Markus Kucera

Bridging the Requirements to Design Traceability Gap

Requirement traceability ensures that software products meet their requirements and additionally makes the estimation of the consequences of requirement changes possible. In this article a case study analyses symptoms of this problem in the process model of ISO 12207, the foundation of SPICE (ISO 15504), and CMMi. Our analysis is directed at deriving a concept for the integrated extension of current traceability models with the aspect of documented design decisions. This integrated decision model is presented along with an additional case study which illustrates the advantages of this approach for traceability.

FPGA-Rootkits Hiding Malicious Code inside the Hardware

This paper describes the security implications of FPGAs to the trusted computing base of embedded systems. It gives an overview of different FPGA architectures and discusses the security measures and shortcoming of modern FPGAs. Furthermore it shows how an attacker can exploit this shortcoming and integrate rootkit-like code inside the FPGA. After a discussion on possible countermeasures, description on the different ways a root kit can be deployed into the FPGA is given.

Automotive E/E-architecture enhancements by usage of ethernet TSN

A huge upheaval emerges from the transition to autonomous vehicles in the domain of road vehicles, ongoing with a change in the vehicle architecture. Many sensors and Electronic Control Units are added to the current vehicle architecture and further safety requirements like reliability become even more necessary. In this paper we present a potential evolution of the Electrical/Electronic-Architecture, including a Zone Architecture, to enable future functionality. We reveal the impact on the communication network concerning these architectures and present a potential communication technology to facilitate such architectures.

Sicherheitsherausforderungen in hochverteilten Systemen

Schon seit Langem spielen verteilte IT-Systeme eine entscheidende Rolle in der Datenverarbeitung. Infolge der zunehmenden Vernetzung durch das Internet wurde es in den letzten Jahren moglich, global erreichbare, hochverteilte Systeme zu erschaffen. Durch die rasante Entwicklung derartiger Systeme entstehen einerseits neue Anforderungen an die Performanz (z.B. Leistungsfahigkeit und Bandbreite), wahrend andererseits die steigende Komplexitat von hochverteilten Systemen deren Absicherung (z.B. Datensicherheit und Datenschutz) immer schwieriger gestaltet. Zwei hochaktuelle Beispiele fur hochverteilte Systeme sind Smart Grid und Cloud Computing, die im Folgenden naher betrachtet werden. Smart Grid – Energieinformationsnetzwerke der Zukunft Das intelligente Elektrizitatsnetz (“Smart Grid”) wird langfristig unser heutiges, starres und hierarchisches Stromnetz ablosen. Kernziele des Smart Grid sind die Integration erneuerbarer Energiequellen, eine erhohte Versorgungssicherheit, sowie die Bereitstellung von Infrastrukturen fur eMobilitat unter Berucksichtigung effizienter Verfahren hinsichtlich der Energieverwendung. Zur Realisierung dieser Ziele sind mehrere Schritte notwendig. Als Basis dieser Entwicklung dient die Verflechtung des bisher isolierten Energienetzes mit modernen Kommunikationsinfrastrukturen (vgl. Berl et al. 2013). Dies erlaubt die Integration dezentraler Energieproduktions- (z.B. Photovoltaik) und Energiespeicheranlagen (z.B. Akkumulatoren im Bereich eMobilitat), sowie die Verwendung von intelligenten Stromzahlern („Smart Meter“) und ermoglicht damit eine neue Qualitat des Energiemanagements (z.B. durch Fernwartung und -uberwachung). Neben den entstehenden Chancen durch diese

A decision model for managing and communicating resource restrictions in embedded systems design

Requirements and requirement traceability play a key role in ensuring that embedded systems meet their goals. This article deals with improving requirements and requirement traceability to design artifacts in the context of embedded design. We identify a way for capturing decisions concerning limited resources in embedded systems. This approach directly integrates decision-related information with other traceability information gathered during requirements engineering. It relies on the concept of quantifiable budgets for structuring the decision information (decision model). Upon this model the prototype of a requirements traceability management tool has been developed reduces redundancies and inconsistencies in requirements management and lays the ground for improved collaboration and sharing of project knowledge between project members.

