The performance of arm locking in LISA

For the laser interferometer space antenna (LISA) to reach it's design sensitivity, the coupling of the free running laser frequency noise to the signal readout must be reduced by more than 14 orders of magnitude. One technique employed to reduce the laser frequency noise will be arm locking, where the laser frequency is locked to the LISA arm length. This paper details an implementation of arm locking, studies orbital effects, the impact of errors in the Doppler knowledge, and noise limits. The noise performance of arm locking is calculated with the inclusion of the dominant expected noise sources: ultra stable oscillator (clock) noise, spacecraft motion, and shot noise. Studying these issues reveals that although dual arm locking [A. Sutton & D. A Shaddock, Phys. Rev. D 78, 082001 (2008).] has advantages over single (or common) arm locking in terms of allowing high gain, it has disadvantages in both laser frequency pulling and noise performance. We address this by proposing a hybrid sensor, retaining the benefits of common and dual arm locking sensors. We present a detailed design of an arm locking controller and perform an analysis of the expected performance when used with and without laser pre-stabilization. We observe that the sensor phase changes beneficially near unity-gain frequencies of the arm-locking controller, allowing a factor of 10 more gain than previously believed, without degrading stability. We show that the LISA frequency noise goal can be realized with arm locking and Time-Delay Interferometry only, without any form of pre-stabilization.Comment: 28 pages, 36 figure

A Software-defined SoC Memory Bus Bridge Architecture for Disaggregated Computing

Disaggregation and rack-scale systems have the potential of drastically decreasing TCO and increasing utilization of cloud datacenters, while maintaining performance. While the concept of organising resources in separate pools and interconnecting them together on demand is straightforward, its materialisation can be radically different in terms of performance and scale potential. In this paper, we present a memory bus bridge architecture which enables communication between 100s of masters and slaves in todays complex multiprocessor SoCs, that are physically intregrated in different chips and even different mainboards. The bridge tightly couples serial transceivers and a circuit network for chip-to-chip transfers. A key property of the proposed bridge architecture is that it is software-defined and thus can be configured at runtime, via a software control plane, to prepare and steer memory access transactions to remote slaves. This is particularly important because it enables datacenter orchestration tools to manage the disaggregated resource allocation. Moreover, we evaluate a bridge prototype we have build for ARM AXI4 memory bus interconnect and we discuss application-level observed performance.Comment: 3rd International Workshop on Advanced Interconnect Solutions and Technologies for Emerging Computing Systems (AISTECS 2018, part of HiPEAC 2018

Security of Field Devices in Future Water Management

Water management as a part of critical infrastructure is undergoing transformation alongside the advancement of digitalization. Future water management systems will incorporate both edge and cloud services. Increased connectivity of systems and the use of remote management together with growing heterogeneity and complexity of systems will bring new demands and challenges for security systems. In order to address these future security challenges, we study the zero trust approach and its possible realization with a physical unclonable function facility. Especially in our focus are resource-constrained devices like sensors in the field and their safety

Principled Elimination of Microarchitectural Timing Channels through Operating-System Enforced Time Protection

Microarchitectural timing channels exploit resource contentions on a shared hardware platform to cause information leakage through timing variance. These channels threaten system security by providing unauthorised information flow in violation of the system’s security policy. Present operating systems lack the means for systematic prevention of such channels. To address this problem, we propose time protection as an operating system (OS) abstraction, which provides mandatory temporal isolation analogous to the spatial isolation provided by the established memory protection abstraction. In order to fully understand microarchitectural timing channels, we first study all published microarchitectural timing attacks, their countermeasures and analyse the underlying causes. Then we define two application scenarios, a confinement scenario and a cloud scenario, which between them represent a large class of security-critical use cases, and aim to develop a solution that supports both. Our study identifies competition for limited hardware resources as the underlying cause for microarchitectural timing channels. From this we derive the requirement that proper isolation requires that all shared resources must be partitioned, either spatially or temporally (time-shared). We then analyse a number of recent processors across two instruction-set architectures (ISAs), x86 and Arm, for their support for such partitioning. We discover that all examined processors exhibit hardware state that cannot be partitioned by architected means, meaning that they all have uncloseable channels.We define the requirements hardware must satisfy for timing-channel prevention, and propose an augmented ISA as a new, security-oriented hardware-software contract. Assuming conforming hardware, we then define the requirements that OS-provided time protection must satisfy. We propose a concrete design of time protection, consisting of a set of policy-free mechanisms, and present an implementation in the seL4 microkernel. We evaluate the efficacy and efficiency of the implementation, and show that it is highly effective at closing timing channels, to the degree supported by the underlying hardware. We also find that the performance overheads are small to negligible. We can conclude that principled prevention of timing channels is possible though mandatory, black-box enforcement by the OS, subject to hardware manufacturers providing mechanisms for scrubbing all shared microarchitectural state

Parametric Design within an Atomic Design Process (ADP) applied to Spacecraft Design.

This thesis describes research investigating the development of a model for the initial design of complex systems, with application to spacecraft design. The design model is called an atomic design process (ADP) and contains four fundamental stages (specifications, configurations, trade studies and drivers) that constitute the minimum steps of an iterative process that helps designers find a feasible solution. Representative design models from the aerospace industry are reviewed and are compared with the proposed model. The design model’s relevance, adaptability and scalability features are evaluated through a focused design task exercise with two undergraduate teams and a long-term design exercise performed by a spacecraft payload team. The implementation of the design model is explained in the context in which the model has been researched. This context includes the organization (a student-run research laboratory at the University of Michigan), its culture (academically oriented), members that have used the design model and the description of the information technology elements meant to provide support while using the model. This support includes a custom-built information management system that consolidates relevant information that is currently being used in the organization. The information is divided in three domains: personnel development history, technical knowledge base and laboratory operations. The focused study with teams making use of the design model to complete an engineering design exercise consists of the conceptual design of an autonomous system, including a carrier and a deployable lander that form the payload of a rocket with an altitude range of over 1000 meters. Detailed results from each of the stages of the design process while implementing the model are presented, and an increase in awareness of good design practices in the teams while using the model are explained. A long-term investigation using the design model consisting of the successful characterization of an imaging system for a spacecraft is presented. The spacecraft is designed to take digital color images from low Earth orbit. The dominant drivers from each stage of the design process are indicated as they were identified, with the accompanying hardware development leading to the final configuration that comprises the flight spacecraft.Ph.D.Design ScienceUniversity of Michigan, Horace H. Rackham School of Graduate Studieshttp://deepblue.lib.umich.edu/bitstream/2027.42/86382/1/arramos_1.pd