Modeling the Effects of AUTOSAR Overhead on Automotive Application Software Timing and Schedulability

AUTOSAR (AUTomotive Open System ARchitecture) provides an open and standardized E/E architecture to support modularity, transferability, reusability and scalability of the various components required to implement a function in a vehicle. AUTOSAR has become the de-facto standard for the automotive application development. Safety-critical nature of the automobiles makes the automotive application development challenging, and due to the growing complexity of the software in modern day vehicles, it has become even more challenging. A system is called schedulable when it meets all its real-time requirements under all the possible scenarios. An automotive application should always be schedulable; failing it can have grim consequences. The overhead added by the AUTOSAR stack can significantly change the schedulability of an automotive application. This thesis proposes an overhead-aware method to find a schedulable design configuration for an AUTOSAR application. The method allows measuring the overheads of an AUTOSAR stack implementation and assessing the impacts of the overheads on the timing and schedulability of an application using a timing model of the application. The thesis demonstrates the application of the method on a case study, and finally, it demonstrates the effects of the different types of system overheads on the timing and schedulability on a range of synthetic applications

Real-time scheduling in multicore : time- and space-partitioned architectures

Tese de doutoramento, Informática (Engenharia Informática), Universidade de Lisboa, Faculdade de Ciências, 2014The evolution of computing systems to address size, weight and power consumption (SWaP) has led to the trend of integrating functions (otherwise provided by separate systems) as subsystems of a single system. To cope with the added complexity of developing and validating such a system, these functions are maintained and analyzed as components with clear boundaries and interfaces. In the case of real-time systems, the adopted component-based approach should maintain the timeliness properties of the function inside each individual component, regardless of the remaining components. One approach to this issue is time and space partitioning (TSP)—enforcing strict separation between components in the time and space domains. This allows heterogeneous components (different real-time requirements, criticality, developed by different teams and/or with different technologies) to safely coexist. The concepts of TSP have been adopted in the civil aviation, aerospace, and (to some extent) automotive industries. These industries are also embracing multiprocessor (or multicore) platforms, either with identical or nonidentical processors, but are not taking full advantage thereof because of a lack of support in terms of verification and certification. Furthermore, due to the use of the TSP in those domains, compatibility between TSP and multiprocessor is highly desired. This is not the present case, as the reference TSP-related specifications in the aforementioned industries show limited support to multiprocessor. In this dissertation, we defend that the active exploitation of multiple (possibly non-identical) processor cores can augment the processing capacity of the time- and space-partitioned (TSP) systems, while maintaining a compromise with size, weight and power consumption (SWaP), and open room for supporting self-adaptive behavior. To allow applying our results to a more general class of systems, we analyze TSP systems as a special case of hierarchical scheduling and adopt a compositional analysis methodology.Fundação para a Ciência e a Tecnologia (FCT, SFRH/BD/60193/2009, programa PESSOA, projeto SAPIENT); the European Space Agency Innovation (ESA) Triangle Initiative program through ESTEC Contract 21217/07/NL/CB, Project AIR-II; the European Commission Seventh Framework Programme (FP7) through project KARYON (IST-FP7-STREP-288195)

