11 research outputs found
Towards Vehicle-Level Simulator Aided Failure Mode, Effect, and Diagnostic Analysis of Automotive Power Electronics Items
The increasing demand for Electronic Control Units able to perform safety-relevant tasks leads the automotive industry to find novel verification methodologies, capable to decrease the time-to-market and, at the same time, to improve the quality of the assessment. The ISO26262:2018 automotive functional safety standard requires to follow a strict development process, compliant with its âsafety lifecycleâ. It includes all the phases of the item life, from the concept to the decommissioning. The phase that places most difficulties about its objectivity and repeatability is the hardware/software integration verification since, usually, the software is in charge to mitigate the effects of some possible hardware failures. This paper proposes a novel technique, based on a simulation-based approach, to aid the designers during the Failure Mode, Effect, and Diagnostic Analysis (FMEDA). We consider a power electronics module, to be embedded into electric vehicles powertrains, as a challenging practical example. We performed some tests on it, considering a rear traction car with two independent electric motors, one per each wheel. This system, to allow the vehicle to curve, has to act like a differential gear. Hence, it has a strong safety impact on the driveability of the car. All the involved components have been simulated propagating their behaviours up to the entire vehicle. Due the strong coupling between item failures and vehicle dynamics, a structured way based on coupling fault injection with vehicle dynamic simulation is desirable
Exploiting the IEEE 1149.1 Standard for Software Reliability Evaluation in Space Applications
The IEEE 1149.1 standard (boundary-scan) was originally developed as a technology to provide
in-circuit testing of digital devices. Its effectiveness lead to unanticipated successes such as its extension
to support on-line monitoring and in-circuit emulation. Meanwhile, its applicability for fault-injection had already been demonstrated by academic prototypes. In this paper we describe the first commercial tool, the
BSCAN4FI plug in for XceptionÂź, that provides support for software reliability evaluation for aeronautics and
space applications using the boundary-scan technology as a means for controlled fault-injection. This tool allows transparent integration testing without any modification to the original system to be deployed and was
developed specifically for the SPARC V.7 TSC695f space processor. Besides extended fault models and test
features only made possible through this technology, in-system non-intrusive monitoring capabilities are also
made possible.info:eu-repo/semantics/publishedVersio
Injecção de Falhas por Varrimento Periférico em Processadores
As tĂ©cnicas de injecção de falhas mais utilizadas podem ser classificadas em tĂ©cnicas de indução, tĂ©cnicas de injecĂŁo por hardware e tĂ©cnicas de injecção por software. Dentro das tĂ©cnicas de injecção por hardware surgem as tĂ©cnicas de injecção de falhas recorrendo Ă tecnologia de teste por varrimento perifĂ©rico. Esta encontra-se fortemente implantada nos processadores mais recentes, fornecendo um mĂ©todo de acesso ao seu interior de forma a permitir operaçÔes de teste e depuração. A sua utilização para a injecção de falhas Ă© um passo lĂłgico e tem sido estudada desde os anos 90. Os trabalhos desenvolvidos nesta ĂĄrea sĂŁo diversos e incluem soluçÔes que nĂŁo exigem qualquer alteração Ă infraestrutura normalizada e soluçÔes que modificam as cĂ©lulas e a infraestrutura de controlo de forma a suportarem esta funcionalidade. Estas alteraçÔes implicam atrasos temporais acrescidos e um aumento da ĂĄrea de silĂcio destinada a funçÔes de teste, tornando-se importante uma preocupação com a optimização para que a inclusĂŁo de capacidades de injecção de falhas nĂŁo afecte significativamente o desempenho e o custo dos componentes onde sĂŁo implementadas.info:eu-repo/semantics/publishedVersio
Towards Accurate Estimation of Error Sensitivity in Computer Systems
