Periodic Reporting for period 2 - UP2DATE (Intelligent software-UPDATE technologies for safe and secure mixed-criticality and high performance cyber physical systems)
Okres sprawozdawczy: 2021-07-01 do 2022-12-31
Over the air software updates (OTASU) were introduced in the mobile market back in 2009, and their adoption has widespread with the transition to the Internet of Things. Mixed-Criticality Cyber-Physical Systems (MCCPS) deployed in critical domains like automotive, railway or aerospace, are not an exception to this trend towards OTASU. The strong software, electronics and connectivity components in MCCPS make OTASU very attractive with a wide range of benefits and their own set of challenges in MCCPS that relate to non-functional properties inherited from the application domain.
It follows that simultaneously addressing these challenges in a cost-effective manner is mandatory before OTASU are ubiquitously adopted in advanced MCCPS. In doing so, UP2DATE answers key research questions based in the following concepts:
C1. Concept of safety and security (SASE) contracts
C2. Software Update Continuum
C3. DevOps Software Development Practice
The overall goal is to provide a new software paradigm for SASE software updates for intelligent and resource intensive MCCPS, promoting a safety and security concept that builds around composability and modularity as main properties to enable a dynamic (post-deployment) validation of SASE properties.
To achieve the previous, the following project goals have been defined:
G1 To consolidate SASE concepts and technology for complex heterogeneous platforms.
G2 To contribute to the future incorporation of dynamic software updates in mixed-critically systems.
G3 To strengthen European research and industrial capacities to contribute to the development of future systems/products incorporating dynamic SASE software updates of mixed-criticality systems.
It follows that simultaneously addressing these challenges in a cost-effective manner is mandatory before OTASU are ubiquitously adopted in advanced MCCPS. In doing so, UP2DATE answers key research questions based in the following concepts:
C1. Concept of safety and security (SASE) contracts
C2. Software Update Continuum
C3. DevOps Software Development Practice
The overall goal is to provide a new software paradigm for SASE software updates for intelligent and resource intensive MCCPS, promoting a safety and security concept that builds around composability and modularity as main properties to enable a dynamic (post-deployment) validation of SASE properties.
To achieve the previous, the following project goals have been defined:
G1 To consolidate SASE concepts and technology for complex heterogeneous platforms.
G2 To contribute to the future incorporation of dynamic software updates in mixed-critically systems.
G3 To strengthen European research and industrial capacities to contribute to the development of future systems/products incorporating dynamic SASE software updates of mixed-criticality systems.
UP2DATE project has defined, implemented, and evaluated the procedures, architecture and middleware required to execute Over-the-air Software Updates (OTASU) in a safe and secure way.
Regarding progress per WP in the second period:
WP1. Smooth management of the project involving: organization of meetings (even with COVID-19 ), financial and administrative support, quality assurance and amendment preparation.
WP2: This WP has successfully achieved the requirement definition, platform selection and safety and security analysis of the selected boards.
WP3: The WP has defined the Mid UP2DATE architecture for on-line updates, refined the requirements, concept and design of secure communications based on the first evaluations in WP6; as well as defined the final architecture, taking into account the run-time updates. In addition, the WP has delivered the final version for the secure communications and the final recommendations regarding software updates based on the analysis of the last standards from different sectors.
WP4: The zero release of the SW update middleware was finished, which included board and tools setup for basic update services. First release was delivered with slight delays, implementing early prototypes of the concepts defined for the SW update middleware with on-line updates support. Next releases provided run-time updates implementation and refined version of the implementations.
WP5: The WP worked on the final refinement of the concepts for monitoring and control as well as the analysis of performance monitors for the final architecture considered in the project, and the implementation of the performance counter library on this platform and its overhead evaluation. Several releases were delivered of software implementation with the last one containing refined instrumentation libraries for both timing and performance counters for system and partition-wide monitoring, security monitoring, security auditing and software randomisation features for CPU and GPU.
WP6: This WP has been aimed to evaluate the technical developments of the project by integrating and testing them within two industrial use cases. As a result, a final version of UP2DATE technology and conclusions based on industrial figures have been obtained. All the evaluation results, even those collected from the research use case, the pedestrian detector, were gathered in a final report that describes the applicability and functionality of the defined, designed and implemented UP2DATE solution.
WP7: Dissemination activities were more target oriented with the preparation of the different press releases, the second batch of promotional material (including newsletters, flyers, videos, video news release) and social media activities for the exploitation and dissemination of UP2DATE as well as engagement with different industry, academy events and a final event to showcase UP2DATE results.
OVERVIEW OF THE RESULTS AND EXPLOITATION
UP2DATE project has produced 32 assets: 7 documentation/certifications, 5 pieces of demonstrators, 20 pieces of SW and associated documentation. The majority intended for commercial use and 9 of them shared among partners. These assets have been integrated in 3 use-cases (railway, automotive and research) and the conclusions reached will be made available through publications and a deliverable summarizing them.
Regarding progress per WP in the second period:
WP1. Smooth management of the project involving: organization of meetings (even with COVID-19 ), financial and administrative support, quality assurance and amendment preparation.
WP2: This WP has successfully achieved the requirement definition, platform selection and safety and security analysis of the selected boards.
WP3: The WP has defined the Mid UP2DATE architecture for on-line updates, refined the requirements, concept and design of secure communications based on the first evaluations in WP6; as well as defined the final architecture, taking into account the run-time updates. In addition, the WP has delivered the final version for the secure communications and the final recommendations regarding software updates based on the analysis of the last standards from different sectors.
