https://www.mdu.se/

Modern GPUs offer high computational throughput but are not designed to ensure spatial or temporal isolation between concurrent tasks. Only a few server-grade devices with multi-instance GPU technology support true hardware partitioning. As consumer and embedded GPUs now include many Streaming Multiprocessors (SMs), running multiple tasks concurrently has become common to improve utilization. Softwarebased SM-level spatial partitioning, where each partition is restricted to a fixed set of SMs, offers a simple and portable way to isolate concurrent tasks. Although in this method SMs are isolated, resources such as the L2 cache and DRAM remain shared, causing memory interference that can affect execution times and lead to timing unpredictability, often overlooked in real-time analysis. This paper empirically characterizes cross-partition interference on a COTS GPU under software-only SM-level partitioning. Using a mix of compute- and memory-intensive tasks, partitioned and non-partitioned configurations are compared by measuring both end-to-end response times and GPU execution times. The results indicate that SM-level partitioning largely confines interference for compute-bound tasks. However, memory-bound tasks continue to cause substantial interference across partitions, increasing the task execution time by as much as twofold. These findings indicate that memory interference is a critical challenge for achieving timing predictability in real-time GPU-based cyber-physical systems, underscoring the need to address memory interference to achieve predictable performance.

Industrial and critical infrastructure devices should be scrutinized with rigorous methods for inconsistencies with a specification. At the same time, this specification should also be correct, otherwise the specification conformance is of little value. On the example of eMRTDs (electronic Machine-Readable Travel Documents) we demonstrate an approach that combines model-checking a specification for correctness in terms of security with learning an implementation model using automata learning. Once the specification is modeled, we automatically mine a model of the implementation and check the model for compliance with the verified specification using simulation and trace preorder. Underspecification of the standard is in this setting modeled as non-deterministic behavior, so one of the possibilities has to simulate the implementation in order for the latter to be compliant. We also present a working tool chain realizing this method. When adopting the tool chain accordingly, the method might be used in practice for checking the correctness of any reactive system. 

The increasing complexity of modern embedded systems highlights the limitations of Controller Area Network (CAN) in terms of transmission speed and scalability. The IEEE Time-Sensitive Networking (TSN) task group developed a set of standards to enhance switched Ethernet with high bandwidth, low jitter, and deterministic communication. Despite these advances, CAN will likely co-exist with TSN in, e.g., the automotive industry due to factors such as cost-effectiveness and legacy of CAN. This paper presents an experimental evaluation of a CAN-toTSN gateway implementation, focusing on the impact of different forwarding and scheduling strategies on network performance. We analyze various queuing techniques and scheduling mechanisms in a realistic experimental setup and assess their impact on end-to-end delay and TSN bandwidth utilization. The evaluation results demonstrate that encapsulating only a single CAN frame within a TSN frame effectively minimizes the end-to-end delay of CAN frames, in particular when a high-speed TSN network is used. Furthermore, we perform a comparative evaluation of the Time-Aware Shaper (TAS) and Weighted Round Robin (WRR) mechanisms in the TSN network. Interestingly, WRR leads to lower delays for CAN frames in the TSN network compared to TAS, which we attribute to the lack of synchronization between CAN and TSN.

This paper presents a method and a practical implementation that complements traditional conformance testing. We infer a Mealy state machine of the system-under-test using active automata learning. This automaton is checked for bisimulation with a specification automaton modeled after the standard, which provides a strong verdict of conformance or nonconformance. We further present a method to learn models of multiple communication protocols running on the same device using a dispatcher system in conjunction with the same automata learning algorithms. We subsequently use similar checking methods to compare it with separately learned models. This allows for determining whether there is some interference or interaction between those protocols. In the practical execution of the system, we concentrate on lower levels of the Near-Field Communication (NFC, ISO/IEC 14443-3) and the Bluetooth Low-Energy (BLE) protocols. As a by-product, we share some observations of the performance of different learning algorithms and calibrations in the specific setting of ISO/IEC 14443-3, which is the difficulty to learn models of systems that a) consist of two very similar structures and b) timeout very frequently, as well as the role of conformance testing for compound models and speed optimizations for time-sensitive protocols.

