ADMORPH at HiPEAC 2023 (Toulouse, France).

ADMORPH was present at HiPEAC 2023, from January 16 to 18, in Toulouse (France).

On the first day, António Casimiro participated in the MCS: International Workshop on Mixed Critical Systems – Safe and Secure Intelligent CPS and the development cycle in which he briefly presented ADMORPH and some ADMORPH work on the solutions for resilient control.

On the third day of the event we organised the WASOS: Workshop on Adaptive CPSoS, bringing together representatives from several projects in the ICT-01-2019 topic (AMPERE, Adeptness, TEACHING, UP2DATE, SELENE, CPSoSAWARE and ADMORPH), and also a representative of the COSMOS project (ICT-50-2020).

Three posters were also displayed at HiPEAC, a generic one in Collins Aerospace (ADMORPH partner) booth, and two other, featuring the Railway System use case and the Naval use case, in the conference locations dedicated to project posters.

We take this opportunity to thank colleagues from the EU Projects mentioned above, who participated in the WASOS workshop.

Interview series with our Industrial Partners: Q-Media

Considering your company’s area of activity, what was your motivation to participate in H2020 project ADMORPH?
QMA focuses on developing technology and security management systems in the Railway segment, including Metro. The railway is an extensive system with variable topology, and the control system must adequately respond to all changes that could affect the availability or quality of the services provided. We are therefore looking for technologies, tools and procedures that would enable the adaptation of the control system to influences that cannot be predicted during the system development phase. An example of such an influence is threats from cyberspace.

The ADMORPH project foresees the following three use cases: autonomous aerospace systems, radar surveillance systems and subway transportation systems. Can you explain in more detail the use case that you contributed to the project or in which you are more involved? Which challenges does it raise?
In the project, we apply ADMORPH tools to the control and supervision system, which is a superstructure on top of the track and train systems for the safe movement of trains.

For operation on the metro route to run smoothly, it is necessary for the supervision and control system to continuously receive relevant information about the status of the individual parts of the system that are in the stations and on the trains. If the flow of information is disrupted, the affected part or the entire system goes into a safe state. A safe state means reducing traffic or even stopping it. Therefore, such a situation needs to be prevented or its effects minimized.

In the UseCase, we use ADMORH tools to create a system that, after identifying a threat to the quality of services provided, reconfigures the system to a state that ensures the continuity of service provision. At the same time, it will transmit information about the situation to the centre responsible for the system’s operation. After receiving the patch, the system can perform ourselves update without downtime.

The requirement for robustness, safety and the ability to adapt to new situations during the system’s operation was essential.

The project started just before the COVID-19 pandemic and is now nearing completion. How do you feel the pandemic affected the project development (if at all)?
The pandemic initially affected our ability to communicate F2F experiences and knowledge with project partners, but we managed to eliminate this with tools for team collaboration. What we could not eliminate, however, was the limited possibility of disseminating our own outputs to the segment in which we operate. Our cooperation with the metro operator was affected by the COV-19 restrictions, and we failed to prepare the environment for the operational verification of the developed platform on the metro train.

As the project comes to an end, how would you describe the state of integration of ADMORPH technologies in the use case you are working on?
We have managed to integrate technologies that are important for us in terms of future use. For example, in the UseCase, we have verified them to the extent that it will be possible to perform operational verification in a real environment. Although it won’t be directly on the train, the involvement in cyberspace will undoubtedly provide enough opportunities to verify the concept.

Looking ahead, which of the ADMORPH results you see with more potential for exploitation? Do you plan to exploit any of them?
In the project, we managed to integrate the CECILE toolchain with the PikeOS hypervisor and create a platform for control and surveillance systems used in an environment with an increased risk of cyber attacks. Furthermore, the tools and procedures we apply will enable quick adaptation of the system to identified vulnerability threats, which is one of the basic requirements of patch management control systems.
Although operational deployment still requires a lot of effort, especially in certification to railway and security standards, the platform we have designed is robust and flexible enough to meet current and future security requirements.

Christoph Kuehbacher (Univ. Augsburg) has defended his PhD thesis

Christoph Kuehbacher from the University of Augsburg has defended his PhD thesis entitled Analyzable Dataflow Executions With Adaptive Redundancy.

