12 research outputs found

    Design and Analysis of an Online Update Approach for Embedded Microprocessors

    No full text
    Software updates are already used in many systems for fixing bugs and for improving or extending their functionality. For many embedded systems with strong requirements on their availability, software updates are still not used because an update cycle usually causes a down time of the system. For servers in data centers with high availability requirements, so-called live patching solutions exist for many years. Live-Patching allows updating the software without affecting the availability of the system (i.e. no restart is required). In this work, we propose the application of live patching on small embedded microprocessors. We present a proof-of-concept implementation on a Xilinx MicroBlaze processor and compare the properties of our implementation, w.r.t. the amount of transmitted update data, memory requirements and update cycle duration against a state-of-the-art full-memory update

    Modular Over‐the‐air Software Updates for Safety‐critical Real‐time Systems

    No full text
    Automotive software is undergoing a rapid change toward artificial intelligence and towards more and more connectedness with other systems. For both, an incremental design paradigm is desired, where the car's software is frequently updated after production but still can guarantee the highest automotive safety standards. We present a design flow and tool framework enabling a DevOps paradigm for automotive software development. DevOps means that software is developed in a continuous loop of development, deployment, usage in the field, collection of runtime data and feedback to the developers for the next design iteration. The software developers get support in defining, developing, and verifying new software functions based on the data gathered in the field by the previous software generation. The software developers can define contracts describing the time and resource assumptions on the integration environment and guarantees for other dependent software components in the system. These contracts allow a composition of software components and proof obligations to be discharged at design time through virtual integration testing and runtime through continuous monitoring of assumptions and guarantees on the software component's interfaces. An update package, consisting of the software component and its contracts, is then automatically created, transferred over the air, and deployed in the car. Monitors derived from the contracts allow for supervising the system's behavior, detecting failures at runtime, and annotating the situation to be included in a data collection, fueling the next design iteration

    A modular architecture template for resource modeling in Software-Defined Vehicles

    No full text
    Software-Defined Vehicle (SDV) architectures are expected to reliably run more than 100 million lines of code and to receive 50 to 200 software updates per year, requiring their operating systems and middlewares to safely provide resources for thousands of different services and to allow for regular changes in the runtime environment. To specify and validate the proper resource allocation of such complicated and dynamically changing software architectures, we present an architecture template to model software layers based on modules with formalized interfaces and resource requirements between them. Like building blocks, these modules can be used to model automotive hardware software stacks with their consumed and provided resources to ensure integrability and to support runtime monitoring

    Design and Analysis of an Online Update Approach for Embedded Microprocessors

    No full text
    Part 5: AnalysisInternational audienceSoftware updates are already used in many systems for fixing bugs and for improving or extending their functionality. For many embedded systems with strong requirements on their availability, software updates are still not used because an update cycle usually causes a down time of the system. For servers in data centers with high availability requirements, so-called live patching solutions exist for many years. Live-Patching allows updating the software without affecting the availability of the system (i.e. no restart is required). In this work, we propose the application of live patching on small embedded microprocessors. We present a proof-of-concept implementation on a Xilinx MicroBlaze processor and compare the properties of our implementation, w.r.t. the amount of transmitted update data, memory requirements and update cycle duration against a state-of-the-art full-memory update

    Safe Modular Online Updates and Upgrades for Mixed-Criticality Systems

    No full text
    Safety-critical systems face an increase in critical software functions that require high-performance hardware platforms. This situation fosters - also in the automotive domain - an ongoing trend away from many small towards few but powerful processing elements. It inevitably comes with a concentration of the deployed functionality, which imposes challenges to the system design. A major issue in designing safety-critical system is to ensure segregation and isolation of the individual system functions of mixed-criticalities (w.r.t. different Design Assurance Levels (DAL) or Safety Integrity Levels (SIL)), which becomes more costly and harder to achieve the more functionality is executed at the same platform. At the same time, Over-The-Air Software Updates (OTASU) become necessary for modern embedded systems as updates and feature enhancements, safety and security fixes, or adaptations to other components become inevitable during their lifetime. Ensuring compliance with safety regulations thus requires an ever-increasing effort up to the point where it is economically not feasible anymore. The talk gives an overview of a domain-independent software paradigm for the development and integration of software applications on mixed-critical cyber-physical systems along the product lifecycle, which enables modular certification and supports secure OTASU. This paradigm is implemented and demonstrated through a new proof-of-concept software architecture and development process that enables remote deployment of updated as well as new applications on heterogeneous computing platforms. In addition, we provide a strategy for future certification of the approach with respect to safety (e.g., IEC-61508, ISO 26262) and security (IEC-62443, ISO 21434) through specific concepts that build on composability, modularity, and observability as key properties to enable dynamic validation of safety and security properties after deployment in the operational environment

    Towards a Contract-Based Definition of Update-Compatibility Modelling Safety Integration Criteria

    No full text
    Over-The-Air Software Updates (OTASU) provide huge benefits in terms of user experience, security, and efficiency. In fact, in the railway domain the ability of remotely updating railway equipment considerably reduces maintenance costs and time, improving system availability. However, the adoption of OTASU in the critical domains is challenged by their associated risks. Therefore, this paper identifies the acceptance criteria that an update shall satisfy in order to preserve system safety. This criteria, which is defined in the form of non-functional safety properties that characterize the update component and its integration on the system, will serve to evaluate the suitability of the updates during different phases of the update execution process (i.e., design time checks, virtual compatibility and integration checks, update verification and online as well as offline monitoring). The defined contract-based compatibility and integration approach is then evaluated in safety-critical railway signaling case study

