Robust and secure resource management for automotive cyber-physical systems

2022 Spring.Includes bibliographical references.Modern vehicles are examples of complex cyber-physical systems with tens to hundreds of interconnected Electronic Control Units (ECUs) that manage various vehicular subsystems. With the shift towards autonomous driving, emerging vehicles are being characterized by an increase in the number of hardware ECUs, greater complexity of applications (software), and more sophisticated in-vehicle networks. These advances have resulted in numerous challenges that impact the reliability, security, and real-time performance of these emerging automotive systems. Some of the challenges include coping with computation and communication uncertainties (e.g., jitter), developing robust control software, detecting cyber-attacks, ensuring data integrity, and enabling confidentiality during communication. However, solutions to overcome these challenges incur additional overhead, which can catastrophically delay the execution of real-time automotive tasks and message transfers. Hence, there is a need for a holistic approach to a system-level solution for resource management in automotive cyber-physical systems that enables robust and secure automotive system design while satisfying a diverse set of system-wide constraints. ECUs in vehicles today run a variety of automotive applications ranging from simple vehicle window control to highly complex Advanced Driver Assistance System (ADAS) applications. The aggressive attempts of automakers to make vehicles fully autonomous have increased the complexity and data rate requirements of applications and further led to the adoption of advanced artificial intelligence (AI) based techniques for improved perception and control. Additionally, modern vehicles are becoming increasingly connected with various external systems to realize more robust vehicle autonomy. These paradigm shifts have resulted in significant overheads in resource constrained ECUs and increased the complexity of the overall automotive system (including heterogeneous ECUs, network architectures, communication protocols, and applications), which has severe performance and safety implications on modern vehicles. The increased complexity of automotive systems introduces several computation and communication uncertainties in automotive subsystems that can cause delays in applications and messages, resulting in missed real-time deadlines. Missing deadlines for safety-critical automotive applications can be catastrophic, and this problem will be further aggravated in the case of future autonomous vehicles. Additionally, due to the harsh operating conditions (such as high temperatures, vibrations, and electromagnetic interference (EMI)) of automotive embedded systems, there is a significant risk to the integrity of the data that is exchanged between ECUs which can lead to faulty vehicle control. These challenges demand a more reliable design of automotive systems that is resilient to uncertainties and supports data integrity goals. Additionally, the increased connectivity of modern vehicles has made them highly vulnerable to various kinds of sophisticated security attacks. Hence, it is also vital to ensure the security of automotive systems, and it will become crucial as connected and autonomous vehicles become more ubiquitous. However, imposing security mechanisms on the resource constrained automotive systems can result in additional computation and communication overhead, potentially leading to further missed deadlines. Therefore, it is crucial to design techniques that incur very minimal overhead (lightweight) when trying to achieve the above-mentioned goals and ensure the real-time performance of the system. We address these issues by designing a holistic resource management framework called ROSETTA that enables robust and secure automotive cyber-physical system design while satisfying a diverse set of constraints related to reliability, security, real-time performance, and energy consumption. To achieve reliability goals, we have developed several techniques for reliability-aware scheduling and multi-level monitoring of signal integrity. To achieve security objectives, we have proposed a lightweight security framework that provides confidentiality and authenticity while meeting both security and real-time constraints. We have also introduced multiple deep learning based intrusion detection systems (IDS) to monitor and detect cyber-attacks in the in-vehicle network. Lastly, we have introduced novel techniques for jitter management and security management and deployed lightweight IDSs on resource constrained automotive ECUs while ensuring the real-time performance of the automotive systems

Rapid prototyping of distributed systems of electronic control units in vehicles

Existing vehicle electronics design is largely divided by feature, with integration taking place at a late stage. This leads to a number of drawbacks, including longer development time and increased cost, both of which this research overcomes by considering the system as a whole and, in particular, generating an executable model to permit testing. To generate such a model, a number of inputs needed to be made available. These include a structural description of the vehicle electronics, functional descriptions of both the electronic control units and the communications buses, the application code that implements the feature and software patterns to implement the low-level interfaces to sensors and actuators. [Continues.

