Eugen Brenner

Optimized Frame Packing for Embedded Systems

During system synthesis (i.e., task allocation) the transmission of messages between tasks is usually addressed in a simplistic way. If a message is exchanged via an external bus, it is assumed each message is packed in an individual frame. This assumption leads to an overestimation of bus bandwidth demand and frame response time. For some systems (i.e., automotive), this pessimism is not acceptable and therefore frame packing is often performed where multiple messages are packed into a single frame. In this paper, an improved frame packing approach is provided.

Supporting Cyber-Security Based on Hardware-Software Interface Definition

The automotive industry has an annual increase rate of software implemented functions of about 30 %. In the automotive domain the increasing complexity of systems became challenging with consumer demands for advanced driving assistance systems and automated driving functionalities, and the thus broadening societal sensitivity for security and safety concerns, such as remote control of cars by hacking their IT infrastructure.

A secure hardware module and system concept for local and remote industrial embedded system identification

Smart maintenance constitutes an essential concept in Industry 4.0, where industrial devices report their maintenance status to remote back end systems and thus predictive maintenance can be intelligently scheduled and carried out locally at the affected device. This status data must be securely assignable to the claimed device identities when transmitted remotely. Furthermore, during the actual maintenance task, the service technician must be able to trustworthily identify the correct target device. Unfortunately, current systems typically lack cryptographic authentication and a secure storage for the required credentials, causing identity impersonation as a major threat. In this paper we present a secure NFC-enabled hardware module for industrial embedded systems with a secure identity, enabling local identification by means of the proximity based contact-less technology Near Field Communication (NFC), and remote identification via a contact-based interface, thus helping to prevent device impersonation attacks, device clones and human errors on device identification. A proof of concept utilizing an Infineon security controller capable of elliptic curve cryptography demonstrates the concepts feasibility.

A Review of Threat Analysis and Risk Assessment Methods in the Automotive Context

Consumer demands for advanced automotive assistant systems and connectivity of cars to the internet make cyber-security an important requirement for vehicle providers. As vehicle providers gear up for the cyber security challenges, they can leverage experiences from many other domains, but nevertheless, must face several unique challenges. Thus, several security standards are well established and do not need to be created from scratch. The recently released SAE J3061 guidebook for cyber-physical vehicle systems provides information and high-level principles for automotive organizations to identify and assess cyber-security threats and design cyber-security aware systems.

On Extensible Networks for Embedded Systems

When designing a distributed computing-system, the communication networks are a key determining factor for systems performance. A common approach is to minimize bandwidth-consumption, while other important objectives -- maintainability, extensibility, robustness -- get less attention in the literature. In this work we provide a design-methodology how to efficiently balance these conflicting objectives. We build an initial network configuration by applying heuristics. Then, we refine this configuration by using optimization strategies which address the multi-objective optimization problem. By doing so, the network configuration not only satisfies the requirements of the current communication-demand, but it is also prepared to handle additional future communication-demand. Experimental results from an automotive case-study show that extensibility can be significantly improved (up to 44%) while trading only a little bandwidth-efficency (1% deteriation).

ESTADO — Enabling smart services for industrial equipment through a secured, transparent and ad-hoc data transmission online

The advent of initiatives like Industry 4.0 promises increased operational efficiency through smart services and interconnected devices. To enable smart maintenance services for todays and future industrial equipment, regular status information must be transmitted from device customers to maintenance service providers over the Internet. However, simply attaching an industrial device to the Internet often leads to a security and privacy nightmare. Transparency about when and what data is being transmitted is of crucial interest to a customer. During transport, data must be protected against modifications and disclosure. A maintainer requires trust in the datas origin and integrity. In this paper, we propose ESTADO, a system that enables smart services by providing the necessary connectivity from industrial equipment to service providers for device state tracking. Our system design focuses on the migration of current devices and the security aspect. Using a non-permanent NFC based connection, connectivity is only established ad-hoc on customer demand, and any data transmission is fully transparent to a customer. We study our design through a prototype implementation using an Infineon security controller and evaluate the security, usability and deployment aspects of our solution.

