© Inria / Photo Raphaël de Bengy

Liliana Cucu-Grosjean is a Research Director at the French National Institute in Computer Science and Automation (Inria) in Paris, France, where she leads the Kopernic research team. Her research interests include real-time, embedded and cyber-physical systems with a focus on the use of probabilistic and statistical methods for analyzing the schedulability of programs and estimating worst-case execution of those programs. Co-author of several seminal papers on probabilistic and statistical methods for real-time systems, Liliana has published more than 60 papers in top TCRTS conferences and journals. She has served the community by acting as (General, TPC/track/topic and local) chair for important venues of the TCRTS community (RTSS, RTCSA and RTNS) as well as strongly-related venues (DATE for architecture-oriented topics and MAPSP and ROADEF for scheduling-oriented events). Co-founder of workshops like WMC (RTSS joint workshop), JWRTC (RTNS joint workshop) and Dagstuhl series on mixed criticality, she has helped consolidating the diversity actions among under-represented categories of researchers. Chair of the first TCRTS diversity sub-committees (2016 to 2020, see Note below), she has also co-founded the Inria diversity committee in 2015, that she co-chaired until 2022.

Note: The first TCRTS diversity sub-committee has been created by Prof. James H. Anderson and continued since by the TCRTS chairs.

You have a BSc on Mathematics and Computer Science, but then you pursued a MSc in Physics. Then your PhD was again in Computer Science. You seemed undecided about which path to follow, at some point. Why did you finally decide to work in Computer Science?

I have never thought what it has looked like from outside 😊, moving from one science to another. In reality, my path has been guided by the search for a solution to the timetable problem (thus the field of Operations Research). As Operations Research field provides solutions to problems belonging to different sciences, I have searched for efficient solutions proposed in other domains in order to adapt them to the timetable problem. One such method is the Simulated Annealing, heavy inspired from Physics and I have ended by being interested in Applied Mathematics for problems coming from Physics. Once understood that part, the Graph Theory became another obvious solution and I have ended up by working on the real-time scheduling of graph tasks, funding being easier to obtain in the real-time research domain. This journey has been, also, possible as I have worked at the Faculty of Sciences in Galati (Romania) where people working on Physics, Computer Science and Mathematics collaborate intensively on the pedagogical side. So, the transition has been facilitated by working environments and clearly funding possibilities have played their role, too.

In 2015 you were co-chair of Inria’s equal opportunity committee. Can you tell us more about that? Did you ever felt, while in this committee, that women were not given the same opportunities as those given to men, namely for working is STEM areas?

I have, indeed, contributed to the creation of Inria equal opportunity committee and I have been its co-chair from 2015 to 2022. While working within this committee, I have met many situations where women are not given the same opportunities. In such situations, nobody intends to give less opportunities to women in STEM areas. Unfortunately, most of scientists does not expect that an effort is needed in order to fight against his or her own prejudged ideas on the place of women in STEM. At the end, the sum of our prejudged ideas has as a result different opportunities for women in STEM, while everybody believes that poorer opportunities are caused by the others and never by their selves. For instance, the arrival of children may have an impact on the invitations to program committees if a PC chair believes helping women by not inviting them to a PC in order to “ease” their professional life. Another example of prejudged idea is under-estimating the impact of the lack of women among keynotes or PC chairs of well-established conferences on the growth of a research community. If a young female PhD student wants to become such “star”, then that student searches naturally for a research community when she sees this dream possible. Today, more than 25% PhD holders in STEM are women in both EU and US and this percentage is constantly increasing. Research communities that do not manage to keep its female PhD holders will help other communities to grow 😊.

You have worked as professor and researcher already in several countries, universities, and schools. Did you ever felt any sort of unexpected difficulties due to being a female researcher? What about differences in terms of mindset depending on the places you worked on?

Well, usually the mindset in research is strongly impacted by the traditions of the country we are in. For instance, I have started in Romania where I have never realized that I was a woman at the university, but I am a native Romanian. Once in France in 2000, people were correcting me to indicate that I cannot be a “chercheuse” as this word has only a male form in French which is “chercheur”. Today, the feminized form, that exists in all Latin languages, is extensively used in France, too, but it did stroke me that saying that I am a chercheuse has disturbed French natives.

Recently you’ve been the GC Chair of RTSS, a top conference in the real-time and embedded systems area. Were there some specific initiatives to attract female researchers to the conference?

