Reliability and security in wellbeing monitoring embedded systems

Dissertação para obtenção do Grau de Mestre em Engenharia Informática e de ComputadoresAo longo dos últimos anos, a fiabilidade e a segurança dos sistemas embebidos utilizados em áreas críticas, como a saúde e o sector automóvel, têm suscitado um interesse crescente na comunidade científica e ganho maior consciencialização entre o público em geral. Esta tese aborda a modelação e a implementação de uma arquitetura software fiável e segura para um sistema embebido focado na aquisição e processamento de sinais fisiológicos, em particular o eletrocardiograma (ECG). O trabalho realizado visou o CardioWheel, um projeto em curso desenvolvido pela CardioID Technologies, destinado a aplicações nas áreas da saúde e do automóvel. As particularidades destas áreas quanto aos seus requisitos de segurança e proteção dos utilizadores servem de caso de estudo para mostrar as vantagens da arquitetura desenvolvida. Assim, no estudo realizado foi feito o levantamento dos requisitos do sistema que foram utilizados para projetar a máquina de estados da arquitetura em UML, a qual foi validada formalmente utilizando a ferramenta Uppaal e o modelo de autómatos finitos temporizados. Também foi feita uma análise de ameaças à arquitetura para validar os aspetos relacionados com a segurança. A arquitetura foi desenvolvida para microcontroladores ESP32 usando o ecossistema ESP-IDF e o FreeRTOS, para o que foram consideradas camadas independentes de hardware. A camada de comunicação é baseada no protocolo Bluetooth Low Energy (BLE) e permite a transmissão dos dados do nó final para um gateway e, posteriormente, para um servidor na nuvem. A operação de atualização de firmware usando o componente Over-The-Air (OTA) foi também implementada e validada quanto à sua segurança. A arquitetura foi, inicialmente, avaliada e validada usando um protótipo laboratorial. Posteriormente, foi utilizada para realizar uma pequena série de produção do CardioWheel em que se utilizaram as estratégias de validação propostas no contexto do projeto ESCEL KDT Valu3s. Também foi realizado um ensaio pré-médico no Hospital de Santa Marta usando o CardioWheel com a arquitetura proposta, que permitiu validar a sua fiabilidade e capacidades quando comparado com um eletrocardiógrafo clínico.Recently, the reliability and cybersecurity aspects of embedded systems for critical domains, such as health and automotive, has increased interest in the research community and awareness to the general public. This thesis addresses the modelling and the implementation of a reliable and secure software architecture for an embedded system aimed at the acquisition and processing of physiological signals, in particular the electrocardiogram (ECG). The work focused CardioWheel, an ongoing project developed by CardioID Technologies, targeting health and automotive applications. These domains demand special requirements for safety and security, and serve as a showcase for the proposed architecture. Accordingly, suitable requirements were first established and the architecture state machine was developed using UML and formally validated using Uppaal and Timed Automata modelling. Then, the threat analysis of the architecture was conducted. Finally, the implementation was realized for an ESP32 microcontroller using the FreeRTOS, the ESP-IDF ecosystem, and specially developed hardware independent layers. The communication layer is based on Bluetooth Low Energy (BLE) and allows the transmission of the data from the end-node to a gateway and finally to the cloud. The system has a Over-The-Air (OTA) component that enables the update of the firmware and the security of this operation was also validated. The proposed architecture was firstly validated using a laboratory prototype. Then, it was deployed to build a small production series of CardioWheel incorporating validation strategies proposed within the context of the ESCEL KDT Valu3s project. Also, a pre-medical trial was conducted at the Hospital de Santa Marta, confirming the reliability and capabilities of our system against a clinical ground-truth.N/

Towards Multidimensional Verification: Where Functional Meets Non-Functional

Trends in advanced electronic systems' design have a notable impact on design verification technologies. The recent paradigms of Internet-of-Things (IoT) and Cyber-Physical Systems (CPS) assume devices immersed in physical environments, significantly constrained in resources and expected to provide levels of security, privacy, reliability, performance and low power features. In recent years, numerous extra-functional aspects of electronic systems were brought to the front and imply verification of hardware design models in multidimensional space along with the functional concerns of the target system. However, different from the software domain such a holistic approach remains underdeveloped. The contributions of this paper are a taxonomy for multidimensional hardware verification aspects, a state-of-the-art survey of related research works and trends towards the multidimensional verification concept. The concept is motivated by an example for the functional and power verification dimensions.Comment: 2018 IEEE Nordic Circuits and Systems Conference (NORCAS): NORCHIP and International Symposium of System-on-Chip (SoC

From Verification to Implementation: A Model Translation Tool and a Pacemaker Case Study

Model-Driven Design (MDD) of cyber-physical systems advocates for design procedures that start with formal modeling of the real-time system, followed by the model’s verification at an early stage. The verified model must then be translated to a more detailed model for simulation-based testing and finally translated into executable code in a physical implementation. As later stages build on the same core model, it is essential that models used earlier in the pipeline are valid approximations of the more detailed models developed downstream. The focus of this effort is on the design and development of a model translation tool, UPP2SF, and how it integrates system modeling, verification, model-based WCET analysis, simulation, code generation and testing into an MDD based framework. UPP2SF facilitates automatic conversion of verified timed automata-based models (in UPPAAL) to models that may be simulated and tested (in Simulink/Stateflow). We describe the design rules to ensure the conversion is correct, efficient and applicable to a large class of models. We show how the tool enables MDD of an implantable cardiac pacemaker. We demonstrate that UPP2SF preserves behaviors of the pacemaker model from UPPAAL to Stateflow. The resultant Stateflow chart is automatically converted into C and tested on a hardware platform for a set of requirements

A domain specific language for performance evaluation of medical imaging systems

We propose iDSL, a domain specific language and toolbox for performance evaluation of Medical Imaging Systems. iDSL provides transformations to MoDeST models, which are in turn converted into UPPAAL and discrete-event MODES models. This enables automated performance evaluation by means of model checking and simulations. iDSL presents its results visually. We have tested iDSL on two example image processing systems. iDSL has successfully returned differentiated delays, resource utilizations and delay bounds. Hence, iDSL helps in evaluating and choosing between design alternatives, such as the effects of merging subsystems onto one platform or moving functionality from one platform to another

Bounded Model Checking of State-Space Digital Systems: The Impact of Finite Word-Length Effects on the Implementation of Fixed-Point Digital Controllers Based on State-Space Modeling

The extensive use of digital controllers demands a growing effort to prevent design errors that appear due to finite-word length (FWL) effects. However, there is still a gap, regarding verification tools and methodologies to check implementation aspects of control systems. Thus, the present paper describes an approach, which employs bounded model checking (BMC) techniques, to verify fixed-point digital controllers represented by state-space equations. The experimental results demonstrate the sensitivity of such systems to FWL effects and the effectiveness of the proposed approach to detect them. To the best of my knowledge, this is the first contribution tackling formal verification through BMC of fixed-point state-space digital controllers.Comment: International Symposium on the Foundations of Software Engineering 201