Virtuaalinen kenttäväylä -Sovellettavuus, teknologiat ja arviointi

In the present-day software and automation development, different methods of virtualization have become popular, as the final hardware is then not required for software development. This allows earlier and faster software process, reduced time to market and more fluent workflow. As distributed automation systems generally rely on fieldbuses of various types, implementing a virtual and fully operational fieldbus is a necessity for efficient utilization of the virtualized system. In this thesis, we take a comprehensive approach to virtual fieldbuses, from concept definition to experimental performance characteristics. We discuss the common behavior of different fieldbuses, list applications for virtual buses and compare possible implementation technologies such as TCP/IP and shared memory. Virtualization tools VirtualBox and QEMU are closely studied, as they bring additional challenges to data transfer. From the practical point of view, the study presents our experiences on implementing a virtual CAN bus for embedded development. With an extensive set of features and platform support in our design, it demonstrates the utilization of multiple technologies. Using the virtual CAN implementation, we then show the measured performance characteristics and evaluate the solution against actual hardware. Potential of virtual bus technology was proven by the performance measurements. Shared memory implementation provided extremely good performance, sufficient for implementing any virtual fieldbus system. It was also found to be efficient in respect to CPU load. Unfortunately, shared memory usually cannot cross virtualization boundaries. TCP was found as the best option for the rest of the use cases. In restricted local Ethernet or between VirtualBox and host OS, it is able to provide latencies under 700µs, similar to hardware performance. Observed bottlenecks were the use of the QEMU emulation tool without optimizations, and slow USB fieldbus adapters. We recommend using virtual fieldbuses in virtualized development and debugging of distributed systems and for automatic system level testing, if timing requirements are not extremely strict. Remote virtual connection to a hardware fieldbus is also seen as a valid application. The technologies and adapters must still be carefully selected for best results

Selection of a new hardware and software platform for railway interlocking

The interlocking system is one of the main actors for safe railway transportation. In most cases, the whole system is supplied by a single vendor. The recent regulations from the European Union direct for an “open” architecture to invite new game changers and reduce life-cycle costs. The objective of the thesis is to propose an alternative platform that could replace a legacy interlocking system. In the thesis, various commercial off-the-shelf hardware and software products are studied which could be assembled to compose an alternative interlocking platform. The platform must be open enough to adapt to any changes in the constituent elements and abide by the proposed baselines of new standardization initiatives, such as ERTMS, EULYNX, and RCA. In this thesis, a comparative study is performed between these products based on hardware capacity, architecture, communication protocols, programming tools, security, railway certifications, life-cycle issues, etc

Quarantine-mode based live patching for zero downtime safety-critical systems

150 p.En esta tesis se presenta una arquitectura y diseño de software, llamado Cetratus, que permite las actualizaciones en caliente en sistemas críticos, donde se efectúan actualizaciones dinámicas de los componentes de la aplicación. La característica principal es la ejecución y monitorización en modo cuarentena, donde la nueva versión del software es ejecutada y monitorizada hasta que se compruebe la confiabilidad de esta nueva versión. Esta característica también ofrece protección contra posibles fallos de software y actualización, así como la propagación de esos fallos a través del sistema. Para este propósito, se emplean técnicas de particionamiento. Aunque la actualización del software es iniciada por el usuario Updater, se necesita la ratificación del auditor para poder proceder y realizar la actualización dinámica. Estos usuarios son autenticados y registrados antes de continuar con la actualización. También se verifica la autenticidad e integridad del parche dinámico. Cetratus está alineado con las normativas de seguridad funcional y de ciber-seguridad industriales respecto a las actualizaciones de software.Se proporcionan dos casos de estudio. Por una parte, en el caso de uso de energía inteligente, se analiza una aplicación de gestión de energía eléctrica, compuesta por un sistema de gestión de energía (BEMS por sus siglas en ingles) y un servicio de optimización de energía en la nube (BEOS por sus siglas en ingles). El BEMS monitoriza y controla las instalaciones de energía eléctrica en un edificio residencial. Toda la información relacionada con la generación, consumo y ahorro es enviada al BEOS, que estima y optimiza el consumo general del edificio para reducir los costes y aumentar la eficiencia energética. En este caso de estudio se incorpora una nueva capa de ciberseguridad para aumentar la ciber-seguridad y privacidad de los datos de los clientes. Específicamente, se utiliza la criptografía homomorfica. Después de la actualización, todos los datos son enviados encriptados al BEOS.Por otro lado, se presenta un caso de estudio ferroviario. En este ejemplo se actualiza el componente Euroradio, que es la que habilita las comunicaciones entre el tren y el equipamiento instalado en las vías en el sistema de gestión de tráfico ferroviario en Europa (ERTMS por sus siglas en ingles). En el ejemplo se actualiza el algoritmo utilizado para el código de autenticación del mensaje (MAC por sus siglas en inglés) basado en el algoritmo de encriptación AES, debido a los fallos de seguridad del algoritmo actual

