Mixed-criticality systems
In many application areas, such as avionics, industrial control, or healthcare there is an increasing trend for integrating functions with different certification assurance levels using a shared computing platform, which must meet multiple assurance requirements up to the highest criticality levels1. For instance, healthcare systems encompass monitoring functions for observing the patient’s vital signs at home or at a point of care to clinicians. These services are vital for treatment and a critical aspect of the patient’s safety needs, while they can be combined with less critical applications such as multimedia and entertainment.
Mixed-criticality is the concept of allowing applications at different levels of criticality to seamlessly interact and coexist on the same networked distributed computing platform. The foundations for this integration are mechanisms for temporal and spatial partitioning, which establish fault containment and prevention of interference between components of different criticality levels. Partitioning is an example of technical approaches that encapsulates resources temporally (e.g., latency, jitter, duration of availability during a scheduled access) and spatially (e.g., prevent components from altering code or private data in other partitions).
Also, mixed-criticality architectures must deal with the heterogeneity of subsystems that differ not only in their criticality, but also in the underlying computational models and the timing requirements. Non safety-critical subsystems often demand adaptability and support for dynamic system structures, while certification standards impose static configurations for safety-critical subsystems.
This research focus of the chair for embedded systems deals with the aspects of mixed-criticality systems including time and space partitioning, heterogeneous computational models and adaptability at different layers, including distributed systems, the chip-level and software execution environments.
Research activities in this focus area include:
-
Modular certification with generic safety arguments for platform services and individual application subsystems
-
Support for heterogeneous application subsystems with corresponding differences of platform services without adverse effects onto safety critical services
-
Combination of different models of computation (e.g., time-triggered, dataflow, distributed objects)
-
Different interaction primitives (e.g., shared memory, message-based interaction)
-
Support for closed static subsystems and dynamic subsystems
-
Avoidance or bounding of temporal interference for different resource types of parallel platforms (such as multi-core chips)
1 E.g. DAL A in RTCA DO-178B, ASILD in ISO26262, SIL4 in EN ISO/IEC 61508