In his thesis, he has developed a runtime environment (RTE) for the fault-tolerant execution of dataflow applications modelled as directed acyclic graphs. The RTE is able to adaptively select an appropriate level of redundancy and runs on various multi- and manycore architectures. The tasks of such applications are then scheduled regarding their dependencies, the required levels of redundancy, and the specified deadline of the application. The work was developed in the scope of the ADMORPH project, more specifically as part of the activities on Work Package 2 (Task 2.3) and Work Package 3 (Task 3.3).

Paper at the International Conference on Software Engineering and Formal Methods (SEFM)

Lukas Miedema and Clemens Grelck had their paper entitled “Strategy Switching: Smart Fault-Tolerance for Weakly-Hard Resource-Constrained Real-Time Applications” accepted at the International Conference on Software Engineering and Formal Methods (SEFM). The paper is also available within the conference proceedings.

The paper proposes a new approach for applying fault-tolerance, named strategy switching, to deal with single event upsets (SEUs) on Commercial off The Shelf (COTS) hardware. Strategy switching minimizes the effective unmitigated fault-rate by switching which tasks are to be run under a fault-tolerance scheme at runtime.

Dolly Sapra talks about her interest and experience as a woman in CS

Dolly Sapra is a Postdoctoral Researcher at University of Amsterdam, where she also completed her PhD under prof. A.D. Pimentel in Parallel Computing Systems (PCS) group. She holds an M.E. (Engineering) degree in Computer Science from BITS-Pilani, India. She turned to academic research after working in the industry as a software developer, for nearly a decade in India and in the U.K. Her current research is mainly focused on neural architectures for embedded devices, which includes multi-objective neural architecture search and adaptive architectures for resource constrained systems. She enjoys supervising graduate and undergraduate projects in the domain of neural networks and edge devices. In the ADMORPH project she brings her expertise in Design Space Exploration for adaptive systems.

Your education background is in Computer Science and Engineering. Did you always fancy computer technology? What was your main motivation to pursue a path in this technological area?

I was introduced to programming at a young age by my school. My first program was written in BASIC language, when I was 10 years old. It was a love at first sight kind of feeling for coding and computers at that time. I knew as a young girl that I am going to be connected to programming in some way throughout my growing up years and later as an adult.

During my engineering studies (bachelors and masters) I developed a keen interest in computer systems. Even though I was not involved in direct systems research during my career as a software developer in the Industry, I loved getting back to it when I joined PCS group as a guest researcher.

I was looking at your LinkedIn profile and saw that before moving to academia you worked in several companies. Based on your experience, would you say that females have the same opportunities than males in the industrial sector?

It depends. I have worked in 3 countries now – India, the UK and the Netherlands. The biases against woman are different in each country and so are the opportunities and struggles. For example, in India, I never heard the bias that “women cannot be good programmers”. The first time I received a comment that I do not look like a software developer was in the UK. I have heard similar stories in the Netherlands on the lines that it is surprising to see a good female computer scientist. The gender bias in India is different – generally related to the notion that a working woman needs more flexibility at her workplace and so is not very reliable. The gender bias in Europe is related to the notion that women are not very good at programming and technical skills.

In my experience, the opportunities in the industrial sector also reflect these biases in the respective country. A new mom finds it extremely hard to land a new (better) job, get promoted and manage that elusive work-life balance in India. European companies allow more flexibility, but a woman still has to constantly prove her worth and skills to be taken seriously in her work environment.

What made you move away from industry and work for becoming PhD?

I was on a year-long sabbatical when I moved for my husband’s work-related transfer to the Netherlands. It was supposed to be a short stay in Amsterdam and then we were to go back to London. I was in dilemma whether to spend my energy in looking for a new job and resign soon after or just do something for fun. In the end I decided to work as a guest researcher at the local university, which turned into an offer to do more research as a PhD candidate. I quite enjoyed the academic world and its challenges, so decided to stay in the country and pursue the PhD degree.

Can you tell us about your work in ADMORPH? Are you applying your expertise in Machine Learning?

