The keynote session will be focused on stimulating reflections on the application of artificial intelligence to the railway market, with a final focus on the embedded systems used. The following topics will be introduced: i) what AI for Railway means, main use cases, importance of data in AI applications, consolidated practices, critical issues, side effects and ongoing research fields.ii) The final part of the session will cover a specific discussions on sensing and computational capabilities for embedded systems to support AI application in Railway.
Luigi Rucher is the International Innovation Director at Thales GTS, in charge of Research, Technology and Innovation for Ground Transportation Systems Division (GTS) of Thales Group. Previously Technical Director at Thales Italia S.p.A. and Engineering Director for Thales in Italy relevant to Transportation, Defense and Security Markets. 25+ years experience in the ICT, Transportation, Defense and Security Industry, developed in three major high tech Multinational Groups: Marconi Plc, Finmeccanica and Thales Group. International profile with 20+ years industrial/business experience among Italy, Europe and other worldwide international contexts Graduated with honors in Electronic Engineering at the University of Naples Federico II (Italy), Luigi began his career working on digital signal processing applications in the initial phase of the digital age in the mid-1990s. Both managerial and technological growth, progressively moving more and more into the field of high-tech applications, from telecommunications to automation up to autonomous systems.
The Huawei Pisa Research Center is located in Pisa, and is a group of around 40 people working in the area of automotive embedded software.
In this presentation we will provide a short company introduction, and after that we will focus on some of the open challenges that the research center is working on in the latest months, mostly as a set of pointers which could be useful for understanding the current industrial layout and provide some topics of potential mutual interest for other research centers.
Short presentation about MBDA Company and how embedded systems are strongly involved in its business
MB Elettronica is an Italian company that has been working for over 50 years in the sector of electronics and high-tech and thus able to collaborate with clients on the design, development and assembly of electronic boards and electronic devices, on the integration and test of devices and systems, mainly in the rail, security, aerospace and communications sectors. We also provide rapid prototyping and after-sales services.
The electronic sector is becoming more and more important and is already part of our daily lives. Over these years MB Elettronica has increased and improved its expertise along with the sector and has developed cutting-edge solutions and services.
Resiltech SRL - company presentation
TopNetwork - Company Presentation
Smart Cities in future is expected to evolve in human-centered ecosystems in which business and technology jointly will drive the digital transformation. Mega regions will give way to realties composed of densely developed urban hubs connected by high-speed rail to reduce emissions and speed commute times. Services will be increasingly personalized and people thrive by managing water, food, and recreation in a sustainable manner. Advanced technological platforms are fundamental to manage all services in a safe and sustainable way. In this paper we present the SmartMe® Fleet Manager solution as configurable and customizable software platform designed for remotely managing IoT devices in such a context. Moreover, a case study is presented and discussed.
Cyber-Physical Systems (CPSs), i.e., systems comprising both software and physical components, arise in many industry-relevant application domains and are often mission- or safety-critical.
System-Level Verification (SLV) of CPSs aims at certifying that given (e.g., safety or liveness) specifications are met or at estimating the value of some Key Performance Indicators when the system runs in its operational environment, that is, in the presence of inputs (from the user or other systems) and/or of additional, uncontrolled disturbances.
In order to enable (both exhaustive and statistical) SLV of complex systems from the early design phases, the currently most adopted approach envisions the simulation of a system model under the (time-bounded) operational scenarios deemed of interest. Unfortunately, simulation-based SLV can be computationally prohibitive (years of sequential simulation) since system model simulation is computationally intensive and the set of scenarios of interest can be extremely large.
In this talk, we present a technique that, given a collection of scenarios of interest (extracted from mass-storage databases or symbolic structures like constraint-based scenario generators), computes parallel shortest simulation campaigns, which drive a possibly large number of system model simulators running in parallel in an HPC infrastructure through all (and only) those scenarios in the user-defined (possibly random) order, by wisely avoiding multiple simulations of repeated trajectories and thus minimising the overall completion time, compatibly with the available simulator memory capacity.
Our experiments on SLV of Modelica/FMU and Simulink case study models with up to almost 200 million scenarios show that our optimisation yields speedups as high as 8×. This, together with the enabled massive parallelisation, makes practically viable (a few weeks in an HPC infrastructure) verification tasks (both statistical and exhaustive, with respect to the given set of scenarios), which would otherwise take an inconceivably long time.
In the development of component-based Systems of Systems (SoS), quantitative evaluation of stochastic models of the SoS failure logic enables derivation of dependability measures, supporting early assessment of design choices and proactive fault management. FaultFlow is a well-engineered Java library for dependability evaluation of component-based Systems of Systems (SoS), modeling fault propagations both within individual components and between different components (possibly not connected through physical or communication interfaces), and characterizing the duration to occurrence or propagation of faults through non-Markovian distributions, possibly with firmly bounded support. By leveraging Model Driven Engineering (MDE) principles, FaultFlow metamodel instances can be automatically derived from SysML Block Definition Diagrams (BDDs) and Stochastic Fault Trees (SFTs), and can be automatically translated into metamodel instances of the Sirio library and the Pyramis library, enabling efficient evaluation of the failure process duration distribution as well as of fault importance measures, even for significantly complex SoS with hundreds of different faults.
