Robust and secure resource management for automotive cyber-physical systems

2022 Spring.Includes bibliographical references.Modern vehicles are examples of complex cyber-physical systems with tens to hundreds of interconnected Electronic Control Units (ECUs) that manage various vehicular subsystems. With the shift towards autonomous driving, emerging vehicles are being characterized by an increase in the number of hardware ECUs, greater complexity of applications (software), and more sophisticated in-vehicle networks. These advances have resulted in numerous challenges that impact the reliability, security, and real-time performance of these emerging automotive systems. Some of the challenges include coping with computation and communication uncertainties (e.g., jitter), developing robust control software, detecting cyber-attacks, ensuring data integrity, and enabling confidentiality during communication. However, solutions to overcome these challenges incur additional overhead, which can catastrophically delay the execution of real-time automotive tasks and message transfers. Hence, there is a need for a holistic approach to a system-level solution for resource management in automotive cyber-physical systems that enables robust and secure automotive system design while satisfying a diverse set of system-wide constraints. ECUs in vehicles today run a variety of automotive applications ranging from simple vehicle window control to highly complex Advanced Driver Assistance System (ADAS) applications. The aggressive attempts of automakers to make vehicles fully autonomous have increased the complexity and data rate requirements of applications and further led to the adoption of advanced artificial intelligence (AI) based techniques for improved perception and control. Additionally, modern vehicles are becoming increasingly connected with various external systems to realize more robust vehicle autonomy. These paradigm shifts have resulted in significant overheads in resource constrained ECUs and increased the complexity of the overall automotive system (including heterogeneous ECUs, network architectures, communication protocols, and applications), which has severe performance and safety implications on modern vehicles. The increased complexity of automotive systems introduces several computation and communication uncertainties in automotive subsystems that can cause delays in applications and messages, resulting in missed real-time deadlines. Missing deadlines for safety-critical automotive applications can be catastrophic, and this problem will be further aggravated in the case of future autonomous vehicles. Additionally, due to the harsh operating conditions (such as high temperatures, vibrations, and electromagnetic interference (EMI)) of automotive embedded systems, there is a significant risk to the integrity of the data that is exchanged between ECUs which can lead to faulty vehicle control. These challenges demand a more reliable design of automotive systems that is resilient to uncertainties and supports data integrity goals. Additionally, the increased connectivity of modern vehicles has made them highly vulnerable to various kinds of sophisticated security attacks. Hence, it is also vital to ensure the security of automotive systems, and it will become crucial as connected and autonomous vehicles become more ubiquitous. However, imposing security mechanisms on the resource constrained automotive systems can result in additional computation and communication overhead, potentially leading to further missed deadlines. Therefore, it is crucial to design techniques that incur very minimal overhead (lightweight) when trying to achieve the above-mentioned goals and ensure the real-time performance of the system. We address these issues by designing a holistic resource management framework called ROSETTA that enables robust and secure automotive cyber-physical system design while satisfying a diverse set of constraints related to reliability, security, real-time performance, and energy consumption. To achieve reliability goals, we have developed several techniques for reliability-aware scheduling and multi-level monitoring of signal integrity. To achieve security objectives, we have proposed a lightweight security framework that provides confidentiality and authenticity while meeting both security and real-time constraints. We have also introduced multiple deep learning based intrusion detection systems (IDS) to monitor and detect cyber-attacks in the in-vehicle network. Lastly, we have introduced novel techniques for jitter management and security management and deployed lightweight IDSs on resource constrained automotive ECUs while ensuring the real-time performance of the automotive systems

In-vehicle communication networks : a literature survey

The increasing use of electronic systems in automobiles instead of mechanical and hydraulic parts brings about advantages by decreasing their weight and cost and providing more safety and comfort. There are many electronic systems in modern automobiles like antilock braking system (ABS) and electronic brakeforce distribution (EBD), electronic stability program (ESP) and adaptive cruise control (ACC). Such systems assist the driver by providing better control, more comfort and safety. In addition, future x-by-wire applications aim to replace existing braking, steering and driving systems. The developments in automotive electronics reveal the need for dependable, efficient, high-speed and low cost in-vehicle communication. This report presents the summary of a literature survey on in-vehicle communication networks. Different in-vehicle system domains and their requirements are described and main invehicle communication networks that have been used in automobiles or are likely to be used in the near future are discussed and compared with key references

Building blocks for co-design of controllers and implementation platforms in embedded systems

Thesis (S.M.)--Massachusetts Institute of Technology, Dept. of Mechanical Engineering, 2013.Cataloged from PDF version of thesis.Includes bibliographical references (p. 93-95).One of the biggest challenges in implementing feedback control applications on distributed embedded platforms is the realization of required control performance while utilizing minimal computational and communication resources. Determining such tradeoffs between control performance (e.g., stability, peak overshoot, etc.) and resource requirements is an active topic of research in the domain of cyber-physical systems (CPS). In this thesis, a setup is considered where multiple distributed controllers communicate using a hybrid (i.e., time- and event-triggered) communication protocol like FlexRay (which is commonly used in automotive architectures). Mapping all control messages to time-triggered slots results in deterministic timing and hence good control performance, but time-triggered slots are more expensive. The event-triggered slots, while being less expensive, result in variable message delays and hence poor control performance. In order to tradeoff between cost and control performance, a number of recent papers proposed a switching scheme where messages are switched between time- and event-triggered slots based on the state of the plant being controlled. However, all of these studies were based on a monotonic approximation of the system dynamics. This while simplifying the resource dimensioning problem (i.e., the minimum number of time-triggered slots required to realize a given control performance) leads to pessimistic results in terms of usage of time-triggered communication. In this thesis, it is shown that the usage of time-triggered communication (i.e., the requirement on the minimum number of time-triggered slots for a given control performance) is reduced when an accurate, non-monotonic behavior of the system dynamics is considered in the analysis. This technique is illustrated using a number examples and a real-life case study. While the focus is on communication resources in this thesis, these results are general enough to be applied to a wide range of problems from the CPS domain.by Leslie Grace Maldonado.S.M

