Development of functional safety applications for Autec products. Study of protocols: CANopen, CANopen Safety, FSOE and ProfiSafe

This thesis has the principal goal of developing intrinsic safety applications in distributed real-time industrial systems, mainly based on fieldbuses and RTE networks. To achieve this important objective the first part of this elaborate provides an introduction of the principal protocols, such as CANopen Safety, Fail safe Over Ethercat (FSOE) and Profisafe, used for the safety relevant applications in the automation environment,analysing properties,story and the use of them by industry

Encoding and Physical Study of the CANbus Sensor Network

Within vehicles, the need for a better performing, more secure network is increasing due to the complexity of the sensors and the growing number of people who can compromise the system. The objective was to improve the performance and throughput of data while also working to improve security within the CANbus network. The approach entailed encoding the CAN frames using M-ASK, and characterizing nodes based on their emitted signal. Results included the successful creation of base2CAN and base4CAN nodes, implementing 4-ary ASK within the network, thusly achieving a doubled throughput. Another achievement was the sounding of the CAN test-bed. Although the results are inconclusive, there is reason to believe that characterizing the nodes can be implemented for increasing vehicle security

Remote ISOBUS telematics in agricultural environment

Many agricultural equipment manufacturers are mainly hardware providers, and the product life cycle services are limited to machine maintenance and spare parts. However, the modern wireless technologies makes it possible to access machines in their working environment, thus enabling many new applications. Accessing machines also requires accessing their internal communications network, which in agricultural machines is increasingly often ISOBUS. The purpose of this thesis is to study the available telematics information and interfaces in an ISOBUS system, and also the applications this informations makes possible. Based on this information telematics functionalities are selected and implemented to Wapice Remote Management (WRM) system. Especially the standard manufacturer independent interfaces provided by ISO 11783 standard, in which the ISOBUS is based on, are studied. The thesis is divided into three main parts. First, the current state-of-the-art is presented followed by usage examples for the telematics system which also highlights the main requirements for the system in whole. Thereafter, the second part introduces SAE J1939 protocol in which the ISOBUS is based on. The main concepts of the ISOBUS protocol are also introduced, and the ISOBUS is compared to other common CAN-based protocols. The results for the study of available information sources in an ISOBUS system as well as a general example reference architecture for the system are presented. In the third part the implementation of ISOBUS support in WRM system and the implementation of ISOBUS telematics functionalities is presented. The results of this thesis suggest that the ISO 11783 standard provides many functionalities and interfaces that can be used to collect telematics as well as process information in a manufacturer independent way. This is a key factor when developing a generic system. The implementation for the WRM system also shows that it is possible to integrate ISOBUS telematics in an existing remote management system

Cyber-Security Solutions for Ensuring Smart Grid Distribution Automation Functions

