Effective Verification for Low-Level Software with Competing Interrupts

Interrupt-driven software is difficult to test and debug, especially when interrupts can be nested and subject to priorities. Interrupts can arrive at arbitrary times, leading to an exponential blow-up in the number of cases to consider. We present a new formal approach to verifying interrupt-driven software based on symbolic execution. The approach leverages recent advances in the encoding of the execution traces of interacting, concurrent threads. We assess the performance of our method on benchmarks drawn from embedded systems code and device drivers, and experimentally compare it to conventional approaches that use source-to-source transformations. Our results show that our method significantly outperforms these techniques. To the best of our knowledge, our work is the first to demonstrate effective verification of low-level embedded software with nested interrupt

PADRÕES DE SEGURANÇA PARA DISPOSITIVOS IOT LOW-END: UMA REVISÃO COMPARATIVA

A Internet das coisas permite que pessoas e objetos estejam conectados a qualquer momento, em qualquer lugar, com qualquer objeto a qualquer pessoa, usando qualquer caminho/rede e qualquer serviço. Assim, leva a uma heterogeneidade desafiadora de componentes e redes. Diferentes sistemas operacionais foram desenvolvidos para dispositivos IoT de baixo custo com requisitos rigorosos impostos principalmente pela baixa capacidade de processar e armazenar informações em comparação com uma máquina convencional. Assim, o sistema operacional deve ser capaz de executar tarefas da forma mais eficiente possível. Em redes heterogêneas, como no caso da IoT, é mais complexo garantir a segurança e a privacidade dos sistemas que fazem parte desse ecossistema. A funcionalidade principal da IoT é baseada na troca de informações entre centenas ou até milhões de objetos com a Internet. Este trabalho realiza uma revisão comparativa dos principais recursos de segurança disponíveis em sistemas operacionais de baixo custo orientados para IoT, incluindo Contiki, RIOT-OS, TinyOS e FreeRTOS.El Internet de las cosas permite que las personas y los objetos se conecten en cualquier momento, en cualquier lugar, con cualquier objeto a cualquier persona, utilizando cualquier ruta / red y cualquier servicio. Por lo tanto, conduce a una heterogeneidad desafiante de componentes y redes. Se desarrollaron diferentes sistemas operativos para dispositivos IoT de gama baja con requisitos estrictos impuestos principalmente por la baja capacidad de procesar y almacenar información en comparación con una máquina convencional. Por lo tanto, el sistema operativo debe ser capaz de realizar tareas de la manera más eficiente posible. En redes heterogéneas, como en el caso de IoT, es más complejo garantizar la seguridad y privacidad de los sistemas que forman parte de este ecosistema. La funcionalidad principal de IoT se basa en el intercambio de información entre cientos o incluso millones de objetos con Internet. Este trabajo realiza una revisión comparativa de las principales características de seguridad disponibles en sistemas operativos orientados a IoT de gama baja, incluidos Contiki, RIOT-OS, TinyOS y FreeRTOS.The Internet of things allows people and objects to be connected anytime, anywhere, with any object to anyone, using any path/network and any service. Thus, it leads to a challenging heterogeneity of components and networks. Different operating systems were developed for low-end IoT devices with stringent requirements mainly imposed by the low ability to process and store information compared to a conventional machine. Thus, the OS should be able to perform tasks as efficiently as possible. In heterogeneous networks, as in the case of IoT, it is more complex to guarantee the security and privacy of systems that are part of this ecosystem. The core functionality of IoT is based on exchanging information between hundreds or even millions of objects with the Internet. This work performs a comparative review of the leading security features available in low-end IoT-oriented OS, including Contiki, RIOT-OS, TinyOS, and FreeRTOS.A Internet das coisas permite que pessoas e objetos estejam conectados a qualquer momento, em qualquer lugar, com qualquer objeto a qualquer pessoa, usando qualquer caminho/rede e qualquer serviço. Assim, leva a uma heterogeneidade desafiadora de componentes e redes. Diferentes sistemas operacionais foram desenvolvidos para dispositivos IoT de baixo custo com requisitos rigorosos impostos principalmente pela baixa capacidade de processar e armazenar informações em comparação com uma máquina convencional. Assim, o sistema operacional deve ser capaz de executar tarefas da forma mais eficiente possível. Em redes heterogêneas, como no caso da IoT, é mais complexo garantir a segurança e a privacidade dos sistemas que fazem parte desse ecossistema. A funcionalidade principal da IoT é baseada na troca de informações entre centenas ou até milhões de objetos com a Internet. Este trabalho realiza uma revisão comparativa dos principais recursos de segurança disponíveis em sistemas operacionais de baixo custo orientados para IoT, incluindo Contiki, RIOT-OS, TinyOS e FreeRTOS