However, in many application domains, the actual state of an SoS cannot be directly observed, thus preventing effective exploitation of dependability models for online failure prediction. In this contribution, we extend FaultFlow with an observation model, assuming that the failure process of the SoS cannot be observed and that typed events emitted in states of this hidden process can instead be observed. For each state of the hidden process, the observation model characterizes both the discrete distribution of the event types and the continuous-time distribution of the event inter-arrival times. In doing so, instances of the extended FaultFlow metamodel can be exploited to simulate the SoS behavior and to generate data sets of time-stamped observations, collecting both the type and the occurrence time of each observed event. Data sets can then be used to learn the failure logic model of the SoS, through model-based or data-driven methods, thus supporting online failure prediction.
The modern approach to the development of critical applications (for example, in aerospace) follows the Integrated Modular Avionics (IMA) paradigm. The main tenet of IMA is to “integrate” software components, so that different functionalities can share the same hardware resources, in a manner that tightly controls the sources of interference among them, thereby ensuring adequate levels of isolation.
Isolation concerns arise from three complementary dimensions: temporal, spatial and fault.
In modern aerospace applications, such isolation is achieved through partitioning, using static resource allocation, with an architecture known as Time-and-Space Partitioning (TSP).
TSP systems frequently suffer from low utilization arising from the need (or the prevalent practice) to add cautionary margins to partitions’ budgets.
In real-world applications, these margins can reach up to 50% of the estimated execution time of the tasks within partitions.
Alternative approaches to TSP, known as Mixed-Criticality Systems (MCS), therefore arose to attain higher schedulable utilization.
The MCS model allows tasks at different criticality levels to be executed without strict partitioning, while granting that, on the occurrence of transient overloads, high-criticality tasks will be granted privileged (and assured) status over and above low-criticality tasks.
State-of-the-art MCS scheduling policies, such as Adaptive Mixed Criticality (AMC), employ a runtime monitor to detect the occurrence of an overload situation, and trigger a CPU mode change, where only high-criticality tasks are allowed to use the CPU.
Current MCS solutions do not address space isolation, which is an essential requirement for safety-critical applications. Without that capability, MCS will be unable to supplant TSP.
[Bottaro & Vardanega, 2022] provided a runtime library for the Ada programming language adapted to support a dual-core semi-partitioned variant of the AMC MCS scheduler for use with Ada Ravenscar applications running on multicore processor targets.
The cited work shows the ability to yield a higher schedulable and guaranteed utilization than a functionally equivalent TSP implementation.
As per the practice in MCS research, that work focused exclusively on temporal isolation, ignoring spatial isolation.
In the work presented in this paper, we extended Bottaro’s runtime with mechanisms that cater for spatial isolation.
Our extended runtime provides three fundamental features in the regard of space isolation:
(1) An ownership mechanism similar to the Rust programming language, which allows using dynamic memory safely for inter-partition communications.
(2) Disciplined use of Ada packages and idiomatic programming to restrict visibility in a way that yields an equivalent of TSP partitioning, so that space isolation can be asserted statically, at compile time.
(3) An improved runtime scheduler that causes deferred suspension for low-criticality tasks that should be frozen on a mode change, when they still had to commit an exclusive write or read an inter-partition message.
We explored the behavior of our extended runtime against synthetically-generated tasksets, to confirm its ability to preserve time and space isolation, and to measure the runtime overhead of the associated mechanisms.
This work demonstrates that MCS runtimes can support both spatial and temporal isolation, providing sufficient guarantees for use in real-world aerospatial applications.
Future work along this line of research may investigate two further directions: (1) the provision of fault-handling capabilities; (2) the exploration of inter-partition communication mechanisms and patterns that extend across cores.
Recent advances in silicon technologies enable smaller and faster chips. FinFET transistors give benefits in terms of area reduction and achievable switching frequency. However, they show a different aging pattern concerning the planar FET, consisting in a gradual reduction of their switching frequency, which may eventually lead to the violation of the circuit’s timing constraints. This difference has a major impact on the design and evaluation of safety mechanisms, in particular on the choice of the Fault Model. Indeed, it has been shown that the Path delay fault model, better fits this technology, than the Stuck-at fault model, which is the de-facto standard for fault grading of on-field testing mechanisms. The Stuck-at fault model assumes independent and identically distributed faults, bringing several advantages in terms of modeling, computation, and implementation complexity. This does not hold for the Path Delay fault model, opening several challenges, starting from the identification of the fault population, to the implementation of fault simulation strategies, and fault grading approaches, accounting for physical and logical dependencies among paths.
The fourth industrial revolution called Industry 4.0 tries to bridge the gap between traditional Electronic Design Automation technologies and the necessity of innovating in many industrial fields, e.g., automotive, avionic, and manufacturing. This complex digitalization process involves every industrial facility and comprises the transformation of methodologies, techniques, and tools to improve the efficiency of every industrial process. The enhancement of functional safety in Industry 4.0 applications needs to exploit the studies related to model-based and data-driven analyses of the deployed Cyber-Physical Systems (CPS). In this context, the modeling and simulation of complex CPS play a fundamental role. Modeling a CPS is possible at different abstraction levels, relying on the physical details included in the model and necessary to describe specific system behaviors. However, it is extremely complicated because an CPS is composed of heterogeneous components related to different physical domains, e.g., digital, electrical, and mechanical. In addition, to perform more specific analyses it is necessary to consider not only nominal behaviors but also faulty behaviors, e.g., predictive maintenance of specific assets. Nevertheless, these faulty data are usually not present or not available directly from the industrial machinery. To overcome these limitations, constructing a virtual model of a CPS extended with different classes of faults enables the characterization of faulty behaviors of the system influenced by different faults. In literature, these topics are addressed with non-uniformly approaches and with the absence of standardized and automatic methodologies for describing and simulating faults in the different domains composing a CPS.
