Side-Channel Protected MPSoC through Secure Real-Time Networks-on-Chip

The integration of Multi-Processors System-on-Chip (MPSoCs) into the Internet -of -Things (IoT) context brings new opportunities, but also represent risks. Tight real-time constraints and security requirements should be considered simultaneously when designing MPSoCs. Network-on-Chip (NoCs) are specially critical when meeting these two conflicting characteristics. For instance the NoC design has a huge influence in the security of the system. A vital threat to system security are so-called side-channel attacks based on the NoC communication observations. To this end, we propose a NoC security mechanism suitable for hard real-time systems, in which schedulability is a vital design requirement. We present three contributions. First, we show the impact of the NoC routing in the security of the system. Second, we propose a packet route randomisation mechanism to increase NoC resilience against side-channel attacks. Third, using an evolutionary optimisation approach, we effectively apply route randomisation while controlling its impact on hard real-time performance guarantees. Extensive experimental evidence based on analytical and simulation models supports our findings

AirTight: A Resilient Wireless Communication Protocol for Mixed-Criticality Systems

This paper describes the motivation, design, analysis and implementation of a new protocol for critical wireless communication called AirTight. Wireless communication has become a crucial part of the infrastructure of many cyber-physical applications. Many of these applications are real-time and also mixed-criticality, in that they have components/subsystems with different consequences of failure. Wireless communication is inevitably subject to levels of external interference. In this paper we represent this interference using a criticality-aware fault model; for each level of interference in the fault model we guarantee the timing behaviour of the protocol (i.e.~we guarantee that packet deadlines are satisfied for certainly levels of criticality). Although a new protocol, AirTight is built upon existing standards such as IEEE 802.15.4. A prototype implementation and protocol-accurate simulator, which are also built upon existing technologies, demonstrate the effectiveness and functionality of the protocol

Model-Driven Simulation-Based Analysis for Multi-Robot Systems

Multi-robot systems are increasingly deployed to provide services and accomplish missions whose complexity or cost is too high for a single robot to achieve on its own. Although multi-robot systems offer increased reliability via redundancy and enable the execution of more challenging missions, engineering these systems is very complex. This complexity affects not only the architecture modelling of the robotic team but also the modelling and analysis of the collaborative intelligence enabling the team to complete its mission. Existing approaches for the development of multi-robot applications do not provide a systematic mechanism for capturing these aspects and assessing the robustness of multi-robot systems. We address this gap by introducing ATLAS, a novel model-driven approach supporting the systematic robustness analysis of multi-robot systems in simulation. The ATLAS domain-specific language enables modelling the architecture of the robotic team and its mission, and facilitates the specification of the team’s intelligence. We evaluate ATLAS and demonstrate its effectiveness on two oceanic exploration missions performed by a team of unmanned underwater vehicles developed using the MOOS-IvP robotic simulator

Validating High Level Simulation Results against Experimental Data and Low Level Simulation : A Case Study

Simulation can be considered a necessary evil in the validation of systems, especially when the system under consideration is being prototyped and therefore does not presently exist. This is compounded by the use of high level simulators; on the one hand, high level simulation is efficient, in that it abstracts away many details of the system which are deemed to be not important. This allows for a simpler and faster running simulator, which allows the user to obtain results faster and/or perform more experiments. On the other hand, some of the details abstracted away might turn out to be important, introducing inaccuracies. This paper outlines a framework for the statistical understanding and attribution of the errors produced by a high level simulator when compared against real experiments by means of a low level simulator. This allows the user of a simulator to determine whether or not the inaccuracies are significant, and whether or not the high level simulator requires refinements in its accuracy for the results to be valid. These techniques are illustrated via a case study

