Safety-Critical Communication in Avionics

The aircraft of today use electrical fly-by-wire systems for manoeuvring. These safety-critical distributed systems are called flight control systems and put high requirements on the communication networks that interconnect the parts of the systems. Reliability, predictability, flexibility, low weight and cost are important factors that all need to be taken in to consideration when designing a safety-critical communication system. In this thesis certification issues, requirements in avionics, fault management, protocols and topologies for safety-critical communication systems in avionics are discussed and investigated. The protocols that are investigated in this thesis are: TTP/C, FlexRay and AFDX, as a reference protocol MIL-STD-1553 is used. As reference architecture analogue point-to-point is used. The protocols are described and evaluated regarding features such as services, maturity, supported physical layers and topologies.Pros and cons with each protocol are then illustrated by a theoretical implementation of a flight control system that uses each protocol for the highly critical communication between sensors, actuators and flight computers.The results show that from a theoretical point of view TTP/C could be used as a replacement for a point-to-point flight control system. However, there are a number of issues regarding the physical layer that needs to be examined. Finally a TTP/C cluster has been implemented and basic functionality tests have been conducted. The plan was to perform tests on delays, start-up time and reintegration time but the time to acquire the proper hardware for these tests exceeded the time for the thesis work. More advanced testing will be continued here at Saab beyond the time frame of this thesis

Verifiably-safe software-defined networks for CPS

Next generation cyber-physical systems (CPS) are expected to be deployed in domains which require scalability as well as performance under dynamic conditions. This scale and dynamicity will require that CPS communication networks be programmatic (i.e., not requiring manual intervention at any stage), but still maintain iron-clad safety guarantees. Software-defined networking standards like OpenFlow provide a means for scalably building tailor-made network architectures, but there is no guarantee that these systems are safe, correct, or secure. In this work we propose a methodology and accompanying tools for specifying and modeling distributed systems such that existing formal verification techniques can be transparently used to analyze critical requirements and properties prior to system implementation. We demonstrate this methodology by iteratively modeling and verifying an OpenFlow learning switch network with respect to network correctness, network convergence, and mobility-related properties. We posit that a design strategy based on the complementary pairing of software-defined networking and formal verification would enable the CPS community to build next-generation systems without sacrificing the safety and reliability that these systems must deliver

Impact of Vehicular Communications Security on Transportation Safety

Transportation safety, one of the main driving forces of the development of vehicular communication (VC) systems, relies on high-rate safety messaging (beaconing). At the same time, there is consensus among authorities, industry, and academia on the need to secure VC systems. With specific proposals in the literature, a critical question must be answered: can secure VC systems be practical and satisfy the requirements of safety applications, in spite of the significant communication and processing overhead and other restrictions security and privacy-enhancing mechanisms impose? To answer this question, we investigate in this paper the following three dimensions for secure and privacy-enhancing VC schemes: the reliability of communication, the processing overhead at each node, and the impact on a safety application. The results indicate that with the appropriate system design, including sufficiently high processing power, applications enabled by secure VC can be in practice as effective as those enabled by unsecured VC

Design for a testing model of a communication subsystem for a safety-critical control system

This monograph focuses on a proposal for a testing model in safety critical systems. Due to the large scope of these systems, we have focused on the system testing and we have included requirements for testing the communication subsystem. After establishing the theoretical background for testing, we have defined the differences and specifics of traditional software systems and safety critical systems, based on standards and guidelines analysis for various safety critical systems. The system testing that we are using is not clearly integrated into the process of design and development of safety critical systems. Therefore, we have proposed basic steps of this process to which we have integrated system testing. Given the scope of the system testing, we have decided to propose two testing models. We have focused on performance and step stress testing. These models implement requirements for testing of safety critical systems specified by us. To verify the proposed models, we have defined a metric. Based on its value we can determine whenever the proposed model meets testing requirements specified by us

Analysing security properties using refinement

Security properties are essential in open and distributed environments with high dependability requirements. An approach to development and analysis of safety- and security-critical systems based on refinement as the central concept can offer an integrated solution. We analyse the Online Certificate Status Protocol (OCSP), showing how to use refinement as an interference analysis tool for secure communication protocols and intruders

Aerial base stations with opportunistic links for next generation emergency communications

Rapidly deployable and reliable mission-critical communication networks are fundamental requirements to guarantee the successful operations of public safety officers during disaster recovery and crisis management preparedness. The ABSOLUTE project focused on designing, prototyping, and demonstrating a high-capacity IP mobile data network with low latency and large coverage suitable for many forms of multimedia delivery including public safety scenarios. The ABSOLUTE project combines aerial, terrestrial, and satellites communication networks for providing a robust standalone system able to deliver resilience communication systems. This article focuses on describing the main outcomes of the ABSOLUTE project in terms of network and system architecture, regulations, and implementation of aerial base stations, portable land mobile units, satellite backhauling, S-MIM satellite messaging, and multimode user equipments