Fault injection for the evaluation of critical systems

Dissertação de mestrado em Engenharia InformáticaAtualmente, os sistemas críticos estão cada vez mais presentes no nosso dia-a-dia, fazendo aumentar a necessidade de os assegurar cada vez mais e reduzindo o risco de acidente ou falha. A industria espacial e automóvel são exemplos de indústrias que usam esses sistemas e que necessitam de os ver assegurados. Consequentemente, têm de ser tomadas medidas para garantir a segurança de um sistema ao nível de software e hardware. A injeção de falhas é uma das respostas a esse problema, fazendo uso das suas diferentes técnicas para poder avaliar e validar sistemas críticos. A injeção de falhas pode ser considerada uma técnica de teste ao software, onde as falhas podem ser injetadas ao nível do software ou hardware e cujos resultados podem ser monitorizados de forma a avaliar como é que o sistema reagiu a tais falhas. Scan-Chain Implemented Fault Injection é a técnica de injeção de falhas que proporciona uma maior acessibilidade, observabilidade e controlabilidade. Com esta técnica, os níveis de hardware e de integração de sistemas podem ser validados. O csXception® é um ambiente de injeção de falhas automatizado desenvolvido pela Critical Software S.A para avaliar e validar sistemas críticos. A sua arquitetura é dinâmica e baseada em plug-ins de injeção de falhas. Devido à crescente presença dos microcontroladores ARM® Cortex-M3 na industria automóvel, surgiu a necessidade de criar um novo plug-in de injeção de falhas para o csXception®. Assim, o objectivo principal desta dissertação de mestrado é o desenvolvimento de um novo plug-in de injeção de falhas para o csXception®, que permita injetar falhas em microcontroladores ARM® Cortex-M3, contextualizar o novo plug-in com a norma ISO-26262 e utilizar um caso de estudo para mostrar alguns dos resultados obtidos.Nowadays, critical systems are much more present in our daily life, increasing the need to ensure that these systems are becoming safer and thus reducing the risk of accident or failure. The space and automotive industry are examples of industries who use these systems and need to see them insured. Therefore, actions need to be taken to guarantee the safety of a system, both at software and hardware levels. Fault injection is one of the answers to that specific problem, making use of its different techniques in order to respond to the critical system validation and evaluation. Fault injection can be considered as a testing technique, where faults are injected in the hardware or software levels and whose results are monitored in order to evaluate how the system handles such faults. Scan-Chain Implemented Fault Injection is a fault injection technique that provides more reachability, observability and controllability. With this technique, the hardware-level and system-integration validation can be guaranteed. csXception® is an automated fault injection environment that validates and evaluates critical systems. Developed by Critical Software, S.A., the csXception®'s architecture is dynamic and based on fault injection plug-ins. With the increasing presence of Cortex-M3 microcontrollers on the automotive industry, a new plug-in for csXception® needs to be developed. Thus, the main goal of this master dissertation is the development of a new fault injection plug-in for csXception® that allows the user to inject faults into ARM® Cortex-M3 microcontrollers, to contextualize the new plug-in with the ISO-26262 safety standards and to use a case study to show some of the obtained results

From Safety Analysis to Experimental Validation by Fault Injection—Case of Automotive Embedded Systems

En raison de la complexité croissante des systèmes automobiles embarqués, la sûreté de fonctionnement est devenue un enjeu majeur de l’industrie automobile. Cet intérêt croissant s’est traduit par la sortie en 2011 de la norme ISO 26262 sur la sécurité fonctionnelle. Les défis auxquelles sont confrontés les acteurs du domaine sont donc les suivants : d’une part, la conception de systèmes sûrs, et d’autre part, la conformité aux exigences de la norme ISO 26262. Notre approche se base sur l’application systématique de l’injection de fautes pour la vérification et la validation des exigences de sécurité, tout au long du cycle de développement, des phases de conception jusqu’à l’implémentation. L’injection de fautes nous permet en particulier de vérifier que les mécanismes de tolérance aux fautes sont efficaces et que les exigences non-fonctionnelles sont respectées. L’injection de faute est une technique de vérification très ancienne. Cependant, son rôle lors de la phase de conception et ses complémentarités avec la validation expérimentale, méritent d’être étudiés. Notre approche s’appuie sur l’application du modèle FARM (Fautes, Activations, Relevés et Mesures) tout au long du processus de développement. Les analyses de sûreté sont le point de départ de notre approche, avec l'identification des mécanismes de tolérance aux fautes et des exigences non-fonctionnelles, et se terminent par la validation de ces mécanismes par les expériences classiques d'injection de fautes. Enfin, nous montrons que notre approche peut être intégrée dans le processus de développement des systèmes embarqués automobiles décrits dans la norme ISO 26262. Les contributions de la thèse sont illustrées sur l’étude de cas d’un système d’éclairage avant d’une automobile. ABSTRACT : Due to the rising complexity of automotive Electric/Electronic embedded systems, Functional Safety becomes a main issue in the automotive industry. This issue has been formalized by the introduction of the ISO 26262 standard for functional safety in 2011. The challenges are, on the one hand to design safe systems based on a systematic verification and validation approach, and on the other hand, the fulfilment of the requirements of the ISO 26262 standard. Following ISO 26262 recommendations, our approach, based on fault injection, aims at verifying fault tolerance mechanisms and non-functional requirements at all steps of the development cycle, from early design phases down to implementation. Fault injection is a verification technique that has been investigated for a long time. However, the role of fault injection during design phase and its complementarities with the experimental validation of the target have not been explored. In this work, we investigate a fault injection continuum, from system design validation to experiments on implemented targets. The proposed approach considers the safety analyses as a starting point, with the identification of safety mechanisms and safety requirements, and goes down to the validation of the implementation of safety mechanisms through fault injection experiments. The whole approach is based on a key fault injection framework, called FARM (Fault, Activation, Readouts and Measures). We show that this approach can be integrated in the development process of the automotive embedded systems described in the ISO 26262 standard. Our approach is illustrated on an automotive case study: a Front-Light system