The AirTight Protocol for Mixed Criticality Wireless CPS

This paper describes the motivation, design, analysis and configuration of the criticality-aware multi-hop wireless communication protocol AirTight. Wireless communication has become a crucial part of the infrastructure of many cyber-physical applications. Many of these applications are real-time and also mixed-criticality, in that they have components/subsystems with different consequences of failure. Wireless communication is inevitably subject to levels of external interference. In this paper we represent this interference using a criticality-aware fault model; for each level of temporal interference in the fault model we guarantee the timing behaviour of the protocol (i.e.~we guarantee that packet deadlines are satisfied for certain levels of criticality). Although a new protocol, AirTight is built upon existing standards such as IEEE 802.15.4. A prototype implementation and protocol-accurate simulator have been produced. This paper develops a series of schedulability analysis techniques for single-channel and multichannel wireless Cyber-Physical Systems (CPS). Heuristics are specified and evaluated as the starting point of design space exploration. Genetic algorithms are then defined and evaluated to assess their performance in developing schedule tables incorporating multichannel allocations in these systems

Supporting Critical Modes in AirTight

The AirTight protocol supports mixed criticality wireless traffic and temporal guarantees based on defined fault models. In some systems, following a catastrophic failure, it is necessary to communicate crucial data away from the site of the failure in order to better understand (post-hoc) the reasons why it occurred. To support this action it is necessary for a mode change request to be propagated to all the non-failed nodes in the system, and for these nodes to switch their behaviour so that the crucial data is given high priority in its use of the wireless network. This paper explains how Airtight can support such a critical mode change. A uni-cast protocol is utilised to flood the system with mode change messages, each node then locally prioritizes its use of the available bandwidth to support the defined UC (Ultra-Criticality) packet flows. An aircraft engine control scenario is used to motivate the requirements for the mode change protocol. Protocol-accurate simulations are then used to illustrate and evaluate the approach

Theatre and Architecture - Stage Design - Costume. A Bibliographic guide in five languages (1970-2000)

Security can be seen as an optimisation objective in NoC resource management, and as such poses trade-offs against other objectives such as real-time schedulability. In this paper, we show how to increase NoC resilience against a concrete type of security attack, named side-channel attack, which exploit the correlation between specific non-functional properties (such as packet latencies and routes, in the case of NoCs) to infer the functional behaviour of secure applications. For instance, the transmission of a packet over a given link of the NoC may hint on a cache miss, which can be used by an attacker to guess specific parts of a secret cryptographic key, effectively weakening it. We therefore propose packet route randomisation as a mechanism to increase NoC resilience against side-channel attacks, focusing specifically on the potential impact of such an approach upon hard real-time systems, where schedulability is a vital design requirement. Using an evolutionary optimisation approach, we show how to effectively apply route randomisation in such a way that it can increase NoC security while controlling its impact on hard real-time performance guarantees. Extensive experimental evidence based on analytical and simulation models supports our findings

Asymmetries and visual field summaries as predictors of glaucoma in the ocular hypertension treatment study

PURPOSE. To evaluate whether baseline visual field data and asymmetries between eyes predict the onset of primary open-angle glaucoma (POAG) in Ocular Hypertension Treatment Study (OHTS) participants. METHODS. A new index, mean prognosis (MP), was designed for optimal combination of visual field thresholds, to discriminate between eyes that developed POAG from eyes that did not. Baseline intraocular pressure (IOP) in fellow eyes was used to construct measures of IOP asymmetry. Age-adjusted baseline thresholds were used to develop indicators of visual field asymmetry and summary measures of visual field defects. Marginal multivariate failure time models were constructed that relate the new index MP, IOP asymmetry, and visual field asymmetry to POAG onset for OHTS participants. RESULTS. The marginal multivariate failure time analysis showed that the MP index is significantly related to POAG onset (P &lt; 0.0001) and appears to be a more highly significant predictor of POAG onset than either mean deviation (MD; P = 0.17) or pattern standard deviation (PSD; P = 0.046). A 1-mm Hg increase in IOP asymmetry between fellow eyes is associated with a 17% increase in risk for development of POAG. When threshold asymmetry between eyes existed, the eye with lower thresholds was at a 37% greater risk of development of POAG, and this feature was more predictive of POAG onset than the visual field index MD, though not as strong a predictor as PSD. CONCLUSIONS. The MP index, IOP asymmetry, and binocular test point asymmetry can assist in clinical evaluation of eyes at risk of development of POAG.</p