Timing Analysis of the FlexRay Communication Protocol

FlexRay will very likely become the de-facto standard for in-vehicle communications. However, before it can be successfully used for safety-critical applications that require predictability, timing analysis techniques are necessary for providing bounds for the message communication times. In this paper, we propose techniques for determining the timing properties of messages transmitted in both the static (ST) and the dynamic (DYN) segments of a FlexRay communication cycle. The analysis techniques for messages are integrated in the context of a holistic schedulability analysis that computes the worst-case response times of all the tasks and messages in the system. We have evaluated the proposed analysis techniques using extensive experiments. 1

Robust and secure resource management for automotive cyber-physical systems

2022 Spring.Includes bibliographical references.Modern vehicles are examples of complex cyber-physical systems with tens to hundreds of interconnected Electronic Control Units (ECUs) that manage various vehicular subsystems. With the shift towards autonomous driving, emerging vehicles are being characterized by an increase in the number of hardware ECUs, greater complexity of applications (software), and more sophisticated in-vehicle networks. These advances have resulted in numerous challenges that impact the reliability, security, and real-time performance of these emerging automotive systems. Some of the challenges include coping with computation and communication uncertainties (e.g., jitter), developing robust control software, detecting cyber-attacks, ensuring data integrity, and enabling confidentiality during communication. However, solutions to overcome these challenges incur additional overhead, which can catastrophically delay the execution of real-time automotive tasks and message transfers. Hence, there is a need for a holistic approach to a system-level solution for resource management in automotive cyber-physical systems that enables robust and secure automotive system design while satisfying a diverse set of system-wide constraints. ECUs in vehicles today run a variety of automotive applications ranging from simple vehicle window control to highly complex Advanced Driver Assistance System (ADAS) applications. The aggressive attempts of automakers to make vehicles fully autonomous have increased the complexity and data rate requirements of applications and further led to the adoption of advanced artificial intelligence (AI) based techniques for improved perception and control. Additionally, modern vehicles are becoming increasingly connected with various external systems to realize more robust vehicle autonomy. These paradigm shifts have resulted in significant overheads in resource constrained ECUs and increased the complexity of the overall automotive system (including heterogeneous ECUs, network architectures, communication protocols, and applications), which has severe performance and safety implications on modern vehicles. The increased complexity of automotive systems introduces several computation and communication uncertainties in automotive subsystems that can cause delays in applications and messages, resulting in missed real-time deadlines. Missing deadlines for safety-critical automotive applications can be catastrophic, and this problem will be further aggravated in the case of future autonomous vehicles. Additionally, due to the harsh operating conditions (such as high temperatures, vibrations, and electromagnetic interference (EMI)) of automotive embedded systems, there is a significant risk to the integrity of the data that is exchanged between ECUs which can lead to faulty vehicle control. These challenges demand a more reliable design of automotive systems that is resilient to uncertainties and supports data integrity goals. Additionally, the increased connectivity of modern vehicles has made them highly vulnerable to various kinds of sophisticated security attacks. Hence, it is also vital to ensure the security of automotive systems, and it will become crucial as connected and autonomous vehicles become more ubiquitous. However, imposing security mechanisms on the resource constrained automotive systems can result in additional computation and communication overhead, potentially leading to further missed deadlines. Therefore, it is crucial to design techniques that incur very minimal overhead (lightweight) when trying to achieve the above-mentioned goals and ensure the real-time performance of the system. We address these issues by designing a holistic resource management framework called ROSETTA that enables robust and secure automotive cyber-physical system design while satisfying a diverse set of constraints related to reliability, security, real-time performance, and energy consumption. To achieve reliability goals, we have developed several techniques for reliability-aware scheduling and multi-level monitoring of signal integrity. To achieve security objectives, we have proposed a lightweight security framework that provides confidentiality and authenticity while meeting both security and real-time constraints. We have also introduced multiple deep learning based intrusion detection systems (IDS) to monitor and detect cyber-attacks in the in-vehicle network. Lastly, we have introduced novel techniques for jitter management and security management and deployed lightweight IDSs on resource constrained automotive ECUs while ensuring the real-time performance of the automotive systems

