Chapter 1, part 4: Embedded Computing High Performance

Chapter 1, part 4: Embedded Computing High Performance Embedded Computing Wayne Wolf

Topics Reliability, safety, and security. Consumer electronics.

Related disciplines Reliable/dependable system design creates systems that function even in the face of internal or external errors. Security concentrates on malicious attacks. Safety-critical system design develops methods to ensure that systems operate safely under a wide variety of error conditions.

Dependability and security After Avizienis et al. [Avi04]

Attributes of dependability and security (Avizienis et al.) Availability of correct service. Continuity of correct service. Safety from catastrophic consequences. Integrity from improper system alterations. Maintainability through modification or repairs. Confidentiality of information.

Reliability requirements on embedded systems Safety-critical or high-reliability applications: Automotive. Aviation. Medicine. Critical communications. Many high-reliability applications require distributed embedded systems. Embedded systems may be vulnerable to new types of attacks.

Faults Faults may cause errors; reliable systems recover from faults. A fault may be transient or permanent. Types of faults: Physical faults from manufacturing defects, radiation hazards, etc. Design faults. Operational faults from human error, security breaches, etc.

System reliability metrics Mean time to failure (MTTF) is the expected time for first system to fail: Reliability function describes the probability that the system will operate correctly in the time interval [0,t]. Hazard function is the failure rate of components:

Common fault distributions Exponential distribution. Weibull distribution. Bathtub distributions are often empirically observed. High failure rates at beginning, end of component life.

Possible actions after a fault Fail. Detect. Correct. Recover. Contain. Reconfigure. Restart. Repair.

Reliability methods Error-correction codes. Voting systems. Triple-modular redundancy uses majority voting. Watchdog timer must be periodically reset by system to show that system operates correctly. Design diversity uses redundancy implemented in different types of components.

Novel attacks and countermeasures Embedded systems provide physical access, a key avenue for attack. Internet-enabled embedded systems provide remote access to attackers. Example: Internet-enabled automobiles. Battery attacks exercise the system to wear out a battery. Quality-of-service attacks interfere with realtime behavior.

Sensor network attacks (Wood and Stankovic) Physical layer: jamming, tampering. Link layer: collision, exhaustion, unfairness. Network and routing layers: neglect and greed, horning, misdirection, authorization, probing, redundancy. Transport layer: flooding, desynchronization.

Power attack Developed by Kocher et al. Measure CPU current to determine instructions, data. High-leakage devices are less vulnerable to power attacks.

Consumer electronics architectures Consumer electronics pushes the edge of the envelope in several directions: Complex functionality and high performance. Often battery-powered. Very low cost. Generally include one or more standards.

Bluetooth Personal-area network. 2.5 GHz band. Generally within 2 meters, may be extended to 30 meters. Basic network is master-slave, but higher levels of protocol stack provide peer-to-peer operation.

Bluetooth stack

Bluetooth middleware group protocols RFCOMM provides serial interface; compatible with RS-232. Service discovery protocol discovers services (printing, etc.) on the network.

Networked consumer appliances PC acts as a host. Some devices are semipermanently connected (USB); others are on wired Ethernet; others are on wireless networks. Devices must be configured properly with the system.

High-level services Service discovery allows the device to find another device on the network that will provide a service (for example, printing). Jini lookup services hold service proxies. Jini uses join protocol to add a service. Jini client obtains a lease for a given service.

Digital rights management Digital rights management (DRM) is used to ensure that copyrighted material is used within the terms required by owner. Devices that can play material. Number of times material can be played. Expiration date.