Improving safety and security on real-time safety-critical systems

In the last decade, the interest in improving safety and security in railway, avionic, aerospace, and automotive fields has increased. Systems designed for such areas are also called safety-critical systems, in which a failure or malfunction can lead to serious risks to human life or severe damage to equipment/property. The main objectives of this work are to improve safety through new methodologies on redundant architectures, improve security using control-flow integrity mechanisms that may indirectly improve safety, and propose a brand new method to exploit real-time features to the programmers in order to make their work easier and less error-prone. When systems have some redundant computational parts, a voting strategy must be applied in order to check if the whole system is working properly. A new scheduling approach for voting routines inspired by the Logical Execution Time (LET) paradigm under 2-out-of-2 redundancy architecture was proposed. Instead of doing the voting part as soon as a task is ready to vote data, the voting phase is delayed at the end of the tasks’ periods and delegated to dedicated tasks. A response-time analysis for real-time tasks and scheduling voting-related activities have been made. Furthermore, an analysis of queuing effects and worst-case transmission delays introduced during inter-replica communications have been proposed. In terms of security, a control-flow integrity methodology called PAC-PL, inspired by the Pointer Authentication Code (PAC) designed by ARM, was proposed. The PAC technology is used to sign and authenticate pointers with a secret key in order to mitigate attacks that may corrupt their content. This technology may also be used to authenticate the return address of a function and improve control-flow integrity. In this work, platforms that don’t implement such security feature but provide programmable logic (also known as FPGA) can improve cyber-security through implementing PAC-PL. In addition, a secure key-management methodology leveraging the virtualization layer is proposed. On the userspace side, a novel real-time POSIX-compliant framework called Real-Time Framework (ReTiF) was designed and developed. The main goal of ReTiF is to provide an API to programmers to improve the usability of existing real-time capabilities exposed by POSIX-compliant operating systems. In particular, the API lets the programmer declare temporal characteristics of real-time tasks (such as period, deadline, computation time, and priority) in a simplified way. The framework then is in charge of choosing the best scheduling policy to satisfy these requirements.