A Holistic Approach to Functional Safety for Networked Cyber-Physical Systems

Functional safety is a significant concern in today's networked cyber-physical systems such as connected machines, autonomous vehicles, and intelligent environments. Simulation is a well-known methodology for the assessment of functional safety. Simulation models of networked cyber-physical systems are very heterogeneous relying on digital hardware, analog hardware, and network domains. Current functional safety assessment is mainly focused on digital hardware failures while minor attention is devoted to analog hardware and not at all to the interconnecting network. In this work we believe that in networked cyber-physical systems, the dependability must be verified not only for the nodes in isolation but also by taking into account their interaction through the communication channel. For this reason, this work proposes a holistic methodology for simulation-based safety assessment in which safety mechanisms are tested in a simulation environment reproducing the high-level behavior of digital hardware, analog hardware, and network communication. The methodology relies on three main automatic processes: 1) abstraction of analog models to transform them into system-level descriptions, 2) synthesis of network infrastructures to combine multiple cyber-physical systems, and 3) multi-domain fault injection in digital, analog, and network. Ultimately, the flow produces a homogeneous optimized description written in C++ for fast and reliable simulation which can have many applications. The focus of this thesis is performing extensive fault simulation and evaluating different functional safety metrics, \eg, fault and diagnostic coverage of all the safety mechanisms

Dagstuhl Reports : Volume 1, Issue 2, February 2011

Online Privacy: Towards Informational Self-Determination on the Internet (Dagstuhl Perspectives Workshop 11061) : Simone Fischer-Hübner, Chris Hoofnagle, Kai Rannenberg, Michael Waidner, Ioannis Krontiris and Michael Marhöfer Self-Repairing Programs (Dagstuhl Seminar 11062) : Mauro Pezzé, Martin C. Rinard, Westley Weimer and Andreas Zeller Theory and Applications of Graph Searching Problems (Dagstuhl Seminar 11071) : Fedor V. Fomin, Pierre Fraigniaud, Stephan Kreutzer and Dimitrios M. Thilikos Combinatorial and Algorithmic Aspects of Sequence Processing (Dagstuhl Seminar 11081) : Maxime Crochemore, Lila Kari, Mehryar Mohri and Dirk Nowotka Packing and Scheduling Algorithms for Information and Communication Services (Dagstuhl Seminar 11091) Klaus Jansen, Claire Mathieu, Hadas Shachnai and Neal E. Youn