Fault injection is an increasingly important method for assessing, measuringand observing the system-level impact of hardware and software faults in computer systems. This thesis presents the results of a series of experimental studies in which fault injection was used to investigate the impact of bit-flip errors on program execution. The studies were motivated by the fact that transient hardware faults in microprocessors can cause bit-flip errors that can propagate to the microprocessors instruction set architecture registers and main memory. As the rate of such hardware faults is expected to increase with technology scaling, there is a need to better understand how these errors (known as âsoft errorsâ) influence program execution, especially in safety-critical systems.Using ISA-level fault injection, we investigate how five aspects, or factors, influence the error sensitivity of a program. We define error sensitivity as the conditional probability that a bit-flip error in live data in an ISA-register or main-memory word will cause a program to produce silent data corruption (SDC; i.e., an erroneous result). We also consider the estimation of a measure called SDC count, which represents the number of ISA-level bit flips that cause an SDC.The five factors addressed are (a) the inputs processed by a program, (b) the level of compiler optimization, (c) the implementation of the program in the source code, (d) the fault model (single bit flips vs double bit flips) and (e)the fault-injection technique (inject-on-write vs inject-on-read). Our results show that these factors affect the error sensitivity in many ways; some factors strongly impact the error sensitivity or SDC count whereas others show a weaker impact. For example, our experiments show that single bit flips tend to cause SDCs more than double bit flips; compiler optimization positively impacts the SDC count but not necessarily the error sensitivity; the error sensitivity varies between 20% and 50% among the programs we tested; and variations in input affect the error sensitivity significantly for most of the tested programs
Design for dependability: A simulation-based approach
This research addresses issues in simulation-based system level dependability analysis of fault-tolerant computer systems. The issues and difficulties of providing a general simulation-based approach for system level analysis are discussed and a methodology that address and tackle these issues is presented. The proposed methodology is designed to permit the study of a wide variety of architectures under various fault conditions. It permits detailed functional modeling of architectural features such as sparing policies, repair schemes, routing algorithms as well as other fault-tolerant mechanisms, and it allows the execution of actual application software. One key benefit of this approach is that the behavior of a system under faults does not have to be pre-defined as it is normally done. Instead, a system can be simulated in detail and injected with faults to determine its failure modes. The thesis describes how object-oriented design is used to incorporate this methodology into a general purpose design and fault injection package called DEPEND. A software model is presented that uses abstractions of application programs to study the behavior and effect of software on hardware faults in the early design stage when actual code is not available. Finally, an acceleration technique that combines hierarchical simulation, time acceleration algorithms and hybrid simulation to reduce simulation time is introduced
Mise en Ćuvre et caractĂ©risation d'une mĂ©thode d'injection de pannes Ă haut niveau d'abstraction
De nos jours, lâeffet des rayons cosmiques sur lâĂ©lectronique est connu. De nombreuses Ă©tudes ont dĂ©montrĂ© que les neutrons Ă©taient la cause principale des erreurs non destructives sur les circuits intĂ©grĂ©s Ă bord des avions. De plus, la rĂ©duction de la taille des transistors rend les circuits de plus en plus sensibles Ă ces derniers. Les circuits tolĂ©rants aux radiations sont parfois utilisĂ©s afin dâamĂ©liorer la robustesse des circuits. Cependant, ces circuits sont coĂ»teux et leur technologie tend Ă ĂȘtre en retard de quelques gĂ©nĂ©rations par rapport aux circuits non tolĂ©rants. Les concepteurs prĂ©fĂšrent donc utiliser des circuits conventionnels et appliquent des mĂ©thodes de mitigation afin dâamĂ©liorer la tolĂ©rance aux erreurs passagĂšres.
Tout au long de la conception dâun circuit, il est indispensable dâen analyser et dâen vĂ©rifier la fiabilitĂ©. Les mĂ©thodologies conventionnelles de conception ont besoin dâĂȘtre adaptĂ©es afin dâĂ©valuer la tolĂ©rance aux erreurs non destructives causĂ©es par les radiations. Aujourdâhui, les concepteurs ont besoin de nouveaux outils et de nouvelles mĂ©thodologies afin de valider leurs stratĂ©gies de mitigation dans le but de satisfaire leurs exigences de tolĂ©rance.