Specifically, the proposed contributions involve the extension of state-of-the-art fault injection practices to improve the CPS safety, the development of frameworks for safety operations automatization. Overall, fault injection in analog and digital models is the state of the practice to ensure functional safety, as mentioned in the ISO 26262 standard specific for the automotive field. Starting from state-of-the-art defects defined for analog descriptions, new defects are proposed to enhance the IEEE P2427 draft standard for analog defect modeling and coverage. Unlike the electrical domain, there is no extensive use of fault injection techniques in the mechanical or thermal ones. Thus, extending the fault injection to those domains allows for supporting the definition and evaluation of more reliable safety mechanisms. To achieve this goal, we built a taxonomy of mechanical faults inspired by electrical ones, by exploiting well-defined physical analogies. Furthermore, we built specific tools for automatically instrumenting different descriptions with multi-domain faults. The entire work is proposed as a basis for supporting the creation of increasingly resilient and secure CPS that need to preserve functional safety in any operating context.
The remarkable accomplishments of artificial intelligence techniques across various embedded applications, including object detection and natural language processing, have highlighted the need for efficient processing of growing data volumes while minimizing energy consumption. Consequently, there has been a notable surge in the pursuit of hardware accelerators that can significantly enhance power efficiency and performance and the shift of the computation from the Cloud to the Edge platforms. In the context of the HIPERAIHL project, which aims to develop an hardware library suitable for different AI models, we conducted a preliminary evaluation of an object detection application on the Xilinx KV260 embedded platform. We examined the platform's capabilities in order to gain insights into performance limitations and identify areas where optimizations can be made. We found that the overall application performance can be influenced by design choices like input source types (e.g., MIPI, USB, SDCARD), memory bandwidth and bus utilization. These factors play a crucial role in determining how efficient and effective the object detection application performs on an embedded platform like the Xilinx KV260.
Having emerged victorious in a multitude of competitions, encompassing pattern-recognition, classification, object-recognition, and other related domains, Artificial Neural Networks (ANNs) have garnered significant acclaim and recognition.
This success has positioned them as one of the most effective learning techniques, capturing the attention of many researchers and industrial companies.
While ANN models are widely used for software executions, state-of-the-art hardware accelerators for ANNs are tremendously resource intensive due to the massive amount of processing elements needed to effectively accelerate computations, hence hindering the spread of special-purpose commercial devices.
As proved by many scientific contributions, the Approximate Computing (AxC) design paradigm can provide efficient hardware accelerators for ANN: by renouncing some classification accuracy, indeed, AxC can reduce the hardware overhead with respect to full-accurate system in several application-fields, including artificial intelligence, image processing, and even circuit design.
Specifically to ANNs, approximate multiplier are carefully selected and deployed within ANNs to reduce the overall energy consumption, since they are recognized as the most demanding component in terms of hardware overhead.
However, quantifying the error introduced by these circuits requires expensive hardware prototyping, and, as a result, a software emulator of ANN accelerators is often executed on CPUs or GPU, that is much slower than a software ANN implementation running on the same CPU or GPU using standard IEEE 754 instructions and common ANN libraries. This is due to CPUs and GPUs lacking hardware support for approximate arithmetic operations; hence, such operations must be emulated, which comes at a high computational cost.
As the above poses a cumbersome task, there have been only a few contributions in the scientific literature, either combining Intel AVX2 intrinsic and OpenMP-based thread-level parallelism, or exploiting CUDA-capable GPUs-to accelerate the emulation.
Anyway, there are still open challenges, including coping with affine transformations -- such as quantization schemes being used to allow an efficient implementation of arithmetic operations using only integer arithmetic --, selecting approximate variants providing the best compromise between classification accuracy and hardware overhead, and approximating other types of network layers other than convolution ones, achieving additional performance benefits besides broadening the scope of applicability to various other ANN models and architectures, including those performing on-device sensor data analytics at extremely low power, and hence enabling a variety of always-on use-cases and targeting battery operated devices.
In this paper, we propose Inspect-NN that, to the best of our knowledge, is the first TensorFlow-Lite based framework for designing approximate ANNs. It provides efficient emulation for approximate circuits to be deployed in ANNs accelerator, allowing fast design approximate hardware accelerators for ANNs.
Inspect-NN allows automatic parsing of TensorFlow-Lite model, gathering details concerning the ANN to be approximated.
Its approximation flow does not need any preliminary resiliency analysis, nor input preprocessing, it allows deploying approximate arithmetic components onto any layer, and approximate ANNs are selected while resorting to multi-objective optimization, i.e., minimizing both the accuracy loss due to approximation and the overhead, such as power consumption, during the inference phase.
The impact of approximation, which is introduced by carefully replacing multipliers with approximate ones, is evaluated while resorting to GPU to accelerate the emulation of approximate components.
