| 21. |
- Friebe, Anna
(author)
-
Timing and Schedulability Analysis of Real-Time Systems using Hidden Markov Models
- 2022
-
Licentiate thesis (other academic/artistic)abstract
- In real-time systems functional requirements are coupled to timing requirements, a specified event needs to occur at the appropriate time. In order to ensure that timing requirements are fulfilled, there are two main approaches, static and measurement-based. The static approach relies on modeling the hardware and software and calculating upper bounds for the timing behavior. On the other hand, measurement-based approaches use timing data collected from the system to estimate the timing behavior.The usability of static and measurement-based approaches is limited in many modern systems due to the increased complexity of hardware and software architectures. Static approaches to timing and schedulability analysis are often infeasible due to their complexity. Measurement-based approaches require that design-time measurements are representative of the timing behavior at runtime, which is problematic to ensure in many cases. Designing systems that guarantee the timing requirements without excessive resource overprovisioning is a challenge.A Hidden Markov Model (HMM) describes a system where the behavior is state-dependent. In this thesis, we model the execution time distribution of a periodic task as an HMM where the states are associated with continuous emission distributions. By modeling the execution times in this manner with a limited number of parameters, a step is taken on the path toward tracking and controlling timing properties at runtime. We present a framework for parameter identification of an HMM with Gaussian emission distributions from timing traces, and validation of the identified models. In evaluated cases, the parameterized models are valid in relation to timing traces.For cases where design-time measurements are not representative of the system at runtime we present a method for the online adaptive update of the emission distributions of an HMM. Evaluation with synthetic data shows that the estimate tracks the ground truth distribution. A method for estimating the deadline miss probability for a task with execution times modeled by an HMM with Gaussian emission distributions, in a Constant Bandwidth Server (CBS) is proposed. The method is evaluated with simulation and for a synthetic task with a known Markov Chain structure running on real hardware.
|
|
| 22. |
|
|
| 23. |
- Hallmans, Daniel, et al.
(author)
-
Analysis of the TSN Standards for Utilization in Long-life Industrial Distributed Control Systems
- 2020
-
In: The 25th International Conference on Emerging Technologies and Factory Automation ETFA2020. - Vienna, Austria.
-
Conference paper (peer-reviewed)abstract
- Large complex industrial Distributed Control Systems (DCS), e.g., power distribution systems, are expected to function for long time, up to 40 years. Therefore, besides having a long system verification phase for all subsystems, the design phase should consider various aspects when it comes to selection of which technologies to utilize when implementing such systems. In this paper, we study and investigate key challenges of using the Time Sensitive Networking (TSN) technology when it comes to design, maintenance and evolution of long life-span complex DCS. We also identify issues and challenges, and propose mitigation strategies for using the TSN technology in long-life system design. Our investigation and analysis shows that many of the TSN standards are in their evolution phase and may as a consequence be subject to different interpretations and implementations. Therefore, achieving a full capacity of using the TSN technology may not be possible, in particular when it comes to design of systems having an expected long life.
|
|
| 24. |
- Hallmans, Daniel, et al.
(author)
-
Challenges in providing sustainable analytic of system of systems with long life time
- 2021
-
In: 2021 16th International Conference of System of Systems Engineering (SoSE). - 9781665444545 ; , s. 69-74
-
Conference paper (peer-reviewed)abstract
- Embedded systems are today often self-sufficient systems with limited communication. However, this traditional view of an embedded system is changing rapidly. Embedded systems are nowadays evolving, e.g., an evolution pushed by the increased functional gain introduced with the concept of System of Systems (SoS) that is connecting multiple subsystems to achieve a combined functionality and/or information of a higher value. In such a SoS the subsystems will have to serve a dual purpose in a) the initial purpose that the subsystem was originally designed and deployed for, e.g., control and protection of the physical assets of a critical infrastructure system that could be up and running for 30-40 years, and b) at the same time provide information to a higher-level system for a potential future increase of system functionality as technology matures and/or new opportunities are provided by, e.g., greater analytics capabilities. In this paper, within the context of a “dual purpose use” of a) and b), we bring up three central challenges related to i) information gathering, ii) life-cycle management, and iii) data governance, and we propose directions for solutions to these challenges that need to be evaluated already at design time.
|
|
| 25. |
- Hallmans, D., et al.