Identifying and diagnosing video streaming performance issues

On-line video streaming is an ever evolving ecosystem of services and technologies, where content providers are on a constant race to satisfy the users' demand for richer content and higher bitrate streams, updated set of features and cross-platform compatibility. At the same time, network operators are required to ensure that the requested video streams are delivered through the network with a satisfactory quality in accordance with the existing Service Level Agreements (SLA). However, tracking and maintaining satisfactory video Quality of Experience (QoE) has become a greater challenge for operators than ever before. With the growing popularity of content engagement on handheld devices and over wireless connections, new points-of-failure have added to the list of failures that can affect the video quality. Moreover, the adoption of end-to-end encryption by major streaming services has rendered previously used QoE diagnosis methods obsolete. In this thesis, we identify the current challenges in identifying and diagnosing video streaming issues and we propose novel approaches in order to address them. More specifically, the thesis initially presents methods and tools to identify a wide array of QoE problems and the severity with which they affect the users' experience. The next part of the thesis deals with the investigation of methods to locate under-performing parts of the network that lead to drop of the delivered quality of a service. In this context, we propose a data-driven methodology for detecting the under performing areas of cellular network with sub-optimal Quality of Service (QoS) and video QoE. Moreover, we develop and evaluate a multi-vantage point framework that is capable of diagnosing the underlying faults that cause the disruption of the user's experience. The last part of this work, further explores the detection of network performance anomalies and introduces a novel method for detecting such issues using contextual information. This approach provides higher accuracy when detecting network faults in the presence of high variation and can benefit providers to perform early detection of anomalies before they result in QoE issues.La distribución de vídeo online es un ecosistema de servicios y tecnologías, donde los proveedores de contenidos se encuentran en una carrera continua para satisfacer las demandas crecientes de los usuarios de más riqueza de contenido, velocidad de transmisión, funcionalidad y compatibilidad entre diferentes plataformas. Asimismo, los operadores de red deben asegurar que los contenidos demandados son entregados a través de la red con una calidad satisfactoria según los acuerdos existentes de nivel de servicio (en inglés Service Level Agreement o SLA). Sin embargo, la monitorización y el mantenimiento de un nivel satisfactorio de la calidad de experiencia (en inglés Quality of Experience o QoE) del vídeo online se ha convertido en un reto mayor que nunca para los operadores. Dada la creciente popularidad del consumo de contenido con dispositivos móviles y a través de redes inalámbricas, han aparecido nuevos puntos de fallo que se han añadido a la lista de problemas que pueden afectar a la calidad del vídeo transmitido. Adicionalmente, la adopción de sistemas de encriptación extremo a extremo, por parte de los servicios más importantes de distribución de vídeo online, ha dejado obsoletos los métodos existentes de diagnóstico de la QoE. En esta tesis se identifican los retos actuales en la identificación y diagnóstico de los problemas de transmisión de vídeo online, y se proponen nuevas soluciones para abordar estos problemas. Más concretamente, inicialmente la tesis presenta métodos y herramientas para identificar un conjunto amplio de problemas de QoE y la severidad con los que estos afectan a la experiencia de los usuarios. La siguiente parte de la tesis investiga métodos para localizar partes de la red con un rendimiento bajo que resultan en una disminución de la calidad del servicio ofrecido. En este contexto, se propone una metodología basada en el análisis de datos para detectar áreas de la red móvil que ofrecen un nivel subóptimo de calidad de servicio (en inglés Quality of Service o QoS) y QoE. Además, se desarrolla y se evalúa una solución basada en múltiples puntos de medida que es capaz de diagnosticar los problemas subyacentes que causan la alteración de la experiencia de usuario. La última parte de este trabajo explora adicionalmente la detección de anomalías de rendimiento de la red y presenta un nuevo método para detectar estas situaciones utilizando información contextual. Este enfoque proporciona una mayor precisión en la detección de fallos de la red en presencia de alta variabilidad y puede ayudar a los proveedores a la detección precoz de anomalías antes de que se conviertan en problemas de QoE.La distribució de vídeo online és un ecosistema de serveis i tecnologies, on els proveïdors de continguts es troben en una cursa continua per satisfer les demandes creixents del usuaris de més riquesa de contingut, velocitat de transmissió, funcionalitat i compatibilitat entre diferents plataformes. A la vegada, els operadors de xarxa han d’assegurar que els continguts demandats són entregats a través de la xarxa amb una qualitat satisfactòria segons els acords existents de nivell de servei (en anglès Service Level Agreement o SLA). Tanmateix, el monitoratge i el manteniment d’un nivell satisfactori de la qualitat d’experiència (en anglès Quality of Experience o QoE) del vídeo online ha esdevingut un repte més gran que mai per als operadors. Donada la creixent popularitat del consum de contingut amb dispositius mòbils i a través de xarxes sense fils, han aparegut nous punts de fallada que s’han afegit a la llista de problemes que poden afectar a la qualitat del vídeo transmès. Addicionalment, l’adopció de sistemes d’encriptació extrem a extrem, per part dels serveis més importants de distribució de vídeo online, ha deixat obsolets els mètodes existents de diagnòstic de la QoE. En aquesta tesi s’identifiquen els reptes actuals en la identificació i diagnòstic dels problemes de transmissió de vídeo online, i es proposen noves solucions per abordar aquests problemes. Més concretament, inicialment la tesi presenta mètodes i eines per identificar un conjunt ampli de problemes de QoE i la severitat amb la que aquests afecten a la experiència dels usuaris. La següent part de la tesi investiga mètodes per localitzar parts de la xarxa amb un rendiment baix que resulten en una disminució de la qualitat del servei ofert. En aquest context es proposa una metodologia basada en l’anàlisi de dades per detectar àrees de la xarxa mòbil que ofereixen un nivell subòptim de qualitat de servei (en anglès Quality of Service o QoS) i QoE. A més, es desenvolupa i s’avalua una solució basada en múltiples punts de mesura que és capaç de diagnosticar els problemes subjacents que causen l’alteració de l’experiència d’usuari. L’última part d’aquest treball explora addicionalment la detecció d’anomalies de rendiment de la xarxa i presenta un nou mètode per detectar aquestes situacions utilitzant informació contextual. Aquest enfoc proporciona una major precisió en la detecció de fallades de la xarxa en presencia d’alta variabilitat i pot ajudar als proveïdors a la detecció precoç d’anomalies abans de que es converteixin en problemes de QoE.Postprint (published version