The future roadmap of in-vehicle network processing: a HW-centric (R-)evolution

© 2022 IEEE. Personal use of this material is permitted. Permission from IEEE must be obtained for all other uses, in any current or future media, including reprinting/republishing this material for advertising or promotional purposes,creating new collective works, for resale or redistribution to servers or lists, or reuse of any copyrighted component of this work in other works.The automotive industry is undergoing a deep revolution. With the race towards autonomous driving, the amount of technologies, sensors and actuators that need to be integrated in the vehicle increases exponentially. This imposes new great challenges in the vehicle electric/electronic (E/E) architecture and, especially, in the In-Vehicle Network (IVN). In this work, we analyze the evolution of IVNs, and focus on the main network processing platform integrated in them: the Gateway (GW). We derive the requirements of Network Processing Platforms that need to be fulfilled by future GW controllers focusing on two perspectives: functional requirements and structural requirements. Functional requirements refer to the functionalities that need to be delivered by these network processing platforms. Structural requirements refer to design aspects which ensure the feasibility, usability and future evolution of the design. By focusing on the Network Processing architecture, we review the available options in the state of the art, both in industry and academia. We evaluate the strengths and weaknesses of each architecture in terms of the coverage provided for the functional and structural requirements. In our analysis, we detect a gap in this area: there is currently no architecture fulfilling all the requirements of future automotive GW controllers. In light of the available network processing architectures and the current technology landscape, we identify Hardware (HW) accelerators and custom processor design as a key differentiation factor which boosts the devices performance. From our perspective, this points to a need - and a research opportunity - to explore network processing architectures with a strong HW focus, unleashing the potential of next-generation network processors and supporting the demanding requirements of future autonomous and connected vehicles.Peer ReviewedPostprint (published version

Modeling and Analysis of Mixed Synchronous/Asynchronous Systems

Practical safety-critical distributed systems must integrate safety critical and non-critical data in a common platform. Safety critical systems almost always consist of isochronous components that have synchronous or asynchronous interface with other components. Many of these systems also support a mix of synchronous and asynchronous interfaces. This report presents a study on the modeling and analysis of asynchronous, synchronous, and mixed synchronous/asynchronous systems. We build on the SAE Architecture Analysis and Design Language (AADL) to capture architectures for analysis. We present preliminary work targeted to capture mixed low- and high-criticality data, as well as real-time properties in a common Model of Computation (MoC). An abstract, but representative, test specimen system was created as the system to be modeled

Métodos de escalonamento de mensagens para o sistema de comunicação FlexRay

Tese (doutorado) - Universidade Federal de Santa Catarina, Centro Tecnológico, Programa de Pós-Graduação em Engenharia de Automação e Sistemas, Florianópolis, 2015.Este trabalho se insere na área de protocolos de tempo real, abordando especificamente o Sistema de Comunicação FlexRay, um protocolo de tempo real para usos automotivos. O objeto de estudo deste trabalho foram os mecanismos de escalonamento de fluxos de mensagens para o FlexRay, bem como as técnicas utilizadas na análise de tempo de resposta em sistemas que utilizam tal protocolo. O objetivo geral desta tese foi a elaboração e a avaliação de mecanismos para o escalonamento e análise de tempo de resposta de sistemas que utilizem o Sistema de Comunicação FlexRay. São apresentadas quatro propostas. As duas primeiras propostas estão relacionadas ao segmento Estático do FlexRay. Ambas demonstram a viabilidade de se definir a alocação de slots estáticos para cada nodo utilizando técnicas tradicionais para a análise de tempo de resposta considerando-se os requisitos temporais impostos pelo conjunto de fluxos de mensagens de cada nodo, e são métodos capazes de considerar conjuntos de fluxos com períodos que não são múltiplos de FC, sendo também capazes de considerar o caso em que a geração de mensagens nos fluxos não está sincronizada com o FC. São também apresentadas duas propostas que abordam a questão do escalonamento de fluxos de mensagens aperiódicos no Segmento Dinâmico do FlexRay. Foram apresentados dois mecanismos para métodos de arbitragem do DN que tiram vantagem da flexibilidade que fluxos aperiódicos possuem em relação a restrições de tempo real. Em ambos os mecanismos, os fluxos de mensagens aperiódicos de um sistema são associados com uma probabilidade de backoff, e um middleware de tempo real específico utiliza tal probabilidade de backoff para definir se uma mensagem gerada por um fluxo aperiódico irá competir ou não pelo barramento no ciclo de comunicação atual, influenciando nas chances que mensagens com prioridades mais baixas tem de serem transmitidas.Abstract : This work addresses the FlexRay Communication System, a digital serial bus for automotive applications designed to meet the demands of X-by-Wire systems. It provides flexibility, bandwidth and determinism by combining static and dynamic approaches for message transmission, incorporating the advantages of synchronous and asynchronous protocols. The area of interest of this work is scheduling mechanisms for FlexRay, being the overall objective of this thesis the development and evaluation of new techniques for scheduling and timing analysis for FlexRay. In this document four proposals are presented. Two proposals are related to FlexRay Static Segment. These two proposals demonstrate the feasibility of defining the static slot allocation for each node using traditional Response Time Analysis (RTA) techniques, and thus considering the timing requirements imposed by the set of message streams allocated to each node. The proposed techniques are able to deal with message stream sets where periods are not multiples of the FlexRay cycle duration, nor the messages generation is synchronized with the FlexRay cycle. They are also presented two proposals addressing the scheduling of aperiodic message streams in FlexRay Dynamic Segment. Both mechanisms use a probabilistic approach that takes advantage of the flexibility of aperiodic message streams regarding real-time constraints. In the proposed methods, a real-time middleware in each network node manages the transmission of messages generated by aperiodic streams in Dynamic Segment. Whenever a RT-middleware senses that aperiodic messages may be indefinitely postponed, it enters backoff mode. In backoff mode, a RT-middleware randomly defines whether an aperiodic message that is waiting to be transmitted will be sent to the bus in the current FC or if that message will be postponed to another FC, affecting the transmission chances of messages generated by streams with lower priorities have of being transmitted