The future generation of the electrical network is known as the smart grid. The distribution domain of the smart grid intelligently supplies electricity to the end-users with the aid of the decentralized Distribution Automation (DA) in which intelligent control functions are distributed and accomplished via real-time communication between the DA components. Internet-based communication via the open protocols is the latest trend for decentralized DA communication. Internet communication has many benefits, but it exposes the critical infrastructure’s data to cyber-security threats. Security attacks may not only make DA services unreachable but may also result in undesirable physical consequences and serious damage to the distribution network environment. Therefore, it is compulsory to protect DA communication against such attacks. There is no single model for securing DA communication. In fact, the security level depends on several factors such as application requirements, communication media, and, of course, the cost.There are several smart grid security frameworks and standards, which are under development by different organizations. However, smart grid cyber-security field has not yet reached full maturity and, it is still in the early phase of its progress. Security protocols in IT and computer networks can be utilized to secure DA communication because industrial ICT standards have been designed in accordance with Open Systems Interconnection model. Furthermore, state-of-the-art DA concepts such as Active distribution network tend to integrate processing data into IT systems.This dissertation addresses cyber-security issues in the following DA functions: substation automation, feeder automation, Logic Selectivity, customer automation and Smart Metering. Real-time simulation of the distribution network along with actual automation and data networking devices are used to create hardware-in-the-loop simulation, and experiment the mentioned DA functions with the Internet communication. This communication is secured by proposing the following cyber-security solutions.This dissertation proposes security solutions for substation automation by developing IEC61850-TLS proxy and adding OPen Connectivity Unified Architecture (OPC UA) Wrapper to Station Gateway. Secured messages by Transport Layer Security (TLS) and OPC UA security are created for protecting substation local and remote communications. Data availability is main concern that is solved by designing redundant networks.The dissertation also proposes cyber-security solutions for feeder automation and Logic Selectivity. In feeder automation, Centralized Protection System (CPS) is proposed as the place for making Decentralized feeder automation decisions. In addition, applying IP security (IPsec) in Tunnel mode is proposed to establish a secure communication path for feeder automation messages. In Logic Selectivity, Generic Object Oriented Substation Events (GOOSE) are exchanged between the substations. First, Logic Selectivity functional characteristics are analyzed. Then, Layer 2 Tunneling over IPsec in Transport mode is proposed to create a secure communication path for exchanging GOOSE over the Internet. Next, communication impact on Logic Selectivity performance is investigated by measuring the jitter and latency in the GOOSE communication. Lastly, reliability improvement by Logic Selectivity is evaluated by calculating reliability indices.Customer automation is the additional extension to the smart grid DA. This dissertation proposes an integration solution for the heterogeneous communication parties (TCP/IP and Controller Area Network) in Home Area Network. The developed solution applies Secure Socket Layer in order to create secured messages.The dissertation also proposes Secondary Substation Automation Unit (SSAU) for realtime communication of low voltage data to metering database. Point-to-Point Tunneling Protocol is proposed to create a secure communication path for Smart Metering data.The security analysis shows that the proposed security solutions provide the security requirements (Confidentiality, Integrity and Availability) for DA communication. Thus, communication is protected against security attacks and DA functions are ensured. In addition, CPS and SSAU are proposed to distribute intelligence over the substations level

The Detector Control System of the ATLAS experiment at CERN: An application to the calibration of the modules of the Tile Hadron Calorimeter

The principle subject of this thesis work is the design and development of the Detector Control System (DCS) of the ATLAS experiment at CERN. The DCS must ensure the coherent and safe operation of the detector and handle the communication with external systems, like the LHC accelerator and CERN services. A bidirectional data flow between the Data AcQuisition (DAQ) system and the DCS will enable coherent operation of the experiment. The LHC experiments represent new challenges for the design of the control system. The extremely high complexity of the project forces the design of different components of the detector and related systems to be performed well ahead to their use. The long lifetime of the LHC experiments imposes the use of evolving technologies and modular design. The overall dimensions of the detector and the high number of I/O channels call for a control system with processing power distributed all over the facilities of the experiment while keeping a low cost. The environmental conditions require the utilization of magnetic field and radiation tolerant equipment. Homogeneity throughout the system, despite of the diversity of equipment and the number of people involved, is a key concern in the design of the DCS. For these reasons, the DCS will be implemented using well defined building blocks to reduce the design work, to ease commissioning and integration and to minimize the maintenance effort required during the lifetime of the experiment. This thesis is divided into two main parts. In the first one, the requirements of the DCS are analyzed and the overall architecture of the system is designed. The building blocks of the system, and the different tests performed for their qualification for operation in ATLAS are presented. In the second part, the different technologies of the DCS are used to implement the control system for the final calibration of the modules of the ATLAS Tile Hadron Calorimeter. In addition, the effect of the DCS controlled parameters on the calorimeter response (e.g. the energy resolution and the linearity of the response) have been studied