In the ADMORPH project, I bring my expertise in Design Space Exploration (DSE), for systems design and dynamic optimization. The aim of DSE is to design fault tolerant embedded systems (with task deadlines). The system needs to react to resource failures over a long period of time, so the task deadlines are always satisfied. This allows the system to be adaptive in order to have better reliability.

I am also looking at Reinforcement Learning based techniques to improve the current DSE algorithm.

Finally, what would you say to young female students to attract them to Computer Science?

Live your life by your strengths, not weaknesses. Spend some time reflecting on what you are good at and make your career where you can work with your strengths. If computer science excites you and if programming and its logical creativity stimulates you, do not be afraid to follow a technical path.

If you find you are alone on your path, reach out beyond your immediate world to find your tribe. There are many people who will be on the same journey as you – you only need to look beyond your bubble. Send emails, get active in forums, even look out on social media, there are now a ton of influencers and role-models telling their unique stories and providing words of wisdom and encouragement.

Thanks for sharing with us your perspectives, and best wishes for your career!

Developing automatic validation of safety and security cases for adaptive systems

ADMORPH is investigating safety- and security-critical systems and we will investigate the safety and security properties of PikeOS resources in a graph model as domain-specific system modelling language (DSML). The goal is to enhance the security in complex safety-critical embedded systems design, by assisting system integrators in configuring their system with an analysis of interference between system components.

The development of a proof of concept has started in September: We have investigated the importability of XML configuration files for generation of graph-based models for a simple model for potential information flows between user-defined configurations of a separation kernel. While the approach is representation-independent, for storage, inspired from a German national project, we have explored the use of the Neo4j graph database and used XSLT for transforming the data.

Developping experimental PikeOS extensions for runtime adaptation

We are happy to share new developments in the context of the ADMORPH project. In concrete, we developed the following two main experimental extensions to SYSGO’s PikeOS real-time OS to support runtime adaptation research in ADMORPH project.

Thread Migration

We introduce support for monitoring CPU core affinity of threads during runtime. The problem addressed here is related to runtime faults in the CPU potentially caused by a heavy usage of a specific core.

Our goal is to adapt the execution on this core in function of its current usage. A heavy usage can cause overheating of the core. Resulting arbitrary faults are more likely to occur and to damage the system, in comparison to a scenario with nominal CPU core usage.

Hence, we want to reduce the activity of the given core, before such core usage issues occur during runtime. For this, we introduce support for runtime thread migration in PikeOS: it is now possible, during runtime, to migrate the execution of a thread to another (pre-configured) CPU core. Thus, we let the initial CPU core cool down before continuing execution.

Time Partition Shifting

We introduce support for scheduling adaptation in a PikeOS system. In certified real-time systems such as PikeOS, scheduling schemes are defined very static to guarantee the deterministic execution of critical tasks. In a standard PikeOS version, we statically define in the scheduling scheme(s) specific time windows for tasks to execute. As the goal – especially for safety-critical tasks – is for the task to meet its deadline (i.e. terminating before the end of its pre-configured time window), the system integrator is likely to configure conservative (i.e. safe) time windows, which would be longer than the WCET of the task. However, the cases when the task execution time reaches its WCET are supposed to be rare.

Hence, the CPU is idle until end of the time window instead of doing actual work. Nevertheless, note that PikeOS allows background activity with time partition 0 on every CPU cores (as described in the PikeOS User Manual).

Thus, we introduce a new functionality in PikeOS for a task to notify the system that it has returned at the end of its job in the current time window. After that, the system shifts the following time windows, so that the next task in the schedule can start the execution earlier. This time partition shifting property propagates, so that tasks can possibly have more time to execute than the pre-configured time window. This also means that the latest the time window is configured, the less likely is for the corresponding task to execute beyond its deadline.

 

Adaptivity in automated production systems

Adaptivity will be a key enabler of future embedded computer systems and systems of systems, while providing protection against faults and attacks. The ADMORPH use-cases already now give great examples of the potential of adaptive systems, no matter if we look at the radar surveillance, the subway transport systems or the autonomous aerospace systems. In all three cases, adaptivity provides the necessary means to develop reliable and fault-tolerant systems despite immense complexity and stringent requirements on the extra-functional behaviour. But of course, these three use-cases are clearly not the full picture and many other complex systems may profit from adaptivity, as well.