(author)
-
Design considerations introducing analytics as a 'dual use' in complex industrial embedded systems
- 2021
-
In: IEEE International Conference on Emerging Technologies and Factory Automation, ETFA. - : Institute of Electrical and Electronics Engineers Inc.. - 9781728129891
-
Conference paper (peer-reviewed)abstract
- Embedded systems are today often self-sufficient with limited and predefined communication. However, this traditional view of embedded systems is changing through advancements in technologies such as, communication, cloud technologies, and advanced analytics including machine learning. These advancements have increased the benefits of building Systems of Systems (SoS) that can provide a functionality with unique capabilities that none of the included subsystems can accomplish separately. By this gain of functionality the embedded system is evolving towards a 'dual use' purpose11In this paper we define dual usage as a control system having two purposes. In other contexts such as politics, diplomacy and export control, the term 'dual-use' refers to technology that can be used for both peaceful and military aims, e.g., nuclear power technology., The use is dual in the sense that the system still needs to handle its original task, e.g., control and protect of an asset, and it must provide information for creating the SoS. Larger installations, e.g., industry plants, power systems and generation, have in most cases a long expected life-cycle, some up to 30-40 years without significant updates, compared to analytical functions that evolve and change much faster, i.e., requiring new types of data sets from the subsystems, not know at its first deployment. This difference in development cycles calls for new solutions supporting updates related to new requirements inherent in analytical functions. In this paper, within the context of 'dual usage' of systems and subsystems, we analyze the impact on an embedded system, new or legacy, when it is required to provide analytic data with high quality. We compare a reference system, implementing all functions in one CPU core, to three other alternative solutions: a) a multi-core system where we are using a separate core for analytics, b) using a separate analytics CPU and c) analytics functionality located in a separate subsystem. Our conclusion is that the choice of analytics information collection method should to be based on intended usage, along with resulting complexity and cost of updates compared to hardware cost.
|
|
| 26. |
- Hariharan, Sheela, et al.
(author)
-
On In-Vehicle Network Security Testing Methodologies in Construction Machinery
- 2022
-
In: IEEE International Conference on Emerging Technologies and Factory Automation, ETFA. - : Institute of Electrical and Electronics Engineers Inc.. - 9781665499965
-
Conference paper (peer-reviewed)abstract
- In construction machinery, connectivity delivers higher advantages in terms of higher productivity, lower costs, and most importantly safer work environment. As the machinery grows more dependent on internet-connected technologies, data security and product cybersecurity become more critical than ever. These machines have more cyber risks compared to other automotive segments since there are more complexities in software, larger after-market options, use more standardized SAE J1939 protocol, and connectivity through long-distance wireless communication channels (LTE interfaces for fleet management systems). Construction machinery also operates throughout the day, which means connected and monitored endlessly. Till today, construction machinery manufacturers are investigating the product cybersecurity challenges in threat monitoring, security testing, and establishing security governance and policies. There are limited security testing methodologies on SAE J1939 CAN protocols. There are several testing frameworks proposed for fuzz testing CAN networks according to [1]. This paper proposes security testing methods (Fuzzing, Pen testing) for in-vehicle communication protocols in construction machinery.
|
|
| 27. |
- Hariharan, Sheela, et al.