Dans ce mĂ©moire, une nouvelle mĂ©thodologie permettant de capturer Ă bas niveau dâabstraction le comportement fautif dâun circuit et de lâappliquer Ă plus haut niveau est proposĂ©e. Pour cela, le nouveau concept de Signature du comportement fautif dâun circuit est prĂ©sentĂ©. Une Signature permet de crĂ©er, Ă haut niveau dâabstraction (niveau systĂšme) des modĂšles qui reflĂštent avec prĂ©cision le comportement fautif dâun circuit appris Ă bas niveau, au niveau portes logiques. Les comportements fautifs dâun additionneur et dâun multiplicateur 8 bits ont Ă©tĂ© reproduits sous Simulink avec respectivement des coefficients de corrĂ©lation de 98,53 % et 99,86 %. Une mĂ©thodologie permettant de gĂ©nĂ©rer une bibliothĂšque de composants fautifs sous Simulink est proposĂ©e dans le but de permettre aux concepteurs de vĂ©rifier la tolĂ©rance de leurs modĂšles tĂŽt lors de la conception dâun circuit. Les rĂ©sultats ainsi obtenus pour trois circuits sont prĂ©sentĂ©s et critiquĂ©s tout au long de ce mĂ©moire.
Dans le cadre de ce projet, un article scientifique a Ă©tĂ© publiĂ© Ă la confĂ©rence NEWCAS 2013 (Robache et al., 2013). Ce travail prĂ©sente le nouveau concept de Signature du comportement fautif, la mĂ©thodologie de gĂ©nĂ©ration de Signatures dĂ©veloppĂ©e ainsi quâune preuve de concept avec un multiplicateur 8 bits
Fault injection testing of software implemented fault tolerance mechanisms of distributed systems
PhD ThesisOne way of gaining confidence in the adequacy of fault tolerance mechanisms of a
system is to test the system by injecting faults and see how the system performs under
faulty conditions. This thesis investigates the issues of testing software-implemented
fault tolerance mechanisms of distributed systems through fault injection.
A fault injection method has been developed. The method requires that the target
software system be structured as a collection of objects interacting via messages. This
enables easy insertion of fault injection objects into the target system to emulate
incorrect behaviour of faulty processors by manipulating messages. This approach
allows one to inject specific classes of faults while not requiring any significant changes
to the target system. The method differs from the previous work in that it exploits an
object oriented approach of software implementation to support the injection of specific
classes of faults at the system level.
The proposed fault injection method has been applied to test software-implemented
reliable node systems: a TMR (triple modular redundant) node and a fail-silent node.
The nodes have integrated fault tolerance mechanisms and are expected to exhibit
certain behaviour in the presence of a failure. The thesis describes how various such
mechanisms (for example, clock synchronisation protocol, and atomic broadcast
protocol) were tested. The testing revealed flaws in implementation that had not been
discovered before, thereby demonstrating the usefulness of the method. Application of
the approach to other distributed systems is also described in the thesis.CEC ESPRIT programme,
UK Engineering and Physical Sciences Research Council (EPSRC)
Fault Injection and Monitoring Capability for a Fault-Tolerant Distributed Computation System
The Configurable Fault-Injection and Monitoring System (CFIMS) is intended for the experimental characterization of effects caused by a variety of adverse conditions on a distributed computation system running flight control applications. A product of research collaboration between NASA Langley Research Center and Old Dominion University, the CFIMS is the main research tool for generating actual fault response data with which to develop and validate analytical performance models and design methodologies for the mitigation of fault effects in distributed flight control systems. Rather than a fixed design solution, the CFIMS is a flexible system that enables the systematic exploration of the problem space and can be adapted to meet the evolving needs of the research. The CFIMS has the capabilities of system-under-test (SUT) functional stimulus generation, fault injection and state monitoring, all of which are supported by a configuration capability for setting up the system as desired for a particular experiment. This report summarizes the work accomplished so far in the development of the CFIMS concept and documents the first design realization
An approach for evaluation of efficacy of vulnerability scanning tools in web applications
