog computing for sustainable smart cities is provided, revealing that (i) cloud/fog collaboration (“cloud companion support”), (ii) data analytics, (iii) multi-protocol support at communication level, (iv) mobility, and (v) security and privacy represent commonly addressed research topics in fog computing applications. The article draws a conclusion that both IoT and fog computing are comparatively immature fields, motivating a need for a focus on platforms for testing, experimentation, and evaluation. The importance to support multiple communication and application-level protocols, privacy and security (including authenticity, confidentiality, and integrity), and distributed intelligence is highlighted.

The topic of fog computing in the context of Industrial Internet of Things (IIoT) and Industry 4.0 has received a lot of attention in the research literature. For instance, Reference [12] reviews fog infrastructure and protocols in IIoT applications. Several communication and networking challenges are treated, including (i) energy efficiency (e.g., balancing quality-of-service with energy consumption), (ii) network throughput and storage capacity (dependent on decisions of where to use and store data), (iii) resource allocation and spectrum use (as a challenge for network performance with impact on many quality-of-service parameters), (iv) latency, dealing with real-time connectivity requirements and the end-to-end chain of networking and processing (with several issues affecting latency such as resource allocation, network architecture, and node storage and energy capabilities), and (v) cache-enabled edge devices (to reduce the load on backhaul links, and with schemes for efficiently accessing data).

In Reference [15], research papers on fog computing in the context of Industry 4.0 are surveyed. Industrial IoT protocols and applications are examined in terms of their architecture, latency, security, and energy consumption, and the authors highlight several challenges with industrial fog computing. In a more recent survey, Reference [16] considers edge-computing-assisted CPS from a similar perspective of quality-of-service optimization. They define a series of critical challenges including latency, energy consumption, security and privacy, and system reliability. In addition to classifying studies into these categories, they summarize mechanisms for addressing them.

In Reference [58], the authors conduct a survey on four edge-computing reference architectures proposed by Intel-SAP [39], FAR-Edge Project [32], Edge Computing Consortium [21], and the Industrial Consortium for Industry 4.0 [22]. The aforementioned reference architectures are all based on a three-layer model for edge computing, which integrates all layers to process the service. We note that these reference architectures focus on edge computing for industrial environments, increasing the importance of ensuring, e.g., system reliability and security. Although these four reference architectures have contributed partially to trustworthiness attributes with an emphasis on security, very few focused on other trustworthiness attributes such as safety and availability for edge-based CPS.

CPS Surveys. There are several directions of CPS literature surveys, focusing, e.g., on applications of CPS [18], specific CPS domains (such as manufacturing/Industry 4.0 or electrical grid) [19, 44], or on specific properties, such as security [62].

Literature surveys of CPS highlight connectivity, IoT, big data, and cloud interactions. Specific mentioning of fog or edge computing appears to be relatively rare, and the surveyed literature generally focuses on technical or methodological aspects applicable to CPS in distributed computer system settings such as interoperability and performance. Challenges highlighted by References [18, 44] include complexity of CPS, interoperability, cybersecurity, safety, dependability, and energy consumption.

CPS are often associated with critical applications; this is well recognized in CPS roadmaps and research challenge formulations [14, 7, 63]. Similarly, the increasing complexity of CPS with connectivity, collaboration, and more advanced algorithms including artificial intelligence and deep learning, poses both new opportunities and challenges [7, 63]. In the context of critical applications, this is especially true for properties such as security and safety, which face new challenges with new attack surfaces and faults/failure modes with complex behaviors and interactions in more open environments, requiring new approaches for system development, operation, and maintenance [7, 24, 54, 63, 67].

Another aspect is the increasing level of automation of CPS. NASA in Reference [27] provides a comprehensive survey on safety assurance of increasingly autonomous systems. They identify open challenges regarding, (i) methodologies for safety assurance (e.g., how do we go about designing and reasoning about the safety of autonomous CPS and in providing automated reasoning to assist developers?), (ii) architecting autonomous systems to support assurance with an emphasis on pervasive monitoring, (iii) dealing with human-autonomous CPS interactions, and (iv) considering ethics for autonomous systems.

