| 21. |
|
|
| 22. |
- Hallmans, Daniel, et al.
(författare)
-
Analysis of the TSN Standards for Utilization in Long-life Industrial Distributed Control Systems
- 2020
-
Ingår i: The 25th International Conference on Emerging Technologies and Factory Automation ETFA2020. - Vienna, Austria.
-
Konferensbidrag (refereegranskat)abstract
- Large complex industrial Distributed Control Systems (DCS), e.g., power distribution systems, are expected to function for long time, up to 40 years. Therefore, besides having a long system verification phase for all subsystems, the design phase should consider various aspects when it comes to selection of which technologies to utilize when implementing such systems. In this paper, we study and investigate key challenges of using the Time Sensitive Networking (TSN) technology when it comes to design, maintenance and evolution of long life-span complex DCS. We also identify issues and challenges, and propose mitigation strategies for using the TSN technology in long-life system design. Our investigation and analysis shows that many of the TSN standards are in their evolution phase and may as a consequence be subject to different interpretations and implementations. Therefore, achieving a full capacity of using the TSN technology may not be possible, in particular when it comes to design of systems having an expected long life.
|
|
| 23. |
- Hallmans, Daniel, et al.
(författare)
-
Challenges in providing sustainable analytic of system of systems with long life time
- 2021
-
Ingår i: 2021 16th International Conference of System of Systems Engineering (SoSE). - 9781665444545 ; , s. 69-74
-
Konferensbidrag (refereegranskat)abstract
- Embedded systems are today often self-sufficient systems with limited communication. However, this traditional view of an embedded system is changing rapidly. Embedded systems are nowadays evolving, e.g., an evolution pushed by the increased functional gain introduced with the concept of System of Systems (SoS) that is connecting multiple subsystems to achieve a combined functionality and/or information of a higher value. In such a SoS the subsystems will have to serve a dual purpose in a) the initial purpose that the subsystem was originally designed and deployed for, e.g., control and protection of the physical assets of a critical infrastructure system that could be up and running for 30-40 years, and b) at the same time provide information to a higher-level system for a potential future increase of system functionality as technology matures and/or new opportunities are provided by, e.g., greater analytics capabilities. In this paper, within the context of a “dual purpose use” of a) and b), we bring up three central challenges related to i) information gathering, ii) life-cycle management, and iii) data governance, and we propose directions for solutions to these challenges that need to be evaluated already at design time.
|
|
| 24. |
- Hallmans, D., et al.
(författare)
-
Design considerations introducing analytics as a 'dual use' in complex industrial embedded systems
- 2021
-
Ingår i: IEEE International Conference on Emerging Technologies and Factory Automation, ETFA. - : Institute of Electrical and Electronics Engineers Inc.. - 9781728129891
-
Konferensbidrag (refereegranskat)abstract
- Embedded systems are today often self-sufficient with limited and predefined communication. However, this traditional view of embedded systems is changing through advancements in technologies such as, communication, cloud technologies, and advanced analytics including machine learning. These advancements have increased the benefits of building Systems of Systems (SoS) that can provide a functionality with unique capabilities that none of the included subsystems can accomplish separately. By this gain of functionality the embedded system is evolving towards a 'dual use' purpose11In this paper we define dual usage as a control system having two purposes. In other contexts such as politics, diplomacy and export control, the term 'dual-use' refers to technology that can be used for both peaceful and military aims, e.g., nuclear power technology., The use is dual in the sense that the system still needs to handle its original task, e.g., control and protect of an asset, and it must provide information for creating the SoS. Larger installations, e.g., industry plants, power systems and generation, have in most cases a long expected life-cycle, some up to 30-40 years without significant updates, compared to analytical functions that evolve and change much faster, i.e., requiring new types of data sets from the subsystems, not know at its first deployment. This difference in development cycles calls for new solutions supporting updates related to new requirements inherent in analytical functions. In this paper, within the context of 'dual usage' of systems and subsystems, we analyze the impact on an embedded system, new or legacy, when it is required to provide analytic data with high quality. We compare a reference system, implementing all functions in one CPU core, to three other alternative solutions: a) a multi-core system where we are using a separate core for analytics, b) using a separate analytics CPU and c) analytics functionality located in a separate subsystem. Our conclusion is that the choice of analytics information collection method should to be based on intended usage, along with resulting complexity and cost of updates compared to hardware cost.
|
|
| 25. |
- Hariharan, Sheela, et al.
(författare)
-
On In-Vehicle Network Security Testing Methodologies in Construction Machinery
- 2022
-
Ingår i: IEEE International Conference on Emerging Technologies and Factory Automation, ETFA. - : Institute of Electrical and Electronics Engineers Inc.. - 9781665499965
-
Konferensbidrag (refereegranskat)abstract
- In construction machinery, connectivity delivers higher advantages in terms of higher productivity, lower costs, and most importantly safer work environment. As the machinery grows more dependent on internet-connected technologies, data security and product cybersecurity become more critical than ever. These machines have more cyber risks compared to other automotive segments since there are more complexities in software, larger after-market options, use more standardized SAE J1939 protocol, and connectivity through long-distance wireless communication channels (LTE interfaces for fleet management systems). Construction machinery also operates throughout the day, which means connected and monitored endlessly. Till today, construction machinery manufacturers are investigating the product cybersecurity challenges in threat monitoring, security testing, and establishing security governance and policies. There are limited security testing methodologies on SAE J1939 CAN protocols. There are several testing frameworks proposed for fuzz testing CAN networks according to [1]. This paper proposes security testing methods (Fuzzing, Pen testing) for in-vehicle communication protocols in construction machinery.
|
|
| 26. |
- Hariharan, Sheela, et al.