Robotics software frameworks for multi-agent robotic systems development

Robotics is an area of research in which the paradigm of Multi-Agent Systems (MAS) can prove to be highly useful. Multi-Agent Systems come in the form of cooperative robots in a team, sensor networks based on mobile robots, and robots in Intelligent Environments, to name but a few. However, the development of Multi-Agent Robotic Systems (MARS) still presents major challenges. Over the past decade, a high number of Robotics Software Frameworks (RSFs) have appeared which propose some solutions to the most recurrent problems in robotics. Some of these frameworks, such as ROS, YARP, OROCOS, ORCA, Open-RTM, and Open-RDK, possess certain characteristics and provide the basic infrastructure necessary for the development of MARS. The contribution of this work is the identification of such characteristics as well as the analysis of these frameworks in comparison with the general-purpose Multi-Agent System Frameworks (MASFs), such as JADE and Mobile-C.Ministerio de Ciencia e Innovación TEC2009-10639-C04-02Junta de Andalucía P06-TIC-2298Junta de Andalucía P08-TIC-0386

Re-use of tests and arguments for assesing dependable mixed-critically systems

The safety assessment of mixed-criticality systems (MCS) is a challenging activity due to system heterogeneity, design constraints and increasing complexity. The foundation for MCSs is the integrated architecture paradigm, where a compact hardware comprises multiple execution platforms and communication interfaces to implement concurrent functions with different safety requirements. Besides a computing platform providing adequate isolation and fault tolerance mechanism, the development of an MCS application shall also comply with the guidelines defined by the safety standards. A way to lower the overall MCS certification cost is to adopt a platform-based design (PBD) development approach. PBD is a model-based development (MBD) approach, where separate models of logic, hardware and deployment support the analysis of the resulting system properties and behaviour. The PBD development of MCSs benefits from a composition of modular safety properties (e.g. modular safety cases), which support the derivation of mixed-criticality product lines. The validation and verification (V&V) activities claim a substantial effort during the development of programmable electronics for safety-critical applications. As for the MCS dependability assessment, the purpose of the V&V is to provide evidences supporting the safety claims. The model-based development of MCSs adds more V&V tasks, because additional analysis (e.g., simulations) need to be carried out during the design phase. During the MCS integration phase, typically hardware-in-the-loop (HiL) plant simulators support the V&V campaigns, where test automation and fault-injection are the key to test repeatability and thorough exercise of the safety mechanisms. This dissertation proposes several V&V artefacts re-use strategies to perform an early verification at system level for a distributed MCS, artefacts that later would be reused up to the final stages in the development process: a test code re-use to verify the fault-tolerance mechanisms on a functional model of the system combined with a non-intrusive software fault-injection, a model to X-in-the-loop (XiL) and code-to-XiL re-use to provide models of the plant and distributed embedded nodes suited to the HiL simulator, and finally, an argumentation framework to support the automated composition and staged completion of modular safety-cases for dependability assessment, in the context of the platform-based development of mixed-criticality systems relying on the DREAMS harmonized platform.La dificultad para evaluar la seguridad de los sistemas de criticidad mixta (SCM) aumenta con la heterogeneidad del sistema, las restricciones de diseño y una complejidad creciente. Los SCM adoptan el paradigma de arquitectura integrada, donde un hardware embebido compacto comprende múltiples plataformas de ejecución e interfaces de comunicación para implementar funciones concurrentes y con diferentes requisitos de seguridad. Además de una plataforma de computación que provea un aislamiento y mecanismos de tolerancia a fallos adecuados, el desarrollo de una aplicación SCM además debe cumplir con las directrices definidas por las normas de seguridad. Una forma de reducir el coste global de la certificación de un SCM es adoptar un