New techniques for functional testing of microprocessor based systems

Electronic devices may be affected by failures, for example due to physical defects. These defects may be introduced during the manufacturing process, as well as during the normal operating life of the device due to aging. How to detect all these defects is not a trivial task, especially in complex systems such as processor cores. Nevertheless, safety-critical applications do not tolerate failures, this is the reason why testing such devices is needed so to guarantee a correct behavior at any time. Moreover, testing is a key parameter for assessing the quality of a manufactured product. Consolidated testing techniques are based on special Design for Testability (DfT) features added in the original design to facilitate test effectiveness. Design, integration, and usage of the available DfT for testing purposes are fully supported by commercial EDA tools, hence approaches based on DfT are the standard solutions adopted by silicon vendors for testing their devices. Tests exploiting the available DfT such as scan-chains manipulate the internal state of the system, differently to the normal functional mode, passing through unreachable configurations. Alternative solutions that do not violate such functional mode are defined as functional tests. In microprocessor based systems, functional testing techniques include software-based self-test (SBST), i.e., a piece of software (referred to as test program) which is uploaded in the system available memory and executed, with the purpose of exciting a specific part of the system and observing the effects of possible defects affecting it. SBST has been widely-studies by the research community for years, but its adoption by the industry is quite recent. My research activities have been mainly focused on the industrial perspective of SBST. The problem of providing an effective development flow and guidelines for integrating SBST in the available operating systems have been tackled and results have been provided on microprocessor based systems for the automotive domain. Remarkably, new algorithms have been also introduced with respect to state-of-the-art approaches, which can be systematically implemented to enrich SBST suites of test programs for modern microprocessor based systems. The proposed development flow and algorithms are being currently employed in real electronic control units for automotive products. Moreover, a special hardware infrastructure purposely embedded in modern devices for interconnecting the numerous on-board instruments has been interest of my research as well. This solution is known as reconfigurable scan networks (RSNs) and its practical adoption is growing fast as new standards have been created. Test and diagnosis methodologies have been proposed targeting specific RSN features, aimed at checking whether the reconfigurability of such networks has not been corrupted by defects and, in this case, at identifying the defective elements of the network. The contribution of my work in this field has also been included in the first suite of public-domain benchmark networks

Investigation into potential gas hydrate and gas zones off the South African coastline

Includes bibliographical references.Gas and petroleum products are important to modern life and, as peak oil is reached, the search is on for alternative fuel sources. A natural gas hydrate, also known as a clathrate, is formed when a gas molecule (such as methane) is trapped in a lattice of ice. Once considered oilfield nuisances, they are now being considered as an alternative fuel source. I asked whether any indications of hydrates, and gas, were present off the South African coastline within Block 2. Two hundred and sixty (260) pre-processed seismic lines and eighteen (18) well reports were provided by the Petroleum Agency of South Africa (PASA) for review and study. Within these, evidence of gas was abundantly clear. The presence of gas, and thus a gas source, is a good indicator that - should the other formation conditions be present – hydrates could occur in this area within the Gas Hydrate Stability Zone (GHSZ). Unfortunately, no bottom simulating reflectors (BSRs) - the clearest indicator of gas hydrates - were found. These findings do not, however, confirm the absence of gas hydrates as where there is gas, there maybe hydrates. The field of hydrate research is still new in terms of technology and practical applications, and the means to extract and produce hydrates is still expensive. However, in the drive for more sources of power to supply a growing demand, the South African government has already drafted a plan to develop infrastructure for future gas market developments. When developed, this infrastructure could potentially make use of the gas found within Block 2 and its surrounds and, as the technology to detect and extract methane hydrates becomes more mature (and associated costs to extract and produce it drop), it may prove to be a valuable additional future resource as well