Towards Digital Twin-enabled DevOps for CPS providing Architecture-Based Service Adaptation & Verification at Runtime

Industrial Product-Service Systems (IPSS) denote a service-oriented (SO) way of providing access to CPS capabilities. The design of such systems bears high risk due to uncertainty in requirements related to service function and behavior, operation environments, and evolving customer needs. Such risks and uncertainties are well known in the IT sector, where DevOps principles ensure continuous system improvement through reliable and frequent delivery processes. A modular and SO system architecture complements these processes to facilitate IT system adaptation and evolution. This work proposes a method to use and extend the Digital Twins (DTs) of IPSS assets for enabling the continuous optimization of CPS service delivery and the latter's adaptation to changing needs and environments. This reduces uncertainty during design and operations by assuring IPSS integrity and availability, especially for design and service adaptations at CPS runtime. The method builds on transferring IT DevOps principles to DT-enabled CPS IPSS. The chosen design approach integrates, reuses, and aligns the DT processing and communication resources with DevOps requirements derived from literature. We use these requirements to propose a DT-enabled self-adaptive CPS model, which guides the realization of DT-enabled DevOps in CPS IPSS. We further propose detailed design models for operation-critical DTs that integrate CPS closed-loop control and architecture-based CPS adaptation. This integrated approach enables the implementation of A/B testing as a use case and central concept to enable CPS IPSS service adaptation and reconfiguration. The self-adaptive CPS model and DT design concept have been validated in an evaluation environment for operation-critical CPS IPSS. The demonstrator achieved sub-millisecond cycle times during service A/B testing at runtime without causing CPS operation interferences and downtime.Comment: Final published version appearing in 17th Symposium on Software Engineering for Adaptive and Self-Managing Systems (SEAMS 2022

Real-Time Sensor Networks and Systems for the Industrial IoT

The Industrial Internet of Things (Industrial IoT—IIoT) has emerged as the core construct behind the various cyber-physical systems constituting a principal dimension of the fourth Industrial Revolution. While initially born as the concept behind specific industrial applications of generic IoT technologies, for the optimization of operational efficiency in automation and control, it quickly enabled the achievement of the total convergence of Operational (OT) and Information Technologies (IT). The IIoT has now surpassed the traditional borders of automation and control functions in the process and manufacturing industry, shifting towards a wider domain of functions and industries, embraced under the dominant global initiatives and architectural frameworks of Industry 4.0 (or Industrie 4.0) in Germany, Industrial Internet in the US, Society 5.0 in Japan, and Made-in-China 2025 in China. As real-time embedded systems are quickly achieving ubiquity in everyday life and in industrial environments, and many processes already depend on real-time cyber-physical systems and embedded sensors, the integration of IoT with cognitive computing and real-time data exchange is essential for real-time analytics and realization of digital twins in smart environments and services under the various frameworks’ provisions. In this context, real-time sensor networks and systems for the Industrial IoT encompass multiple technologies and raise significant design, optimization, integration and exploitation challenges. The ten articles in this Special Issue describe advances in real-time sensor networks and systems that are significant enablers of the Industrial IoT paradigm. In the relevant landscape, the domain of wireless networking technologies is centrally positioned, as expected