ROS 2 is a widely used open-source software platform that supports a broad range of robotics and distributed applications. The aim of ROS2 is to provide Secure and Reliable communications, making it suitable for safety-critical contexts. Nevertheless, the application of specific Intrusion Detection Systems (IDS) for ROS2-based applications is critical to defend against attacks. The availability of public datasets related to ROS2 systems is a fundamental resource for researching IDS and assessing their performance. In this paper, we generate the first dataset specific to a ROS2 real application, the Vehicle CI component of SPaCe: a distributed cyber-physical system designed to optimize public mobility. The dataset is structured as a time series and describes the normal behavior of the system and its response to ROS2-specific Discovery and Denial of Service (DoS) attacks. The data collection involves monitoring the OS indicators, the network activity, and the ROS2 nodes. We validate the dataset by training and testing 2 different machine learning IDS and using the Accuracy, Roc Curve, and Precision-Recall Curve as metrics.
Indoor location-based services (LBS) face challenges such as high cost, low availability, and privacy issues. Traditional indoor LBS technologies, such as beacon-based and tagless solutions, have drawbacks such as high cost, low accuracy, high power consumption, interference, or privacy concerns.
We propose to use long-range capacitive sensors and neural networks to provide a reliable, low-cost, and privacy-preserving indoor LBS system. Long-range capacitive sensors are completely privacy preserving and inexpensive, but they can be susceptible to environmental electromagnetic noise. To address this issue, we use neural networks to denoise, infer, and generalize both the location and the dynamics of human motion.
In this research, we investigate two enhanced neural network models that do not use pooling layers, which can limit accuracy: Temporal Convolutional Network (TCN) and Capsule Network (CapsNet). We use state-of-the-art Neural Architecture Search (NAS) to tune and optimize these models for both accuracy and resource consumption. We compare their inference accuracy to that of a 1D convolutional neural network (1D-CNN), which in a previous work excels at extracting information and rejecting noise. The NAS results show that with only a small fraction of the resources, less than 27 %, these models can achieve comparable or better accuracy.
To further improve accuracy and generalization, we use three different formulations of Knowledge Distillation (KD) for regression. KD is a technique that transfers knowledge from large teacher model to a small student model. We use NAS to tune the teacher models for high accuracy, for two types of teacher models, TCN and CapsNet, and we use student model of the same type. We got the best results with a two-step distillation process. The first step distills knowledge from a teacher model of the same type as student model without any prior training. The second step distills knowledge to the previously trained student, but from a teacher model of different type. This method improves the inference accuracy of the student networks by almost 24 % and also improves their generalization while maintaining their low number of parameters.
Zoe is a platform that connects the world of IoT with modern ML and AI methodologies, designed to operate in all those scenarios where the IoT data sensing world can benefit from AI support.
The solution has been developed to be easily scalable and capable of working on embedded systems or on the cloud (or simultaneously on both scenarios) depending on specific requirements.
All the elements that make up the ecosystem have been designed to be distributed in a modular and customizable manner, allowing for quick and easy architectural management and efficient utilization of available resources to support the expected workload for the desired verticalizations.
This talk will illustrate some of the research challenges we face in Akkodois. AI and Embedded systems are part of the Akkodis' core business. On the one hand, AI is the new golden standard for face Vision and NLP tasks. On the other hand, most of the cyber-physical systems (e.g., smartphones, IoT sensors, biomedical devices) that run the AI models are resource-constrained. The shortage of computational power poses a first challenge: how could we fit and run a model with billions of parameters (i.e., floating-point numbers) into a small device with limited memory, CPU, and battery? Indeed, in many practical applications, state-of-the-art general-purpose quantization algorithms show unsatisfactory performances. Second, porting AI models on such devices requires the availability of toolchains that are specific to the underlying embedded system. Using these toolchains requires intense training and dedicated staff, which is undesirable, especially when working with different hardware. We illustrate these issues through two real-world case studies.
Nowadays, Machine Learning (ML) is the core component of many embedded applications, enabling even resource constrained IoT edge nodes to perform “smart” decisions. Compared to a cloud-based approach, dDirect on-device deployment of ML models can lead to higher energy efficiency and latency predictability, while also reducing data privacy concerns. However, embedded devices’ tight latency, memory and power constraints allow only the deployment of lightweight and highly optimized models.
Tree-based ensembles (e.g., Random Forests, Gradient Boosting) are popular ML models for embedded applications due to their high accuracy with limited memory and computational requirements. Often, they can achieve an accuracy comparable to state-of-the-art Deep Learning solutions, with significantly less operations.
However, while training such models has become straightforward thanks to popular open-source libraries, the same does not hold for deploying them at the edge. The ecosystem of deployment tools is in fact complex and fragmented, with most solutions requiring significant effort on the developer side, that should manually perform model optimizations (e.g., quantization) separately.
In this contribution, we present a novel tool to easily deploy tree-based ensembles at the edge, which automatically generates inference C code for embedded devices. Our tool, named EDEN (Efficient Decision tree ENsembles), leverages an optimized implementation of the required data structures, which minimizes both the number of parameters to be stored and the number of memory accesses. EDEN allows exporting both regression and classification models directly from Python, requiring no additional steps from users. Moreover, it can automatically handle input and output quantization, generating a compressed version of the ensemble that can save significant amounts of memory with little to no accuracy drop.
In this first release, we mainly target as deployment target GAP8, a microcontroller leveraging an 8-core RISC-V based cluster, although EDEN can be easily extended to support other targets (e.g., it can also generate code for x86 targets for debugging). In case of GAP8, the code generated by EDEN i) maximizes parallelization, ii) leverages fully the complex memory hierarchy of the chip and iii) makes use of the available SIMD instructions, thus allowing to fully benefit of the target hardware features during the inference phase.
