publications
2023
- Generalized self-cueing real-time attention scheduling with intermittent inspection and image resizingS. Liu, X. Fu, Y. Hu, M. Wigness, P. David, S. Yao, L. Sha, and T. AbdelzaherReal-Time Systems, 2023
This paper proposes a generalized self-cueing real-time attention scheduling framework for DNN-based visual machine perception pipelines on resource-limited embedded platforms. Self-cueing means we identify subframe-level regions of interest in a scene internally by exploiting temporal correlations among successive video frames as opposed to externally via a cueing sensor. One limitation of our original self-cueing-and-inspection strategy (Liu et al. in 28th IEEE real-time and embedded technology and applications symposium (RTAS), 2022b) lies in its lack of computational efficiency under high workloads, like busy traffic scenarios where a large number of objects are identified and separately inspected. We extend the conference publication by integrating image resizing with intermittent inspection and task batching in attention scheduling. The extension enhances the original algorithm by accelerating the processing of large objects by reducing their resolution at the cost of only a negligible degradation in accuracy, thereby achieving a higher overall object inspection throughput. After extracting partial regions around objects of interest, using an optical flow-based tracking algorithm, we allocate computation resources (i.e. DNN inspection) to them in a criticality-aware manner using a generalized batched proportional balancing algorithm (GBPB), to minimize a concept of generalized system uncertainty. It saves computational resources by inspecting low-priority regions intermittently at low frequencies and inspecting large objects at low resolutions. We implement the system on an NVIDIA Jetson Xavier platform and extensively evaluate its performance using a real-world driving dataset from Waymo. The proposed GBPB algorithm consistently outperforms the previous BPB algorithm that only uses intermittent inspection and a set of baselines. The performance gain of GBPB is larger in facing more significant resource constraints (i.e., lower sampling intervals or busy traffic scenarios) because its multi-dimensional scheduling strategy achieves better resource allocation of machine perception. © 2023, The Author(s), under exclusive licence to Springer Science+Business Media, LLC, part of Springer Nature.
@article{Liu2023302, author = {Liu, S. and Fu, X. and Hu, Y. and Wigness, M. and David, P. and Yao, S. and Sha, L. and Abdelzaher, T.}, title = {Generalized self-cueing real-time attention scheduling with intermittent inspection and image resizing}, journal = {Real-Time Systems}, year = {2023}, volume = {59}, number = {2}, pages = {302-343}, doi = {10.1007/s11241-023-09396-z}, url = {https://www.scopus.com/inward/record.uri?eid=2-s2.0-85161439435&doi=10.1007%2fs11241-023-09396-z&partnerID=40&md5=abddb10f162410890304849af532dd85}, author_keywords = {Cyber-physical systems; Object detection; Real-time scheduling; Temporal correlations}, keywords = {Balancing; Computational efficiency; Cyber Physical System; Embedded systems; Inspection; Machine Perception; Real time systems; Vision, Balancing algorithms; Cybe-physical systems; Cyber-physical systems; Image resizing; Machine perception; Objects detection; Real time scheduling; Real- time; Scheduling frameworks; Temporal correlations, Object detection}, document_type = {Article}, source = {Scopus}, } - SL1-Simplex: Safe Velocity Regulation of Self-Driving Vehicles in Dynamic and Unforeseen EnvironmentsY. Mao, Y. Gu, N. Hovakimyan, L. Sha, and P. VoulgarisACM Transactions on Cyber-Physical Systems, 2023
This article proposes a novel extension of the Simplex architecture with model switching and model learning to achieve safe velocity regulation of self-driving vehicles in dynamic and unforeseen environments. To guarantee the reliability of autonomous vehicles, an gL1 adaptive controller that compensates for uncertainties and disturbances is employed by the Simplex architecture as a verified high-assurance controller (HAC) to tolerate concurrent software and physical failures. Meanwhile, the safe switching controller is incorporated into the HAC for safe velocity regulation in the dynamic (prepared) environments, through the integration of the traction control system and anti-lock braking system. Due to the high dependence of vehicle dynamics on the driving environments, the HAC leverages the finite-time model learning to timely learn and update the vehicle model for gL1 adaptive controller, when any deviation from the safety envelope or the uncertainty measurement threshold occurs in the unforeseen driving environments. With the integration of gL1 adaptive controller, safe switching controller and finite-time model learning, the vehicle’s angular and longitudinal velocities can asymptotically track the provided references in the dynamic and unforeseen driving environments, while the wheel slips are restricted to safety envelopes to prevent slipping and sliding. Finally, the effectiveness of the proposed Simplex architecture for safe velocity regulation is validated by the AutoRally platform. © 2023 Association for Computing Machinery.