A novel framework for vehicle functions identification by exploiting machine learning techniques

openNowadays vehicles architectures exploit various automotive network protocols that bring information between the implemented Electronic Central Units (ECUs). Exchanged data are encoded and only Original Equipment Manufacturers (OEMs) and T1 (Tier One) producers know their meaning and how decode them. A software model will be developed in order to detect vehicles functions without having database files associated to network signals. Furthermore, the model will behave like an ECU by producing output signals related to input ones. Machine Learning techniques will be exploited, in particular Clustering task will be exploited to understand not a priori known vehicle functions and a Neural Network will be implemented to emulate an ECU behavior. Signals will be grouped in five different types of vehicle functions and the model will predict the ECU’s output data with high accuracy. Applications concerning the developed project are, in primis, to fix up possible vehicles electronics faults. In addiction, vehicle predictive maintenance could be done. Another application, could be to check by OEMs if T1 manufacturers comply the required specification.Nowadays vehicles architectures exploit various automotive network protocols that bring information between the implemented Electronic Central Units (ECUs). Exchanged data are encoded and only Original Equipment Manufacturers (OEMs) and T1 (Tier One) producers know their meaning and how decode them. A software model will be developed in order to detect vehicles functions without having database files associated to network signals. Furthermore, the model will behave like an ECU by producing output signals related to input ones. Machine Learning techniques will be exploited, in particular Clustering task will be exploited to understand not a priori known vehicle functions and a Neural Network will be implemented to emulate an ECU behavior. Signals will be grouped in five different types of vehicle functions and the model will predict the ECU’s output data with high accuracy. Applications concerning the developed project are, in primis, to fix up possible vehicles electronics faults. In addiction, vehicle predictive maintenance could be done. Another application, could be to check by OEMs if T1 manufacturers comply the required specification

A framework for assertion-based timing verification and PC-based restbus simulation of automotive systems

Innovation in der Automobilindustrie wird durch Elektronik und vor allem durch Software ermöglicht. In der Regel wird eine Vielzahl von verteilten Funktionen realisiert. Typischerweise, wird diese Software über mehrere Steuergeräte verteilt. Durch die Verteilung und die Vielzahl an Funktionen ensteht eine immer wachsende Komplexität, die den Verifikations- und Validierungsprozess anspruchsvoller und schwieriger gestaltet. Daher ist für Ingenieure in der Automobilindustrie die Entwicklung von effizienten und effektiven Design-Methoden von großem Interesse.Ein zentrales Element in der Entwicklung automobiler Software ist der komponentebasierten Ansatz. Derzeit ist AUTOSAR der wichtigste Standard, der dieses Paradigma unterstützt. Die Systembeschreibungssprache SystemC ist ebenfalls ein Mittel, um AUTOSAR-Komponenten simulieren zu können. Desweiteren stellt SystemC einen Satz von Bibliotheken zur Verfügung wie zum Beispiel die „SystemC Verification Library“ (SCV), und einen diskreten Event-Simulationskern. Inzwischen ist das Interesse an der Verwendung von SystemC in der automobile Softwareentwicklung stark gestiegen.In dieser Arbeit stellen wir eine SystemC-basierte Entwurfsmethodik für eine frühe Validierung zeitkritischer automobile Systeme vor. Die Methodik reicht von einer reinen SystemC-Simulation bis zu einer PC-basierten Restbussimulation. Um die Synchronisation bezüglich Überabtastung und Unterabtastung zwischen dem SystemC-Simulationsmodell und dem Restbus während der Restbussimulation zu gewährleisten, präsentieren wir ein Synchronisationsverfahren. Im Rahmen dieser Arbeit wurde für die Integration von SystemC-Komponenten IP-XACT als Modelierungsstandard verwendet. Um eine Zeitanalyse ermöglichen zu können, stellen wir Erweiterungen für den IP-XACT-Standard vor, mit deren Hilfe Zeitanforderungen anAutomotive system innovation is mainly driven by software which can be distributed over a large number of functions typically deployed over several ECUs. This growing design complexity makes the verification and validation process challenging and difficult. Therefore, the development of efficient and effective design methodologies is of great interest for automotive engineers.A central concept in the development of automotive software is the component-based approach. Currently, the most prominent approach that supports this design paradigm is the AUTOSAR. The SLDL SystemC provides means to simulate the behavior of AUTOSAR software components by means of a discrete-event simulation kernel. Additionally, SystemC comes with a set of libraries such as the SCV. Meanwhile, the interest of using SystemC has grown in the automotive software development community. In this thesis we present a SystemC-based design methodology for early validation of time-critical automotive systems. The methodology spans from pure SystemC simulation to PC-based Restbus simulation. To deal with synchronization issues (oversampling and undersampling) that arise during Restbus simulation between the SystemC simulation model and the remaining bus network, we also present a new synchronization approach. Finally, we make use IP-XACT for SystemC component integration. To capture timing constraints on the simulation model, we propose timing extensions for the IP-XACT standard. These timing constraints can then be used to verify the SystemC simulation model.Tag der Verteidigung: 11.09.2015Paderborn, Univ., Diss., 201