Safety Kernel for cooperative sensor-based systems

Tese de mestrado em Segurança Informática, apresentada à Universidade de Lisboa, através da Faculdade de Ciências, 2013Os sistemas críticos, usados em indústrias como a aeroespacial, aeronáutica ou automóvel, requerem novas soluções tecnológicas para responder à constante procura por novas funcionalidades que respondam aos novos desafios do futuro, tornando-se cada vez mais complexos. Estes sistemas necessitam, contudo, de respeitar elevados e rígidos requisitos, não só em termos de segurança na operação e fiabilidade, mas também em termos de requisitos de tamanho, peso e consumo energético. Arquiteturas tradicionais usadas no desenho deste tipo de sistemas críticos baseiam a segurança na operação possibilidade de provar, em tempo de desenvolvimento, que o sistema garante a previsibilidade necessária. Contudo, o aparecimento de novas tecnologias acarreta um aumento na complexidade das aplicações usadas, o que torna o objetivo de provar a sua fiabilidade uma tarefa árdua ou mesmo impossível, limitando as funcionalidades passíveis de serem integradas nestes sistemas. Por exemplo, o aparecimento de comunicações sem fios abriu um novo mundo de oportunidades: a mesma poderia permitir um conjunto de veículos comunicar e cooperar mutuamente para atingir um objetivo comum. Contudo, a incerteza que caracteriza este tipo de comunicações tem travado o desenvolvimento de aplicações passiveis de ser usados por sistemas críticos. Nesta tese, propomos uma arquitetura híbrida, constituída por componentes simples e previsíveis que coexistem com componentes complexos e imprevisíveis sem que isso, sem que essa coexistência ponha em causa as garantias de segurança na operação. A possibilidade de incluir novas aplicações, que façam uso de novas tecnologias, abre portas à introdução de novas funcionalidades em sistemas críticos, permitindo melhorar a performance e serviço prestado pelos sistemas atualmente existentes. A nossa arquitetura assenta num componente chamado Núcleo de Segurança (Safety Kernel), que tem como tarefa a monitorização dos requisitos de segurança e a gestão da configuração do sistema, assegurando-se que este se adapta às limitações observadas e que podem por em causa a segurança do sistema, evitando assim possíveis acidentes. Este documento descreve a arquitetura deste componente bem como a integração e interação do mesmo na arquitetura do sistema, apresentando a implementação de um protótipo do mesmo na arquitetura AIR - uma arquitetura baseada no conceito de compartimentação no espaço e tempo (CET) desenvolvida para sistemas aeroespaciais.Future safety-critical systems, used in, for example, the aerospacial, aeronautic and automotive industries, call for innovative computing architectures, with increased complexity. These systems must still cope with strict requirements, not only in terms of safety and reliability, but also in terms of size, weight and power consumption (SWaP). Traditional approaches used in the design of such critical systems, rely on proving and guaranteeing, at design time, the safety and predictability of their applications. However, with the emergence of new technological solutions and the increase of the complexity of applications, it gets harder or even infeasible to prove their safety by design, limiting the scope and possible features to include in such systems. For instance, the use of wireless communications opens a new world of possibilities: it may be used to develop smart vehicles that cooperate with each other to achieve some common goal. However, due to its uncertainty, the development of such applications for safety-critical systems turns out to be a challenging task. In this thesis, we propose a hybrid architecture, in which simple and predictable components coexist with complex and unpredictable ones, without compromising safety, despite the unavoidable uncertainty. The inclusion of complex components into safetycritical systems allows the emergence of new applications that provide new features or that improve the existing ones. Furthermore, we want to deal with the uncertainty that characterizes wireless communications and provide mechanisms which allow systems to cooperate with each other in a safe way. We rely on a component called Safety Kernel, in charge of monitoring and managing the runtime configuration of the system, forcing it to adapt to faults and runtime constraints in order to avoid hazardous situations. We describe the architecture and role of such Safety Kernel, and how they interact with other components in the system architecture, including the functional components of the control system. Finally we present a prototype implementation of such Safety Kernel over AIR, an architecture based on the concept of Time- and Space Partitioning (TSP) developed for aerospace systems