Finally, EDEN also supports the generation of input-adaptive tree ensembles, i.e., models in which the number of executed trees changes dynamically based on the processed input, thus allowing additional energy/latency savings for "easy" samples.
This work presents a novel algorithm for real-time path planning that optimize the trajectory of a mobile robot while avoiding both static and dynamic obstacles. The task is addressed as an optimal control problem, subject to a set of constraints. The algorithm exploits model predictive control and is designed for an unmanned ground vehicle, modeled with a non-linear dynamics, and equipped with a LiDAR sensor that generates a sequence of point clouds.
In recent years, we are observing a growing interest in the possibility of training machine/deep learning models directly on devices, rather than on the Cloud or on centralized server. This approach, borrowed from Edge computing, is known as on-device training and offers several advantages in terms of latency and security. Forging ahead in Artificial Intelligence (AI) made it possible to deliver intelligence into low-cost hardware like MCUs boards, giving birth to a new type of smart devices known as Intelligent Cyber Physical Systems (ICPSs) representing the core of modern smart environments.
One of the main challenges in on-device training is the limited computational resources available on these devices. To overcome this issue, various techniques have been proposed, such as weights compression and quantization to reduce the memory footprint and complexity of a deep learning model, but they only address the problems related to the inference process. Moreover, they usually need a careful hyperparameters tuning and sometimes a total model re-training which can be time-consuming. Federated learning can be considered a viable approach to train Deep Neural Networks (DNNs) in a distributed way without sharing the local data, thus preserving privacy. Unfortunately, such a paradigm becomes ineffective when connection stability cannot be guaranteed and there is the necessity of learning new patterns in real-time (e.g., in industrial applications). Transfer learning is another solution that adopts a pre-trained model as a starting point. If on one hand, this approach allows to perform a less onerous training procedure to specialize a model on a different (but correlated) task, on the other, it still requires algorithms such as gradient descent and backpropragation (BP) that in some cases could not be available. This is even more evident when working with MCUs whose low amount of memory, energy, and computing power pose significant restrictions on the tasks that can be performed.
Forward-Forward (FF) algorithm is a novel learning technique for neural networks that is intended to replace traditional BP in those applications where computing power and energy are an issue. FF replaces the typical forward and backward passes that characterize BP, with two forward passes having opposite objectives, without the need of backpropagating error gradients along the entire network architecture, thus resulting in an easier and less onerous procedure.
In this work, we present μ-FF, a variation of FF that tackles the training process by setting up a multivariate Ridge regression problem. We also present a way to solve this regression task with a closed-form solution by using the Mean Squared Error (MSE) as loss function. Such an approach does not require the computation of any gradient which makes it suitable to be executed also on constrained hardware devices with limited computing power such as MCUs. Specifically, in our experimentation, we were able to perform the on-device training procedure directly on the MCUs of STM32 family and measure the performance of our solution by conducting tests on the Fashion-MNIST benchmark dataset.
In questo intervento verranno condivise alcune considerazioni sugli embedded systems, considerando questi ultimi come sintesi della convergenza di tecnologie avanzate e sul loro vasto impatto sui settori più disparati compresi quelli personali e sociali. In particolare saranno affrontati temi, anche metodologici della loro progettazione, relativi alla veloce evoluzione tecnologica, all’interoperabilità, alla resilienza, sicurezza oltre ad aspetti di eticità e al rispetto delle normative che evolvono.
Experienced Manager Of Business Development and Innovation with a demonstrated history of working in the information technology, cybersecurity services and smart/safe/sustainable mobility. Strong sales professional skilled in Marketing Management, Business Planning, Innovation Management, Entrepreneurship, and Customer Relationship Management (CRM). Business ecosystems creator and convinced supporter. Senior Expert of public R&D funding programs with impressive results in EU civil and defence programs (FP7, H2020, ECSEL, EIT Digital, Horizon Europe, EDF, ...) and a large established network of partnerships. Still equipped with large reserves of curiosity and passion for innovation.
The railway industry is interested in finding new ways to automate complex train functions, such as track discrimination, obstacle detection, sign recognition, etc.. This work proposes a novel method based on LiDAR processing to determine the track on which the train is traveling. As a first step, the proposed algorithm selects a significant subset of the original LiDAR point cloud, using the profile shape of the rail and its intensity features. Then, an enhanced version of the Hough Transform is applied to detect the linear structure of the rails. In addition to the number of voters, each line is associated with its height, intensity, and slope to filter the resulting set of possible rails. The DBSCAN algorithm performs a clustering on this remaining set of lines, returning for each cluster a single line corresponding to the weighted centroid of the voters. Finally, a track pairing algorithm couples pairs of rails by relying on the geometric constraints imposed by the constructional features of the railway environment. The preliminary results achieved on synthetic data produced with a simulator and a small set of real acquisitions are promising, hence the approach will be validated with a larger dataset and extended to handle switches.