While working on the statistics of RTSS, it is interesting to notice that the female participation and the female composition of the PC are closely related. Thus, one first initiative supported by TCRTS is the presence of women in the PC/chairing of all related RTSS-events. Extra funding is also added in order to support travel grants for under-represented categories (women included) of students. Last, but not least, we organize this diversity event during the first RTSS evening in order to ease the connection between first-time participants and existing members. Such event helps to know better the community and we hope that we convince female PhD students to stay with us.

Finally, what would you say to young female students to attract them to Computer Science?

My parents were telling me that I should find a job that ensures me financial independence whatever the country or the political situation to enjoy my life. I believe that Computer Science is such domain and there are so many fields that it is easy to find a topic for everybody. It is good to be well paid and be a financially independent women, but it is even better to have a job to enjoy while getting paid 😊.

Thanks for your answers, and all the best!

ADMORPH partners met this week in Lund, Sweden, for the final consortium meeting. During three days, from the 19th to the 21st of June, the 19 participants physically present (including one advisory board member), plus 3 more online participants (including also one advisory board member), worked towards the preparation of the final project review. Several presentations and demonstrations to illustrate the multiple project results were given and discussed. The meeting also served to discuss opportunities to exploit the project results, as well as to discuss aspects related to joint publications that are in preparation. Last but not the least, the great team spirit was reinforced through self-organized as well as dedicated social events prepared by the local hosts!

António Casimiro and Georg Jäger presented the ADMORPH project at the 8th DeCPS Workshop on Challenges and New Approaches for Dependable and Cyber-Physical System Engineering, which took place on June 16th, with the 27th Ada-Europe International Conference on Reliable Software Technologies, in Lisbon, Portugal.

Other EU-H2020 projects were also present at the Workshop, namely MORPHEMIC and AMPERE. Given that all these projects are ending in June 2023, there was an interesting discussion in the end of the workshop about open aspects in the CPS area.

Andy Pimentel, ADMORPH coordinator, finally got to celebrate his appointment as full Professor of Embedded Computer Systems at the University of Amsterdam with his inaugural lecture. This celebration had been postponed due to the COVID-19 pandemics, so the lecture only took place on May 31st.

The lecture (in Dutch) was recorded and is available here.

We conducted this interview with SYSGO SAS (José Almeida) and SYSGO GmbH (Mario Brotz)

Considering your company’s area of activity, what was your motivation to participate in H2020 project ADMORPH?

José: We are one of the leading producers of high-assurance embedded systems in Europe, in particular we provide a small-codebase MILS separation kernel [1], which has the property of providing strong and reliable separation of workloads. In ADMORPH, to ensure security and safety of the application workloads, we have used a separation kernel to provide that strict separation for the use cases. Historically, a governing principle of a separation kernel was to enable static configurations for relatively simple embedded systems and applications. With safety-critical embedded systems and CPS(oS) growing to more powerful hardware, more complex embedded systems become feasible, and, in part the ADMORPH use cases were helpful to gather demands for runtime and OS support.

[1] https://en.wikipedia.org/wiki/Multiple_Independent_Levels_of_Security

The ADMORPH project foresees the following three use cases: autonomous aerospace systems, radar surveillance systems and subway transportation systems. Can you explain in more detail the use case that you contributed to the project or in which you are more involved? Which challenges does it raise?

José: We have contributed to two of the use cases, that is autonomous aerospace and subway transportation systems. For the subway transportation systems, we were able to use the MILS separation kernel largely “as is”. From the aerospace partner we got the request to look at whether, from a research perspective, scheduling could me more flexible (e.g. run-time adaptation of time windows and cross-CPU thread/task migration).

The project started just before the COVID-19 pandemic and is now nearing completion. How do you feel the pandemic affected the project development (if at all)?

Mario: The pandemic gave us less direct contact, which first was an unusual situation. However, since we had previous exchange with some of the partners in other projects or just by having worked in the field for a long time, we have been able to manage the technical challenges.

As the project comes to an end, how would you describe the state of integration of ADMORPH technologies in the use case you are working on?

Mario: We are happy to see our separation kernel being used/investigated by two of the use cases, so the integration state (from our component’s provider view) is a good one. The last word for this is with the use case owners of course.

Looking ahead, which of the ADMORPH results you see with more potential for exploitation? Do you plan to exploit any of them?