A Multi-Criteria Framework to Assist on the Design of Internet-of-Things Systems

The Internet-of-Things (IoT), considered as Internet first real evolution, has become immensely important to society due to revolutionary business models with the potential to radically improve Human life. Manufacturers are engaged in developing embedded systems (IoT Systems) for different purposes to address this new variety of application domains and services. With the capability to agilely respond to a very dynamic market offer of IoT Systems, the design phase of IoT ecosystems can be enhanced. However, select the more suitable IoT System for a certain task is currently based on stakeholder’s knowledge, normally from lived experience or intuition, although it does not mean that a proper decision is being made. Furthermore, the lack of methods to formally describe IoT Systems characteristics, capable of being automatically used by methods is also an issue, reinforced by the growth of available information directly connected to Internet spread. Contributing to improve IoT Ecosystems design phase, this PhD work proposes a framework capable of fully characterise an IoT System and assist stakeholder’s on the decision of which is the proper IoT System for a specific task. This enables decision-makers to perform a better reasoning and more aware analysis of diverse and very often contradicting criteria. It is also intended to provide methods to integrate energy consumptionsimulation tools and address interoperability with standards, methods or systems within the IoT scope. This is addressed using a model-driven based framework supporting a high openness level to use different software languages and decision methods, but also for interoperability with other systems, tools and methods

A hierarchical group model for programming sensor networks

A hierarchical group model that decouples computation from hardware can characterize and aid in the construction of sensor network software with minimal overhead. Future sensor network applications will move beyond static, homogeneous deployments to include dynamic, heterogeneous elements. These sensor networks will also gain new users, including casual users who will expect intuitive interfaces to interact with sensor networks. To address these challenges, a new computational model and a system implementing the model are presented. This model ensures that computations can be readily reassigned as sensor nodes are introduced or removed. The model includes methods for communication to accommodate these dynamic elements. This dissertation presents a detailed description and design of a computational model that resolves these challenges using a hierarchical group mechanism. In this model, computation is tasked to logical groups and split into collective and local components that communicate hierarchically. Local computation is primarily used for data production and publishes data to the collective computation. Similarly, collective computation is primarily used for data aggregation and pushes results back to the local computation. Finally, the model includes data-processing functions interposed between local and collective functions that are responsible for data conversion. This dissertation also presents implementations and applications of the model. Implementations include Kensho, a C-based implementation of the hierarchical group model, that can be used for a variety of user applications. Another implementation, Tables, presents a spreadsheet-inspired view of the sensor network that takes advantage of hierarchical groups for both computation and communication. Users are able to specify both local and collective functions that execute on the sensor network via the spreadsheet interface. Applications of the model are also explored. One application, FUSN, provides a set of methods for constructing filesystem-based interfaces for sensor networks. This demonstrates the general applicability of the model as applied to sensor network programming and management interfaces. Finally, the model is applied to a novel privacy algorithm to demonstrate that the model isn\u27t strictly limited to programming interfaces

Enabling technologies for distributed body sensor networks

Low Power Wireless Sensor Networks, Preventative Healthcare and Pervasive Systems are set to provide long-term continuous monitoring, diagnosis and care for patients in the next few years. Distributed forms of these networks are investigated from a holistic point of view. Individual components of these systems including: sensors, software and hardware implementations are investigated and analysed. Novel sensors are developed for low power capturing of Body Sensor Network (BSN) information to enable long term use. Software frameworks are designed to enable these technologies to run on low power nodes as well as enabling them to perform evaluation of their data before transmission into the network. An architecture is designed to enable task distribution to intensive processing from low power nodes. Two forms of distributed BSNs are also developed: a horizontal network and a vertical network. It is shown that using these two types of networks enables information and task distribution allowing low power sensing nodes to evaluate information before transmission. These systems have the opportunity to revolutionalise expensive acute episodic care systems of today, but are not currently being implemented or investigated to the extent that they could. The technological barriers to entry are addressed in this thesis with the investigation and evaluation of distributed body sensor networks. It is shown that horizontal networks can distribute information efficiently, while vertical networks can distribute processing efficiently

A Two-Level Information Modelling Translation Methodology and Framework to Achieve Semantic Interoperability in Constrained GeoObservational Sensor Systems