Packet scheduling algorithms for a software-defined manufacturing environment

With the vision of Industry 4.0, Internet of things (IoT) and Internet of Services (IoS) are making their way to the modern manufacturing systems and industrial automation. As a consequence, modern day manufacturing systems need wider product variation and customization to meet the customer's demands and survive in the competitive markets. Traditional, dedicated systems like assembly lines cannot adapt the rapidly changing requirement of today's manufacturing industries. A flexible and highly scalable infrastructure is needed to support such systems. However, most of the applications in manufacturing systems require strict QoS guarantees. For instance, time-sensitive networks like in industrial automation and smart factories need hard real-time guarantees. Deterministic networks with bounded delay and jitter are essential requirement for such systems. To support such systems, non-deterministic queueing delay has to be eliminated from the network. To this end, we present Time-Sensitive Software-Defined Networks (TSSDN) with a logically centralized controller which computes transmission schedules based on the global view of the network. SDN control logic computes optimized transmission schedules for the end hosts to avoid in network queueing delay. To compute transmission schedules, we present Integer Linear Programming and Routing and Scheduling Algorithms with heuristics that schedule and route unicast and multicast flows. Our evaluations show that it is possible to compute near optimal transmission schedules for TSSDN and bound network delays and jitter

Modeling and Analysis of Automotive Cyber-physical Systems: Formal Approaches to Latency Analysis in Practice

Based on advances in scheduling analysis in the 1970s, a whole area of research has evolved: formal end-to-end latency analysis in real-time systems. Although multiple approaches from the scientific community have successfully been applied in industrial practice, a gap is emerging between the means provided by formally backed approaches and the need of the automotive industry where cyber-physical systems have taken over from classic embedded systems. They are accompanied by a shift to heterogeneous platforms build upon multicore architectures. Scien- tific techniques are often still based on too simple system models and estimations on important end-to-end latencies have only been tightened recently. To this end, we present an expressive system model and formally describe the problem of end-to-end latency analysis in modern automotive cyber-physical systems. Based on this we examine approaches to formally estimate tight end-to-end latencies in Chapter 4 and Chapter 5. The de- veloped approaches include a wide range of relevant systems. We show that our approach for the estimation of latencies of task chains dominates existing approaches in terms of tightness of the results. In the last chapter we make a brief digression to measurement analysis since measuring and simulation is an important part of verification in current industrial practice

Design of a New High Bandwidth Network for Agricultural Machines

Ethernet is by now the most adopted bus for fast digital communications in many environments, from household entertainment to PLC robotics in industrial assembly lines. Even in automotive industry, the interest in this technology is increasingly growing, pushed forward by research and by the need of high throughput that high dynamics distributed control demands. Although 100base-TX physical layer (PHY) does not seem to meet EMC requirements for vehicular and heavy-duty environments, OPEN Alliance BroadR Reach (soon becoming IEEE standard as IEEE 802.3bw) technology is the most promising and already adopted Ethernet-compatible PHY, reaching 100Mbps over an unshielded twisted pair. An agricultural machine is usually a system including tractor and one or more implements attached to it, to the back or to the front. Nowadays, a specific CAN-based distributed control network support treatments and applications, namely ISOBUS, defined by ISO 11783. This work deals with architectural and technological aspects of advanced Ethernet networks in order to provide a high-throughput deterministic network for in-vehicle distributed control for agricultural machinery. Two main paths of investigation will be presented: one concerning the prioritization of standard Ethernet taking advantage of standard ways of prioritization in well-established technologies; the other changing the channel access method of Ethernet using an industrial fieldbus, chosen after careful investigation. The prioritization of standard Ethernet is performed at two, non-mutual exclusive layers of the ISO OSI stack: one at L3, using the diffserv (former TOS) Ip field; one at L2, using the priorities defined in IEEE 802.1p, used in IEEE 802.1q (VLAN). These choices have several implications in the specific field of application of the agricultural machines. The change of the access method, instead, focused on the adoption of a specific fieldbus, in order to grant deterministic access to the medium and reliability of communications for safety-relevant applications. After a survey, that will be reported, the Powerlink fieldbus was chosen and some modifications will be discussed in order to suit the scope of the research