Ein mehrschichtiges sicheres Framework für Fahrzeugsysteme

In recent years, significant developments were introduced within the vehicular domain, evolving the vehicles to become a network of many embedded systems distributed throughout the car, known as Electronic Control Units (ECUs). Each one of these ECUs runs a number of software components that collaborate with each other to perform various vehicle functions. Modern vehicles are also equipped with wireless communication technologies, such as WiFi, Bluetooth, and so on, giving them the capability to interact with other vehicles and roadside infrastructure. While these improvements have increased the safety of the automotive system, they have vastly expanded the attack surface of the vehicle and opened the door for new potential security risks. The situation is made worse by a lack of security mechanisms in the vehicular system which allows the escalation of a compromise in one of the non-critical sub-systems to threaten the safety of the entire vehicle and its passengers. This dissertation focuses on providing a comprehensive framework that ensures the security of the vehicular system during its whole life-cycle. This framework aims to prevent the cyber-attacks against different components by ensuring secure communications among them. Furthermore, it aims to detect attacks which were not prevented successfully, and finally, to respond to these attacks properly to ensure a high degree of safety and stability of the system.In den letzten Jahren wurden bedeutende Entwicklungen im Bereich der Fahrzeuge vorgestellt, die die Fahrzeuge zu einem Netzwerk mit vielen im gesamten Fahrzeug verteile integrierte Systeme weiterentwickelten, den sogenannten Steuergeräten (ECU, englisch = Electronic Control Units). Jedes dieser Steuergeräte betreibt eine Reihe von Softwarekomponenten, die bei der Ausführung verschiedener Fahrzeugfunktionen zusammenarbeiten. Moderne Fahrzeuge sind auch mit drahtlosen Kommunikationstechnologien wie WiFi, Bluetooth usw. ausgestattet, die ihnen die Möglichkeit geben, mit anderen Fahrzeugen und der straßenseitigen Infrastruktur zu interagieren. Während diese Verbesserungen die Sicherheit des Fahrzeugsystems erhöht haben, haben sie die Angriffsfläche des Fahrzeugs erheblich vergrößert und die Tür für neue potenzielle Sicherheitsrisiken geöffnet. Die Situation wird durch einen Mangel an Sicherheitsmechanismen im Fahrzeugsystem verschärft, die es ermöglichen, dass ein Kompromiss in einem der unkritischen Subsysteme die Sicherheit des gesamten Fahrzeugs und seiner Insassen gefährdet kann. Diese Dissertation konzentriert sich auf die Entwicklung eines umfassenden Rahmens, der die Sicherheit des Fahrzeugsystems während seines gesamten Lebenszyklus gewährleistet. Dieser Rahmen zielt darauf ab, die Cyber-Angriffe gegen verschiedene Komponenten zu verhindern, indem eine sichere Kommunikation zwischen ihnen gewährleistet wird. Darüber hinaus zielt es darauf ab, Angriffe zu erkennen, die nicht erfolgreich verhindert wurden, und schließlich auf diese Angriffe angemessen zu reagieren, um ein hohes Maß an Sicherheit und Stabilität des Systems zu gewährleisten

Development and certification of mixed-criticality embedded systems based on probabilistic timing analysis