Ontologies used in robotics: A survey with an outlook for automated driving

Full autonomy of road vehicles is a major goal of the automotive industry. To reach such high autonomy it is necessary to provide an accurate and comprehensible situation description for the environment and the vehicle itself. A consistent depiction is essential to facilitate data exchange and communication between internal modules, e.g. collision check and environment model, as well as communication with further information sources like traffic participants vehicle to vehicle (V2V) or the infrastructure, e.g. smart traffic lights, road signs or radio traffic service (V2I). One necessary tool to create such a model could be an ontology which represents the given information and its dependencies. Initially this work provides a summary of given approaches in the literature for use of ontologies in robotics in general. Therefore approaches are stated sorted by application and task. Further approaches with focus on autonomous robots and in particular on autonomous vehicles are listed and described. Finally we give an outlook for further research topics in the domain of ontologies.

Comparison of smart grid architectures for monitoring and analyzing power grid data via Modbus and REST

Smart grid, smart metering, electromobility, and the regulation of the power network are keywords of the transition in energy politics. In the future, the power grid will be smart. Based on different works, this article presents a data collection, analyzing, and monitoring software for a reference smart grid. We discuss two possible architectures for collecting data from energy analyzers and analyze their performance with respect to real-time monitoring, load peak analysis, and automated regulation of the power grid. In the first architecture, we analyze the latency, needed bandwidth, and scalability for collecting data over the Modbus TCP/IP protocol and in the second one over a RESTful web service. The analysis results show that the solution with Modbus is more scalable as the one with RESTful web service. However, the performance and scalability of both architectures are sufficient for our reference smart grid and use cases.

Mapping CAN-to-ethernet communication channels within virtualized embedded environments

Intelligent driver assistance systems and new infotainment innovations cause a rapidly growing demand of computing power. To satisfy that demand, the quantity of electronic control units in cars has increased dramatically. OEMs tackle that trend by consolidating software on powerful multicore hardware platforms. However, current software solutions are mostly static and designed to run on limited platforms. As promising operating system for automotive, Linux comes into consideration, which seems to scale better than already existing solutions. To ease the migration process of older software parts and guarantee freedom from interference according to ISO26262 between single software partitions, embedded hypervisors can achieve that requirements. Up to now, automotive systems are not developed to run within virtualized environments. Within this paper, we present an approach to map communication channels of virtual automotive ECUs and connect them with their already existing CAN interfaces. For our analysis, we use the Xen hypervisor. The focus for interaction between virtual machines is to use SocketCAN and given paravirtualized Ethernet drivers. Our goal is a non-intrusive software integration methodology. We keep the source code within software partitions as unmodified as possible. To benchmark our studies, we evaluate our implementation on the Intel i7 and the.

On Secure Resource Utilization in FPGAs with Partial Runtime Reconfiguration

This paper describes the role of security policies for FPGAs. The FPGA development specifics and a short overview of threats against systems security are presented. We propose a security policy consisting of three parts, first: addressing the general security demands, second: the communication between FPGA and the peripheral devices, and third: the behaviour inside the FPGA. The different methods to enforce the security policy manually or automatically are discussed with a focus on dynamic policy enforcement at compile- and runtime. Finally we propose an architecture for policy enforcement in FPGAs.

Probabilistic optimization and assessment of voting strategies for X-by-wire systems

Signal voting of redundant sensor values and communication channels is of central importance in todays X-by-wire systems. The required degree of sensor redundancy, the type of redundancy, and finally the voting strategy must be designed to meet the systems dependability requirements. These design decisions depend on an analysis of the probabilities and effects of all underlying fault scenarios. Given a probabilistic fault model and a communication model, the voting step can be formally stated as a maximum-likelihood estimation of the correct input signal. With an example of an X-by-wire system we show how GTEFT can be used to derive the failure probabilities of different fault scenarios for various systems architectures and different voting strategies. Thus the capability of GTEFT to support system development and system assessment is demonstrated.