A large initiative in the Augsburg region, the AI Production Network Augsburg (link in German only), has recently been started to explore the future of AI-based automated production systems — systems that share many of the requirements and challenges of our use-cases. We will present the methods, techniques and tools developed within ADMORPH to our regional academic and industrial partners. Together, we will explore their applicability to the broader context of production technology.

 

The AI Production Network Augsburg is an association of the University of Augsburg with the Fraunhofer Institute for Casting, Composite and Processing Technology IGCV, the Augsburg Center for Lightweight Production Technology (ZLP) of the German Aerospace Center (DLR) and the University of Applied Sciences Augsburg. The aim is joint research into AI based production technologies at the overplap between materials, manufacturing technologies, data-based modeling and digital business models.

© Universität Augsburg

 

The ADMORPH Railway System Use Case

Overview

Our goal with the Railway System Use Case is to exploit ADMORPH tools to create robust and reliable communication between the train and the ground part of the railway system.

The data transmission system between the train and the ground part of the operator’s system consists of a pair of MCG-GCG communication units (Mobile Communication Units and Ground Communication Unit), as shown in the figure below. The purpose of these units is to interconnect the trusted parts of the on-board system with the trusted parts of the ground system through an untrusted wireless network environment.

 

The robustness of the system (security and availability of the service) is achieved by the redundancy of communication channels (optimally managed by the systems of various telecommunications operators) and the use of an application that continuously evaluates the status and parameters of transmission channels. Based on the set criteria (security, transmission quality, etc.), the application will adapt the operating mode of the data connection, as illustrated in the following figure.

Use of project tools

To achieve a sufficient level of protection for the trusted part of the MCG and the mutual separation of communication channels A and B, the PikeOS hypervisor is used, which will allow the physical device to be divided into several independent logical parts. For the needs of the use case, the HW of the commercial communication unit, illustrated below, was configured to create three independent parts:

  • two mutually isolated communication parts for Channel A and Channel B, represented by partition A and partition B.
  • a part for the needs of the control application, represented by partition C.

Linux OS is installed in partitions A and B, which allows to easily integrate commercial peripherals. Partition C is without an OS (so-called native PikeOS partition), configured for the needs of the static scheduler CECILE.

In addition to the above system, the MCG may contain other partitions with train diagnostics and control applications, which are not part of the project. The resulting MCG configuration is shown in the next figure, where secure communication between Linux partitions A, B, and control partition C can also be seen. Two pairs of queuing ports are used to communicate with modems. This is one of the system’s security tools.

Application development toolset

The TeamPlay coordination language and the CECILE static scheduler will be used to create the control application. Therefore, a tool was created to convert the output of the CECILE coordination compiler to a format suitable for the Target Compiler and Linker CODEO (Sysgo’s IDE), which generates binary code for the native PikeOS partition. The figure below shows a test application written in TeamPlay and its console output when running on a PikeOS partition.

Conclusion

The integration of the TeamPlay and CECILE development tools for the PikeOS environment completed the second stage of the demonstrator’s development. Verification of the functionality of the test module on the target HW platform was a condition for using the toolkit to create a control application that should reach a level suitable for operational verification of the system

Paper accepted to IEEE Control Systems Letters

A new ADMORPH paper has been accepted for publication. The paper, entitled “Stability of Linear Systems under Extended Weakly-Hard Constraints”, will appear in IEEE Control Systems Letters, a highly ranked journal (Scimago Q1).

The paper proposes a comprehensive stability analysis for control systems subject to deadline misses bounded by the weakly-hard model. In the paper, the classical weakly-hard model is extended in order for the analysis to cover additional scheduler configurations. Using properties inherent to the weakly-hard model, we also prove analytic bounds on the stability of embedded systems subject to a broad class of other weakly-hard constraints. The proposed analysis calls for modularity and separation of concern, thus bringing the assessment of control systems stability one step closer to the real-time implementation.