These findings are also supported by comparisons of related agendas and roadmaps [63] and by the NIST CPS architecture framework [23]. The NIST framework was developed based on consultations with experts. It resulted in the identification of key life-cycle phases and aspects of CPS, with the aspects as representing groupings of cross-cutting concerns of relevance for one or more system stakeholders. Examples of key aspects identified include human-CPS interaction, trustworthiness, timing, data, and composability. The Platforms4CPS survey of agendas and roadmaps provided recommendations that address research, innovation, societal, legal, and business challenges related to CPS. Particular emphasis was placed on trust-related concerns, and CPS edge computing was highlighted as a specific research challenge.

Edge-computing Surveys. Surveys of the various flavors of edge computing include those focusing on characteristics and requirements [30, 42, 56], resource management, [46, 64], reference architectures [58], or specific technological instances such as multi-access or mobile edge computing [46, 60] and fog computing [30, 35, 47].

In Reference [42], a comprehensive survey of literature on edge-computing paradigms is presented, providing characteristics of edge-computing systems including fog computing, cloudlets, and mobile edge computing. Based on the survey, requirements for enabling edge-computing systems are summarized, including availability, reliability, and security. Low-cost fault-tolerance and security are put forward as open challenges. Additional application and challenge perspectives are provided by Reference [56], considering requirements for IoT applications including wearable cognitive assistance and favorable properties of edge-based realizations including availability, privacy, and latency. Challenges ahead, including complexity, security, and viable business models, are discussed. A previous survey on mobile edge computing of the same authors [8] discusses requirements and challenges. Requirements mentioned for edge computing include reliability, scalability, resource management, security, interoperability, and business models. Open challenges put forward include seamless edge execution handover, eco-systems and business models enabling collaboration, lightweight security and privacy, and real-time data processing at scale. Reference [30] investigates fog computing and specifically highlights challenges related to performance, security, and governance.

In Reference [47], a survey on fog computing focusing on algorithms and architectures is presented. The paper describes expectations and the suitability of fog computing for future Tactile Internet applications involving physical tactile experiences and remote real-time control, with example applications in telesurgery and vehicle platooning. Requirements of connectivity and latency are elaborated for such applications, including expected end-to-end latencies of 1 ms or less and a maximum of 1 s outage per year. Challenges discussed include the design of higher-layer APIs and protocols on top of lower-layer protocols (e.g., provided by 5G), algorithms for tactile applications, as well as novel resource management algorithms.

A complementary perspective is taken by Reference [64] by focusing on resource management independent of the type of edge-computing system. The findings indicate a relatively low coverage of non-functional³ properties in the literature; those covered in the paper include response time, energy, availability, and resource efficiency (in terms of resource utilization). Another study [46] also focuses on resource management but in the specific context of mobile edge computing, emphasizing joint radio-and-computational resource management. Privacy and energy-related issues are included.

In Reference [11], a systematic literature review was conducted on dependability and fog computing. This study provides an overview of the current state of the research, analyzing dependability attributes, sources of threats, and threat management techniques. The authors identified reliability and availability as the most studied dependability attributes. Node failure and link or path failure were the main sources of failure reported in the literature. The study also focused on the means applied to ensure dependability, identifying redundancy techniques as the most common methods. The relation between safety and security in the solutions proposed for fog computing was also considered, finding very few studies that address both topics. Finally, it identified certain research gaps, e.g., reintegration after fault recovery in distributed systems.

The survey cited in Reference [55] presents an overview of the emerging edge-computing paradigms (fog, MEC, cloudlet), from the perspective of orchestrating the storage and computing resources of end-devices, edge servers and the cloud, which the authors call end-edge-cloud orchestration, and the paradigms are compared and evaluated in terms of offloading, caching, security, and privacy. In the study, the authors also argue that transparent computing⁴ shares this commonality, and thus include it in the survey. However, this study appears to be unique in this regard, and we chose to not include transparent computing in our final categorization.

Furthermore, the ambitiously titled survey [72] “all one needs to know” about edge-computing paradigms includes taxonomies over fog, MEC, and cloudlet architectures, and evaluations of their quality-of-service, security, RAS (reliability, availability, survivability) and management, to name a few objectives. The paper concludes by identifying challenges and research directions, several of which relate to trustworthiness aspects including resilient fog system design (considering reliability and availability and tradeoffs w.r.t. latency, throughput, and security), fog system service-level agreements, and various further security aspects such as trust and authentication in Heterogeneous Fog Systems.

