Toward Biologically-Inspired Self-Healing, Resilient Architectures for Digital Instrumentation and Control Systems and Embedded Devices

Digital Instrumentation and Control (I&C) systems in safety-related applications of next generation industrial automation systems require high levels of resilience against different fault classes. One of the more essential concepts for achieving this goal is the notion of resilient and survivable digital I&C systems. In recent years, self-healing concepts based on biological physiology have received attention for the design of robust digital systems. However, many of these approaches have not been architected from the outset with safety in mind, nor have they been targeted for the automation community where a significant need exists. This dissertation presents a new self-healing digital I&C architecture called BioSymPLe, inspired from the way nature responds, defends and heals: the stem cells in the immune system of living organisms, the life cycle of the living cell, and the pathway from Deoxyribonucleic acid (DNA) to protein. The BioSymPLe architecture is integrating biological concepts, fault tolerance techniques, and operational schematics for the international standard IEC 61131-3 to facilitate adoption in the automation industry. BioSymPLe is organized into three hierarchical levels: the local function migration layer from the top side, the critical service layer in the middle, and the global function migration layer from the bottom side. The local layer is used to monitor the correct execution of functions at the cellular level and to activate healing mechanisms at the critical service level. The critical layer is allocating a group of functional B cells which represent the building block that executes the intended functionality of critical application based on the expression for DNA genetic codes stored inside each cell. The global layer uses a concept of embryonic stem cells by differentiating these type of cells to repair the faulty T cells and supervising all repair mechanisms. Finally, two industrial applications have been mapped on the proposed architecture, which are capable of tolerating a significant number of faults (transient, permanent, and hardware common cause failures CCFs) that can stem from environmental disturbances and we believe the nexus of its concepts can positively impact the next generation of critical systems in the automation industry

Entwurfsmethodologie für höchst zuverlässige digitale ASIC-Designs angewandt auf Network-Centric System Middleware Switch Prozessor

The sensitivity of application-specific integrated circuits (ASICs) to single event effects (SEE) can lead to failures of subsystems which are exposed to increased radiation levels in space and on the ground. The work described in this thesis presents a design methodology for a fully fault-tolerant ASIC that is immune to single event upset effects (SEU) in sequential logic, single event transient effects (SET) in combinatorial logic, and single event latchup effects (SEL). Redundant circuits combined with SEL power switches (SPS) are the basis for a design methodology which achieves this goal. Within the standard ASIC design flow enhancements were made in order to incorporate redundancy and SPS cells and, consequently, enable protection against SEU, SET, and SEL. In order to validate the resulting fault-tolerant circuits a fault-injection environment with carefully designed fault models was developed. The moments of fault occurrence and their durations are modeled according to the real effects in actual hardware. The proposed design methodology was applied to an innovative space craft area network (SCAN) central processor unit, known as middleware switch processor. The measurement results presented in this thesis prove the correct functionality of DMR and SPS circuits, as well as the high fault-tolerance of the implemented ASICs along with moderate overhead with respect to power consumption and occupied silicon area. Irradiation measurements demonstrated the correct design and successful implementation of the SPS cell.Die Empfindlichkeit von anwendungsspezifischen integrierten Schaltungen (ASICs) zu den einzelnen Ereigniseffekten (SEE), kann zu Ausfällen von Subsystemen führen, die erhöhten Strahlungspegeln im Raum und auf dem Boden ausgesetzt werden. Die Arbeit, die in dieser Thesis beschrieben wird, stellt eine Entwurfsmethodologie vor um fehlertolerante ASICs zu entwerfen, welche die immun gegen singuläre Störung Effekte (SEU) in sequentielle Logik ist, einzelne Ereignis vorübergehende Effekte (SET) in der kombinatorischen Logik und einzelnes Ereignis Latchup-Effekte (SEL). Modulare Redundanz und SEL-Schalter (SPS) sind die Basis für eine Design-Methodik, die volle fehlertolerante ASIC liefert. Der Standard ASIC-Designflow ist erweitert worden, um Redundanz mit SPS-Schalter zu enthalten und Schutz gegen SEU, SET und SEL zu ermöglichen. Um die fehlertoleranten Stromkreise zu validieren ist eine Fault-Injektion Umgebung mit Fault Modellen entwickelt worden. Die Momente des Auftretens und der Dauer der injizierten Fehler werden entsprechend den realen Effekten in die Hardware modelliert. Die Methodologie des vorgeschlagenen Entwurfs ist an einem innovativen Space Craft Area Network (SCAN) Schaltkreis angewendet worden, bekannt als Middleware Switch Prozessor. Die Messergebnisse, die in dieser These dargestellt werden, haben die korrekte Funktionalität von Redundanz- und SPS-Stromkreisen sowie die hohe Fehler-Toleranz der resultierende ASICs zusammen mit mäßigen Unkosten in Bezug auf Leistungsaufnahme und besetzten Silikonfläche nachgewiesen. Die Strahlungsmessungen haben das korrekte Design und die erfolgreiche Umsetzung der SPS-Zelle bewiesen