The pervasive digitalization of our world has ushered in a new era marked by increased complexity and diversity in the development, optimization, and maintenance of modern software-intensive systems. These systems, often characterized by intricate socio-technical components and AI integration, pose challenges for conventional systems engineering approaches and require an alliance of different disciplines. In this vision paper, we argue that they demand a paradigm shift towards integrative modeling across systems engineering, software engineering, data science, and simulation engineering. We highlight the key challenges faced in the development of modern complex systems that need to be addressed by this paradigm shift. We argue that achieving this shift requires new research, tools, and education.

Passports are part of critical infrastructure for a very long time. They also have been pieces of automatically processable information devices, more recently through the ISO/IEC 14443 (Near-Field Communication - NFC) protocol. For obvious reasons, it is crucial that the information stored on devices are sufficiently protected. The International Civil Aviation Organization (ICAO) specifies exactly what information should be stored on electronic passports (also Machine Readable Travel Documents - MRTDs) and how and under which conditions they can be accessed. We propose a model-based approach for checking the conformance with this specification in an automated and very comprehensive manner: we use automata learning to learn a full model of passport documents and use trace equivalence and primitive model checking techniques to check the conformance with an automaton modeled after the ICAO standard. Since the full behavior is underspecified in the standard, we compare a part of the learned model and apply a primitive checking ruleset to assure proper authentication. The result is an automated (non-interactive), yet very thorough test for compliance, despite the underspecification. This approach can also be used with other applications for which a specification automaton can be modeled and is therefore broadly applicable.

In this paper, we present a bandwidth reservation analysis for Audio-Video Bridging (AVB) traffic in the Time-Sensitive Networking (TSN) standards. The proposed analysis is based on the existing worst-case response-time analysis and can be used to calculate the minimum required bandwidth for guaranteeing the schedulability of messages in AVB classes. The proposed analysis allocates per-link bandwidth to AVB traffic that is sufficient to ensure its schedulability when a combination of the Credit-Based Shaper and Time-Aware Shaper mechanisms are used. We evaluate the proposed analysis using an automotive industrial use case. We evaluate the schedulability of AVB traffic by comparing the proposed analysis with the utilization-based bandwidth reservation as recommended by the TSN standards.

Integration of the Internet of Things (IoT) in industrial settings necessitates robust cybersecurity measures to mitigate risks such as data leakage, vulnerability exploitation, and compromised information flows. Recent cyberattacks on critical industrial systems have highlighted the lack of threat analysis in software development processes. While existing threat modeling frameworks such as STRIDE enumerate potential security threats, they often lack detailed mapping of the sequences of threats that adversaries might exploit to apply cyberattacks. Our study proposes an enhanced approach to systematic threat modeling and data flow-based attack scenario analysis for integrating cybersecurity measures early in the development lifecycle. We enhance the STRIDE framework by extending it to include attack scenarios as sequences of threats exploited by adversaries. This extension allows us to illustrate various attack scenarios and demonstrate how these insights can aid system designers in strengthening their defenses. Our methodology prioritizes vulnerabilities based on their recurrence across various attack scenarios, offering actionable insights for enhancing system security. A case study in the automotive industry illustrates the practical application of our proposed methodology, demonstrating significant improvements in system security through proactive threat modeling and analysis of attack impacts. The results of our study provide actionable insights to improve system design and mitigate vulnerabilities.

Near-Field Communication (NFC) is a widely adopted standard for embedded low-power devices in very close proximity. In order to ensure a correct system, it has to comply to the ISO/IEC 14443 standard. This paper concentrates on the low-level part of the protocol (ISO/IEC 14443-3) and presents a method and a practical implementation that complements traditional conformance testing. We infer a Mealy state machine of the system-under-test using active automata learning. This automaton is checked for bisimulation with a specification automaton modelled after the standard, which provides a strong verdict of conformance or non-conformance. As a by-product, we share some observations of the performance of different learning algorithms and calibrations in the specific setting of ISO/IEC 14443-3, which is the difficulty to learn models of system that a) consist of two very similar structures and b) very frequently give no answer (i.e. a timeout as an output).