Estudo sobre a análise de escalonabilidade de barramentos do tipo FlexRay

Dissertação (mestrado) - Universidade Federal de Santa Catarina, Centro Tecnológico, Programa de Pós-Graduação em Engenharia de Automação e Sistemas, Florianópolis, 2010O Sistema de Comunicação FlexRay tem sido promovido na literatura como o futuro padrão de fato em comunicações automotivas que requerem desempenho e segurança, como em futuros sistemas X-by-Wire. O objetivo primário deste trabalho é avaliar experimentalmente as técnicas da literatura que abordam a análise do tempo de resposta de mensagens alocadas no segmento dinâmico do FlexRay, visando criar uma documentação para auxiliar o projetista de sistemas veiculares na escolha da técnica adequada para a análise de cenários diferentes. Devido a limitações encontradas nos métodos existentes, são apresentados quatro novos métodos para a análise, sendo que três dos métodos são heurísticas para uso com sistemas onde mensagens esporádicas são alocadas no segmento dinâmico do FlexRay

Comparison of Communication Architectures for Spacecraft Modular Avionics Systems

This document is a survey of publicly available information concerning serial communication architectures used, or proposed to be used, in aeronautic and aerospace applications. It focuses on serial communication architectures that are suitable for low-latency or real-time communication between physically distributed nodes in a system. Candidates for the study have either extensive deployment in the field, or appear to be viable for near-term deployment. Eleven different serial communication architectures are considered, and a brief description of each is given with the salient features summarized in a table in appendix A. This survey is a product of the Propulsion High Impact Avionics Technology (PHIAT) Project at NASA Marshall Space Flight Center (MSFC). PHIAT was originally funded under the Next Generation Launch Technology (NGLT) Program to develop avionics technologies for control of next generation reusable rocket engines. After the announcement of the Space Exploration Initiative, the scope of the project was expanded to include vehicle systems control for human and robotics missions. As such, a section is included presenting the rationale used for selection of a time-triggered architecture for implementation of the avionics demonstration hardware developed by the project tea

Schedulability analysis and optimization of time-partitioned distributed real-time systems

RESUMEN: La creciente complejidad de los sistemas de control modernos lleva a muchas empresas a tener que re-dimensionar o re-diseñar sus soluciones para adecuarlas a nuevas funcionalidades y requisitos. Un caso paradigmático de esta situación se ha dado en el sector ferroviario, donde la implementación de las aplicaciones de señalización se ha llevado a cabo empleando técnicas tradicionales que, si bien ahora mismo cumplen con los requisitos básicos, su rendimiento temporal y escalabilidad funcional son sustancialmente mejorables. A partir de las soluciones propuestas en esta tesis, además de contribuir a la validación de sistemas que requieren certificación de seguridad funcional, también se creará la tecnología base de análisis de planificabilidad y optimización de sistemas de tiempo real distribuidos generales y también basados en particionado temporal, que podrá ser aplicada en distintos entornos en los que los sistemas ciberfísicos juegan un rol clave, por ejemplo en aplicaciones de Industria 4.0, en los que pueden presentarse problemas similares en el futuro.ABSTRACT:he increasing complexity of modern control systems leads many companies to have to resize or redesign their solutions to adapt them to new functionalities and requirements. A paradigmatic case of this situation has occurred in the railway sector, where the implementation of signaling applications has been carried out using traditional techniques that, although they currently meet the basic requirements, their time performance and functional scalability can be substantially improved. From the solutions proposed in this thesis, besides contributing to the assessment of systems that require functional safety certification, the base technology for schedulability analysis and optimization of general as well as time-partitioned distributed real-time systems will be derived, which can be applied in different environments where cyber-physical systems play a key role, for example in Industry 4.0 applications, where similar problems may arise in the future

Skalierbare adaptive System-on-Chip-Architekturen für Inter-Car und Intra-Car Kommunikationsgateways

Die Kommunikation zwischen Verkehrsteilnehmern ist ein elementarer Bestandteil zukünftiger Mobilitätskonzepte. Die Arbeit untersucht, welchen Anforderungen die Kommunikationsknotenpunkte gerecht werden müssen. Das Ergebnis ist eine System-on-Chip Architektur für die fahrzeuginterne und fahrzeugübergreifende Kommunikation. Wesentliche Eigenschaftensind Flexibilität und Skalierbarkeit, die es erlauben, mittels neuartiger Methoden und Tools optimierte Architekturen zu realisieren