Orientadores: MĂĄrio Jino, Regina LĂșcia de Oliveira MoraesDissertação (mestrado) - Universidade Estadual de Campinas, Faculdade de Engenharia ElĂ©trica e de ComputaçãoResumo: Grande parte das aplicaçÔes Web Ă© desenvolvida atualmente sob severas restriçÔes de tempo e custo. A complexidade dos produtos de software Ă© cada vez maior resultando em vulnerabilidades de segurança produzidas por mĂĄ codificação. Ferramentas chamadas scanners de vulnerabilidade sĂŁo utilizadas para auxiliar a detecção automĂĄtica de vulnerabilidades de segurança em aplicaçÔes Web; portanto, poder confiar nos resultados da aplicação dessas ferramentas Ă© essencial. Este trabalho propĂ”e uma abordagem para avaliar a eficĂĄcia desses scanners. A abordagem proposta estĂĄ baseada em tĂ©cnicas de injeção de falhas e modelos de ĂĄrvores de ataque; os resultados da aplicação de trĂȘs scanners sĂŁo avaliados na presença de falhas realistas de software responsĂĄveis por vulnerabilidades de segurança em aplicaçÔes Web. As ĂĄrvores de ataque representam os passos para se realizar um ataque, permitindo verificar se vulnerabilidades detectadas pelo scanner existem de fato na aplicação sob teste. A abordagem tambĂ©m pode ser utilizada para realizar testes de segurança, pois permite a detecção de vulnerabilidades pela execução de cenĂĄrios de ataqueAbstract: Nowadays, most web applications are developed under strict time and cost constraints. The complexity of software products is increasingly bigger leading to security vulnerabilities due to bad coding. Tools called vulnerability scanners are being applied to automatically detect security vulnerabilities in web applications; thus, trustworthiness of the results of application of these tools is essential. The present work proposes an approach to assess the efficacy of vulnerability scanner tools. The proposed approach is based on fault injection techniques and attack tree models; the results of the application of three scanners are assessed in the presence of realistic software faults responsible for security vulnerabilities in web applications. Attack trees represent the steps of performing an attack, allowing verifying whether security vulnerabilities detected by the scanner tool do exist in the application under test. The approach can also be used to perform security tests, as it permits the detection of vulnerabilities through the execution of attack scenariosMestradoEngenharia de ComputaçãoMestre em Engenharia ElĂ©tric
Ătalonnage de la sĂ»retĂ© de fonctionnement des systĂšmes dâexploitation â SpĂ©cifications et mise en oeuvre
Les dĂ©veloppeurs des systĂšmes informatiques, y compris critiques, font souvent appel Ă des systĂšmes dâexploitation sur Ă©tagĂšre. Cependant, un mauvais fonctionnement dâun systĂšme dâexploitation peut avoir un fort impact sur la sĂ»retĂ© de fonctionnement du systĂšme global, dâoĂč la nĂ©cessitĂ© de trouver des moyens efficaces pour caractĂ©riser sa sĂ»retĂ© de fonctionnement. Dans cette thĂšse, nous Ă©tudions lâĂ©talonnage de la sĂ»retĂ© de fonctionnement des systĂšmes dâexploitation par rapport aux comportements dĂ©fectueux de lâapplication. Nous spĂ©cifions les propriĂ©tĂ©s quâun Ă©talon de sĂ»retĂ© de fonctionnement doit satisfaire. AprĂšs, nous spĂ©cifions les mesures et la mise en oeuvre des trois Ă©talons destinĂ©s Ă comparer la sĂ»retĂ© de fonctionnement de diffĂ©rents systĂšmes dâexploitation. Ensuite, nous dĂ©veloppons les prototypes des trois Ă©talons. Ces prototypes servent Ă comparer les diffĂ©rents systĂšmes dâexploitation des familles Windows et Linux, et pour montrer la satisfaction des propriĂ©tĂ©s identifiĂ©es. ABSTRACT : System developers are increasingly resorting to off-the-shelf operating systems, even in critical application domains. Any malfunction of the operating system may have a strong impact on the dependability of the global system. Therefore, it is important to make available information about the operating systems dependability. In our work, we aim to specify dependability benchmarks to characterize the operating systems with respect to the faulty behavior of the application. We specify three benchmarks intended for comparing the dependability of operating systems belonging to different families. We specify the set of measures and the procedures to be followed after defining the set of properties that a dependability benchmark should satisfy. After, we present implemented prototypes of these benchmarks. They are used to compare the dependability of operating systems belonging to Windows and Linux, and to show that our benchmarks satisfy the identified properties