@article{Mao2023, author = {Mao, Y. and Gu, Y. and Hovakimyan, N. and Sha, L. and Voulgaris, P.}, title = {SL1-Simplex: Safe Velocity Regulation of Self-Driving Vehicles in Dynamic and Unforeseen Environments}, journal = {ACM Transactions on Cyber-Physical Systems}, year = {2023}, volume = {7}, number = {1}, doi = {10.1145/3564273}, art_number = {2}, url = {https://www.scopus.com/inward/record.uri?eid=2-s2.0-85151848062&doi=10.1145%2f3564273&partnerID=40&md5=a7bdb171cdf79cecb0d2bc594a4a3403}, author_keywords = {anti-lock braking system; gL1adaptive controller; model learning; model switching; safe velocity regulation; Simplex; traction control system}, keywords = {Adaptive control systems; Learning systems; Software reliability; Uncertainty analysis, Adaptive controllers; Driving environment; Gl1adaptive controller; High assurance; Model learning; Model switching; Safe velocity regulation; Self drivings; Simplex; Traction control systems, Controllers}, document_type = {Article}, source = {Scopus}, } - SchedGuard++: Protecting against Schedule Leaks Using Linux Containers on Multi-Core ProcessorsACM Transactions on Cyber-Physical Systems, 2023
Timing correctness is crucial in a multi-criticality real-time system, such as an autonomous driving system. It has been recently shown that these systems can be vulnerable to timing inference attacks, mainly due to their predictable behavioral patterns. Existing solutions like schedule randomization cannot protect against such attacks, often limited by the system’s real-time nature. This article presents "SchedGuard++": a temporal protection framework for Linux-based real-time systems that protects against posterior schedule-based attacks by preventing untrusted tasks from executing during specific time intervals. SchedGuard++ supports multi-core platforms and is implemented using Linux containers and a customized Linux kernel real-time scheduler. We provide schedulability analysis assuming the Logical Execution Time (LET) paradigm, which enforces I/O predictability. The proposed response time analysis takes into account the interference from trusted and untrusted tasks and the impact of the protection mechanism. We demonstrate the effectiveness of our system using a realistic radio-controlled rover platform. Not only is "SchedGuard++"able to protect against the posterior schedule-based attacks, but it also ensures that the real-time tasks/containers meet their temporal requirements. © 2023 Copyright held by the owner/author(s). Publication rights licensed to ACM.
@article{Chen2023, author = {Chen, J. and Kloda, T. and Tabish, R. and Bansal, A. and Chen, C.-Y. and Liu, B. and Mohan, S. and Caccamo, M. and Sha, L.}, title = {SchedGuard++: Protecting against Schedule Leaks Using Linux Containers on Multi-Core Processors}, journal = {ACM Transactions on Cyber-Physical Systems}, year = {2023}, volume = {7}, number = {1}, doi = {10.1145/3565974}, art_number = {6}, url = {https://www.scopus.com/inward/record.uri?eid=2-s2.0-85151790383&doi=10.1145%2f3565974&partnerID=40&md5=078c5edc5064e5ca91666b54b6e2f05e}, author_keywords = {Linux containers; Logical Execution Time; Response time analysis; security}, keywords = {Containers; Interactive computer systems; Real time systems; Response time (computer systems), Autonomous driving; Driving systems; Inference attacks; Linux container; Logical execution time; Multi-core processor; Multi-criticality; Real - Time system; Response-time analysis; Security, Linux}, document_type = {Article}, source = {Scopus}, }
2022
- Real-Time Task Scheduling for Machine Perception in Intelligent Cyber-Physical SystemsIEEE Transactions on Computers, 2022
This paper explores criticality-based real-time scheduling of neural-network-based machine inference pipelines in cyber-physical systems (CPS) to mitigate the effect of algorithmic priority inversion. We specifically focus on the perception subsystem, an important subsystem feeding other components (e.g., planning and control). In general, priority inversion occurs in real-time systems when computations that are of lower priority are performed together with or ahead of those that are of higher priority. In current machine perception software, significant priority inversion occurs because resource allocation to the underlying neural network models does not differentiate between critical and less critical data within a scene. To remedy this problem, in recent work, we proposed an architecture to partition the input data into regions of different criticality, then formulated a utility-based optimization problem to batch and schedule their processing in a manner that maximizes confidence in perception results, subject to criticality-based time constraints. This journal extension matures the work in several directions: (i) We extend confidence maximization to a generalized utility optimization formulation that accounts for criticality in the utility function itself, offering finer-grained control over resource allocation within the perception pipeline; (ii) we further instantiate and compare two different criticality metrics (distance-based and relative velocity-based) to understand their relative advantages; and (iii) we explore the limitations of the approach, specifically how inaccuracies in criticality-based attention cueing affect performance. All experiments are conducted on the NVIDIA Jetson AGX Xavier platform with a real-world driving dataset. © 1968-2012 IEEE.