José: As stated before, an interesting and relevant challenge was to make more complex hardware available to our separation kernel. For instance, new embedded hardware platforms such as UltraScale ZCU combine application cores (A-Cores) and safety cores, which are more restricted but more deterministic and higher-qualified cores (R-Cores), on the same platform. One of the things that we have developed in Admorph is a communication mechanism between the A-Cores and the R-Cores to enable safety monitoring of cores, and this even already has made it into the main separation kernel product (PikeOS ICCOM)! On the more experimental side, we have already mentioned the task to make scheduling more flexible. We have also shown that it is possible to extend the separation kernel on the sensing side by host intrusion detection by control flow integrity, network intrusion detection with Suricata, and safety monitoring infrastructure for heterogeneous systems. The intrusion detection work, culminating in a PhD thesis [2], is not yet part of our product but it is the fundament for new on-going research on integrating intrusion detection with e.g. secure gateway functionality at SYSGO.

[2] Kadar, M. (2022). Integration Methods For Host Intrusion Detection Into Embedded Mixed-Criticality Sytems [TU Kaiserslautern]. https://kluedo.ub.uni-kl.de/frontdoor/deliver/index/docId/6822/file/mkadar-thesis-final.pdf

Considering your company’s area of activity, what was your motivation to participate in H2020 project ADMORPH?

Thales Nederland B.V. has been involved in the development of surveillance systems, both for civil and military purposes, since the early days of radar technology. This gives the company the know-how to build all kinds of surveillance systems, ranging from short-range 2D radars to long-range 3D radar systems from which stealthy targets cannot hide, and sophisticated multifunction radars using active phased array. Apart from radar systems, Thales Nederland B.V. also manufactures passive infrared surveillance systems, meant for radar silent operations.

These systems provide crucial situational awareness for command and control decisions, which can have far reaching impact on the vehicles carrying the surveillance systems, their crew and their surroundings. Because of this, the data on which these decisions are made needs to be highly accurate and reliable. To achieve this the surveillance systems have to be able to rely on trustworthy and robust real-time data processing. This requirement combined with the promise of the ADMORPH approach to achieve fault tolerance sparked our interest to participate in this project.

The ADMORPH project foresees the following three use cases: autonomous aerospace systems, radar surveillance systems and subway transportation systems. Can you explain in more detail the use case that you contributed to the project or in which you are more involved? Which challenges does it raise?

Figure 1: Example of a modern phased array radar system

The radar surveillance systems use case provides a laboratory set-up of a highly simplified radar processing chain running on a realistic processing platform, utilizing lightweight container virtualization in combination with an orchestration framework, where software updates are automatically identified and installed in a secure way using an update framework. In this use case, our primary interest is the coordination language to specify adaptive systems alongside adaptive runtimes. This approach ensures formal guarantees and facilitates comprehensive testing of the processing chain and the runtime system itself.

The challenge in this use case is to see if the ADMORPH approach can be applied to an application which’ components run distributed on an embedded networked multi-node system, instead of on multiple cores on an embedded system on chip (SOC).

The project started just before the COVID-19 pandemic and is now nearing completion. How do you feel the pandemic affected the project development (if at all)?

At the beginning of the project, the pandemic mainly hindered effective exchange of information between project partners, which was solved by using online collaboration tools. However, these forms of communication do not completely replace face-to-face communication.

Another area in which we were affected was when we needed to ramp up the size of the team to implement the demonstrator of the use case. Due to the restrictions on being allowed to meet each other it was more difficult to hire staff for the project, and once hired, introducing them to the way of work and the contents of the project was less effective than expected because all processes regarding information transfer were still oriented towards face-to-face transfer and had to be adapted to online means of communication on the spot. This took both extra time and proved to be less effective than the existing means.

Despite being less effective, it surprised us in a positive way how much still could be achieved using online tools, once they were properly in place. Working with techniques like this, while not completely replacing face-to-face information exchange, can certainly be a valuable addition to collaborating teams, especially once the project members are familiarized with each other.

As the project comes to an end, how would you describe the state of integration of ADMORPH technologies in the use case you are working on?

The level of integration with the AMDORPH architecture is a good fit. We recognize the same levels for control, monitoring and adaptation, and the update framework that has been selected and instantiated as part of the ADMORPH runtime system has been integrated successfully in the demonstrator. The level of integration with the actual ADMORPH technologies is low, as was to be expected: the main set of ADMORPH technologies, despite being very interesting, were either outside the scope of our use case or were developed for systems characterized by utilizing embedded multi-core SOCs, so in that context we did not expect a direct match for our system of multiple networked nodes.