A systematic mapping study is a well-established methodology from the Software Engineering research community that provides a structured classification of papers (a map of the field), where the classification relates to the corresponding research questions [52]. Systematic mapping studies are used by researchers based on established existing guidelines and well-defined steps.

Our systematic mapping study follows the guidelines presented in References [43, 53]. The process is adapted from Reference [6] and consists of the following main steps, as presented in Figure 2. The details of each step are presented in the next subsections. Definition of Research Questions (Step 1). The main goal of this study is to investigate the use of edge computing for Cyber-Physical Systems (CPS) and to find research gaps. This goal is refined into the following research questions (RQs):

Identification of Search String and Source Selection (Step 2). The main focus of this section is to identify a search string and the selection of database sources to apply the search to achieve both a good coverage of existing research on the topic and a manageable number of studies [43].

Search String. A relevant search string should be able to return research works from the databases that address the study’s RQs. For our research, we are interested in the intersection of two domains, namely, those of edge-computing solutions and cyber-physical systems. To characterize each domain, synonyms of the main keywords and terms related to the respective domains are combined using the logical OR operator. The following list includes the terms used to define each of the domains:

The wildcard character “ \(*\) ” is used to provide results with and without hyphenation. To compose a search string for such an intersection, the logical operator AND is used to return studies that belong to both sets. The final search string is shown in Table 1.

Source Selection. To find the existing relevant occurrences for this topic, two scientific online digital libraries were chosen: IEEE Xplore Digital Library⁵ and ACM Digital Library.⁶

The presented search string is used to query the studies from the sources with the necessary adaptations made in the syntax. The query resulted in a total amount of 667 candidate studies. The total number of retrieved studies from each database is shown in Table 2.

Study Selection Criteria (Step 3). This step performs the shortlisting/selecting the relevant studies that are identified in the previous step based on some inclusion/exclusion criteria. For a study to be classified as relevant, it should meet all the inclusion criteria at once and none of the exclusion ones. The inclusion criteria include all the studies referring to edge computing within the domain of CPS or Industry 4.0. The exclusion criteria determines which studies to be excluded: We excluded studies that are duplicates of other studies; studies that are not peer-reviewed, tutorial papers, and poster papers; survey studies are removed, since they lie outside the scope of the mapping. Instead, the relevant survey studies are covered in Section 2.

The selection process includes several steps and is detailed in Figure 3.

After obtaining the total amount of studies from the automatic search, the first step to select the relevant studies begins with the removal of the duplicates. We used Zotero⁷ to identify these duplicates and remove them. This is an open-source tool and is widely used. In the next step, all survey studies were removed, leaving the process with 649 studies after this step. For the next step, “Title & abstract exclusion,” the studies were divided among the participating researchers/authors for a review of the paper titles and abstracts, resulting in a flagging of papers as “Relevant” (R), or “Not clear” (NC), or “Not relevant.” A study was marked as relevant if it met all the inclusion criteria and none of the exclusion criteria, or as not-relevant if it lacked one of the inclusion criteria or met at least one of the exclusion criteria, or as not-clear if there were uncertainties arising from the title and abstracts review. All studies flagged as NC were examined closely by means of full-text skimming. Any subsequent studies that remain NC were brought to discussion.

Snowballing. After identifying the primary studies, the snowballing aimed at identifying additional papers by using the references of the already identified relevant papers. This was accomplished automatically using the free and open-source reference management software Zotero with the AI-backed search engine Semantic Scholar (S2) by integrating their web APIs.⁸

The snowballing resulted in the retrieval of 4,705 references. After removing duplicates, 3,792 studies remained. These were then compared with the list from the original search string, the 667 papers shown in Figure 3, reducing the number to 3,709. The resulting list is finally filtered using the same search string described above; the studies had to include a term related to CPS and a term related to edge computing. This process reduced the final results to 24 references. Finally, the content of the studies was analyzed, adding a total of 17 new sources from the snowballing (see left bottom part in Figure 3).

At the end of the Study selection process, there were a total of 224 studies flagged as Relevant, and the data mapping step could begin.

Data Mapping (Step 4). The next step in the systematic mapping study is to establish how the relevant studies are to be classified to attempt to answer the underlying research questions of the study. This section provides the definitions used in the classification scheme.