A review on optimization techniques for the deployment and scheduling of distributed real-time systems

RESUMEN: En las ultimas tres décadas, se ha realizado un gran número de propuestas sobre la optimización del despliegue y planificación de sistemas de tiempo real distribuidos bajo diferentes enfoques algorítmicos que aportan soluciones aceptables a este problema catalogado como NP-difícil. En la actualidad, la mayor parte de los sistemas utilizados en el sector industrial son sistemas de criticidad mixta en los que se puede usar la planificación cíclica, las prioridades fijas y el particionado, que proporciona aislamiento temporal y espacial a las aplicaciones. Así, en este artículo se realiza una revisión de los trabajos publicados sobre este tema y se presenta un análisis de las diferentes soluciones aportadas para sistemas de tiempo real distribuidos basados en las políticas de planificación que se están usando en la práctica. Como resultado de la comparación, se presenta una tabla a modo de guía en la que se relacionan los trabajos revisados y se caracterizan sus soluciones.ABSTRACT: In the last three decades, a large number of proposals has been carried out for the optimization of the deployment and scheduling of distributed real-time systems under different algorithmic approaches that provide acceptable solutions for this NP-hard problem. Nowadays, most of the systems used in industry are mixed-criticallity systems which use cyclic scheduling, fixed-priority scheduling and partitioning, which provides both temporal and spatial isolation in the execution of applications. Thus, in this work a review of the works published on this topic is performed, as well as an analysis of the different proposed solutions for distributed real-time systems based on the scheduling policies that are used in practice. As a result of the comparison, a table intended as a guide is elaborated in which all the reviewed works are reported and their solutions are characterized.Este trabajo ha sido financiado en parte por el Gobierno de España y los fondos FEDER (AEI /FEDER, UE) en el proyecto TIN2017-86520-C3-3-R (PRECON-I4)

Industrial internet and its role in process automation

Modern process automation undergoes a major shift in the way it addresses conventional challenges. Moreover, it is adapting to the newly arising challenges due to changing business scenarios. Nowadays, the areas of the automation that recently were rather separate start to merge and the border between them is fading. This situation only adds struggle to the already highly competitive production industry. In order to be successful, companies should adopt new approaches to the way their processes are automated, controlled, and managed. One of these approaches is the so-called Industrial Internet. It is the next step after the traditional paradigm of the process automation pyramid that leads to the new vision of interconnected processes, services, machines and people. However, general company does not usually eager to implement the new technology to its business. One of the reasons for this is that it does not see the advantages that the Industrial Internet brings. This is due to the lack of sufficient number of successful implementation examples in various industrial areas and of clear business scenarios for the use of the Industrial Internet. Aim of the presented thesis is to create a convincing Industrial Internet application scenario. For the implementation, a mineral concentration plant was chosen as one of the industrial premises that possesses the shortage of the Industrial Internet examples. Literature review section describes the process automation state of art. It lists and reviews the research and development initiatives related to the Industrial Internet. Moreover, the Industrial Internet fundamentals are given. Finally, it describes the Industrial Internet applications and the case studies. In the practical part, at first, the description of the mineral concentration plant is given. Then, the next section describes the Industrial Internet application scenario. In the following section technical guidelines for the system implementation are given. Also, in the concluding part of the thesis the future direction of research work are discussed

