Towards Vehicle-Level Simulator Aided Failure Mode, Effect, and Diagnostic Analysis of Automotive Power Electronics Items

The increasing demand for Electronic Control Units able to perform safety-relevant tasks leads the automotive industry to find novel verification methodologies, capable to decrease the time-to-market and, at the same time, to improve the quality of the assessment. The ISO26262:2018 automotive functional safety standard requires to follow a strict development process, compliant with its “safety lifecycle”. It includes all the phases of the item life, from the concept to the decommissioning. The phase that places most difficulties about its objectivity and repeatability is the hardware/software integration verification since, usually, the software is in charge to mitigate the effects of some possible hardware failures. This paper proposes a novel technique, based on a simulation-based approach, to aid the designers during the Failure Mode, Effect, and Diagnostic Analysis (FMEDA). We consider a power electronics module, to be embedded into electric vehicles powertrains, as a challenging practical example. We performed some tests on it, considering a rear traction car with two independent electric motors, one per each wheel. This system, to allow the vehicle to curve, has to act like a differential gear. Hence, it has a strong safety impact on the driveability of the car. All the involved components have been simulated propagating their behaviours up to the entire vehicle. Due the strong coupling between item failures and vehicle dynamics, a structured way based on coupling fault injection with vehicle dynamic simulation is desirable

Exploiting the IEEE 1149.1 Standard for Software Reliability Evaluation in Space Applications

The IEEE 1149.1 standard (boundary-scan) was originally developed as a technology to provide in-circuit testing of digital devices. Its effectiveness lead to unanticipated successes such as its extension to support on-line monitoring and in-circuit emulation. Meanwhile, its applicability for fault-injection had already been demonstrated by academic prototypes. In this paper we describe the first commercial tool, the BSCAN4FI plug in for Xception®, that provides support for software reliability evaluation for aeronautics and space applications using the boundary-scan technology as a means for controlled fault-injection. This tool allows transparent integration testing without any modification to the original system to be deployed and was developed specifically for the SPARC V.7 TSC695f space processor. Besides extended fault models and test features only made possible through this technology, in-system non-intrusive monitoring capabilities are also made possible.info:eu-repo/semantics/publishedVersio

Injecção de Falhas por Varrimento Periférico em Processadores

As técnicas de injecção de falhas mais utilizadas podem ser classificadas em técnicas de indução, técnicas de injecão por hardware e técnicas de injecção por software. Dentro das técnicas de injecção por hardware surgem as técnicas de injecção de falhas recorrendo à tecnologia de teste por varrimento periférico. Esta encontra-se fortemente implantada nos processadores mais recentes, fornecendo um método de acesso ao seu interior de forma a permitir operações de teste e depuração. A sua utilização para a injecção de falhas é um passo lógico e tem sido estudada desde os anos 90. Os trabalhos desenvolvidos nesta área são diversos e incluem soluções que não exigem qualquer alteração à infraestrutura normalizada e soluções que modificam as células e a infraestrutura de controlo de forma a suportarem esta funcionalidade. Estas alterações implicam atrasos temporais acrescidos e um aumento da área de silício destinada a funções de teste, tornando-se importante uma preocupação com a optimização para que a inclusão de capacidades de injecção de falhas não afecte significativamente o desempenho e o custo dos componentes onde são implementadas.info:eu-repo/semantics/publishedVersio

Towards Accurate Estimation of Error Sensitivity in Computer Systems

Fault injection is an increasingly important method for assessing, measuringand observing the system-level impact of hardware and software faults in computer systems. This thesis presents the results of a series of experimental studies in which fault injection was used to investigate the impact of bit-flip errors on program execution. The studies were motivated by the fact that transient hardware faults in microprocessors can cause bit-flip errors that can propagate to the microprocessors instruction set architecture registers and main memory. As the rate of such hardware faults is expected to increase with technology scaling, there is a need to better understand how these errors (known as ‘soft errors’) influence program execution, especially in safety-critical systems.Using ISA-level fault injection, we investigate how five aspects, or factors, influence the error sensitivity of a program. We define error sensitivity as the conditional probability that a bit-flip error in live data in an ISA-register or main-memory word will cause a program to produce silent data corruption (SDC; i.e., an erroneous result). We also consider the estimation of a measure called SDC count, which represents the number of ISA-level bit flips that cause an SDC.The five factors addressed are (a) the inputs processed by a program, (b) the level of compiler optimization, (c) the implementation of the program in the source code, (d) the fault model (single bit flips vs double bit flips) and (e)the fault-injection technique (inject-on-write vs inject-on-read). Our results show that these factors affect the error sensitivity in many ways; some factors strongly impact the error sensitivity or SDC count whereas others show a weaker impact. For example, our experiments show that single bit flips tend to cause SDCs more than double bit flips; compiler optimization positively impacts the SDC count but not necessarily the error sensitivity; the error sensitivity varies between 20% and 50% among the programs we tested; and variations in input affect the error sensitivity significantly for most of the tested programs

