An important challenge in networked control systems is to ensure the confidentiality and integrity of the message in order to secure the communication and prevent attackers or intruders from compromising the system. However, security mechanisms may jeopardize the temporal behavior of the network data communication because of the computation and communication overhead. In this paper, we study the effect of adding Hash Based Message Authentication (HMAC) to a time-triggered networked control system. Time Triggered Architectures (TTAs) provide a deterministic and predictable timing behavior that is used to ensure safety, reliability and fault tolerance properties. The paper analyzes the computation and communication overhead of adding HMAC and the impact on the performance of the time-triggered network. Experimental validation and performance evaluation results using a TTEthernet network are also presented.

For outdoor navigation, GPS provides the most widely-used means of node localization; however, the level of accuracy provided by low-cost receivers is typically insufficient for use in high-precision applications. Additionally, many of these applications do not require precise absolute Earth coordinates, but rather rely on relative positioning to infer information about the geometric configuration of the constituent nodes in a system. This paper presents a novel approach that uses GPS to derive relative location information for a scalable network of single-frequency receivers. Networked nodes share their raw satellite observations, enabling each node to localize its neighbors in a pairwise fashion as opposed to computing its own standalone position. Random and systematic errors are mitigated in novel ways, challenging long-standing beliefs that precision GPS systems require extensive stationary calibration times or complex equipment configurations. In addition to presenting the mathematical basis for our technique, a working prototype is developed, enabling experimental evaluation of several real-world test scenarios. The results of these experiments indicate sub-meter relative positioning accuracy under various conditions and in varying environments. This represents up to order of magnitude increase in precision over existing absolute positioning techniques or other unimodal GPS-based solutions.

Fractionated spacecraft - a cluster of simple satellites that are wirelessly connected, perform high-resolution sensing functions by running distributed sensor fusion applications. Coordinated swarms of networked Unmanned Aerial Vehicles carry out data collection damage assessment flights over large geographical areas affected by weather events. Fleets of Unmanned Underwater Vehicles collect climate change data from oceans with the help of sensor fusion and motion control applications. Smart data acquisition and control devices implement distributed sensing and control functions for the Smart Electric Grid. Such `cyber-physical cloud computing platforms' present novel challenges because the system is built from mobile embedded devices, is inherently distributed and typically has highly fluctuating connectivity among the modules. Architecting software for these systems raises many challenges not present in traditional cloud computing. Effective management of constrained resources and application isolation without adversely affecting performance are necessary. Autonomous fault management and real-time performance requirements must be met in a verifiable manner. It is also both critical and challenging to support multiple end-users whose diverse software applications have changing demands for computational and communication resources, while operating on different levels and in separate domains of security. The solution presented in this paper is based on a layered architecture consisting of a novel operating system, a middleware layer, and component-structured applications. The component model facilitates the creation of software applications from modular and reusable components that are deployed in the distributed system and interact only through well-defined mechanisms. The complexity of creating applications and performing system integration is mitigated through the use of a domain-specific model-driven development process that relies on a domain-specific modeling language and its accompanying graphical modeling tools, software generators for synthesizing infrastructure code, and the extensive use of model-based analysis for verification and validation.

Multi-module Cyber-Physical Systems (CPSs), such as satellite clusters, swarms of Unmanned Aerial Vehicles (UAV), and fleets of Unmanned Underwater Vehicles (UUV) are examples of managed distributed real-time systems where mission-critical applications, such as sensor fusion or coordinated flight control, are hosted. These systems are dynamic and reconfigurable, and provide a "CPS cluster-as-a-service'' for mission-specific scientific applications that can benefit from the elasticity of the cluster membership and heterogeneity of the cluster members. Distributed and remote nature of these systems often necessitates the use of Deployment and Configuration (D\&C) services to manage lifecycle of software applications. Fluctuating resources, volatile cluster membership and changing environmental conditions require resilience. However, due to the dynamic nature of the system, human intervention is often infeasible. This necessitates a self-adaptive D\&C infrastructure that supports autonomous resilience. Such an infrastructure must have the ability to adapt existing applications on the fly in order to provide application resilience and must itself be able to adapt to account for changes in the system as well as tolerate failures. This paper describes the design and architectural considerations to realize a self-adaptive, D\&C infrastructure for CPSs. Previous efforts in this area have resulted in D\&C infrastructures that support application adaptation via dynamic re-deployment and re-configuration mechanisms. Our work, presented in this paper, improves upon these past efforts by implementing a self-adaptive D\&C infrastructure which itself is resilient. The paper concludes with experimental results that demonstrate the autonomous resilience capabilities of our new D\&C infrastructure.