(author)
-
Towards a holistic approach to security validation of construction machinery through HIL systems
- 2023
-
In: IEEE Int. Conf. Emerging Technol. Factory Autom., ETFA. - : Institute of Electrical and Electronics Engineers Inc.. - 9798350339918
-
Conference paper (peer-reviewed)abstract
- The construction industry is increasingly equipping its machinery with sophisticated embedded systems and modern connectivity. Technology advancements in connected safety-critical systems are complex, with cyber-security becoming a more critical factor. Due to interdependencies and network connectivity, attack surfaces and vulnerabilities have increased significantly. Consequently, it is imperative to perform a risk assessment and implement robust security testing methods in order to prevent cyber-attacks on machinery segments. This paper presents a method for identifying potential security threats that also affect machine functional safety, facilitated by identifying threats in the threat modeling process and analyzing safety-security synergies. By identifying such risks, attack scenarios are created to simulate cyber-attacks and create test cases for validation. This approach integrates security testing into the current testing process by using penetration testing tools and utilizing a Hardware-in-the-Loop(HIL) test setup and it is verified with a simulated Denial of Service attack over a CAN network.
|
|
| 28. |
- Johansson, B., et al.
(author)
-
Consistency before Availability : Network Reference Point based Failure Detection for Controller Redundancy
- 2023
-
In: IEEE Int. Conf. Emerging Technol. Factory Autom., ETFA. - : Institute of Electrical and Electronics Engineers Inc.. - 9798350339918
-
Conference paper (peer-reviewed)abstract
- Distributed control systems constitute the automation solution backbone in domains where downtime is costly. Redundancy reduces the risk of faults leading to unplanned downtime. The Industry 4.0 appetite to utilize the device-to-cloud continuum increases the interest in network-based hardware-agnostic controller software. Functionality, such as controller redundancy, must adhere to the new ground rules of pure network dependency. In a standby controller redundancy, only one controller is the active primary. When the primary fails, the backup takes over. A typical network-based failure detection uses a cyclic message with a known interval, a.k.a. a heartbeat. Such a failure detection interprets heartbeat absences as a failure of the supervisee; consequently, a network partitioning could be indistinguishable from a node failure. Hence, in a network partitioning situation, a conventional heartbeat-based failure detection causes more than one active controller in the redundancy set, resulting in inconsistent outputs. We present a failure detection algorithm that uses network reference points to prevent network partitioning from leading to dual primary controllers. In other words, a failure detection that prioritizes consistency before availability.
|
|
| 29. |
- Johansson, Bjarne, 1977-
(author)
-
Dependable Distributed Control System : Redundancy and Concurrency defects
- 2022
-
Licentiate thesis (other academic/artistic)abstract
- Intelligent devices, interconnectivity, and information exchange are characteristics often associated with Industry 4.0. A peer-to-peer-oriented architecture with the network as the system center succeeds the traditional controller-centric topology used in today's distributed control systems, improving information exchange in future designs. The network-centric architecture allows IT-solution such as cloud, fog, and edge computing to enter the automation industry. IT-solution that rely on virtualization techniques such as virtual machines and containers. Virtualization technology, combined with virtual instance management, provide the famous elasticity that cloud computing offer. Container management systems like Kubernetes can scale the number of containers to match the service demand and redeploy containers affected by failures.Distributed control systems constitute automation infrastructure core in many critical applications and domains. The criticality puts high dependability requirements upon the systems, i.e., dependability is essential. High-quality software and redundancy solutions are examples of traditional ways to increase dependability. Dependability is the common denominator for the challenges addressed in this thesis. Challenges that range from concurrency defect localization with static code analysis to utilization of failure recovery mechanisms provided by container management systems in a control system context.We evaluate the feasibility of locating concurrency defects in embedded industrial software with static code analysis. Furthermore, we propose a deployment agnostic failure detection and role selection mechanism for controller redundancy in a network-centric context. Finally, we use the container management system Kubernetes to orchestrate a cluster of virtualized controllers. We evaluate the failure recovery properties of the container management system in combination with redundant virtualized controllers - redundant controllers using the proposed failure detection and role selection solution.
|
|
| 30. |
|
|