Services for safety-critical applications on dual-scheduled TDMA networks

Tese de doutoramento. Engenharia Electrotécnica e de Computadores. Faculdade de Engenharia. Universidade do Porto. 200

Trends in Automotive Communication Systems

Extended and updated version of the 2005 IEEE Proceedings paper with the same title.The use of networks for communications between the Electronic Control Units (ECU) of a vehicle in production cars dates from the beginning of the 90s. The specific requirements of the different car domains have led to the development of a large number of automotive networks such as LIN, J1850, CAN, FlexRay, MOST, etc.. This chapter first introduces the context of in-vehicle embedded systems and, in particular, the requirements imposed on the communication systems. Then, a review of the most widely used, as well as the emerging automotive networks is given. Next, the current efforts of the automotive industry on middleware technologies which may be of great help in mastering the heterogeneity, are reviewed, with a special focus on the proposals of the AUTOSAR consortium. Finally, we highlight future trends in the development of automotive communication systems

Métodos de escalonamento de mensagens para o sistema de comunicação FlexRay

Tese (doutorado) - Universidade Federal de Santa Catarina, Centro Tecnológico, Programa de Pós-Graduação em Engenharia de Automação e Sistemas, Florianópolis, 2015.Este trabalho se insere na área de protocolos de tempo real, abordando especificamente o Sistema de Comunicação FlexRay, um protocolo de tempo real para usos automotivos. O objeto de estudo deste trabalho foram os mecanismos de escalonamento de fluxos de mensagens para o FlexRay, bem como as técnicas utilizadas na análise de tempo de resposta em sistemas que utilizam tal protocolo. O objetivo geral desta tese foi a elaboração e a avaliação de mecanismos para o escalonamento e análise de tempo de resposta de sistemas que utilizem o Sistema de Comunicação FlexRay. São apresentadas quatro propostas. As duas primeiras propostas estão relacionadas ao segmento Estático do FlexRay. Ambas demonstram a viabilidade de se definir a alocação de slots estáticos para cada nodo utilizando técnicas tradicionais para a análise de tempo de resposta considerando-se os requisitos temporais impostos pelo conjunto de fluxos de mensagens de cada nodo, e são métodos capazes de considerar conjuntos de fluxos com períodos que não são múltiplos de FC, sendo também capazes de considerar o caso em que a geração de mensagens nos fluxos não está sincronizada com o FC. São também apresentadas duas propostas que abordam a questão do escalonamento de fluxos de mensagens aperiódicos no Segmento Dinâmico do FlexRay. Foram apresentados dois mecanismos para métodos de arbitragem do DN que tiram vantagem da flexibilidade que fluxos aperiódicos possuem em relação a restrições de tempo real. Em ambos os mecanismos, os fluxos de mensagens aperiódicos de um sistema são associados com uma probabilidade de backoff, e um middleware de tempo real específico utiliza tal probabilidade de backoff para definir se uma mensagem gerada por um fluxo aperiódico irá competir ou não pelo barramento no ciclo de comunicação atual, influenciando nas chances que mensagens com prioridades mais baixas tem de serem transmitidas.Abstract : This work addresses the FlexRay Communication System, a digital serial bus for automotive applications designed to meet the demands of X-by-Wire systems. It provides flexibility, bandwidth and determinism by combining static and dynamic approaches for message transmission, incorporating the advantages of synchronous and asynchronous protocols. The area of interest of this work is scheduling mechanisms for FlexRay, being the overall objective of this thesis the development and evaluation of new techniques for scheduling and timing analysis for FlexRay. In this document four proposals are presented. Two proposals are related to FlexRay Static Segment. These two proposals demonstrate the feasibility of defining the static slot allocation for each node using traditional Response Time Analysis (RTA) techniques, and thus considering the timing requirements imposed by the set of message streams allocated to each node. The proposed techniques are able to deal with message stream sets where periods are not multiples of the FlexRay cycle duration, nor the messages generation is synchronized with the FlexRay cycle. They are also presented two proposals addressing the scheduling of aperiodic message streams in FlexRay Dynamic Segment. Both mechanisms use a probabilistic approach that takes advantage of the flexibility of aperiodic message streams regarding real-time constraints. In the proposed methods, a real-time middleware in each network node manages the transmission of messages generated by aperiodic streams in Dynamic Segment. Whenever a RT-middleware senses that aperiodic messages may be indefinitely postponed, it enters backoff mode. In backoff mode, a RT-middleware randomly defines whether an aperiodic message that is waiting to be transmitted will be sent to the bus in the current FC or if that message will be postponed to another FC, affecting the transmission chances of messages generated by streams with lower priorities have of being transmitted