Full TitleReconfigurability and Adaptability in Safe and Secure Multicore Architectures for Mixed-Criticality Applications
Aerospace systems have strict dependability and real-time requirements, as well as a need for flexible resource reallocation and reduced size, weight and power consumption. As such, there is an increasing trend for mixed-criticality aerospace systems – multiple functions (avionics, payload), with differing importance and certification assurance levels, integrated in a shared computing platform. To implement this integration while still maintaining safety and fault containment properties, time and space partitioning (TSP) principles are employed – the onboard functions are logically separated into partitions. Robust temporal and spatial partitioning means that partitions do not mutually interfere in terms of fulfilment of real-time and addressing space encapsulation requirements.
The first steps in the application of TSP principles to aerospace applications were presented, through an academia/industry consortium, by READAPT’s partners, to the European Space Agency (ESA), who financed the development of a preliminary proof of concept and its later evolution towards an industry-grade prototype, within the scope of ESA’s Innovation Triangle Initiative programme. READAPT stems from those activities, where the original AIR architecture was designed. AIR fulfils the requirements for robust TSP, and foresees the use of different operating systems among the partitions, either real-time operating systems or generic non-real-time ones. Temporal partitioning is achieved through the scheduling of partitions in a cyclic sequence of fixed time slices. Inside each partition, processes compete with each other according to the native process scheduler of the partition.
In READAPT, we aim to build upon and evolve the AIR architecture, so that it becomes eligible to build reconfigurable, (self-)adaptable, safe and secure mixed-criticality TSP systems which take effective advantage of platforms equipped with multicore processors. Multicore processors are becoming the standard in the computer hardware industry and, consequently, in aerospace embedded systems. Although the latest versions of processors deployed in space support multicore configurations, only one core is routinely enabled and used when highly-critical tasks are involved. When actively exploited, the employment of multiple processor cores can augment the capacity of a TSP system. This project aims to do so by introducing different levels of parallelism between tasks (processes) being executed in the system.
A space mission may routinely be subject to both foreseen and unforeseen changes in its operational and environmental conditions. Flexible reconfiguration and adaptation in the face of these changes is much important and has been proven to be able to prolong the lifetime of unmanned space vehicles by years. This project proposes to achieve (self-)adaptability by combining the multiplicity of processor cores with mechanisms to detect the aforementioned operational and environmental changes; adaptability mechanisms shall also be invokable through a direct order from ground control. We also aim adding the capability of reconfiguring the system, without interrupting or majorly interfering with its execution, either by changing its configuration parameters or by applying updates to the applications being executed.
Embedded computing systems, and in particular those found aboard of unmanned spacecrafts, must integrate input/output (I/O), which include sensors and actuators, and also in-vehicle (real-time) wired and wireless networks. This project proposes to integrate all the required I/O operations under a common event-based model, specifically designed for TSP systems. The overall functioning of a TSP system, and particularly the (self-) reconfigurability mechanisms, calls for a carefully studied and innovative integration of I/O functions. This integration shall preserve the intended timeliness, safety and security properties of a TSP system, and open room for a system-of-systems definition. This distributed operation approach caters to dependability purposes. Such mixed-criticality platforms, along with the new trend of dual-use of space vehicles (i.e. the same vehicle being shared by different organizations), bring to matter the issue of information security. We will address such issues in this project, approaching the application of the architectural principles of Multiple Independent Levels of Safety and Security (MILS).