As geographical observational data capture, storage and sharing technologies such as in situ remote monitoring systems and spatial data infrastructures evolve, the vision of a Digital Earth, first articulated by Al Gore in 1998 is getting ever closer. However, there are still many challenges and open research questions. For example, data quality, provenance and heterogeneity remain an issue due to the complexity of geo-spatial data and information representation. Observational data are often inadequately semantically enriched by geo-observational information systems or spatial data infrastructures and so they often do not fully capture the true meaning of the associated datasets. Furthermore, data models underpinning these information systems are typically too rigid in their data representation to allow for the ever-changing and evolving nature of geo-spatial domain concepts. This impoverished approach to observational data representation reduces the ability of multi-disciplinary practitioners to share information in an interoperable and computable way. The health domain experiences similar challenges with representing complex and evolving domain information concepts. Within any complex domain (such as Earth system science or health) two categories or levels of domain concepts exist. Those concepts that remain stable over a long period of time, and those concepts that are prone to change, as the domain knowledge evolves, and new discoveries are made. Health informaticians have developed a sophisticated two-level modelling systems design approach for electronic health documentation over many years, and with the use of archetypes, have shown how data, information, and knowledge interoperability among heterogenous systems can be achieved. This research investigates whether two-level modelling can be translated from the health domain to the geo-spatial domain and applied to observing scenarios to achieve semantic interoperability within and between spatial data infrastructures, beyond what is possible with current state-of-the-art approaches. A detailed review of state-of-the-art SDIs, geo-spatial standards and the two-level modelling methodology was performed. A cross-domain translation methodology was developed, and a proof-of-concept geo-spatial two-level modelling framework was defined and implemented. The Open Geospatial Consortium’s (OGC) Observations & Measurements (O&M) standard was re-profiled to aid investigation of the two-level information modelling approach. An evaluation of the method was undertaken using II specific use-case scenarios. Information modelling was performed using the two-level modelling method to show how existing historical ocean observing datasets can be expressed semantically and harmonized using two-level modelling. Also, the flexibility of the approach was investigated by applying the method to an air quality monitoring scenario using a technologically constrained monitoring sensor system. This work has demonstrated that two-level modelling can be translated to the geospatial domain and then further developed to be used within a constrained technological sensor system; using traditional wireless sensor networks, semantic web technologies and Internet of Things based technologies. Domain specific evaluation results show that twolevel modelling presents a viable approach to achieve semantic interoperability between constrained geo-observational sensor systems and spatial data infrastructures for ocean observing and city based air quality observing scenarios. This has been demonstrated through the re-purposing of selected, existing geospatial data models and standards. However, it was found that re-using existing standards requires careful ontological analysis per domain concept and so caution is recommended in assuming the wider applicability of the approach. While the benefits of adopting a two-level information modelling approach to geospatial information modelling are potentially great, it was found that translation to a new domain is complex. The complexity of the approach was found to be a barrier to adoption, especially in commercial based projects where standards implementation is low on implementation road maps and the perceived benefits of standards adherence are low. Arising from this work, a novel set of base software components, methods and fundamental geo-archetypes have been developed. However, during this work it was not possible to form the required rich community of supporters to fully validate geoarchetypes. Therefore, the findings of this work are not exhaustive, and the archetype models produced are only indicative. The findings of this work can be used as the basis to encourage further investigation and uptake of two-level modelling within the Earth system science and geo-spatial domain. Ultimately, the outcomes of this work are to recommend further development and evaluation of the approach, building on the positive results thus far, and the base software artefacts developed to support the approach

A linguistic approach to concurrent, distributed, and adaptive programming across heterogeneous platforms

Two major trends in computing hardware during the last decade have been an increase in the number of processing cores found in individual computer hardware platforms and an ubiquity of distributed, heterogeneous systems. Together, these changes can improve not only the performance of a range of applications, but the types of applications that can be created. Despite the advances in hardware technology, advances in programming of such systems has not kept pace. Traditional concurrent programming has always been challenging, and is only set to be come more so as the level of hardware concurrency increases. The different hardware platforms which make up heterogeneous systems come with domain-specific programming models, which are not designed to interact, or take into account the different resource-constraints present across different hardware devices, motivating a need for runtime reconfiguration or adaptation. This dissertation investigates the actor model of computation as an appropriate abstraction to address the issues present in programming concurrent, distributed, and adaptive applications across different scales and types of computing hardware. Given the limitations of other approaches, this dissertation describes a new actor-based programming language (Ensemble) and its runtime to address these challenges. The goal of this language is to enable non-specialist programmers to take advantage of parallel, distributed, and adaptive programming without the programmer requiring in-depth knowledge of hardware architectures or software frameworks. There is also a description of the design and implementation of the runtime system which executes Ensemble applications across a range of heterogeneous platforms. To show the suitability of the actor-based abstraction in creating applications for such systems, the language and runtime were evaluated in terms of linguistic complexity and performance. These evaluations covered programming embedded, concurrent, distributed, and adaptable applications, as well as combinations thereof. The results show that the actor provides an objectively simple way to program such systems without sacrificing performance