NICTA Improves Reliability of Critical Embedded Systems

Mobile phones now contain the computing capabilities of desktop PCs of just five years ago. They are representative of the huge and growing number of embedded computing systems. These systems are characterised as containing tiny PC-like computers built around specialised chips. Compared to normal PCs they have to meet very different operating requirements typically including small size, low power requirements and robust ultra-reliable operation.

And they are everywhere - digital cameras, heart pacemakers and other medical equipment, aircraft guidance, toys such as teddy bears, game controllers, ABS braking and other automotive applications, domestic appliances, industrial equipment and defence systems are among the many examples.

Although based on the same principles as PCs, the computing systems inside embedded systems are designed quite differently. While very few CPU architectures dominate PCs, and their hardware is otherwise highly standardised, embedded systems hardware varies widely. Furthermore, the (operating system and application) software of embedded systems is usually structured quite differently from what is normal in the PC world, and tends to resemble that of computer systems of decades ago. This article concerns some big steps forward in embedded software architecture taken by National ICT Australia (NICTA).

Embedded systems, like PCs, must be protected from malicious code and external attacks. This is especially important when performing multiple tasks or running different software applications, as in mobile phones. Each must be designed so that if one function is compromised, the others still run normally. The widely-used approach to embedded-software design makes this hard, if not impossible. In effect, embedded systems are more exposed to attacks than PCs, yet less equipped to defend against them.

The cause of this problem is that the more complex and critical the application, the more difficult it becomes to achieve this robustness. The complexity of modern embedded systems software, often amounting to millions of lines of program code, is on par with that of desktop and server systems, yet the system structure is antiquated. NICTA is at the forefront of ensuring greater reliability of embedded systems, by introducing new approaches to structuring and validating embedded software.

NICTA researchers have focused on three key areas:
• reducing the amount of code (the operating system kernel) that has unrestricted access to the system’s hardware, thus reducing the potential for malfunctions.
• creating a mathematical proof that the operating system code is free of faults
• measuring and confirming the time taken for the system to perform any operations

Based on earlier work done at the University of Karlsuhe, Germany, and the University of New South Wales, NICTA researchers in the Embedded, Real-Time and Operating Systems (ERTOS) program have created a high-performance microkernel comprising around 10,000 lines of code, replacing embedded operating systems many times that size.

That kernel has demonstrated world-record performance on ARM processors, which are at the core of many battery-powered embedded devices, including iPods and most mobile phones. The kernel can also be used to create a virtualisation environment in which other operating systems, such as Linux, can run, providing a high-level application programming environment familiar to developers. On the popular ARM9 processors, the ERTOS team demonstrated a virtualised Linux system that outperforms native Linux on the same hardware.

This small size of the kernel is what enables unprecedented degrees of reliability assurance – a mathematical proof that the kernel is operating correctly (is free of bugs). This could revolutionise embedded systems development.
Work on such a proof is progressing to plan, and is expected to lead to the first ever completely verified operating system kernel suitable for a large class of embedded systems by early 2008.

In addition, NICTA researchers are working on leveraging this kernel for compartmentalising the software running on it, so if one element malfunctions or is compromised, the rest can continue to operate.

In combination with the correctness proof of the kernel, this will make it possible to give an embedded system a quality `stamp’, verifying it can be trusted to work as intended.

Research is also proceeding on a second mathematical model which describes the timing of all functions of the kernel. This will make it possible to develop reliable time-critical systems, such as heart pacemakers or fly-by-wire aircraft, with the benefits to robustness and trustworthiness enabled by the microkernel approach. In particular, this will enable the co-existence of time-critical and non-time-crutical subsystems on the same processor.

Commercialisation Opportunities

NICTA is collaborating with US-based communications electronics company QUALCOMM which plans to use the L4/Iguana operating system in future versions of its communication chipsets for mobile phones. NICTA’s leading position in this critical development area positions it well to take advantage of the rapidly growing market for secure embedded systems. Research from this project has created the foundation for a NICTA spin-off called Open Kernel Labs, which has established itself as the industry leader for virtualisation technology for consumer-electronics devices.

Governments around the world are keen to establish strict safety and security requirements for embedded systems, in order to ensure public safety and protection of privacy in an age of increasing dependence of everyday life on embedded systems.

The discussion above is based on material submitted by NICTA (Professor Gernot Heiser, Tel +61 2 8306 0550 or gernot.heiser@nicta.com.au).  However, a discussion of embedded systems would be incomplete without the following:

Applications seem to be multiplying daily. As well as domotics (domestic robotics), machine vision, industry and medicine, applications include “Smartdust” - networks of tiny wireless microelectromechanical devices installed with wireless communications that can detect anything from light and temperature, to vibrations and chemical traces.

Really small devices are also called motes and it is intended to shrink these down to the size of a grain of sand with each device containing sensors, computing circuits, bidirectional wireless communications technology and a power supply. These motes gather data, run computations and communicate. When clustered together, they can automatically create highly flexible, low-power networks.

So for example, they could be embedded in concrete structures to monitor salt concentrations. Once a month, a truck passes and sends a powerful magnetic field into the structure, which powers up the motes to transmit the data.

Motes could monitor and data log the condition of machinery, such as temperature, pressures and speeds and then transmit when called on. Domestic utility meters could similarly be interrogated by a passing vehicle.

Hundred of motes could be deployed around an area to report on various conditions (humidity, vibration, temperature, personnel or equipment movements). In a military context, they could be used to track enemy movements, detect poisonous gas or radioactivity.

The Warren Centre is collaborating with NICTA, AEEMA & NSW Department of State & Regional Development to investigate how to maximise the value of Australia's expertise in Embedded Systems.  If you wish to be part of that process, or keep informed about it, please contact Robert Mitchell at r.mitchell@eng.usyd.edu.au or on (02) 9351 4048.


National ICT Australia (NICTA) is a national research institute with a charter to build Australia’s pre-eminent Centre of Excellence for information and communications technology (ICT). NICTA is building capabilities in ICT research, research training and commercialisation in the ICT sector for the generation of national benefit.

National ICT Australia is funded by the Australian Government as represented by the Department of Communications, Information Technology and the Arts and the Australian Research Council through Backing Australia’s Ability and the ICT Centre of Excellence program

NICTA was established and is supported by its members: The Australian Capital Territory Government; The Australian National University; NSW Department of State and Regional Development; and The University of New South Wales. NICTA is also supported by its partners: the University of Sydney; University of Melbourne; the Victorian Government; the Queensland Government; Griffith University; Queensland University of Technology; and Queensland University.

Disclaimer: The Warren Centre publishes articles relating to new technology and innovation that are often based on information supplied by third parties. While an editorial process is applied, we make no exhaustive investigation into the accuracy of the information, thus no liability will be accepted for its accuracy. Please note that in providing this information, The Warren Centre is not supporting or promoting any technology or company, merely seeking to inform. Interested readers should take their own steps to verify the information prior to relying on it in any way.

Contents

Steel Industry Shapes Up For Greater Hi-rise Share

UK Steel Fabricators Do It Differently
Biomimetics Promises Commercial Harnessing Of Ocean Energy
NICTA Improves Reliability of Critical Embedded Systems
Pushing the Engineering Envelope With The Warren Centre
 

Click here to go back to The Warren Centre Bulletin Page.

(c) The Warren Centre for Advanced Engineering, November 2006