Model- and component-based design have yielded dramatic increase in design productivity in several narrowly focused homogeneous domains, such as signal processing, control and aspects of electronic design. However, significant impact on the design and manufacturing of complex cyber-physical systems (CPS) such as vehicles has not yet been achieved. This paper describes challenges of and solution approaches to building a comprehensive design tool suite for complex CPS. The primary driver for the OpenMETA tool chain was to push the boundaries of the “correct-by-construction” principle to decrease significantly the costly design-build-test-redesign cycles in design flows. In the discussions we will focus on the impact of heterogeneity in modeling CPS. This challenge is compounded by the need for rapidly evolving the design flow by changing/updating the selection of modeling languages, analysis and verification tools and synthesis methods. Based on our experience with the development of OpenMETA and with the evaluation of its performance in a complex CPS design challenge we argue that the current vertically integrated, discipline-specific tool chains for CPS design need to be complemented with horizontal integration layers that support model integration, tool integration and design process integration. This paper will examine the OpenMETA technical approach to construct the new integration layers, provides and overview of the technical framework we established for their implementation and summarize our experience with their application.

A distributed spacecraft is a cluster of independent satellite modules flying in formation that communicate via ad-hoc wireless networks. This system in space is a cloud platform that facilitates sharing sensors and other computing and communication resources across multiple applications, potentially developed and maintained by different organizations. Effectively, such architecture can realize the functions of monolithic satellites at a reduced cost and with improved adaptivity and robustness. Openness of these architectures pose special challenges because the distributed software platform has to support applications from different security domains and organizations, and where information flows have to be carefully managed and compartmentalized. If the platform is used as a robust shared resource its management, configuration, and resilience becomes a challenge in itself. We have designed and prototyped a distributed software platform for such architectures. The core element of the platform is a new operating system whose services were designed to restrict access to the network and the file system, and to enforce resource management constraints for all non-privileged processes Mixed-criticality applications operating at different security labels are deployed and controlled by a privileged management process that is also pre-configuring all information flows. This paper describes the design and objective of this layer.

Fractionated spacecraft is a novel space architecture that uses a cluster of small spacecraft modules (with their own attitude control and propulsion systems) connected via wireless links to accomplish complex missions. Resources, such as sensors, persistent storage space, processing power, and downlink bandwidth can be shared among the members of the cluster thanks to the networking. Such spacecraft can serve as a cost effective, highly adaptable, and fault tolerant platform for running various distributed mission software applications that collect, process, and downlink data. Naturally, a key component in such a system is the software platform: the distributed operating system and software infrastructure that makes such applications possible. Existing operating systems are insufficient, and newer technologies like component frameworks do not address all the requirements of such flexible space architectures. The high degree of flexibility and the need for thorough planning and analysis of the resource management necessitates the use of advanced development techniques. This paper describes the core principles and design of a software component framework for fractionated spacecraft that is a special case of a distributed real-time embedded system. Additionally we describe how a model-driven development environment helps with the design and engineering of complex applications for this platform.

The systematic design of automotive control applications is a challenging problem due to lack of understanding of the complex and tight interactions that often manifest during the integration of components from the control design phase with the components from software generation and deployment on actual platform/network. In order to address this challenge, we present a systematic methodology and a toolchain using well-defined models to integrate components from various design phases with specific emphasis on restricting the complex interactions that manifest during integration such as timing, deployment, and quantization. We present an experimental platform for the evaluation and testing of the design process. The approach is applied to the development of an adaptive cruise control, and we present experimental results that demonstrate the efficacy of the approach.