Resilient and Secure Activity Control for Flexible Time-Triggered Systems

适用于灵活的时间触发系统的弹性且安全的活动控制

• 批准号: 490872987
• 负责人: Professor Dr.-Ing. Gerhard Fohler
• 金额: --
• 依托单位: Lehrstuhl für Echtzeitsysteme
• 依托单位国家: 德国
• 项目类别: Research Grants
• 资助国家: 德国
• 项目状态: 未结题
• 来源: https://gepris.dfg.de/gepris/projekt/490872987?language=en
• 关键词: Resilient; Secure; Activity; Control; Flexible

The Time Triggered (TT) paradigm of activations has been shown to be very well suited for closed safety-critical embedded systems with apriori known configurations and strict timing constraints, as in the avionics, railway, automotive or space domain. Its success has been documented both scientifically and in industrial applications, notably by the company TTTech, selling TTP and TTA technologies, which are both among the candidates for the on-board communication systems of the lunar gateway. This successful commercial adoption is based on two main points:(1) the application of the TT paradigm with a focus on simplicity and efficiency, providing a package of f features such as strong real-time guarantees, reliability, and safety; and(2) a variety of algorithms provides further guarantees (e.g., membership, transparent redundancy, rapid mode change, etc.) on top of the provided globally consistent, sparse time base TT systems establish.Unfortunately, as hardware platforms become more powerful and communication links more versatile, executing applications and transmitting traffic with different characteristics and criticalities, not all known beforehand or changing over time, the strictness, limited flexibility and resource overprovisioning of TT systems, prohibits their efficient application and reduces their scope to niches.A number of methods have been introduced to include some flexibility in TT systems, typically by relaxing indiviual strict TT properties while sacrificing some of the gurantees the TT paradigm conveys. For example, it has been proposed to relax task to slot assignments, slot boundaries, or even to give up on time synchronization (though under the assumption of drift- and jitter-limited clocks). However, in these proposals, the untying of any of these elements has lead to loosing the entire bundle of properties and guarantees TT achieves, not only for the application that motivated this relaxation, but for all co-existing applications.In this project, we take a more principled approach by sacrificing time in favor of a generalized, but reliable activation to systematically investigate the relation between activation properties assumed and guarantees obtained. Our ultimate goal, to which this project contributes, is to obtain without time and the strictness of TT operation, what time-triggered systems achieve for the highly safety critical application fragment,while smoothly integrating other application characteristics, efficiently and on the basis of a solid understanding of the time- dependence of the guarantees they require. We will provide for various bundles to be configured, meeting various demands and criticalities of applications and systems, not meaning toreplace existing TT solutions, but to provide a wider range of solutions and tradeoffs to be selected and simultaneously deployed in today's and future cyber-physical and dependent systems.

激活的时间触发（TT）范式 已经证明非常适合于具有先验已知配置和严格定时约束的封闭的安全关键嵌入式系统，如在航空电子、铁路、汽车或空间领域中。它的成功在科学和工业应用方面都有记录，特别是TTTech公司，销售TTP和TTA技术，这两种技术都是月球网关机载通信系统的候选者。这种成功的商业采用基于两个要点：（1）TT范式的应用，专注于简单性和效率，提供了一系列功能，如强大的实时保证，可靠性和安全性;以及（2）各种算法提供了进一步的保证（例如，成员资格、透明冗余、快速模式转换等）不幸的是，随着硬件平台变得更加强大并且通信链路变得更加通用，执行应用并且发送具有不同特性和关键性的业务，这些特性和关键性不是全部预先已知或者随时间改变，TT系统的严格性、有限的灵活性和资源过度供应，已经引入了许多方法来在TT系统中包括一些灵活性，通常通过放松个体严格的TT属性，同时牺牲TT范例传达的一些保证。例如，已经提出将任务放宽到时隙分配、时隙边界，或者甚至放弃时间同步（尽管是在漂移和抖动受限的时钟的假设下）。然而，在这些建议中，这些元素中的任何一个的解开都导致了整个属性束的松动，并保证TT实现，不仅对于激发这种放松的应用程序，而且对于所有共存的应用程序。在这个项目中，我们采取了一种更原则的方法，通过牺牲时间来支持广义的，但可靠的活化，以系统地研究假设的活化性能和获得的保证之间的关系。我们的最终目标，这个项目的贡献，是获得没有时间和TT操作的严格性，时间触发系统实现的高度安全的关键应用程序片段，同时顺利集成其他应用程序的特点，有效地和坚实的理解的基础上的时间依赖性的保证，他们需要。我们将提供各种待配置的捆绑包，以满足应用程序和系统的各种需求和关键性，这并不意味着取代现有的TT解决方案，而是提供更广泛的解决方案和权衡，以供选择并同时部署在当今和未来的网络物理和相关系统中。