Threat and Risk Assessment Methodologies in the Automotive Domain

Abstract Safety and security are both qualities that concern the overall system. However, these disciplines are traditionally treated independently in the automotive domain. Replacement of classical mechanical systems with safety-critical embedded systems raised the awareness of the safety attribute and caused the introduction of the ISO 26262 standard. In contrast to this, security topics are traditionally seen as attacks of a mechanical nature and as only affecting single vehicles (e.g. door lock and immobilizer related). Due to the increasing interlacing of automotive systems with networks (such as Car2X), new features like autonomous driving, and online software updates, it is no longer acceptable to assume that car fleets are immune to security risks and automated remote attacks. Consequently, future automotive systems development requires appropriate systematic approaches to support cyber security and safety aware development. Therefore, this paper examines threat and risk assessment techniques that are available for the automotive domain and presents an approach to classify cyber-security threats, which can be used to determine the appropriate number of countermeasures that need to be considered. Furthermore, we present a combined approach for safety and security analysis to be applied in early development phases, which is a pre-requisite for consistent engineering throughout the development lifecycle.

Towards dependability engineering of cooperative automotive cyber-physical systems

Numerous industrial sectors are investing in Cyber-Physical-Systems (CPS). CPS provide their functionality by the interaction of various subsystems which are usually developed by different suppliers and are expected to cooperate safely. The open and cooperative nature of CPS poses a significant challenge for industrial sectors with stringent dependability constraints, such as, autonomous automobile systems, medical monitoring, process control systems, or automatic pilot avionics. As CPS may reconfigure itself during run-time, for instance in order to handle failures or to adapt on changing conditions (such as connected car features relying on availability of environmental information), the dependability of this adaptation must still be ensured. To tackle this assurance issue, several recommendations rely on a set of contracts to describe components attributes and evaluate the robustness of the configuration at run-time. In our research project, DEIS, we address these important and unsolved challenges by developing technologies for dependable system integration at run-time. At the core of these technologies lies the concept of a Digital Dependability Identity (DDI) of a component or system. DDIs are composable and executable in-the-field, facilitating (a) efficient synthesis of component and system dependability information over the supply chain and (b) effective evaluation of this information in-the-field for safe and secure composition of highly distributed and autonomous CPS. In contrast to other approaches mainly focusing on software specifics (such as SOME/IP or other SoA approaches), DDI focuses on system development level (also taking into account HW specifics and system decomposition). The paper is describing the approach focusing on the support for functional safety and validation of automated and connected vehicles, by providing an initial framework to manage dependability aspects.

Subpixel resolution edge detection techniques for linear sensor arrays

The precise and very fast contactless measurement of object surfaces and edges with sub-micrometer resolution plays an important role in many applications nowadays. Optical high-precision measuring devices are used for that purpose. The use of narrowband point light sources for exposing an object generates a diffraction pattern, which can be seen by a sensor. To achieve a much higher resolution than the pixel size of the detector, that additional information generated by this diffraction pattern can be used. Different algorithms for estimating the projected edge position with sub-pixel resolution using additional diffraction pattern information were evaluated. With a modelled image sensor pixel size of 3.8 μm, results showed that a prediction error for the theoretical projected edge position on the sensor of less than 200 nm could be achieved. The influence of measurement noise, pixel size, and ADC resolution of the pixel exposure value are discussed for the presented algorithms.

A Lean Automotive E/E-System Design Approach with Integrated Requirements Management Capability

Replacing former pure mechanical functionalities by mecha-tronics-based solutions, introducing new propulsion technologies, and connecting cars to their environment are only a few reasons for the still growing E/E-System complexity at modern passenger cars. Smart methodologies and processes are necessary during the development life cycle to master the related challenges successfully. In this paper, a lean approach for a model-based domain-specific E/E-System architectural design is presented. Furthermore, an integrated requirements management methodology is shown, satisfying the needs for a full traceability between the requirements and design artifacts. The novel model-based language allows domain experts, with limited knowledge of the de-facto system design standard SysML, to describe the mechatronics-based system easily and unambiguously. The lean tool chain orchestration makes the presented approach, especially but not limited to, interesting for small project teams.