Methodology for avionics integration optimisation

Every state-of-art aircraft has a complex distributed systems of avionics Line Replaceable Units/Modules (LRUs/LRMs), networked by several data buses. These LRUs are becoming more complex because of the increasing number of new avionics functions need to be integrated in an avionics LRU. The evolution of avionics data buses and architectures have moved from distributed analogue and federated architecture to digital Integrated Modular Avionics (IMA). IMA architecture allows suppliers to develop their own LRUs/LRMs capable of specific features that can then be offered to Original Equipment Manufacturers (OEMs) as Commercial-Off-The-Shelf (COTS) products. In the meantime, the aerospace industry has been investigating new solutions to develop smaller, lighter and more capable avionics LRUs to be integrated into avionics architecture. Moreover, the complexity of the overall avionics architecture and its impact on cable length, weight, power consumption, reliability and maintainability of avionics systems encouraged manufacturers to incorporate efficient avionics architectures in their aircraft design process. However, manual design cannot concurrently fulfil the complexity and interconnectivity of system requirements and optimality. Thus, developing computer-aided design (CAD), Model Based System Engineering (MBSE) tools and mathematical modelling for optimisation of IMA architecture has become an active research area in avionics systems integration. In this thesis, a general method and tool are developed for optimisation of avionics architecture and improving its operational capability. The tool has three main parts including a database of avionics LRUs, mathematical modelling of the architectures and optimisation algorithms. The developed avionics database includes avionics LRUs with their technical specifications and operational capabilities for each avionics function. A MCDM method, SAW, is used to quantify and rank each avionics LRU’s operational capability. Based on the existing avionics LRUs in the database and aircraft level avionics requirements two avionics architectures are proposed i.e. AFCS architecture (SSA) and avionics architecture (LSA). The proposed avionics architectures are then modelled using mathematical programming. Further, the allocation of avionics LRUs to avionics architecture and mapping the avionics LRUs to their installation locations are defined as an assignment problem in Integer Programming (IP) format. The defined avionics architecture optimisation problem is to optimise avionics architecture in terms of mass, volume, power consumption, MTBF and operational capability. The problems are solved as both single-objective and multi-objective optimisation using the branch-and-bound algorithm, weighted sum method and Particle Swarm Optimisation (PSO) algorithm. Finally, the tool provides a semi-automatic optimisation of avionics architecture. This helps avionics system architects to investigate and evaluate various architectures in the early stage of design from an LRU perspective. It can also be used to upgrade a legacy avionics architecture.Aerospac

Adaptives Monitoring für Mehrkernprozessoren in eingebetteten sicherheitskritischen Systemen