Beyond the general publication data such as title, name of the author(s), and publication year, seven additional facets are considered. The first, being the research types presented in Reference [70], which are adopted unaltered in our study, like in Reference [6]. The others are CPS domain, edge implementation, application class, trustworthiness, artificial intelligence, and energy efficiency. The initial categorization is based on the acquired knowledge from discussions with experts from their respective fields. Next, weekly meetings were held to refine the categories further.

We defined a well-structured form based on the classification scheme and the research questions to extract the data from the selected relevant studies. Microsoft Excel spreadsheet was used to organize and store the extracted information from each relevant study for subsequent analysis.

Analysis of Results and Discussion of Insight (Step 5). The last step of the systematic mapping study process is results analysis, where the map of the field is produced from the relevant studies and then a comprehensive analysis of the studies is performed to address the research questions. We used multiple methods to produce the maps, such as bubble charts, pie charts, and line graphs. Produced maps and the derived analysis are presented in Section 5, and a discussion of the insights is presented in Section 6.

This section explains all the classifications in detail.

In this section, we present the findings from the survey with a subsection for each of the four research questions as introduced in Section 3. The outcomes of the research questions are illustrated in the form of charts and/or graphs. The complete list of the relevant studies and their classifications in the study can be found online.⁹

Our systematic mapping study, as well as the related surveys, clearly paints a picture of edge-based CPS as an emerging field that addresses multiple types of applications. It is clear that the initial drive towards edge computing has been focusing on non-critical applications, but that the momentum and opportunities are likely to lead to increased adoption of edge computing in CPS, and therefore a need to increasingly deal with multiple attributes of trustworthiness. In the following, we first discuss the findings from our systematic mapping study and then contrast them with the findings of the related surveys. Finally, we discuss the validity of our mapping study.

Discussing the Findings. Among the edge-computing solutions, fog computing is the most present implementation in the analyzed studies, as seen in Figure 5. When looking at the distribution within the CPS domains, as in Figure 8, it can be seen that only in telecom is MEC more frequent than fog computing. This finding is natural, given the connection between the telecom industry and MEC. A possible explanation for the limited number of papers covering MEC among the CPS domains could be that the telecommunication companies have a strong tradition of patenting (rather than writing papers); note that patents are not covered in this mapping study.

By contrast, manufacturing, which is much more focused on fog computing according to the surveyed publications, is also the CPS domain with the highest number of studies about edge-based CPS. This is likely because manufacturing technology already has a high degree of automation, sensors, and network capabilities, and so taking the next step to Edge is a relatively small one. Additionally, the search string included “Industry 4.0,” which also may favor results within the manufacturing industry. Last, the cloudlet architecture is the category with the lowest amount of publications for all of the CPS domains, which could have its explanation in that cloudlets have (so far) mainly intended non-CPS applications.

The consideration of trustworthiness when using edge computing in the context of critical CPS was one of the main motivations for embarking on this study. After analyzing the results in Figure 6, it is clear that many of the research efforts in edge-based CPS are only considering trustworthiness of the systems to a very limited extent. In recent years, as shown in Figure 7, the number of publications related to edge-based CPS has experienced huge growth. Nevertheless, the proportion of those that consider trustworthiness has been constant, around 50%. Among the ones that consider it, most of them only cover one or two of the attributes of trustworthiness that we have analyzed. Regarding those aspects, Predictability and Security received the most attention. For predictability, we note a strong interest in various aspects of resource management, which have rendered a classification of “predictability.” In hindsight, we can say that there are nuances of predictability, essentially referring to “best-effort” (average-case performance) vs. efforts providing some level of guarantees. Thus, not all efforts on predictability are relevant for critical CPS. Further, safety is the least-considered trustworthiness aspect. This is especially noteworthy, since many papers indeed refer to various types of critical applications as relevant for edge computing, including, for example, in manufacturing and transportation (e.g., vehicle platooning). The development of safety-critical systems requires adherence to safety standards. The current set of standards and thus best practices are not fit for the next generation AI-equipped edge-based CPS [7, 27, 63]. The corresponding challenges are perhaps most prominently seen for automated driving (AD), with the increasing number of efforts that are trying to promote AD safety [28].