Design for dependability: A simulation-based approach

This research addresses issues in simulation-based system level dependability analysis of fault-tolerant computer systems. The issues and difficulties of providing a general simulation-based approach for system level analysis are discussed and a methodology that address and tackle these issues is presented. The proposed methodology is designed to permit the study of a wide variety of architectures under various fault conditions. It permits detailed functional modeling of architectural features such as sparing policies, repair schemes, routing algorithms as well as other fault-tolerant mechanisms, and it allows the execution of actual application software. One key benefit of this approach is that the behavior of a system under faults does not have to be pre-defined as it is normally done. Instead, a system can be simulated in detail and injected with faults to determine its failure modes. The thesis describes how object-oriented design is used to incorporate this methodology into a general purpose design and fault injection package called DEPEND. A software model is presented that uses abstractions of application programs to study the behavior and effect of software on hardware faults in the early design stage when actual code is not available. Finally, an acceleration technique that combines hierarchical simulation, time acceleration algorithms and hybrid simulation to reduce simulation time is introduced

Mise en œuvre et caractérisation d'une méthode d'injection de pannes à haut niveau d'abstraction

De nos jours, l’effet des rayons cosmiques sur l’électronique est connu. De nombreuses études ont démontré que les neutrons étaient la cause principale des erreurs non destructives sur les circuits intégrés à bord des avions. De plus, la réduction de la taille des transistors rend les circuits de plus en plus sensibles à ces derniers. Les circuits tolérants aux radiations sont parfois utilisés afin d’améliorer la robustesse des circuits. Cependant, ces circuits sont coûteux et leur technologie tend à être en retard de quelques générations par rapport aux circuits non tolérants. Les concepteurs préfèrent donc utiliser des circuits conventionnels et appliquent des méthodes de mitigation afin d’améliorer la tolérance aux erreurs passagères. Tout au long de la conception d’un circuit, il est indispensable d’en analyser et d’en vérifier la fiabilité. Les méthodologies conventionnelles de conception ont besoin d’être adaptées afin d’évaluer la tolérance aux erreurs non destructives causées par les radiations. Aujourd’hui, les concepteurs ont besoin de nouveaux outils et de nouvelles méthodologies afin de valider leurs stratégies de mitigation dans le but de satisfaire leurs exigences de tolérance. Dans ce mémoire, une nouvelle méthodologie permettant de capturer à bas niveau d’abstraction le comportement fautif d’un circuit et de l’appliquer à plus haut niveau est proposée. Pour cela, le nouveau concept de Signature du comportement fautif d’un circuit est présenté. Une Signature permet de créer, à haut niveau d’abstraction (niveau système) des modèles qui reflètent avec précision le comportement fautif d’un circuit appris à bas niveau, au niveau portes logiques. Les comportements fautifs d’un additionneur et d’un multiplicateur 8 bits ont été reproduits sous Simulink avec respectivement des coefficients de corrélation de 98,53 % et 99,86 %. Une méthodologie permettant de générer une bibliothèque de composants fautifs sous Simulink est proposée dans le but de permettre aux concepteurs de vérifier la tolérance de leurs modèles tôt lors de la conception d’un circuit. Les résultats ainsi obtenus pour trois circuits sont présentés et critiqués tout au long de ce mémoire. Dans le cadre de ce projet, un article scientifique a été publié à la conférence NEWCAS 2013 (Robache et al., 2013). Ce travail présente le nouveau concept de Signature du comportement fautif, la méthodologie de génération de Signatures développée ainsi qu’une preuve de concept avec un multiplicateur 8 bits

Fault injection testing of software implemented fault tolerance mechanisms of distributed systems

PhD ThesisOne way of gaining confidence in the adequacy of fault tolerance mechanisms of a system is to test the system by injecting faults and see how the system performs under faulty conditions. This thesis investigates the issues of testing software-implemented fault tolerance mechanisms of distributed systems through fault injection. A fault injection method has been developed. The method requires that the target software system be structured as a collection of objects interacting via messages. This enables easy insertion of fault injection objects into the target system to emulate incorrect behaviour of faulty processors by manipulating messages. This approach allows one to inject specific classes of faults while not requiring any significant changes to the target system. The method differs from the previous work in that it exploits an object oriented approach of software implementation to support the injection of specific classes of faults at the system level. The proposed fault injection method has been applied to test software-implemented reliable node systems: a TMR (triple modular redundant) node and a fail-silent node. The nodes have integrated fault tolerance mechanisms and are expected to exhibit certain behaviour in the presence of a failure. The thesis describes how various such mechanisms (for example, clock synchronisation protocol, and atomic broadcast protocol) were tested. The testing revealed flaws in implementation that had not been discovered before, thereby demonstrating the usefulness of the method. Application of the approach to other distributed systems is also described in the thesis.CEC ESPRIT programme, UK Engineering and Physical Sciences Research Council (EPSRC)