Programmable Logic Controller Modification Attacks for Use in Detection Analysis

Unprotected Supervisory Control and Data Acquisition (SCADA) systems offer promising targets to potential attackers. Field devices, such as Programmable Logic Controllers (PLCs), are of particular concern as they directly control and monitor physical industrial processes. Although attacks targeting SCADA systems have increased, there has been little work exploring the vulnerabilities associated with exploitation of field devices. As attacks increase in sophistication, it is reasonable to expect targeted exploitation of field device firmware. This thesis examines the feasibility of modifying PLC firmware to execute a remotely triggered attack. Such a modification is referred to as a repackaging attack. A general method is used to reverse engineer the firmware to determine its structure. Once understood, the firmware is modified to add an exploitable feature that can remotely disable the PLC. The attacks utilize a variety of triggers and take advantage of already existing functions to exploit the PLC. Notable areas of the firmware are described to demonstrate how they can be used in attack development. The performance of the repackaged firmwares are compared to known unmodified firmwares to determine if the modifications negatively impact performance. Findings demonstrate that repackaging attacks targeting PLCs are feasible and that the repackaged firmware does not impact the PLC s ability to execute programmed tasks. Finally, design recommendations are suggested to help mitigate potential weaknesses in future firmware development

Seismogeodetic Imaging of Active Crustal Faulting

Monitoring microseismicity is important for illuminating active faults and for improving our understanding earthquake physics. These tasks are difficult in urban areas where the SNR is poor, and the level of background seismicity is low. One example is the Newport-Inglewood fault (NIFZ), an active fault that transverses the city of Long-Beach (LB). The catalog magnitude of completeness within this area is M=2, about one order of magnitude larger than along other, less instrumented faults in southern California. Since earthquakes obey a power-law distribution according to which for each unit drop in magnitude the number of events increases by a tenfold, reducing the magnitude of completeness along the NIFZ will significantly decrease the time needed for effective monitoring. The LB and Rosecrans experiments provides a unique opportunity for studying seismicity along the NIFZ. These two array contain thousands of vertical geophones deployed for several-months periods along the NIFZ for exploration purposes. The array recordings are dominated by noise sources such as the local airport, highways, and pumping in the nearby oil fields. We utilize array processing techniques to enhance the SNR.We downward continue the recorded wave field to a depth of a few kilometers, which allows us to detect signals whose amplitude is a few percent of the average surface noise. The migrated wave field is back-projected onto a volume beneath the arrays to search for seismic events. The new catalog illuminates the fault structure beneath LB, and allows us to study the depth-dependent transition in earthquake scaling properties. Deep aseismic transients carry valuable information on the physical conditions that prevail at the roots of seismic faults. However, due the limited sensitivity of geodetic networks, details of the spatiotemporal evolution of such transients are not well resolved. To address this problem, we have developed a new technique to jointly infer the distribution of aseismic slip from seismicity and strain data. Our approach relies on Dieterich (1994)'s aftershock model to map observed changes in seismicity rates into stress changes. We apply this technique to study a three month long transient slip event on the Anza segment of the San Jacinto Fault (SJF), triggered by the remote Mw7.2, 2010 El Mayor-Cucapah (EMC) mainshock. The EMC sequence in Anza initiated with ten days of rapid (≈100 times the longterm slip rate), deep (12-17 km) slip, which migrated along the SJF strike. During the following 80 days afterslip remained stationary, thus significantly stressing a segment hosting the impending Mw5.4 Collins Valley mainshock. Remarkably, the cumulative moment due to afterslip induced by the later mainshock is about 10 times larger than the moment corresponding to the mainshock and its aftershocks. Similar to sequences of large earthquakes rupturing fault gaps, afterslip generated by the two mainshocks is spatially complementary. One interpretation is that the stress field due to afterslip early in the sequence determined the spatial extent of the late slip episode. Alternatively, the spatial distribution is the result of strong heterogeneity of frictional properties within the transition zone. Our preferred model suggests that Anza seismicity is primarily induced due to stress transfer from an aseismically slipping principal fault to adjacent subsidiary faults, and that the importance of earthquake interactions for generating seismicity is negligible.</p