Regarding the application type, resource management and real-time application analytics have been the most extensively studied areas, especially using fog computing as the edge implementation, as shown in Figure 9. Power consumption in energy-aware systems, together with task completion latency, are the two most concerned elements during the application. Extensive studies of edge-based CPS, especially regarding computation task offloading [69], energy-efficient scheduling [73], and resource allocation management [38], have investigated the natural tradeoff between these two factors. The minimization of execution delay and energy consumption in a cooperative edge-based system requires the joint optimization of communication and computation resources between local devices and edge servers. This consideration is usually measured as a weighted-sum function of the delay and energy and adjusted with different weightings to satisfy the requirements in various use cases. Nevertheless, other factors, such as the operational cost [71], network utility [61], quality-of-experience [49], and robustness of transmission network [9], are also considered as the objectives to be optimized in the application of edge-computing system for CPS.

When analyzing the type of research in Figure 12, more than half of the studies have been classified as a solution proposal. When grouping the studies by application type and edge implementation, solution proposal is still the predominant category in almost every group. Evaluation and validation tend to occupy the second and third positions, but there are some research gaps where these two categories are not present, e.g., resource management using cloudlets. As we are embarking on a phase of novel, edge-based CPS in many applications, more effort will be needed on evaluation and validation studies, not the least concerning trustworthiness properties.

Regarding other factors that are influencing the development of edge computing for CPS, this study has analyzed the AI methods used and the inclusion of energy efficiency. Regarding the AI methods, only one-third of the studies explicitly state that they use artificial intelligence (Figure 14). However, when considering the temporal evolution (Figure 15), one can see an increase in the use of machine learning methods from 2019. Regarding energy efficiency, it is only considered by a rather low fraction of the total number of studies. This value is particularly low in the domains of manufacturing and zero in the healthcare domain.

As CPS are used to integrate new technologies and deployed in settings that span embedded, edge, and cloud computing, there are corresponding needs to bridge gaps between the involved research communities. As treated in this article, this becomes particularly important concerning the edge vs. CPS disciplines. A high-level summary of these findings is illustrated in Table 3. While providing scalable computing in various forms, the edge-computing communities have not had the same exposure to critical applications. Since several trustworthiness attributes have been identified as “research challenges,” this would provide a useful starting point for discussions with CPS and dependability fields where these topics have a long tradition. For example, our survey indicates that edge-computing research has primarily focused on soft real-time (SRT) systems (where meeting timing requirements is generally not seen as critical), whereas CPS communities have for long studied both hard real-time (HRT) (where missing timing requirements may be critical) and SRT systems, as well as their combination. In any case, as we embark on more open and increasingly complex systems, all trustworthiness attributes face challenges on their own (e.g., for security, more attack surfaces; for safety, learning systems deployed in more open world settings), but also need consideration in conjunction.

Further, as cyber-physical systems become connected and start to collaborate, this will lead to cyber-physical systems of systems (CPSoS). We believe that many such CPSoS will tend to include edge computing and AI to support many of the coordination and collaboration challenges. Systems of systems are characterized by the operational and managerial independence of their constituent systems and by emergent behavior [45]. Take, for instance, city traffic as a “system,” exemplifying a situation with a multitude of stakeholders, independent evolution (of streets, vehicles, other infrastructure), not always clear responsibilities, and where a change or the introduction of entirely new systems (such as automated vehicles) may cause hard-to-predict behaviors (emergence).

Finally, although not an aspect we emphasized in our survey, we note that business models are identified as research challenges by the edge-computing communities. To our understanding, CPS have not to the same extent considered this topic and will need to do so, as CPS are likely to be increasingly provided as services as part of CPSoS.

Findings vs. Related Edge-computing Surveys. It is interesting to reflect on our mapping study findings versus the other state-of-the-art surveys that we summarized in Section 2, in particular for those covering some flavor of edge computing. We note that these survey papers identify a rather broad range of topics as relevant research challenges. Commonly identified challenges include various aspects of resource management, latency, security, privacy, and energy efficiency. Topics identified by a few papers include interoperability-related challenges, governance, business models, architecture, mobility, and application algorithms including data analytics.