Fault Injection and Monitoring Capability for a Fault-Tolerant Distributed Computation System

The Configurable Fault-Injection and Monitoring System (CFIMS) is intended for the experimental characterization of effects caused by a variety of adverse conditions on a distributed computation system running flight control applications. A product of research collaboration between NASA Langley Research Center and Old Dominion University, the CFIMS is the main research tool for generating actual fault response data with which to develop and validate analytical performance models and design methodologies for the mitigation of fault effects in distributed flight control systems. Rather than a fixed design solution, the CFIMS is a flexible system that enables the systematic exploration of the problem space and can be adapted to meet the evolving needs of the research. The CFIMS has the capabilities of system-under-test (SUT) functional stimulus generation, fault injection and state monitoring, all of which are supported by a configuration capability for setting up the system as desired for a particular experiment. This report summarizes the work accomplished so far in the development of the CFIMS concept and documents the first design realization

An approach for evaluation of efficacy of vulnerability scanning tools in web applications

Orientadores: Mário Jino, Regina Lúcia de Oliveira MoraesDissertação (mestrado) - Universidade Estadual de Campinas, Faculdade de Engenharia Elétrica e de ComputaçãoResumo: Grande parte das aplicações Web é desenvolvida atualmente sob severas restrições de tempo e custo. A complexidade dos produtos de software é cada vez maior resultando em vulnerabilidades de segurança produzidas por má codificação. Ferramentas chamadas scanners de vulnerabilidade são utilizadas para auxiliar a detecção automática de vulnerabilidades de segurança em aplicações Web; portanto, poder confiar nos resultados da aplicação dessas ferramentas é essencial. Este trabalho propõe uma abordagem para avaliar a eficácia desses scanners. A abordagem proposta está baseada em técnicas de injeção de falhas e modelos de árvores de ataque; os resultados da aplicação de três scanners são avaliados na presença de falhas realistas de software responsáveis por vulnerabilidades de segurança em aplicações Web. As árvores de ataque representam os passos para se realizar um ataque, permitindo verificar se vulnerabilidades detectadas pelo scanner existem de fato na aplicação sob teste. A abordagem também pode ser utilizada para realizar testes de segurança, pois permite a detecção de vulnerabilidades pela execução de cenários de ataqueAbstract: Nowadays, most web applications are developed under strict time and cost constraints. The complexity of software products is increasingly bigger leading to security vulnerabilities due to bad coding. Tools called vulnerability scanners are being applied to automatically detect security vulnerabilities in web applications; thus, trustworthiness of the results of application of these tools is essential. The present work proposes an approach to assess the efficacy of vulnerability scanner tools. The proposed approach is based on fault injection techniques and attack tree models; the results of the application of three scanners are assessed in the presence of realistic software faults responsible for security vulnerabilities in web applications. Attack trees represent the steps of performing an attack, allowing verifying whether security vulnerabilities detected by the scanner tool do exist in the application under test. The approach can also be used to perform security tests, as it permits the detection of vulnerabilities through the execution of attack scenariosMestradoEngenharia de ComputaçãoMestre em Engenharia Elétric

Étalonnage de la sûreté de fonctionnement des systèmes d’exploitation – Spécifications et mise en oeuvre

Les développeurs des systèmes informatiques, y compris critiques, font souvent appel à des systèmes d’exploitation sur étagère. Cependant, un mauvais fonctionnement d’un système d’exploitation peut avoir un fort impact sur la sûreté de fonctionnement du système global, d’où la nécessité de trouver des moyens efficaces pour caractériser sa sûreté de fonctionnement. Dans cette thèse, nous étudions l’étalonnage de la sûreté de fonctionnement des systèmes d’exploitation par rapport aux comportements défectueux de l’application. Nous spécifions les propriétés qu’un étalon de sûreté de fonctionnement doit satisfaire. Après, nous spécifions les mesures et la mise en oeuvre des trois étalons destinés à comparer la sûreté de fonctionnement de différents systèmes d’exploitation. Ensuite, nous développons les prototypes des trois étalons. Ces prototypes servent à comparer les différents systèmes d’exploitation des familles Windows et Linux, et pour montrer la satisfaction des propriétés identifiées. ABSTRACT : System developers are increasingly resorting to off-the-shelf operating systems, even in critical application domains. Any malfunction of the operating system may have a strong impact on the dependability of the global system. Therefore, it is important to make available information about the operating systems dependability. In our work, we aim to specify dependability benchmarks to characterize the operating systems with respect to the faulty behavior of the application. We specify three benchmarks intended for comparing the dependability of operating systems belonging to different families. We specify the set of measures and the procedures to be followed after defining the set of properties that a dependability benchmark should satisfy. After, we present implemented prototypes of these benchmarks. They are used to compare the dependability of operating systems belonging to Windows and Linux, and to show that our benchmarks satisfy the identified properties