Platform-Centric Self-Awareness as a Key Enabler for Controlling Changes in CPS

Mischa Mostl, Johannes Schlatow, Rolf Ernst, Nikil Dutt, Ahmed Nassar, Amir Rahmani, Fadi J. Kurdahi, Thomas Wild, Armin Sadighi, Andreas Herkersdorf
<span title="">2018</span> <i title="Institute of Electrical and Electronics Engineers (IEEE)"> <a target="_blank" rel="noopener" href="" style="color: black;">Proceedings of the IEEE</a> </i> &nbsp;
| Future cyber-physical systems will host a large number of coexisting distributed applications on hardware platforms with thousands to millions of networked components communicating over open networks. These applications and networks are subject to continuous change. The current separation of design process and operation in the field will be superseded by a life-long design process of adaptation, infield integration, and update. Continuous change and evolution, application interference,
more &raquo; ... ment dynamics and uncertainty lead to complex effects which must be controlled to serve a growing set of platform and application needs. Self-adaptation based on self-awareness and self-configuration Manuscript has been proposed as a basis for such a continuous in-field process. Research is needed to develop automated in-field design methods and tools with the required safety, availability, and security guarantees. The paper shows two complementary use cases of self-awareness in architectures, methods, and tools for cyber-physical systems. The first use case focuses on safety and availability guarantees in self-aware vehicle platforms. It combines contracting mechanisms, tool based self-analysis and self-configuration. A software architecture and a runtime environment executing these tools and mechanisms autonomously are presented including aspects of selfprotection against failures and security threats. The second use case addresses variability and long term evolution in networked MPSoC integrating hardware and software mechanisms of surveillance, monitoring, and continuous adaptation. The approach resembles the logistics and operation principles of manufacturing plants which gave rise to the metaphoric term of an Information Processing Factory that relies on incremental changes and feedback control. Both use cases are investigated by larger research groups. Despite their different approaches, both use cases face similar design and design automation challenges which will be summarized in the end. We will argue that seemingly unrelated research challenges, such as in machine learning and security, could also profit from the methods and superior modeling capabilities of self-aware systems. This work is licensed under a Creative Commons Attribution 3.0 License. For more information, see Vol. 106, No. 9, September 2018 | PROCEEDINGS OF THE IEEE 1543 Möstl et al.: Platform-Centric Self-Awareness as a Key Enabler for Controlling Changes in CPS I. I N T R O D U C T I O N A future cyber-physical system (CPS) will host a large number of coexisting distributed applications on hardware platforms with thousands to millions of networked components communicating over open networks. These distributed applications will include critical tasks, such as road-traffic control involving communicating autonomous cars and infrastructure, or smart energy controlling the energy grid down to the individual device. Often, distributed applications follow common design objectives, such as energy-efficiency, and guarantees for high availability, real-time or safety. Such CPS reach far beyond classical embedded system design processes controlled by a single owner. They are subject to permanent change, environment dynamics and application interference. Applications using self-adaptation or machine learning dynamically change their properties and their resource requirements. Resulting short adaptation cycles of CPS applications would introduce system dynamics never experienced in the history of electronic design automation (EDA) before. Given the rapidly growing number of such CPSs and applications, there would not be enough engineering, service and maintenance personnel for user directed integration. Communication has long adapted to this development by standardizing protocols and dynamically adapting the networks and resource assignment to changing user requests. From this perspective, the Internet-of-Things appears as a natural extension of the approach taken in communication. However, CPS design goes further, addressing complex side effects of such an approach on distributed applications. Even more so, the approach used in communication counters the established design processes for safety-critical and high-availability systems that assume static design processes organized in predefined, well-structured steps from concept all the way to infield maintenance, and require highly predictable behavior as a basis of worst case guarantees. These requirements are formulated in safety standards, e.g., the generic standard IEC 61508 [1], the automotive standard ISO 26262 [2], or the avionics standard DO 178C [3] . To comply with these requirements, designers partition the system into noncritical and critical parts. The design idea behind this approach is to keep the critical parts static, which is currently a prevalent approach for mixedcriticality systems [4] . The approach resulting from the partitioning is to apply methods for static systems to the critical part of the system. Among these methods are techniques that promise strong isolation, such as static time driven scheduling [5, Ch. 10] or static system configurations as, e.g., in AUTOSAR. Static time slicing-a specific form of time-driven scheduling-is, for example, applied in the ARINC 653 standard for avionics equipment [6] . It dictates that, if a CPU shall be shared among software with heterogeneous certification requirements, the partitions for the software must be fully isolated through static timeslice scheduling. In the ideal case, this is possible, e.g., if A B O U T T H E A U T H O R S Mischa Möstl received the B.S. and M.S. degrees in computer and communication systems engineering from the Technische Universität Braunschweig, Braunschweig, Germany, in 2011 and 2013, respectively, where he is currently working toward the Ph.D. degree at the Institute of Computer and Network Engineering (IDA) under Prof. R. Ernst and a member of the CCC project. His research interests are in-field safety validation for systems under concurrent change and self-aware mechanisms for safety. Johannes Schlatow received the M.Sc. degree in computer and communication systems engineering from the Technical University of Braunschweig, Braunschweig, Germany, in 2013, where he is currently working toward the Ph.D. degree. He is a Researcher in the Embedded System Design Automation Group (IDA) of Prof. R. Ernst. He is working in the field of design, modeling, and analysis of component-based mixed-critical systems and a member of the CCC project.
<span class="external-identifiers"> <a target="_blank" rel="external noopener noreferrer" href="">doi:10.1109/jproc.2018.2858023</a> <a target="_blank" rel="external noopener" href="">fatcat:e3ju7syanvc5xklgvix3wwmopq</a> </span>
<a target="_blank" rel="noopener" href="" title="fulltext PDF download" data-goatcounter-click="serp-fulltext" data-goatcounter-title="serp-fulltext"> <button class="ui simple right pointing dropdown compact black labeled icon button serp-button"> <i class="icon ia-icon"></i> Web Archive [PDF] <div class="menu fulltext-thumbnail"> <img src="" alt="fulltext thumbnail" loading="lazy"> </div> </button> </a> <a target="_blank" rel="external noopener noreferrer" href=""> <button class="ui left aligned compact blue labeled icon button serp-button"> <i class="external alternate icon"></i> </button> </a>