(författare)
-
Towards a holistic approach to security validation of construction machinery through HIL systems
- 2023
-
Ingår i: IEEE Int. Conf. Emerging Technol. Factory Autom., ETFA. - : Institute of Electrical and Electronics Engineers Inc.. - 9798350339918
-
Konferensbidrag (refereegranskat)abstract
- The construction industry is increasingly equipping its machinery with sophisticated embedded systems and modern connectivity. Technology advancements in connected safety-critical systems are complex, with cyber-security becoming a more critical factor. Due to interdependencies and network connectivity, attack surfaces and vulnerabilities have increased significantly. Consequently, it is imperative to perform a risk assessment and implement robust security testing methods in order to prevent cyber-attacks on machinery segments. This paper presents a method for identifying potential security threats that also affect machine functional safety, facilitated by identifying threats in the threat modeling process and analyzing safety-security synergies. By identifying such risks, attack scenarios are created to simulate cyber-attacks and create test cases for validation. This approach integrates security testing into the current testing process by using penetration testing tools and utilizing a Hardware-in-the-Loop(HIL) test setup and it is verified with a simulated Denial of Service attack over a CAN network.
|
|
| 27. |
- Johansson, B., et al.
(författare)
-
Consistency before Availability : Network Reference Point based Failure Detection for Controller Redundancy
- 2023
-
Ingår i: IEEE Int. Conf. Emerging Technol. Factory Autom., ETFA. - : Institute of Electrical and Electronics Engineers Inc.. - 9798350339918
-
Konferensbidrag (refereegranskat)abstract
- Distributed control systems constitute the automation solution backbone in domains where downtime is costly. Redundancy reduces the risk of faults leading to unplanned downtime. The Industry 4.0 appetite to utilize the device-to-cloud continuum increases the interest in network-based hardware-agnostic controller software. Functionality, such as controller redundancy, must adhere to the new ground rules of pure network dependency. In a standby controller redundancy, only one controller is the active primary. When the primary fails, the backup takes over. A typical network-based failure detection uses a cyclic message with a known interval, a.k.a. a heartbeat. Such a failure detection interprets heartbeat absences as a failure of the supervisee; consequently, a network partitioning could be indistinguishable from a node failure. Hence, in a network partitioning situation, a conventional heartbeat-based failure detection causes more than one active controller in the redundancy set, resulting in inconsistent outputs. We present a failure detection algorithm that uses network reference points to prevent network partitioning from leading to dual primary controllers. In other words, a failure detection that prioritizes consistency before availability.
|
|
| 28. |
- Johansson, Bjarne, 1977-
(författare)
-
Dependable Distributed Control System : Redundancy and Concurrency defects
- 2022
-
Licentiatavhandling (övrigt vetenskapligt/konstnärligt)abstract
- Intelligent devices, interconnectivity, and information exchange are characteristics often associated with Industry 4.0. A peer-to-peer-oriented architecture with the network as the system center succeeds the traditional controller-centric topology used in today's distributed control systems, improving information exchange in future designs. The network-centric architecture allows IT-solution such as cloud, fog, and edge computing to enter the automation industry. IT-solution that rely on virtualization techniques such as virtual machines and containers. Virtualization technology, combined with virtual instance management, provide the famous elasticity that cloud computing offer. Container management systems like Kubernetes can scale the number of containers to match the service demand and redeploy containers affected by failures.Distributed control systems constitute automation infrastructure core in many critical applications and domains. The criticality puts high dependability requirements upon the systems, i.e., dependability is essential. High-quality software and redundancy solutions are examples of traditional ways to increase dependability. Dependability is the common denominator for the challenges addressed in this thesis. Challenges that range from concurrency defect localization with static code analysis to utilization of failure recovery mechanisms provided by container management systems in a control system context.We evaluate the feasibility of locating concurrency defects in embedded industrial software with static code analysis. Furthermore, we propose a deployment agnostic failure detection and role selection mechanism for controller redundancy in a network-centric context. Finally, we use the container management system Kubernetes to orchestrate a cluster of virtualized controllers. We evaluate the failure recovery properties of the container management system in combination with redundant virtualized controllers - redundant controllers using the proposed failure detection and role selection solution.
|
|
| 29. |
|
|
| 30. |
- Johansson, Bjarne, et al.
(författare)
-
Kubernetes Orchestration of High Availability Distributed Control Systems
- 2022
-
Ingår i: Proc IEEE Int Conf Ind Technol. - : Institute of Electrical and Electronics Engineers Inc.. - 9781728119489
-
Konferensbidrag (refereegranskat)abstract
- Distributed control systems transform with the Industry 4.0 paradigm shift. A mesh-like, network-centric topology replaces the traditional controller-centered architecture, enforcing the interest of cloud-, fog-, and edge-computing, where lightweight container-based virtualization is a cornerstone. Kubernetes is a well-known container management system for container orchestration in cloud computing. It is gaining traction in edge- and fog-computing due to its elasticity and failure recovery properties. Orchestrator failure recovery can complement the manual replacement of a failed controller and, combined with controller redundancy, provide a pseudo-one-out-of-many redundancy. This paper investigates the failure recovery performance obtained from an out-of-the-box Kubernetes installation in a distributed control system scenario. We describe a Kubernetes based virtualized controller architecture and the software needed to set up a bare-metal cluster for control systems. Further, we deploy single and redundant configured containerized controllers based on an OPC UA compatible industry middleware software on the bare-metal cluster. The controllers expose variables with OPC UA PubSub. A script-based daemon introduces node failures, and a verification controller measures the downtime when using Kubernetes with an industry redundancy solution.
|
|
