Hybrid systems in automotive electronics design

Automotive electronic design is certainly one of the most attractive and promising application domains for hybrid system techniques. Some successful hybrid system applications to automotive model development and control algorithm design have already been reported in the literature. However, despite the significant advances achieved in the past few years, hybrid methods are in general still not mature enough for their effective introduction in the automotive industry design processes at large. In this paper, we take a broad view of the development process for embedded control systems in the automotive industry with the purpose of identifying challenges and additional opportunities for hybrid systems. We identify critical steps in the design flow and extract a number of open problems where hybrid system technology might play an important role

Mapping AADL to Petri Net Tool-Sets Using PNML Framework

Architecture Analysis and Design Language (AADL) has been utilized to specify and verify non- functional properties of Real-Time Embedded Systems (RTES) used in critical application systems. Examples of such critical application systems include medical devices, nuclear power plants, aer- ospace, financial, etc. Using AADL, an engineer is enable to analyze the quality of a system. For example, a developer can perform performance analysis such as end-to-end flow analysis to guarantee that system components have the required resources to meet the timing requirements relevant to their communications. The critical issue related to developing and deploying safety critical systems is how to validate the expected level of quality (e.g., safety, performance, security) and functionalities (capabilities) at design level. Currently, the core AADL is extensively applied to analyze and verify quality of RTES embed in the safety critical applications. The notation lacks the formal semantics needed to reason about the logical properties (e.g., deadlock, livelock, etc.) and capabilities of safety critical systems. The objective of this research is to augment AADL with exit- ing formal semantics and supporting tools in a manner that these properties can be automatically verified. Toward this goal, we exploit Petri Net Markup Language (PNML), which is a standard act- ing as the intermediate language between different classes of Petri Nets. Using PNML, we interface AADL with different classes of Petri nets, which support different types of tools and reasoning. The justification for using PNML is that the framework provides a context in which interoperability and exchangeability among different models of a system specified by different types of Petri nets is possible. The contributions of our work include a set of mappings and mapping rules between AADL and PNML. To show the feasibility of our approach, a fragment of RT-Embedded system, namely, Cruise Control System has been used

MARTE based design approach for targeting Reconfigurable Architectures

International audienceThis paper demonstrates the use of a model driven design flow for Multiprocessor System on chips (MPSoCs) such as those dedicated to intensive signal processing applications. Due to the continuous exponential rise in SoC's design complexity, there is a critical need to find new seamless methodologies and tools to handle the SoC co-design aspects. This paper addresses this issue and proposes a novel SoC codesign methodology based on Model Driven Engineering (MDE) and the MARTE (Modeling and Analysis of Real-Time and Embedded Systems) standard proposed by OMG (Object Management Group), in order to raise the design abstraction levels. Extensions of this standard have enabled us to move from high level specifications to execution platforms such as reconfigurable FPGAs

MARTE based design approach for targeting Reconfigurable Architectures

International audienceThis paper demonstrates the use of a model driven design flow for Multiprocessor System on chips (MPSoCs) such as those dedicated to intensive signal processing applications. Due to the continuous exponential rise in SoC's design complexity, there is a critical need to find new seamless methodologies and tools to handle the SoC co-design aspects. This paper addresses this issue and proposes a novel SoC codesign methodology based on Model Driven Engineering (MDE) and the MARTE (Modeling and Analysis of Real-Time and Embedded Systems) standard proposed by OMG (Object Management Group), in order to raise the design abstraction levels. Extensions of this standard have enabled us to move from high level specifications to execution platforms such as reconfigurable FPGAs

Targeting Reconfigurable FPGA based SoCs using the MARTE UML profile: from high abstraction levels to code generation

International audienceAs SoC design complexity is escalating to new heights, there is a critical need to find adequate approaches and tools to handle SoC co-design aspects. Additionally, modern reconfigurable SoCs offer advantages over classical SoCs as they integrate adaptivity features to cope with mutable design requirements and environment needs. This paper presents a novel approach to address system adaptivity and reconfigurability. A generic model of reactive control is presented in a SoC codesign framework: Gaspard. Afterwards, control integration at different levels of the framework is illustrated for both functional specification and FPGA synthesis. The presented work is based on Model-Driven Engineering and the UML MARTE profile proposed by Object Management Group, for modeling and analysis of real-time embedded systems. The paper thus presents a complete design flow to move from high level MARTE models to code generation, for implementation of dynamically reconfigurable SoCs

Set-based Simulation for Design and Verification of Simulink Models

International audienceModel-based design is a widely used methodology for the development of embedded critical software, such as a discrete controller for a continuous plant. In this setting, numerical simulation of both the plant and the controller plays a crucial role, since it is used to validate the design choices in the early stages of development. However, classical numerical simulation has inherent limitations: it is of limited precision and cannot deal with the intrinsic non-determinism present in complex systems. In this article, we present a tool named HySon that overcomes these drawbacks. It takes as input a Simulink model of a control-command system with non-deterministic uncertainties and automatically computes flow-pipes that contain all possible trajectories of the system. We show on some examples how HySon can be used to improve the quality of model-based design

Autoscopy Jr.: Intrusion Detection for Embedded Control Systems

Securing embedded control systems within the power grid presents a unique challenge: on top of the resource restrictions inherent to these devices, SCADA systems must also accommodate strict timing requirements that are non-negotiable, and their massive scale greatly amplifies costs such as power consumption. These constraints make the conventional approach to host intrusion detection--namely, employing virtualization in some manner--too costly or impractical for embedded control systems within critical infrastructure. Instead, we take an in-kernel approach to system protection, building upon the Autoscopy system developed by Ashwin Ramaswamy that places probes on indirectly-called functions and uses them to monitor its host system for behavior characteristic of control-flow-altering malware, such as rootkits. In this thesis, we attempt to show that such a method would indeed be a viable method of protecting embedded control systems. We first identify several issues with the original prototype, and present a new version of the program (dubbed Autoscopy Jr.) that uses trusted location lists to verify that control is coming from a known, trusted location inside our kernel. Although we encountered additional performance overhead when testing our new design, we developed a kernel profiler that allowed us to identify the probes responsible for this overhead and discard them, leaving us with a final probe list that generated less than 5% overhead on every one of our benchmark tests. Finally, we attempted to run Autoscopy Jr. on two specialized kernels (one with an optimized probing framework, and another with a hardening patch installed), finding that the former did not produce enough performance benefits to preclude using our profiler, and that the latter required a different method of scanning for indirect functions for Autoscopy Jr. to operate. We argue that Autoscopy Jr. is indeed a feasible intrusion detection system for embedded control systems, as it can adapt easily to a variety of system architectures and allows us to intelligently balance security and performance on these critical devices