The railway domain is regulated by rigorous safety standards to ensure that specific safety goals are met. Often, safety-critical systems rely on custom hardware-software components that are built from scratch to achieve specific functional and non-functional requirements. Instead, the (partial) usage of Commercial Off-The-Shelf (COTS) components is very attractive as it potentially allows reducing cost and time to market. Unfortunately, COTS components do not individually offer enough guarantees in terms of safety and security to be used in critical systems as they are. In such a context, RFI (Rete Ferroviaria Italiana), a major player in Europe for railway infrastructure management, aims at equipping track-side workers with COTS devices to remotely and safely interact with the existing interlocking system, drastically improving the performance of maintenance operations. This paper describes the first effort to update existing (embedded) railway systems to a more recent cyber-physical system paradigm. Our Remote Worker Dashboard (RWD) pairs the existing safe interlocking machinery alongside COTS mobile components, making cyber and physical components cooperate to provide the user with responsive, safe, and secure service. Specifically, the RWD is a SIL4 cyber-physical system to support maintenance of actuators and railways in which COTS mobile devices are safely used by track-side workers. The concept, development, implementation, verification and validation activities to build the RWD were carried out in compliance with the applicable CENELEC standards required by certification bodies to declare compliance with specific guidelines.
Software testing plays a critical role in the software development lifecycle, by identifying code anomalies and ensuring compliance with requirements established during the design phases. The assessment of testing quality is a complex task, often relying on coverage metrics to evaluate the effectiveness of test cases. In safety-critical systems, which are subject to stringent industry regulations, specific coverage metrics based on the level of safety to achieve need to be adopted. However, meeting these metrics can be challenging, especially considering the complexity of the system and the need to test the actual production code without any code instrumentation. The most commonly adopted solution is to use special hardware modules that allow all information regarding the execution of the system under test to be obtained noninvasively. Nevertheless, in cases where the aforementioned solutions are unfeasible, it is common practice to use testing techniques that instrument the code. To address this issue, this study presents Log-Trace Testing (LTT), a fully automated testing approach that harnesses the system log, a widely prevalent element in safety-critical systems. LTT provides an alternative solution to those in the scientific literature, by leveraging the system log to evaluate coverage metrics, including function coverage, statement coverage, branch coverage, and Modified Condition/Decision Coverage (MC/DC) coverage. To validate the effectiveness of LTT, it was successfully applied to test an industrial product from the railway sector, demonstrating its suitability and performance in real-world scenarios. By utilizing the system log, LTT offers a practical and effective approach to testing safety-critical systems while adhering to regulatory requirements and without the need for code instrumentation.
Due to its strong hardware dependency, the development process of an embedded system is often seen as something detached from cloud, automation and “shift left” concepts. The need to deliver increasingly complex products in a short time with the highest level of reliability pushed MBDA to rethink its way to produce embedded software. By redesigning the architecture of the software testing platforms, combining IoT technologies with Cloud and DevOps tools, MBDA has drastically reduced manual tasks, allowing engineers to focus their efforts on software design and performance evaluation, more than coding, ensuring the quality required by MBDA standards.
The adoption of embedded systems that combine hardware accelerators and application-specific processors presents new challenges. Specifically, effectively controlling the duration of memory access in Commercial Off-the-Shelf (COTS) System-on-Chip (SoC) architectures becomes challenging due to competition for main memory among different computing engines.
To address this challenge, bandwidth regulation approaches based on monitoring and throttling have gained widespread acceptance. However, existing solutions have limitations, such as being too coarse-grained, limiting control over computing engine activities, or being specific to particular SoCs.
To tackle this problem, we propose a fine-grained and platform-independent solution called the Runtime Bandwidth Regulator (RBR). The RBR facilitates precise management of main memory bandwidth usage in COTS, FPGA-based Heterogeneous Systems-on-Chip (HeSoCs) through tightly-coupled monitoring and throttling. Our RBR ensures accurate delivery of desired Quality of Service (QoS) levels and can quickly adapt to dynamic changes in QoS requirements. It operates independently of the platform, does not disrupt ongoing tasks, and introduces minimal timing overhead.
Experimental results conducted on the Xilinx Zynq UltraScale+ platform demonstrate the superior performance of our approach. The RBR surpasses loosely-coupled regulators by a factor of more than 100, unlocking possibilities that were previously unattainable with existing state-of-the-art bandwidth regulation methods.
The study of parallel task models for real-time systems has become fundamental due to the increasing computational demand of modern applications, which are executed in parallel to leverage the availability of multiple cores of multicore computing platforms and to boost performance.
In this context, the gang scheduling paradigm is receiving increasing attention thanks to the performance improvements it can provide for tightly-synchronized parallel applications. Existing works on real-time gang partitioned scheduling use a rigid model, where the number of cores required by a task is assumed to be constant, thus overestimating its computational demand. On the other hand, the bundled model, where tasks consist of segments (or bundles), each requiring a different number of cores, was introduced to obtain a more accurate representation of the tasks' parallelism. However, this model has only been analyzed for global scheduling, which is notably considered less predictable from the perspective of timing.
To fill this gap, this work presents an analysis method for parallel real-time tasks under fixed-priority partitioned scheduling as well as the gang scheduling paradigms.
In particular, two schedulability analysis methods are proposed, one based on a closed-form formulation and the other based on an optimization technique. In addition, specialized partitioning heuristics are introduced. Finally, the results of an experimental evaluation are presented, comparing the proposed methods and considering different allocation heuristics.
National Centers and Extended Partnerships represent a significant development opportunity to realize the digital transition. The expectations of the scientific and industrial communities are maximizing participation to improve the country's competitiveness. In this context, IWES 2023 will include a session dedicated to the research on embedded systems within the PNRR framework.
The session will involve both research institutions and industrial partners. The objective is to provide an overview of the methods, process, and status of PNRR project implementations, with a specific focus to the field of embedded systems. The discussion will centre around the most significant topics addressed and the possibilities for collaboration, including funding opportunities being planned within each project.
