Hokeun Kim

A predictable and command-level priority-based DRAM controller for mixed-criticality systems

Mixed-criticality systems have tasks with different criticality levels running on the same hardware platform. Todays DRAM controllers cannot adequately satisfy the often conflicting requirements of tightly bounded worst-case latency for critical tasks and high performance for non-critical real-time tasks. We propose a DRAM memory controller that meets these requirements by using bank-aware address mapping and DRAM command-level priority-based scheduling with preemption. Many standard DRAM controllers can be extended with our approach, incurring no performance penalty when critical tasks are not generating DRAM requests. Our approach is evaluated by replaying memory traces obtained from executing benchmarks on an ARM ISA-based processor with caches, which is simulated on the gem5 architecture simulator. We compare our approach against previous TDM-based approaches, showing that our proposed memory controller achieves dramatically higher performance for non-critical tasks, without any significant impact on the worstcase latency of critical tasks.

A Toolkit for Construction of Authorization Service Infrastructure for the Internet of Things

The challenges posed by the Internet of Things (IoT) render existing security measures ineffective against emerging networks and devices. These challenges include heterogeneity, operation in open environments, and scalability. In this paper, we propose SST (Secure Swarm Toolkit), an open-source toolkit for construction and deployment of an authorization service infrastructure for the IoT. The infrastructure uses distributed local authorization entities, which provide authorization services that can address heterogeneous security requirements and resource constraints in the IoT. The authorization services can be accessed by network entities through software interfaces provided by SST, called accessors. The accessors enable IoT developers to readily integrate their devices with authorization services without needing to manage cryptographic keys and operations. To rigorously show that SST provides necessary security guarantees, we have performed a formal security analysis using an automated verification tool. In addition, we demonstrate the scalability of our approach with a mathematical analysis, as well as experiments to evaluate security overhead of network entities under different security profiles supported by SST.

Authentication and Authorization for the Internet of Things

Authentication and authorization are essential parts of basic security processes and are sorely needed in the Internet of Things (IoT). The emergence of edge and fog computing creates new opportunities for security and trust management in the IoT. In this article, the authors discuss existing solutions to establish and manage trust in networked systems and argue that these solutions face daunting challenges when scaled to the IoT. They give a vision of efficient and scalable trust management for the IoT based on locally centralized, globally distributed trust management using an open source infrastructure with local authentication and authorization entities to be deployed on edge devices.

A Secure Network Architecture for the Internet of Things Based on Local Authorization Entities

Security is essential to enable the Internet of Things (IoT). Key security measures that work well on the traditional Internet, however, do not necessarily adapt well to the IoT. Specifically, authentication and/or authorization based on certificates provided by certificate authorities (CAs) cannot, in current form, scale to the expected 50 billion devices. And widely used encryption technologies for the Internet require too much energy for resource-constrained devices. This paper describes a secure network architecture with key distribution mechanisms using local, automated authorization entities. The architecture provides security guarantees while addressing IoT-related issues including resource constraints. For evaluation, we show that the architectures overhead scales at a significantly slower rate than widely used SSL/TLS and works well with resource-constrained devices.

A tool integration approach for architectural exploration of aircraft electric power systems

For emerging safety-critical systems, it is beneficial to cope with design validation, performance estimation, and design space exploration in early design stages. In this paper, we explore the architectural choices of an aircraft electric power system (EPS) controller using Ptolemy II and Metro II. The design is modeled in separate aspects: the functional aspect models the logics and behaviors that fulfill the functionality of the controller, and the architectural aspect models the behaviors of the platform that implements the controller. The co-design benefits from the rigorous Model of Computation (MoC) in Ptolemy II, which facilitates the analysis and validation of functional aspect, as well as the flexibility and expressiveness provided by Metro II, in which complex architectural models can be built with the flexibility of changing the mapping. Co-simulation integrates the functional model and the architectural model using Metro II semantics. By clearly separating the functional aspect and the architectural aspect, the performance can be estimated at an early design stage, and the architectural exploration can be done in a more efficient manner.We show the effectiveness and extensibility of our approach using experiments and results with example candidates for the aircraft EPS controller.

Strober: fast and accurate sample-based energy simulation for arbitrary RTL

This paper presents a sample-based energy simulation methodology that enables fast and accurate estimations of performance and average power for arbitrary RTL designs. Our approach uses an FPGA to simultaneously simulate the performance of an RTL design and to collect samples containing exact RTL state snapshots. Each snapshot is then replayed in gate-level simulation, resulting in a workload-specific average power estimate with confidence intervals. For arbitrary RTL and workloads, our methodology guarantees a minimum of four-orders-of-magnitude speedup over commercial CAD gate-level simulation tools and gives average energy estimates guaranteed to be within 5% of the true average energy with 99% confidence. We believe our open-source sample-based energy simulation tool Strober can not only rapidly provide ground truth for more abstract power models, but can enable productive design-space exploration early in the RTL design process.

Contextual callbacks for resource discovery and trust negotiation on the internet of things: work-in-progress

This paper introduces contextual callbacks, which allow environments to authenticate themselves to nearby devices and advertise local services in response to the reception of radio-broadcast announcements that are emitted by mobile devices.

An Architectural Mechanism for Resilient IoT Services

Availability of authentication and authorization services is critical for the safety of the Internet of Things (IoT). By leveraging an emerging network architecture based on edge computers, IoTs availability can be protected even under situations such as network failures or denial-of-service (DoS) attacks. However, little has been explored for the issue of sustaining availability even when edge computers fail. In this paper, we propose an architectural mechanism for enhancing the availability of the authorization infrastructure for the IoT. The proposed approach leverages a technique called secure migration, which allows IoT devices to migrate to other local authorization entities served in trusted edge computers when their authorization entity becomes unavailable. Specifically, we point out necessary considerations for planning secure migration and present automated migration policy construction and protocols for preparing and executing the migration. The effectiveness of our approach is illustrated using a concrete application of smart buildings and network simulation, where our proposed solution achieves significantly higher availability in case of failures in some of the authorization entities.

Process-level modeling and simulation for HP's Multi Jet Fusion 3D printing technology

The 3D printing technology is expected to revolutionize part manufacturing by enabling rapid and inexpensive production at a small scale. HPs Multi Jet Fusion 3D printing technology is developed to provide new levels of part quality in a fast and inexpensive way compared to existing 3D printing technologies. The printed part quality is determined by the interplay of the printing device and materials used for printing. Thus, it is essential to have a proper cyber-physical system model for the printing system for process-level simulation of the HPs Multi Jet Fusion technology. In this paper, we propose an approach for the process-level modeling and simulation of HPs Multi Jet Fusion technology. Our approach can be used to carry out simulation of the 3D printing system, to provide guidance for optimization and development of the printing process and exploration of materials. Preliminary results potentially indicate that the simulation of our proposed model is significantly faster than the finite element method, which is a widely used technique for 3D printing simulation.

System simulation from operational data

System simulation is a valuable tool to unveil inefficiencies and to test new strategies when implementing and revising systems. Often, simulations are parameterized using offline data and heuristic knowledge. Operational data, i.e., data gained through experimentation and observation, can greatly improve the fidelity between the actual system and the simulation. In a traffic scenario, for example, different road conditions or vehicle types can impact the outcome of the simulation and have to be considered during the modeling stage. This paper proposes using machine learning techniques to generate high fidelity simulation models. A traffic simulation case study exemplifies this approach by generating a model for the SUMO traffic simulator from vehicular telemetry data.