enfoque de desarrollo basado en plataforma (DBP). DBP es un enfoque de desarrollo basado en modelos (DBM), en el que modelos separados de lógica, hardware y despliegue soportan el análisis de las propiedades y el comportamiento emergente del sistema diseñado. El desarrollo DBP de SCMs se beneficia de una composición modular de propiedades de seguridad (por ejemplo, casos de seguridad modulares), que facilitan la definición de líneas de productos de criticidad mixta. Las actividades de verificación y validación (V&V) representan un esfuerzo sustancial durante el desarrollo de aplicaciones basadas en electrónica confiable. En la evaluación de la seguridad de un SCM el propósito de las actividades de V&V es obtener las evidencias que apoyen las aseveraciones de seguridad. El desarrollo basado en modelos de un SCM incrementa las tareas de V&V, porque permite realizar análisis adicionales (por ejemplo, simulaciones) durante la fase de diseño. En las campañas de pruebas de integración de un SCM habitualmente se emplean simuladores de planta hardware-in-the-loop (HiL), en donde la automatización de pruebas y la inyección de faltas son la clave para la repetitividad de las pruebas y para ejercitar completamente los mecanismos de tolerancia a fallos. Esta tesis propone diversas estrategias de reutilización de artefactos de V&V para la verificación temprana de un MCS distribuido, artefactos que se emplearán en ulteriores fases del desarrollo: la reutilización de código de prueba para verificar los mecanismos de tolerancia a fallos sobre un modelo funcional del sistema combinado con una inyección de fallos de software no intrusiva, la reutilización de modelo a X-in-the-loop (XiL) y código a XiL para obtener modelos de planta y nodos distribuidos aptos para el simulador HiL y, finalmente, un marco de argumentación para la composición automatizada y la compleción escalonada de casos de seguridad modulares, en el contexto del desarrollo basado en plataformas de sistemas de criticidad mixta empleando la plataforma armonizada DREAMS.Kritikotasun nahastuko sistemen segurtasun ebaluazioa jarduera neketsua da beraien heterogeneotasuna dela eta. Sistema hauen oinarria arkitektura integratuen paradigman datza, non hardware konpaktu batek exekuzio plataforma eta komunikazio interfaze ugari integratu ahal dituen segurtasun baldintza desberdineko funtzio konkurrenteak inplementatzeko. Konputazio plataformek isolamendu eta akatsen aurkako mekanismo egokiak emateaz gain, segurtasun arauek definituriko jarraibideak jarraitu behar dituzte kritikotasun mistodun aplikazioen garapenean. Sistema hauen zertifikazio prozesuaren kostua murrizteko aukera bat plataformetan oinarritutako garapenean (PBD) datza. Garapen planteamendu hau modeloetan oinarrituriko garapena da (MBD) non modeloaren logika, hardware eta garapen desberdinak sistemaren propietateen eta portaeraren aurka aztertzen diren. Kritikotasun mistodun sistemen PBD garapenak etekina ateratzen dio moduluetan oinarrituriko segurtasun propietateei, adibidez: segurtasun kasu modularrak (MSC). Modulu hauek kritikotasun mistodun produktu-lerroak ere hartzen dituzte kontutan. Berifikazio eta balioztatze (V&V) jarduerek esfortzu kontsideragarria eskatzen dute segurtasun-kiritikoetarako elektronika programagarrien garapenean. Kritikotasun mistodun sistemen konfiantzaren ebaluazioaren eta V&V jardueren helburua segurtasun eskariak jasotzen dituzten frogak proportzionatzea da. Kritikotasun mistodun sistemen modelo bidezko garapenek zeregin gehigarriak atxikitzen dizkio V&V jarduerari, fase honetan analisi gehigarriak (hots, simulazioak) zehazten direlako. Bestalde, kritikotasun mistodun sistemen integrazio fasean, hardware-in-the-loop (Hil) simulazio plantek V&V iniziatibak sostengatzen dituzte non testen automatizazioan eta akatsen txertaketan funtsezko jarduerak diren. Jarduera hauek frogen errepikapena eta segurtasun mekanismoak egiaztzea ahalbidetzen dute. Tesi honek V&V artefaktuen berrerabilpenerako estrategiak proposatzen ditu, kritikotasun mistodun sistemen egiaztatze azkarrerako sistema mailan eta garapen prozesuko azken faseetaraino erabili daitezkeenak. Esate baterako, test kodearen berrabilpena akats aurkako mekanismoak egiaztatzeko, modelotik X-in-the-loop (XiL)-ra eta kodetik XiL-rako konbertsioa HiL simulaziorako eta argumentazio egitura bat DREAMS Europear proiektuan definituriko arkitektura estiloan oinarrituriko segurtasun kasu modularrak automatikoki eta gradualki sortzeko