    M2-branes and instantons

    No full text
    In the first part of this thesis we discuss some of the issues arising in extending the ABJM action of multiple M2-branes to include couplings to the background 3-form field. These couplings are analogous to the Myers-Chern-Simons terms of the multiple D2-brane action. We review and extend previous results to include terms which are quadratic in the background 3-form. These are fixed by requiring that we recover the correct terms after using the novel Higgs mechanism to reduce the ABJM action to the multiple D2-brane action. We also discuss the problem of constructing a gauge invariant pull-back in the ABJM action. In the second part of this thesis, we begin by exploring the low energy dynamics of charge two instantons in \SU(2) five dimensional Yang-Mills via the moduli space approximation of Manton. We also investigate dyonic instantons which have an excited scalar field and create a potential on the moduli space. In Chapter 5 we explicitly calculate the moduli space metric and potential for charge two (dyonic) instantons. These calculations are performed by using the ADHM construction. In Chapter 6 we perform a numerical study of the low-energy dynamics of instantons and dyonic instantons. We see that instantons undergo right-angled scattering and understand this analytically in terms of symmetries of the underlying ADHM data. We also present a comprehensive study of the scattering behaviour of instantons and dyonic instantons under various initial conditions. Finally we exhibit some examples of closed geodesics on the moduli space of dyonic instantons, and geodesics which hit the moduli space singularities in finite time. In Chapter 7 we investigate instantons with a large amount of symmetry. We first understand how the action of a symmetry on an instanton is lifted to the underlying ADHM data. The transformation of the ADHM data must be undoable by a transformation which leaves the instanton invariant, and we search for symmetric instantons by finding such transformation matrices that are representations of the symmetry group. With this method we are able to find solutions to the ADHM constraints that describe instantons with the symmetries of the 5-cell, 16-cell and 24-cell, with charge 4, 7, and 23 respectively. Finally, we see that these solutions correspond to solutions which can be constructed from the JNR ansatz

    UP2DATE software updating framework compliance with safety and security regulations and standards

    No full text
    Over-the-air Software Updates (OTASU) in the critical domain are already a reality. OTASU provide huge benefits in terms of user experience, security, and efficiency. However, due to involved risks, safety and security mechanisms and new regulations are needed for their adoption in the critical domain. The automotive industry is already in the race to adopt safe and secure OTASU, as by 2024, compliance to new UN regulations will become compulsory. However, the standards providing the specifications and requirements for OTASU are still in their infancy. Many other dependable system domains, that are now more digital and connected than ever, are following same trends towards OTASU. For instance, OTASU are very likely to be adopted in the railway domain in a near future, as the ability of remotely updating railway equipment considerably reduces maintenance costs and time, improving system availability. The H2020 UP2DATE project proposes a set of cross-domain methods and technical solutions for the safe and secure application of software updates. This paper describes how the UP2DATE framework adheres to existing and emerging regulations and standards. The proposed mechanisms are evaluated through a railway case-study. Obtained results demonstrate that the proposed updating framework can provide great savings in the installation and maintenance phases of railway signalling devices by reducing the time required for the update and by removing the need for operator presence on-site

    The UP2DATE baseline research platforms

    No full text
    The UP2DATE H2020 project focuses on highperformance heterogeneous embedded platforms for critical systems. We will develop observability and controllability solutions to support online updates while ensuring safety and security for mixed-criticality tasks. In this paper, we describe the rationale behind the selection of the baseline research platforms which will be used to develop and demonstrate the project concepts, including a performance comparison to identify the most efficient one.This work is funded by the European Commission’s Horizon 2020 programme under the UP2DATE project (grant agreement 871465). It is also partially supported by the Spanish Ministry of Economy and Competitiveness under grants PID2019-107255GB and FJCI-2017-34095 and HiPEAC.Peer ReviewedPostprint (author's final draft

    Safe and secure software updates on high-performance mixed-criticality systems: The UP2DATE approach

    No full text
    Over-The-Air Software Updates (OTASU) are gaining popularity on the safety-critical domain. The motivation behind this trend is twofold. On the one hand, the ability of adding new functionality and services to the system without a complete redesign makes product makers more competitive and improves user experience. On the other hand, the increasing connectivity of emerging embedded devices makes OTASU a crucial cyber-security demand to keep the system up-to-date with latest security patches. However, the application of OTASU in the safety-critical domain is not straightforward, as they are not contemplated by current functional safety standards. The UP2DATE European H2020 project, seeks to provide solutions to cope with the challenging requirements of safety and security standards with respect to software updates. This paper gives an overview of UP2DATE, its foundations and the initial description of its safe and secure architecture that builds around composability and modularity on heterogeneous high-performance platforms.This is the author's version of the work. It is posted here for your personal use. Not for redistribution. The definitive Version of Record was published in Microprocessors and Microsystems, Volume 87, 2021, 104351, ISSN 0141-9331, https://doi.org/10.1016/j.micpro.2021.104351
    corecore