The primary ADMORPH technology of interest for our use case, the coordination language, appeared to be less of a match than expected. This was not due to differences in the runtime environment, distributing components over multiple cores appeared to be similar enough when compared to distributing them over multiple nodes, nor a lack of features in the coordination language, but more to the assumption about the nature of the components that comprise the application. Where the coordination language has been designed for components utilizing stream based communication, the radar processing chain is built on components that are communicating state machines, invaliding formal guarantees that come with stream based processing.

Looking ahead, which of the ADMORPH results you see with more potential for exploitation? Do you plan to exploit any of them?

Even though the coordination language in its current form cannot be applied directly to model an application consisting of communicating state machines like the radar processing chain application, there are certainly some aspects that are interesting for further exploration within the context of our use case. Having non-functional aspects, like latency requirements, security levels or even multiple implementations of a single component, as part of the design model is something we already have identified as something we might need and the ADMORPH approach could certainly be used as inspiration of how to apply this in our own development environment. Especially the elegant solution to model the state of a component as part of the design, thus enabling relocation with retention of state, is something we will probably look in to.

Lukas Miedema, researcher at the University of Amsterdam, presented a poster about his work at ICT OPEN, which took place in Utrecht, Netherlands, on April 19-20, 2023. The presented work, focusing on the Weakly-Hard real-time applications, provides scheduling algorithm that lead to a reduced and minimized application fault rate. The picture shows Lukas and his poster in a preparation session.

Three ADMORPH-related papers were accepted at the WiP track of the 27th Ada-Europe International Conference on Reliable Software Technologies (AEiC 2023). The conference will be in Lisbon, Portugal, from June 13-16, and hence ADMORPH will be well represented. The accepted papers are the following.

The paper entitled “Software-based Security Approach for Networked Embedded Devices”, authored by José Ferreira, Alan Oliveira, André Souto and José Cecílio, from FCUL, addresses intrusion protection, detection and tolerance for safety-critical CPS(oS), providing robustness against cyber-attacks. It presents software-based protection and encryption mechanisms explicitly designed for embedded devices. The proposed architecture is designed to work with low-cost, low-end devices without requiring the usual changes on the underlying hardware. It protects against hardware attacks and supports runtime updates, enabling devices to write data in protected memory.

The second paper, entitled “Cooperative Autonomous Driving in Simulation”, is authored by Gonçalo Costa, José Cecílio and António Casimiro, also from FCUL, and describes ongoing work on the definition, implementation and testing of an architecture for a simulation environment where cooperative autonomous driving protocols can be tested. The goal is to facilitate the testing of distributed protocols for vehicular coordination in realistic autonomous driving scenarios, namely concerning aspects of timeliness, robustness to faults and safety.

Last but not the least, the paper entitled “Achieving Crash Fault Tolerance In Autonomous Vehicle Autopilot Software Stacks Through Safety-Critical Module Rejuvenation”, authored by Federico Lucchetti from the University of Luxembourg, proposes a crash-fault tolerant scheme that enables an autopilot system experiencing a crash failure of one of its sub-modules to execute an emergency trajectory to a safe spot where the autopilot can be rejuvenated.

For three days at the end of February, researchers of two academic partners of the project met at Science Park in Amsterdam. Dolly Sapra and Lukas Miedema from the Parallel Computing Systems group of the University of Amsterdam, and Florian Haas from the Embedded Systems group of the University of Augsburg joined to connect their tools together:

• The Cecile Coordination Compiler
• The Design Space Exploration
• The scheduling and timing analysis tool Faktum
• The Artie Runtime.

These had been developed within the ADMORPH project and span across multiple work packages. With the project approaching its final months, the three researchers pursued their objective of delivering a live demonstration of the interaction of their tools, which represent all the layers in the software stack of the project. Collaboratively pointing at diagrams helped to identify obstacles in the integration, which were dismantled successfully. An application specification provided by Qmedia can now be compiled into the exchange format used throughout the project, and fed to the design space exploration for elaborating the best hardware platform that enables a fault-tolerant real-time execution of the application. The scheduling framework then finds suitable schedules for redundant execution, which are executed by the runtime system. At the end, the graduate student and the both postdocs enjoyed the blinken lights of the demonstrator.