Periodic Reporting for period 1 - UP2DATE (Intelligent software-UPDATE technologies for safe and secure mixed-criticality and high performance cyber physical systems)
Reporting period: 2020-01-01 to 2021-06-30
Mixed-Criticality Cyber-Physical Systems (MCCPS) deployed in critical domains like automotive, railway or aerospace, are not an exception to this trend towards OTASU. The strong software, electronics and connectivity components in MCCPS make OTASU very attractive with a wide range of benefits and their own set of challenges in MCCPS that relate to non-functional properties inherited from the application domain.
It follows that simultaneously addressing these challenges in a cost-effective manner is mandatory before OTASU are ubiquitously adopted in advanced MCCPS. In doing so, UP2DATE answers key research questions based in the following concepts:
C1. Concept of safety and security (SASE) contracts
C2. Software Update Continuum
C3. DevOps Software Development Practice
The overall UP2DATE goal is to provide a new software paradigm for SASE software updates for intelligent and resource intensive Mixed-Criticality Cyber-Physical Systems (MCCPS), promoting a safety and security concept that builds around composability and modularity as main properties to enable a dynamic (post-deployment) validation of SASE properties.
To achieve the previous, the following project overall goals have been defined:
G1 To consolidate SASE concepts and technology for complex heterogeneous platforms.
G2 To contribute to the future incorporation of dynamic software updates in mixed-critically systems.
G3 To strengthen European research and industrial capacities to contribute to the development of future systems/products incorporating dynamic SASE software updates of mixed-criticality systems.
The following lines describe the main work and results achieved per work package:
WP1: The management of the project has been performed smoothly with all the tasks that this WP involves such as: organization of meetings (even with COVID-19 impact), financial and administrative support, deliverable submissions and revisions, amendment preparation.
WP2: This WP has successfully achieved the requirement definition, platform selection and safety and security analysis of the selected boards.
WP3: A solid baseline has been defined for the architecture definition and the SASE properties that shall be checked before and during software updates; following the mechanisms generated in WP4 and using the monitoring services defined in WP5.
WP4: The zero release of the SW update middleware was finished, which includes board and tools setup for basic update services. Moreover, the first release, is progressing as expected, implementing early prototypes of the concepts defined in Milestone MS1 for the SW update middleware with on-line updates support
WP5: BSC has worked in the analysis of the available event monitors in one of the preselected research platforms (NVIDIA Xavier) for both CPU and GPU, and the experimentation with event monitoring software facilities such as PAPI and perf. Lastly, BSC is carrying out the integration of safety monitoring in the research scenario developed by IKL, BSC, IAV and OFF.
IKL has worked in the analysis of state of the art in safety and security monitoring to define the security fingerprinting and the associated performance monitors.
WP7: The dissemination activities have been intense with the preparation of different press releases, generation of first promotional material, the launch of all the social accounts and web page. 5 deliverables have been successfully submitted, gathering the main information of the first period.
CONTRACTS & MODULAR UPDATES. I)HW resource guarantees for enabling composability of contracts. ii) Run time monitoring and enforcement: dynamically adaptation and optimization to changing environments/requirements based on OTASU
SECURITY & SAFETY. I)The SASE OTASU paradigm that now has to be defended in front of a certification authority. ii)Design and implementation of secure communication mechanisms. iii) Safety and security analysis of the heterogeneous high-performance platforms where the applications will be executed on the future.
MONITORING: FEEDBACK FROM DEPLOYMENT EXECUTION. I) Leveraging the information collected at operation-time (off-line monitoring) to improve system timing and EPT modelling. UP2DATE framework will safely decrease those bounds allowing to increase the load that can be safely put on the system. ii) Integral approach to validate the correctness of the counters (on-line monitoring) assuring the validity of the application update. Predictions are performed on both time (and EPT) and the event monitors.
MONITORING: SECURITY SIGNATURES. I) Identification of events and parameters to monitor software patches and the automatic generation of signatures for the detection of flaws in the updated modules. ii)Working on the identification of a suitable set of monitoring and parameters relevant to prove the correctness of the execution of the updated module.
SOFTWARE UPDATE. UP2DATE advances the SoA for modular software updates for safety relevant systems by defining and, in future implementing, a target platform operating and run-time system independent tool chain for:
Back-end server services in charge of preparing the update packet and filling the relative contracts.
Deployment platform side services for handling the update process.
Autonomous and safety-critical systems are key elements in relevant sectors like automotive, railway and aerospace. These sectors each year are increasing their reliance on software-based systems. UP2DATE has identified their needs and is progressing towards making innovative technologies available for supporting compute-intensive applications in industrial and professional domains, demonstrating significant and measurable improvement over the state of the art with progress in Safety Integrity Levels and Security Levels with autonomy and notable cost reduction.
In terms of direct economic impact, it is remarkable the new market opportunities that UP2DATE will generate, as the ability to perform dynamic OTASU in a safe a secure way in domains where software implements critical functionalities (i.e. automotive, railway and aeronautics) opens a huge range of possibilities for the deployment UP2DATE results into future products. In sum, OTASU can be a game changer in any industry that relies on technology incorporating software.
Additionally, to the impacts previously described, UP2DATE contributes to the “Connected and automated mobility in Europe Policy” in Europe. One of the key technologies to achieve this automated mobility is the High-Performance Computing Technologies. Therefore, UP2DATE will be certainly a remarkable contribution to these new technologies with the validation of the technologies in automotive and railway sectors.