The resource-constrained nature of edge-based systems is highlighted by several papers, where a few call for cost-efficient approaches to security and fault-tolerance. The complexity of edge-based systems is touched upon by a few papers directly or indirectly. We note that security in itself is a multifaceted topic that would deserve a more in-depth survey. While research has addressed or is highlighting selected reliability and availability challenges, security is still mainly identified as a research challenge with an emphasis on privacy and confidentiality—thus with less coverage of security implications on availability and safety [11].

In addition, the need to deal with conflicting objectives and multi-objective design is highlighted by a few surveys (e.g., considering quality-of-service, energy, cost and bandwidth). Specifically, several of the surveys, including References [11, 16, 64, 72], highlight gaps regarding non-functional properties in terms of trustworthiness/dependability-related attributes. As an overall remark, we conclude that the related surveys found similar gaps when it comes to addressing trustworthiness attributes, while there is a lack in considering safety and its relation to other trustworthiness attributes explicitly. A combined view, drawing upon our findings and the related surveys, is illustrated in Table 3.

Validity of the Results. Several issues need to be taken into account when conducting a systematic mapping study, which, if unaddressed, can potentially limit the validity of obtained results [43].

One such limitation is that this study only considered published papers written in English. For this reason, some relevant contributions in other languages may have been omitted. However, it should be mentioned that this is a limitation with most systematic mapping studies, and the impact is assumed to be small [14, 6]. Additionally, since the snowballing process was automated, it is possible that the occasional publication is parsed incorrectly, and thus be considered “unknown” by the automation tool. Such publications would thus not have been properly processed by the management software, and thus omitted from the results.

Another potential threat to the validity is the subjectivity of the individual researcher during the classification stage. Since only one option is chosen for each category, it can sometimes be hard to assess the core subject matter or the study under review. To mitigate this, a validation process was performed where researchers reviewed a randomly sampled subset from the rest of the team. No significant discrepancies were identified during this step. Moreover, weekly meetings were performed where all the reviewers participated to harmonize the concepts and classifications. This process led to several clarifications and in some cases to re-reviews of papers to make sure the same approach was applied to all papers.

Finally, the relevance of the findings may not be representative or relevant if the search string/terms were not appropriate to the corresponding research questions. As discussed in this article, this topic is non-trivial, since many concepts and synonyms are used to refer to edge computing as well as to CPS. We believe that the validity of our mapping study is strengthened with the comparison with the related surveys, since they encompass a broader (sometimes slightly different) scope compared to our mapping study. For example, the state-of-the-art surveys also include “CPS-” and “edge-” only surveys. The performed snowballing also helped to reduce the risk of missing relevant publications.

As covered by our mapping and the related surveys (Section 2), a multitude of topics is already being researched concerning edge-computing systems. It is clear that much more research and industrial efforts (including standardization) will be needed in the direction of future edge-based CPS. We summarize here our analysis of the findings (from the Discussion, Section 6) in terms of recommendations for further research and other efforts that would complement current efforts:

As a follow-up to our systematic mapping study, it could be of interest to increase the scope of the study by incorporating more attributes related to trustworthiness, such as transparency and accountability [36], and also potentially to increase the level of detail by including more related attributes (or sub-attributes), such as resilience, availability, integrity, and confidentiality. A further potential direction would be to increase the reach of the study through the inclusion of other search terms, potentially providing further insights. Such directions include incorporating related concepts or characteristic properties with respect to CPS and Industry 4.0 like IIoT or dependability. It would also be of interest to provide a more in-depth analysis regarding sustainability and related concepts such as the “circular economy.” A more fine-grained analysis of the AI methods used for edge-based CPS would also be beneficial. A broader reach covering more of some of the industrial developments could also beneficially be extended to incorporate patents. Since the whole field of research is growing rapidly, an update to include the newest papers would also be beneficial in the next few years. We also believe that nuances of predictability and security could be explored in more detail.

The introduction of edge computing for CPS comes as a natural solution to the opportunities at hand and the current limitations of embedded systems and cloud computing. However, the heterogeneity of “things at the edge” as well as the integration with other fields of computing has brought proposals for multiple possible solutions.

This study provides an overview of the current research efforts in the usage of edge-computing solutions for critical CPS. Through the analysis and classification of 224 papers, this study provides an overview and insight into the current connections between the two fields and the corresponding research gaps. The analysis motivates a bigger emphasis on research to address trustworthiness-related properties, an aspect that is particularly relevant and necessary for the introduction of critical edge-based CPS.