Power supply noise in delay testing

As technology scales into the Deep Sub-Micron (DSM) regime, circuit designs have become more and more sensitive to power supply noise. Excessive noise can significantly affect the timing performance of DSM designs and cause non-trivial additional delay. In delay test generation, test compaction and test fill techniques can produce excessive power supply noise. This will eventually result in delay test overkill. To reduce this overkill, we propose a low-cost pattern-dependent approach to analyze noise-induced delay variation for each delay test pattern applied to the design. Two noise models have been proposed to address array bond and wire bond power supply networks, and they are experimentally validated and compared. Delay model is then applied to calculate path delay under noise. This analysis approach can be integrated into static test compaction or test fill tools to control supply noise level of delay tests. We also propose an algorithm to predict transition count of a circuit, which can be applied to control switching activity during dynamic compaction. Experiments have been performed on ISCAS89 benchmark circuits. Results show that compacted delay test patterns generated by our compaction tool can meet a moderate noise or delay constraint with only a small increase in compacted test set size. Take the benchmark circuit s38417 for example: a 10% delay increase constraint only results in 1.6% increase in compacted test set size in our experiments. In addition, different test fill techniques have a significant impact on path delay. In our work, a test fill tool with supply noise analysis has been developed to compare several test fill techniques, and results show that the test fill strategy significant affect switching activity, power supply noise and delay. For instance, patterns with minimum transition fill produce less noise-induced delay than random fill. Silicon results also show that test patterns filled in different ways can cause as much as 14% delay variation on target paths. In conclusion, we must take noise into consideration when delay test patterns are generated

Développement des techniques de test et de diagnostic pour les FPGA hiérarchique de type mesh

The evolution trend of shrinking feature size and increasing complexity in modern electronics is being slowed down due to physical limits that generate numerous imperfections and defects during fabrication steps or projected life time of the chip. Field Programmable Gate Arrays (FPGAs) are used in complex digital systems mainly due to their reconfigurability and shorter time-to-market. To maintain a high reliability of such systems, FPGAs should be tested thoroughly for defects. FPGA architecture optimization for area saving and better signal routability is an ongoing process which directly impacts the overall FPGA testability, hence the reliability. This thesis presents a complete strategy for test and diagnosis of manufacturing defects in mesh-based FPGAs containing a novel multilevel interconnects topology which promises to provide better area and routability. Efficiency of the proposed test schemes is analyzed in terms of test cost, respective fault coverage and diagnostic resolution.L’évolution tendant à réduire la taille et augmenter la complexité des circuits électroniques modernes, est en train de ralentir du fait des limitations technologiques, qui génèrent beaucoup de d’imperfections et de defaults durant la fabrication ou la durée de vie de la puce. Les FPGAs sont utilisés dans les systèmes numériques complexes, essentiellement parce qu’ils sont reconfigurables et rapide à commercialiser. Pour garder une grande fiabilité de tels systèmes, les FPGAs doivent être testés minutieusement pour les defaults. L’optimisation de l’architecture des FPGAs pour l’économie de surface et une meilleure routabilité est un processus continue qui impacte directement la testabilité globale et de ce fait, la fiabilité. Cette thèse présente une stratégie complète pour le test et le diagnostique des defaults de fabrication des “mesh-based FPGA” contenant une nouvelle topologie d’interconnections à plusieurs niveaux, ce qui promet d’apporter une meilleure routabilité. Efficacité des schémas proposes est analysée en termes de temps de test, couverture de faute et résolution de diagnostique