Michele Colajanni is Professor of Cybersecurity in the Department of Computer Science and Engineering of the University of Bologna. He has founded multiple research and training activities concerning information security, cloud and big data analytics, such as the Interdepartmental Security Research Center, Masters for Universities and for the Defense, the Cyber Academy oriented to ethical hackers, and the Cybersecurity Management course at the Bologna Business School.
Antonio Capone is Full professor of Telecommunications at the Politecnico di Milano where he has held the role of Dean of the School of Industrial and Information Engineering since 2019. At the Department of Electronics and Information of the Politecnico di Milano he is the director of the Advanced Network Technologies Laboratory (ANTLab). He collaborates as scientific manager at the 5G Observatory and at the IoT Observatory of the Milan Polytechnic. Since 2022 he has been scientific director of the RESTART programme, an extended partnership (Telecommunications of the Future - PE14) funded by the MUR under the PNRR.
Davide Salomoni was recently appointed Innovation Manager at the Fondazione ICSC (Centro Nazionale per HPC, Big Data e Quantum). He has more than 30 years of international experience in private and public environments on distributed computing, technology transfer projects and communication technologies. For the past several years he was Director of Technology at INFN, which he represented in various compute-related national and international boards, leading also the nation-wide INFN distributed computing infrastructure. He is Adjunct Professor at the University of Bologna for the courses "Infrastructures for Big Data Processing" and "Biomedical Data Bases" for the Master’s Degree in Bioinformatics and for the PhD Degree in Data Science and Computation.
Carlo Sansone is Full Professor of Information Processing Systems at the Department of Electrical Engineering and Information Technologies of the University of Naples Federico II, where he coordinates the Master in Human-Centred Artificial Intelligence and chairs the University Center for Information Services (CSI). He is a member of the Management Committee of the National Laboratory of Artificial Intelligence and Intelligent Systems (AIIS) of CINI and vice president of the FAIR Foundation (Future Artificial Intelligence Research). He is a Senior Member of the IEEE and a Fellow of the IAPR (International Association for Pattern Recognition) and of the AAIA (Asia-Pacific Artificial Intelligence Association).
Progress in cyber-physical systems (CPS) requires the availability of robust platforms on which researchers can conduct real-world experiments and testing. However, the lack of commonly available CPS testbeds is especially signicant in the rapidly growing eld of connected, and autonomous vehicles (AVs). Modern full-scale automotive platforms are some of the most complex cyber-physical systems ever designed. From realtime and embedded systems, to machine learning and AI, sensor networks, to predictive control, formal methods, security & privacy, to infrastructure planning, and transportation - the design of trustworthy, safe AVs is a truly interdisciplinary endeavour that has captured the imagination of researchers in both academia and industry.
The F1/10 Autonomous Racing Cyber-Physical platform is a testbed technology representing the common denominator and key enabler to address the research and education needs of future autonomous systems and automotive Cyber-Physical Systems. Tere are no affordable, open-source, and integrated autonomous vehicles test-beds available today that would fit in a typical indoor CPS lab. Our goal is not to provide yet another isolated vehicle testbed. Instead, we aim to relieve researchers and educators the burdento set up their own facilities for research in autonomous vehicles. Since the platform is 1/10 the the scale of a real vehicle we call it F1/10 (inspired from Formula 1 (F1)).
Kick-started through a joint effort by University of Pennsylvania (USA), University of Virginia (USA), and UNIMORE (Italy), the the F1/10 research instrument builds stronger networks of collaborative research, including 40+ universities and research institutes all around the world. In Italy, UNIMORE and UNIBO are currently the two universities promoting the platform, and adopting it in their research.
Nowadays, Deep Neural Networks (DNNs) are widely used in several applications fields, such as computer vision, healthcare, autonomous driving, etc. Such networks are growing in both complexity and power-consumption, since they have to process an enormous amount of data. In addition, DNNs vulnerability to adversarial attacks -- inputs crafted carefully to force a misclassification -- has led to research into solutions to make them robust against such attacks.
In order to reduce complexity and power-consumption of DNNs, several compression techniques have been proposed to reduce their size, such as quantization and weight-sharing encode parameters by using few bits and suppressing some of them, respectively.
Finally, Approximate Computing (AxC) exploits the inner error resiliency of DNNs to carefully reduce the quality of results for performance benefits.
Although both compression techniques and approximation methodologies aim to introducing the least alterations to DNNs, learned parameters are heavily modified, hence inner properties, such as robustness against adversarial attacks, may be affected.
Despite the relevance, only a few contributions are made available to the scientific literature regarding robustness of Approximate DNNs (AxNNs) against adversarial attacks. Indeed, although some contributions consider the AxC as a defense strategy to achieve robustness against adversarial attacks, some others empirically proved that these are still transferable from the original DNN to the approximated one, meaning that an adversary crafted on a baseline DNN can fool both the compressed and AxNNs. Furthermore, AxC act antagonistically to quantization, meaning that it decrease the robustness of the quantized network to adversarial attacks.
However, the recent research questions need to be further investigated.
Resorting to several DNNs families, different datasets, and state-of-the-art design methodologies that target quantized and approximate DNNs, in our work, we provide:
a) a profound investigation concerning the transferability of adversarial samples between the original DNN, the quantized and the approximated ones,
b) an in-depth analysis of the effort required to fool quantized and approximated networks in while resorting to different attacks, including white-box and black-box ones. White-box attacks require an in-depth knowledge of the DNN to craft an adversarial sample, while black-box attacks craft attacks basing only on the outcome provided by the network. To the best of our knowledge, no scientific contribution that accomplish such an in-depth study is available.
