Projects per year
Abstract
In the past decades, more and more areas of human life have become influenced by networked cyber-physical systems (CPS). Increasingly, we trust these systems to execute critical functions, such as controlling our cars and airplanes and managing dangerous processes in factories and energy systems. Hence, these CPS have stringent safety, real-time, and security requirements. In this thesis, we consider CPS that are using Time-Sensitive Networking (TSN) for communication. The IEEE 802.1 TSN standardization is developing a “toolbox” of many standards that extends Ethernet for safety-critical and real-time applications in several areas, e.g., automotive, aerospace, or industrial automation. TSN-based distributed CPS are composed of end-systems interconnected by network switches and duplex physical links; in TSN, communication streams from safety-critical and real-time applications can share the same communication channel with less-critical streams safely. However, the flexibility of TSN comes at the high price of a huge and poorly understood configuration space. TSN has many “configuration knobs”, that decide, e.g., the real-time transmission of critical traffic via so-called Gate Control List (GCL) schedules, the stream priorities and their assignment to queues, and the routing of streams on disjoint paths to achieve fault-tolerance. Most TSN scheduling mechanisms are designed for homogeneous TSN networks, in which all network devices must have at least the TSN capabilities related to scheduled gates and time synchronization. However, this assumption is often unrealistic since many distributed applications use heterogeneous TSN networks with legacy or off-the shelf end-systems that are unscheduled and/or unsynchronized. In this thesis, we first propose a new scheduling paradigm for heterogeneous TSN networks that intertwines a network calculus worst-case interference analysis within the scheduling step. Thus, we support heterogeneous TSN networks featuring unscheduled and/or unsynchronized end-systems while guaranteeing the real-time properties of critical communication. Security is an important requirement in distributed CPS. We highlight the importance of addressing security at the same time with safety and timing requirements. We consider the Timed Efficient Stream Loss-Tolerant Authentication (TESLA) low-resource multicast authentication protocol to guarantee the security requirements, and redundant disjunct message routes to tolerate link failures. Given a TSN-based distributed CPS, a set of applications with tasks and messages, as well as a set of security and redundancy requirements, in the second part of the thesis we are interested to synthesize a system configuration such that the real-time, safety, and security requirements are upheld. TSN is used within the computing continuum, from interconnecting IoT devices to the networks used in Edge Computing and Cloud Computing data centers. However, as systems become larger and more interconnected, the threat level increases and untrusted devices pose high security risks. Hence, in the final part of the thesis, we consider the use of Remote Attestation (RA) to authenticate the functionality of a remote device, thus, allowing for the provision of strong assurance guarantees. We propose solutions for the automatic management of resources in the IoT to Edge Computing continuum to integrate dynamic Edge applications with safety and security-critical real-time applications. We show that our approach generates dependable configurations that can meet the timing constraints of critical applications, have enough resources to perform RA for security, and can accommodate Edge applications. The configuration synthesis challenges tackled in the thesis form intractable combinatorial optimization problems. We have used a variety of optimization algorithms, from problem-specific heuristics to metaheuristics such as Simulated Annealing, and exact methods such as Constraint Programming, to tackle these problems. These approaches are evaluated on synthetic and realistic test cases of different sizes, and their advantages and disadvantages are discussed and compared to the related work. The approaches proposed in the thesis have been implemented as open-source software prototypes and have been validated via simulations.
Original language | English |
---|
Publisher | Tecnical University of Denmark |
---|---|
Number of pages | 158 |
Publication status | Published - 2022 |
Fingerprint
Dive into the research topics of 'Safety- and Security-Aware Configuration Synthesis for Time-Sensitive Networking'. Together they form a unique fingerprint.Projects
- 1 Finished
-
Methods for the Design of Fog Computing-based Secure Autonomous Systems
Reusch, N. (PhD Student), Samii, S. (Examiner), Steiner, W. (Examiner), Pop, P. (Main Supervisor) & Dragoni, N. (Supervisor)
01/10/2019 → 27/04/2023
Project: PhD