Architecture for grid-enabled instrumentation in extreme environments

Technological progress in recent decades has led to sensor networks and robotic explorers becoming principal tools for investigation of remote or "hostile" environments where it is difficult, if not impossible for humans to intervene. These situations include deep ocean and space environments where the devices can be subject to extreme pressures, temperatures and radiation levels. It is a costly enterprise to deploy an instrument in such settings and therefore reliable operation and ease of use are requisite features to build into the basic fabric of the machine. This thesis describes the design and implementation of a modular machine system based on a peer-to-peer, decentralised network topology where the power supply and electronic hardware resources are distributed homogeneously throughout a network of nodes. Embedded within each node is a minimal, low-power single board computer on which a real-time operating system and MicroCANopen protocol stack are operating to realise a standard interface to the network. The network is based on a grid paradigm where nodes act as resource producers and consumers, sharing information so that the machine system as a whole can perform tasks. The resulting architecture supports "plug-and-play" flexibility, to allow users or system developers to reconfigure or expand its capabilities by adding/removing nodes at a later time. An immediate application of this instrument is in-situ sampling of microbes in extreme aqueous habitats. The microbial sampler is targeted at providing improved sampling capabilities when performing physical, chemical and biological investigations in deep- ocean hydrothermal vent environments. At these depths the instrument is subject to immense pressures of many thousand pounds per square inch, where superheated, corrosive, mineral-loaded vent fluids mix with near-freezing seawater. In the longer term, it is anticipated that this flexible, open interface architecture on which the microbial sampler instrument is based will be applicable more generally to other sectors, including commercial and scientific markets.EThOS - Electronic Theses Online ServiceGBUnited Kingdo

Networked electronic equipments using the IEEE 1451 standard - visioway: a case study in the ITS area

The concept of Intelligent Transportation Systems (ITSs) has been recently introduced to define modern embedded systems with enhanced digital connectivity, combining people, vehicles, and public infrastructure. The smart transducer concept, on the other hand, has been established by the IEEE 1451 standard to simplify the scalability of networked electronic equipments. The synergy of both concepts will establish a new paradigm in the near future of the ITS area. The purpose of this paper is to analyze the integration of electronic equipments into intelligent road-traffic management systems by using the smart transducer concept. An automated video processing sensor for road-traffic monitoring applications is integrated into an ITS network as a case study. The impact of the IEEE 1451 standard in the development and performance of ITS equipments is analyzed through its application to this video-based system, commercialized under the name VisioWa

Architecture for grid-enabled instrumentation in extreme environments

Technological progress in recent decades has led to sensor networks and robotic explorers becoming principal tools for investigation of remote or "hostile" environments where it is difficult, if not impossible for humans to intervene. These situations include deep ocean and space environments where the devices can be subject to extreme pressures, temperatures and radiation levels. It is a costly enterprise to deploy an instrument in such settings and therefore reliable operation and ease of use are requisite features to build into the basic fabric of the machine. This thesis describes the design and implementation of a modular machine system based on a peer-to-peer, decentralised network topology where the power supply and electronic hardware resources are distributed homogeneously throughout a network of nodes. Embedded within each node is a minimal, low-power single board computer on which a real-time operating system and MicroCANopen protocol stack are operating to realise a standard interface to the network. The network is based on a grid paradigm where nodes act as resource producers and consumers, sharing information so that the machine system as a whole can perform tasks. The resulting architecture supports "plug-and-play" flexibility, to allow users or system developers to reconfigure or expand its capabilities by adding/removing nodes at a later time. An immediate application of this instrument is in-situ sampling of microbes in extreme aqueous habitats. The microbial sampler is targeted at providing improved sampling capabilities when performing physical, chemical and biological investigations in deep- ocean hydrothermal vent environments. At these depths the instrument is subject to immense pressures of many thousand pounds per square inch, where superheated, corrosive, mineral-loaded vent fluids mix with near-freezing seawater. In the longer term, it is anticipated that this flexible, open interface architecture on which the microbial sampler instrument is based will be applicable more generally to other sectors, including commercial and scientific markets