In vielen Anwendungsdomänen tragen softwarebasierte Systeme maßgeblich zu neuen Trends und Innovationen bei -- so auch in den Mobilitätsdomänen Automobilbau, Luftfahrt und Eisenbahnindustrie. Wesentliche Neuerungen können in Software auf neuester Hardware-Technologie entwickelt und in Umlauf gebracht werden. Speziell in den Mobilitätsdomänen sind besondere Anforderungen zu berücksichtigen sobald die Funktionen und Technologien in sicherheitskritischen Anwendungen integriert und eingesetzt werden. Neueste Hardware ist jedoch oftmals nicht für den Einsatz in solchen Anwendungen ausgelegt und kann daher die durch Standards und Normen vorgegebene Anforderungen nicht ohne weiteres erfüllen. Dies gilt auch für den aktuellen Trend in der Prozessortechnologie, den Mehrkernprozessoren. Die bereits in Multimedia und Unterhaltungsmedien weit verbreiteten Mehrkernprozessoren können nicht uneingeschränkt Einzug in sicherheitskritische Anwendungen halten. Spezielle Methoden zur Absicherung im Sinne der funktionalen Sicherheit werden benötigt, um Mehrkernprozessoren überwachen und somit mindestens ein gleiches Maß an Sicherheit, wie in bereits etablierten Technologien, garantieren zu können. In der vorliegenden Arbeit werden Methoden vorgestellt, die zur Steigerung der Zuverlässigkeit für Multicoreprozessoren eingesetzt werden können und es erleichtern, diese neuartige, komplexe Technologie in eingebetteten sicherheitskritischen Anwendungen einzusetzen. Anwendungsbereiche stellen beispielsweise Automobile, Flugzeuge, Anwendungen im Bereich der Industrieautomatisierung oder Züge dar. Obwohl (verteilte) Mehrprozessorsysteme bereits seit einigen Jahren eingesetzt werden, unterscheiden sich die Herausforderungen zur Absicherung durch die Integration in einen Chip erheblich von den bereits bekannten Herausforderungen bei der Entwicklung von Mehrprozessorsystemen. Der Übergang von verteilten Mehrprozessorsystemen zu hoch integrierten Mehrkernprozessoren bringt nicht nur eine neue Technologie, sondern auch eine immens gesteigerte Komplexität mit sich. In den folgenden Kapiteln dieser Arbeit werden zunächst aktuelle Arbeiten und die Herausforderungen sowie die einhergehende Komplexität beim Übergang von Mehrprozessor- zu Mehrkern-Systemen vorgestellt. Diese Herausforderungen werden im Kontext der Applikationen als Fehlerbilder sichtbar, die wiederum zu Systemausfällen mit schwerwiegenden Folgen führen können. Diese resultierenden Fehlerbilder und deren Ursprung werden dargestellt. Um mögliche Fehler und daraus resultierende Ausfälle frühzeitig erkennen zu können werden im weiteren Verlauf der Arbeit neuartige Methoden zur Überwachung und Fehlererkennung in Mehrkernprozessoren vorgestellt und gegen die eingeführten Fehlerbilder reflektiert. Die Monitoring Mechanismen sind dabei nicht auf einen einzelnen Teil des Mehrkernprozessors oder eine Ebene im Design beschränkt, vielmehr handelt es sich um eine Hardware/Software Co-Design Entscheidung, welche der Mechanismen in Hardware und/oder in Software abgebildet und auf welcher Ebene im System diese umgesetzt werden. Das hieraus entstehende Multi-Level Monitoring mit parametrierbaren und adaptiven Konzepten deckt alle Ebenen von der Applikation bis zur Hardwareplattform ab. Doch nicht nur die Überwachung von Mehrkernprozessoren spielt eine entscheidende Rolle, auch die sichere, deterministische und effiziente Nutzung von Ressourcen innerhalb des System-On-Chip stellt eine besondere Herausforderung dar. Dieser Nutzung wird ein weiteres Kapitel dieser Arbeit mit einem neuartigen Konzept gewidmet, das eine für die Software transparente Virtualisierung bereitstellt. Die eingeführte Hardware-Virtualisierung kann in weiten Bereichen ebenfalls parametriert werden und bietet die Möglichkeit zur Integration eines anwendungsspezifischen Schedulingverfahrens. Die vorgestellten Konzepte werden prototypisch implementiert, bewertet und es wird eine Validierung gegen die Fehlerbilder durchgeführt. Weiterhin wird basierend auf den aktuellen Trends in der Industrie und Forschung davon ausgegangen, dass zukünftige Anwendungen, speziell durch den steigenden Grad an Automatisierung, strengeren Anforderungen genügen müssen. Dies bedingt, dass eine einfache Fehlererkennung und die Überführung in einen sicheren Systemzustand den künftigen Anforderungen nicht mehr genügen und ein bestimmter, minimaler Funktionsumfang immer bereitgestellt werden muss. Ein Konzept für die dynamische Migration von Funktionen für künftige Fail-Operational Systeme zur Integration in einen Mehrkernprozessor rundet die in dieser Arbeit vorgestellten Konzepte ab. Speziell die Entwicklung von sicherheitskritischen Anwendungen folgt strikten, durchgängigen und wohldefinierten Prozessen, in welchen die Mechanismen nicht losgelöst voneinander betrachtet werden dürfen. Zur besseren Handhabung der Konzepte und zur Anbindung an bereits bestehende und etablierte Entwicklungsprozesse, werden die Methoden in ein Bibliothekskonzept integriert. Dies sichert die einfache Nutzbarkeit und die Übertragbarkeit auf andere Anwendungsfälle und Architekturen. Die so entwickelten Systeme werden durch die vorgestellten Konzepte, die weitgehend parametriert und konfiguriert werden können und sich auf den jeweiligen Anwendungsfall anpassen lassen, unterstützt und reduzieren die Komplexität bei der Entwicklung