Security and Safety Aspects of AI in Industry Applications

In this relatively informal discussion-paper we summarise issues in the domains of safety and security in machine learning that will affect industry sectors in the next five to ten years. Various products using neural network classification, most often in vision related applications but also in predictive maintenance, have been researched and applied in real-world applications in recent years. Nevertheless, reports of underlying problems in both safety and security related domains, for instance adversarial attacks have unsettled early adopters and are threatening to hinder wider scale adoption of this technology. The problem for real-world applicability lies in being able to assess the risk of applying these technologies. In this discussion-paper we describe the process of arriving at a machine-learnt neural network classifier pointing out safety and security vulnerabilities in that workflow, citing relevant research where appropriate.Comment: As presented at the Embedded World Conference, Nuremberg, 202

Security and safety aspects of AI in industry applications

In this relatively informal discussion-paper we summarise issues in the domains of safety and security in machine learning that will affect industry sectors in the next five to ten years. Various products using neural network classification, most often in vision related applications but also in predictive maintenance, have been researched and applied in real-world applications in recent years. Nevertheless, reports of underlying problems in both safety and security related domains, for instance adversarial attacks have unsettled early adopters and are threatening to hinder wider scale adoption of this technology. The problem for real-world applicability lies in being able to assess the risk of applying these technologies. In this discussion-paper we describe the process of arriving at a machine-learnt neural network classifier pointing out safety and security vulnerabilities in that workflow, citing relevant research where appropriate

Generating research aims for legged robots : a market and dependability approach

We content that real-world widespread adoption of multi-legged robots is not due to some magic missing engineering ingredient but due, by and large, to two related factors. The first is that the market must be educated as to the potential benefits of such technology and secondly any missing engineering ingredients need to be market derived and not research specified. After discussing the issue of educating the market we proceed with an example of generating market-oriented technical requirements which specifically result in new controller architectures. We continue this example with two examples of requirements generated by technical analysis, including Systems Theoretic Process Analysis, and so show that whilst the continuation of fundamental research is necessary if multi-legged robots are to find a sustainable set of real-world applications research resources need to be guided into market research and market orientated industrialisation

Quo vadis real time ethernet

Real time Ethernet (RTE) protocol suites are commonly operated within an exclusively allocated Ethernet based network that is used to exchange data for a distributed real time application. In practice, RTE protocol stack implementations interlace the maintenance of their data objects on the (standardised and loosely coupled) application layer with the task of traffic fitting. The latter includes the egress and ingress of application data over the underlying layers but also the coordination (scheduling) of the same. The set of time sensitive networking (TSN) IEEE standards is an addendum to common Ethernet (IEEE 802.3*). It has the aim to provide technologies to implement deterministic Ethernet networks. In factory automation RTE, an ongoing establishment of such technologies is observed. They lay the ground for various possibilities to shift the mechanisms for scheduling data transmissions towards networking juncture elements, e.g. Ethernet switch. This work intends to fabricate a stronger separation between the application layer and the tasks concerning traffic fitting. A demonstration setup is developed. It consists of an Ethernet switch (partly TSN capable), two programmable logic controllers (PLCs) and one input/output (I/O) device. Simultaneous operation of two unsimilar RTE protocol suites within the same network is shown. Possible optimisations applied to RTE application components, which target a higher level of determinism, are presented. Measurements underpin the chosen optimisations

Dynamic lockstep processors for applications with functional safety relevance

© 2021 IEEE. Personal use of this material is permitted. Permission from IEEE must be obtained for all other uses, in any current or future media, including reprinting/republishing this material for advertising or promotional purposes, creating new collective works, for resale or redistribution to servers or lists, or reuse of any copyrighted component of this work in other works.Lockstep processing is a recognized technique for helping to secure functional-safety relevant processing against, for instance, single upset errors that might cause faulty execution of code. Lockstepping processors does however bind processing resources in a fashion not beneficial to architectures and applications that would benefit from multi-core/-processors. We propose a novel on-demand synchronizing of cores/processors for lock-step operation featuring post-processing resource release, a concept that facilitates the implementation of modularly redundant core/processor arrays. We discuss the fundamentals of the design and some implementation notes on work achieved to date

Examining redundancy in the context of safe machine learning

This paper describes a set of experiments with neural network classifiers on the MNIST database of digits. The purpose is to investigate naïve implementations of redundant architectures as a first step towards safe and dependable machine learning. We report on a set of measurements using the MNIST database which ultimately serve to underline the expected difficulties in using NN classifiers in safe and dependable systems

Mixed criticality communication within an unmanned delivery rotorcraft

Stand-alone functions additional to a UAV flight-controller, such as safety-relevant flight-path monitoring or payload-monitoring and control, may be SORA-required or advised for specific flight paths of delivery-drones. These functions, articulated as discrete electronic components either internal or external to the main fuselage, can be networked with other on-board electronics systems. Such an integration requires respecting the integrity levels of each component on the network both in terms of function and in terms of power-supply. In this body of work we detail an intra-component communication system for small autonomous and semi-autonomous unmanned aerial vehicles (UAVs.) We discuss the context and the (conservative) design decisions before detailing the hardware and software interfaces and reporting on a first implementation. We finish by drawing conclusions and proposing future work

Dependable neural networks through redundancy, a comparison of redundant architectures

With edge-AI finding an increasing number of real-world applications, especially in industry, the question of functionally safe applications using AI has begun to be asked. In this body of work, we explore the issue of achieving dependable operation of neural networks. We discuss the issue of dependability in general implementation terms before examining lockstep solutions. We intuit that it is not necessarily a given that two similar neural networks generate results at precisely the same time and that synchronization between the platforms will be required. We perform some preliminary measurements that may support this intuition and introduce some work in implementing lockstep neural network engines

Towards securing hard real-time networked embedded devices and systems : a cBPF implementation for an FPGA

In this body of work we describe preliminary work implementing a Berkely Packet Filter, in its original conception, in an FPGA. The purpose is packet filtering and ingress traffic shaping in security-relevant applications in distributed embedded nodes. We specifically target PROFINET nodes in hard real-time applications where network security is an open issue. We describe the motivation, implementation and verification including performance characteristics. We conclude that such a filter can be used to not only for protection against simple denial-of-service attacks but also for ingress protocol management and potentially for the implementation of system-wide security policies