An increasing variety of emerging systems relentlessly replaces or augments the functionality of mechanical subsystems with embedded electronics. For quantity, complexity, and use, the safety of such subsystems is an increasingly important matter. Accordingly, those systems are subject to safety certification to demonstrate system's safety by rigorous development processes and hardware/software constraints. The massive augment in embedded processors' complexity renders the arduous certification task significantly harder to achieve. The focus of this thesis is to address the certification challenges in multicore architectures: despite their potential to integrate several applications on a single platform, their inherent complexity imperils their timing predictability and certification. Recently, the Measurement-Based Probabilistic Timing Analysis (MBPTA) technique emerged as an alternative to deal with hardware/software complexity. The innovation that MBPTA brings about is, however, a major step from current certification procedures and standards. The particular contributions of this Thesis include: (i) the definition of certification arguments for mixed-criticality integration upon multicore processors. In particular we propose a set of safety mechanisms and procedures as required to comply with functional safety standards. For timing predictability, (ii) we present a quantitative approach to assess the likelihood of execution-time exceedance events with respect to the risk reduction requirements on safety standards. To this end, we build upon the MBPTA approach and we present the design of a safety-related source of randomization (SoR), that plays a key role in the platform-level randomization needed by MBPTA. And (iii) we evaluate current certification guidance with respect to emerging high performance design trends like caches. Overall, this Thesis pushes the certification limits in the use of multicore and MBPTA technology in Critical Real-Time Embedded Systems (CRTES) and paves the way towards their adoption in industry.Una creciente variedad de sistemas emergentes reemplazan o aumentan la funcionalidad de subsistemas mecánicos con componentes electrónicos embebidos. El aumento en la cantidad y complejidad de dichos subsistemas electrónicos así como su cometido, hacen de su seguridad una cuestión de creciente importancia. Tanto es así que la comercialización de estos sistemas críticos está sujeta a rigurosos procesos de certificación donde se garantiza la seguridad del sistema mediante estrictas restricciones en el proceso de desarrollo y diseño de su hardware y software. Esta tesis trata de abordar los nuevos retos y dificultades dadas por la introducción de procesadores multi-núcleo en dichos sistemas críticos: aunque su mayor rendimiento despierta el interés de la industria para integrar múltiples aplicaciones en una sola plataforma, suponen una mayor complejidad. Su arquitectura desafía su análisis temporal mediante los métodos tradicionales y, asimismo, su certificación es cada vez más compleja y costosa. Con el fin de lidiar con estas limitaciones, recientemente se ha desarrollado una novedosa técnica de análisis temporal probabilístico basado en medidas (MBPTA). La innovación de esta técnica, sin embargo, supone un gran cambio cultural respecto a los estándares y procedimientos tradicionales de certificación. En esta línea, las contribuciones de esta tesis están agrupadas en tres ejes principales: (i) definición de argumentos de seguridad para la certificación de aplicaciones de criticidad-mixta sobre plataformas multi-núcleo. Se definen, en particular, mecanismos de seguridad, técnicas de diagnóstico y reacción de faltas acorde con el estándar IEC 61508 sobre una arquitectura multi-núcleo de referencia. Respecto al análisis temporal, (ii) presentamos la cuantificación de la probabilidad de exceder un límite temporal y su relación con los requisitos de reducción de riesgos derivados de los estándares de seguridad funcional. Con este fin, nos basamos en la técnica MBPTA y presentamos el diseño de una fuente de números aleatorios segura; un componente clave para conseguir las propiedades aleatorias requeridas por MBPTA a nivel de plataforma. Por último, (iii) extrapolamos las guías actuales para la certificación de arquitecturas multi-núcleo a una solución comercial de 8 núcleos y las evaluamos con respecto a las tendencias emergentes de diseño de alto rendimiento (caches). Con estas contribuciones, esta tesis trata de abordar los retos que el uso de procesadores multi-núcleo y MBPTA implican en el proceso de certificación de sistemas críticos de tiempo real y facilita, de esta forma, su adopción por la industria.Postprint (published version

Networked Control System: Overview and Research Trends

Abstract-Networked control systems (NCSs) have been one of the main research focuses in academia as well as in industry for many decades and have become a multidisciplinary area. With these growing research trends, it is important to consolidate the latest knowledge and information to keep up with the research needs. In this paper, the NCS and its different forms are introduced and discussed. The beginning of this paper discusses the history and evolution of NCSs. The next part of this paper focuses on different fields and research arenas such as networking technology, network delay, network resource allocation, scheduling, network security in real-time NCSs, integration of components on a network, fault tolerance, etc. A brief literature survey and possible future direction concerning each topic is included

A UML Profile for the Design, Quality Assessment and Deployment of Data-intensive Applications

Big Data or Data-Intensive applications (DIAs) seek to mine, manipulate, extract or otherwise exploit the potential intelligence hidden behind Big Data. However, several practitioner surveys remark that DIAs potential is still untapped because of very difficult and costly design, quality assessment and continuous refinement. To address the above shortcoming, we propose the use of a UML domain-specific modeling language or profile specifically tailored to support the design, assessment and continuous deployment of DIAs. This article illustrates our DIA-specific profile and outlines its usage in the context of DIA performance engineering and deployment. For DIA performance engineering, we rely on the Apache Hadoop technology, while for DIA deployment, we leverage the TOSCA language. We conclude that the proposed profile offers a powerful language for data-intensive software and systems modeling, quality evaluation and automated deployment of DIAs on private or public clouds