Our preliminary results demonstrate that, in addition to a reduction in the power-consumption and size of the DNN, the AxNN is either as robust or more robust than both the original and quantized DNNs against adversarial attacks.
In specific, neither the quantization nor the approximation are defensive against white-box attacks, since the same effort is required to fool the original DNN, the quantized and the approximate ones.
Conversely, fooling the AxNN requires more effort than fooling both the original and the quantized DNNs in case of black-box attacks, and transferability of successful attack from the original DNN to the approximate one is poor. Therefore, the AxC is a defense strategy against black-box attack, in terms of effort required to craft successful attacks.
C-rusted is an innovative technology whereby C programs can be (partly) annotated so as to express: (1) ownership, exclusivity and shareability of language, system and user-defined resources; (2) dynamic properties of objects and the way they evolve during program execution; (3) nominal types and subtypes compatible with any standard C data type.
The (partially) annotated C programs, being fully compatible with all versions of ISO C, can be translated with unmodified versions of any compilation toolchain capable of processing ISO C code.
The annotated C program parts can be validated by static analysis: if the static analyzer flags no error, then the annotations are provably coherent among themselves and with respect to annotated C code, in which case said annotated parts are provably exempt from a large class of logic, security, and run-time errors.
C-rusted is a pragmatic and cost effective solution to up the game of C programming to unprecedented integrity guarantees without giving up anything that the C ecosystem offers today. That is, keep using C, exactly as before, using the same compilers and the same tools, the same personnel... but incrementally adding to the program the information required to demonstrate correctness, using a system of annotations that is not based on mathematical logic and can be taught to programmers in a week of training.
Embedded computing systems are becoming increasingly relevant in the Internet of Things (IoT) and edge computing domains, where they are often employed as the control entity of a cyber-physical system. When operating in such interconnected domains, a software system is susceptible to cyber-attacks from external agents, which can compromise the correct behavior of the system. In addition, the software executing in these systems is typically characterized by stringent timing constraints, which must be satisfied during system execution. Enabling software protections to enhance the security level of the embedded software comes at the cost of increasing the computation times of the tasks, introducing the risk of deadline misses that could also jeopardize the system behavior. This paper presents a methodology to optimize the security level of real-time software while preserving system-wide schedulability by leveraging timing analysis. The proposed approach is based on a mixed-integer linear programming (MILP) formulation that maximizes the security level of the tasks and integrates a response-time analysis technique to assess the schedulability of the system whenever additional protections are activated to shield the software against cyber-attacks targeting specific classes of vulnerabilities. An experimental evaluation is presented to assess the performance of the proposed approach on a representative set of tasks included in standard benchmarking suites for embedded software.
Side-channel analysis (SCA) is a major security concern for embedded systems. In recent years, deep learning techniques have been exploited to improve the efficiency of attacks in this class of cryptanalysis, giving rise to a new field of research, known as Deep Learning Side-Channel Analysis (DLSCA). The benefits are significant: an evolution of such an attack allows for a reduction in human intervention while achieving better performance than classical unprofiled attacks, such as Differential and Correlation Power Analysis.
Although promising, the explosion of the research field has not been accompanied by a process of standardization of experiments, making reproducibility of both tests and attacks difficult. In addition, the problem known as attack/model portability, which is particularly relevant to real-world use cases, has often been addressed by researchers using oversimplified setups, leading to an overestimation of the results obtained.
This work aims to impersonate, through different Neural Networks, three attackers with increasing knowledge of the attack scenario. The ultimate goal is to study the behavior of Deep Learning models in cross-device scenarios, exploring their capabilities and limitations in new contexts of portability.
In detail, knowledge gained from devices of a specific group of microcontrollers (known as profiling devices, considering Microchip's PIC18XXXK42 family) is exploited to launch an attack on devices of a different group of microcontrollers (referred to as attack devices, from Microchip's PIC18XXXK20 family), despite the differences between the two groups.
The results obtained show that it is possible to perform cross-family attacks with all the trained models considered, although the best performance can only be achieved by exploiting an ad hoc model that assumes complete knowledge of the attack scenario.
Embedded devices are a critical part of modern interconnected systems, from industrial control systems to consumer electronics. These devices are designed to perform specific functions and are often connected to networks or other devices, enabling them to exchange data and commands. However, as these devices become more connected, they also become more vulnerable to security threats.
One area of particular concern is the security of embedded communication protocols. These protocols play a critical role in enabling devices to exchange data and commands with each other, but they are also vulnerable to various attack vectors that can be exploited by attackers to gain unauthorized access, modify data, or disrupt communication. To mitigate these security risks, the National Institute of Standards and Technology (NIST) has provided guidelines for securing communication protocols. These guidelines emphasize the importance of implementing secure design practices, such as using encryption, authentication, and authorization mechanisms, and limiting communication to only what is necessary.
To address embedded devices' security needs and ensure information security while abstracting away the use of particular communication protocols, this paper aims to introduce a security-enhanced communication framework over standard communication protocols used in embedded devices that are deployed in many mission-critical or safety-critical domains. The work also presents an implementation of the framework over standard I2C communication protocol as a reference implementation.