WP4: The zero release of the SW update middleware was finished, which included board and tools setup for basic update services. First release was delivered with slight delays, implementing early prototypes of the concepts defined for the SW update middleware with on-line updates support. Next releases provided run-time updates implementation and refined version of the implementations.
WP5: The WP worked on the final refinement of the concepts for monitoring and control as well as the analysis of performance monitors for the final architecture considered in the project, and the implementation of the performance counter library on this platform and its overhead evaluation. Several releases were delivered of software implementation with the last one containing refined instrumentation libraries for both timing and performance counters for system and partition-wide monitoring, security monitoring, security auditing and software randomisation features for CPU and GPU.
WP6: This WP has been aimed to evaluate the technical developments of the project by integrating and testing them within two industrial use cases. As a result, a final version of UP2DATE technology and conclusions based on industrial figures have been obtained. All the evaluation results, even those collected from the research use case, the pedestrian detector, were gathered in a final report that describes the applicability and functionality of the defined, designed and implemented UP2DATE solution.
WP7: Dissemination activities were more target oriented with the preparation of the different press releases, the second batch of promotional material (including newsletters, flyers, videos, video news release) and social media activities for the exploitation and dissemination of UP2DATE as well as engagement with different industry, academy events and a final event to showcase UP2DATE results.
OVERVIEW OF THE RESULTS AND EXPLOITATION
UP2DATE project has produced 32 assets: 7 documentation/certifications, 5 pieces of demonstrators, 20 pieces of SW and associated documentation. The majority intended for commercial use and 9 of them shared among partners. These assets have been integrated in 3 use-cases (railway, automotive and research) and the conclusions reached will be made available through publications and a deliverable summarizing them.
The following main areas have made progress beyond the state of the art in the second period:
CONTRACTS & MODULAR UPDATES. iii) Leverage the approach to calculate and optimize deployments based on the feedback of the observed properties in the deployed systems. iv) Mode adaptability and dynamic negotiation of contracts within the update process, allowing calculate more flexible and better-optimized deployments.
SECURITY & SAFETY. I)The SASE OTASU paradigm, combines the dynamic updates, safety and security into an architecture that has been defended in front of a certification authority. ii)Implementation of secure communication mechanisms iii) Safety and security analysis of the heterogeneous high-performance platforms where the applications have been executed
MONITORING: FEEDBACK FROM DEPLOYMENT EXECUTION. I) Leveraging the information collected at operation-time (off-line monitoring) to improve system timing and EPT modelling. ii) Integral approach to validate the correctness of the counters (on-line monitoring) assuring the validity of the application update. Predictions are performed on both time (and EPT) and the event monitors
MONITORING: SECURITY SIGNATURES. I) Identification of events and parameters to monitor software patches and the automatic generation of signatures for the detection of flaws in the updated modules. ii)Working on the identification of a suitable set of monitoring and parameters relevant to prove the correctness of the execution of the updated module.
SOFTWARE UPDATE. Progress on modular software updates for safety relevant systems by defining a target platform operating and run-time system independent tool chain for: back-end services and deployment platform side services.
IMPACT
UP2DATE has made significant progress by developing, testing and validating safety and security OTASU architecture and respective UP2DATE components and building blocks in the automotive and railway sectors. These innovations are key to fill the market gap identified in both sectors, reducing costs where software implements critical functionalities. These technologies have applications in many other industries both consolidated and emerging in the coming years. Additionally, UP2DATE contributes to the sectorial policies with two scenarios where technologies have been validated, automated mobility for the railway and automotive sectors.
CONTRACTS & MODULAR UPDATES. iii) Leverage the approach to calculate and optimize deployments based on the feedback of the observed properties in the deployed systems. iv) Mode adaptability and dynamic negotiation of contracts within the update process, allowing calculate more flexible and better-optimized deployments.
SECURITY & SAFETY. I)The SASE OTASU paradigm, combines the dynamic updates, safety and security into an architecture that has been defended in front of a certification authority. ii)Implementation of secure communication mechanisms iii) Safety and security analysis of the heterogeneous high-performance platforms where the applications have been executed
MONITORING: FEEDBACK FROM DEPLOYMENT EXECUTION. I) Leveraging the information collected at operation-time (off-line monitoring) to improve system timing and EPT modelling. ii) Integral approach to validate the correctness of the counters (on-line monitoring) assuring the validity of the application update. Predictions are performed on both time (and EPT) and the event monitors
MONITORING: SECURITY SIGNATURES. I) Identification of events and parameters to monitor software patches and the automatic generation of signatures for the detection of flaws in the updated modules. ii)Working on the identification of a suitable set of monitoring and parameters relevant to prove the correctness of the execution of the updated module.
SOFTWARE UPDATE. Progress on modular software updates for safety relevant systems by defining a target platform operating and run-time system independent tool chain for: back-end services and deployment platform side services.
IMPACT
UP2DATE has made significant progress by developing, testing and validating safety and security OTASU architecture and respective UP2DATE components and building blocks in the automotive and railway sectors. These innovations are key to fill the market gap identified in both sectors, reducing costs where software implements critical functionalities. These technologies have applications in many other industries both consolidated and emerging in the coming years. Additionally, UP2DATE contributes to the sectorial policies with two scenarios where technologies have been validated, automated mobility for the railway and automotive sectors.