@article{Liu20221770, author = {Liu, S. and Yao, S. and Fu, X. and Shao, H. and Tabish, R. and Yu, S. and Bansal, A. and Yun, H. and Sha, L. and Abdelzaher, T.}, title = {Real-Time Task Scheduling for Machine Perception in Intelligent Cyber-Physical Systems}, journal = {IEEE Transactions on Computers}, year = {2022}, volume = {71}, number = {8}, pages = {1770-1783}, doi = {10.1109/TC.2021.3106496}, url = {https://www.scopus.com/inward/record.uri?eid=2-s2.0-85113344570&doi=10.1109%2fTC.2021.3106496&partnerID=40&md5=00085bf1b35f382ebd8766ba3e0cf5ce}, author_keywords = {algorithmic priority inversion; cyber-physical systems (CPS); machine intelligence; Real-time scheduling}, keywords = {Batch data processing; Criticality (nuclear fission); Cyber Physical System; Embedded systems; Neural networks; Pipelines; Resource allocation, Cyber-physical systems (CPS); Machine perception; Neural network model; Priority inversion; Real - time scheduling; Real-world drivings; Utility based optimization; Utility optimizations, Real time systems}, document_type = {Article}, source = {Scopus}, } -
Verifiable Obstacle DetectionProceedings - International Symposium on Software Reliability Engineering, ISSRE, 2022Perception of obstacles remains a critical safety concern for autonomous vehicles. Real-world collisions have shown that the autonomy faults leading to fatal collisions originate from obstacle existence detection. Open source autonomous driving implementations show a perception pipeline with complex interdependent Deep Neural Networks. These networks are not fully verifiable, making them unsuitable for safety-critical tasks. In this work, we present a safety verification of an existing LiDAR based classical obstacle detection algorithm. We establish strict bounds on the capabilities of this obstacle detection algorithm. Given safety standards, such bounds allow for determining LiDAR sensor properties that would reliably satisfy the standards. Such analysis has as yet been unattainable for neural network based perception systems. We provide a rigorous analysis of the obstacle detection system with empirical results based on real-world sensor data. © 2022 IEEE.
@article{bansal2022verifiable, author = {Bansal, A. and Kim, H. and Yu, S. and Li, B. and Hovakimyan, N. and Caccamo, M. and Sha, L.}, title = {Verifiable Obstacle Detection}, journal = {Proceedings - International Symposium on Software Reliability Engineering, ISSRE}, year = {2022}, volume = {2022-October}, pages = {61-72}, doi = {10.1109/ISSRE55969.2022.00017}, url = {https://www.scopus.com/inward/record.uri?eid=2-s2.0-85145877189&doi=10.1109%2fISSRE55969.2022.00017&partnerID=40&md5=1dba58571aa98e170e0131f36b55f1fb}, author_keywords = {Autonomous vehicles; Object detection; Vehicle safety}, keywords = {Autonomous vehicles; Computer vision; Deep neural networks; Obstacle detectors; Optical radar; Safety engineering; Signal detection; Vehicle safety, Autonomous driving; Autonomous Vehicles; Critical tasks; Detection algorithm; Objects detection; Obstacles detection; Open-source; Real-world; Safety concerns; Vehicle safety, Object detection}, document_type = {Conference Paper}, source = {Scopus}, } - Self-Cueing Real-Time Attention Scheduling in Criticality-Aware Visual Machine PerceptionS. Liu, X. Fu, M. Wigness, P. David, S. Yao, L. Sha, and T. AbdelzaherIEEE Real-Time and Embedded Technology and Applications Symposium, RTAS, 2022
This paper presents a self-cueing real-time frame-work for attention prioritization in AI-enabled visual perception systems that minimizes a notion of state uncertainty. By attention prioritization we refer to inspecting some parts of the scene before others in a criticality-aware fashion. By self-cueing, we refer to not needing external cueing sensors for prioritizing attention, thereby simplifying design. We show that attention prioritization saves resources, thus enabling more efficient and responsive real-time object tracking on resource-limited embedded platforms. The system consists of two components: First, an optical flow-based module decides on the regions to be viewed on a subframe level, as well as their criticality. Second, a novel batched proportional balancing (BPB) scheduling policy decides how to schedule these regions for inspection by a deep neural network (DNN), and how to parallelize execution on the GPU. We implement the system on an NVIDIA Jetson Xavier platform, and empirically demonstrate the superiority of the proposed architecture through an extensive evaluation using a real-word driving dataset. © 2022 IEEE.
@article{Liu2022173, author = {Liu, S. and Fu, X. and Wigness, M. and David, P. and Yao, S. and Sha, L. and Abdelzaher, T.}, title = {Self-Cueing Real-Time Attention Scheduling in Criticality-Aware Visual Machine Perception}, journal = {IEEE Real-Time and Embedded Technology and Applications Symposium, RTAS}, year = {2022}, volume = {2022-May}, pages = {173-186}, doi = {10.1109/RTAS54340.2022.00022}, url = {https://www.scopus.com/inward/record.uri?eid=2-s2.0-85133713682&doi=10.1109%2fRTAS54340.2022.00022&partnerID=40&md5=ad87d43abb53d7f3775bc1e112136035}, keywords = {Balancing; Computer vision; Criticality (nuclear fission); Deep neural networks; Real time systems; Scheduling; Vision, Embedded platforms; Frame-work; Machine perception; Perception systems; Prioritization; Real- time; Real-time frames; Real-time object tracking; Uncertainty; Visual perception, Machine Perception}, document_type = {Conference Paper}, source = {Scopus}, } - Latency analysis of self-suspending task chainsT. Kloda, J. Chen, A. Bertout, L. Sha, and M. Caccamo2022 Design, Automation and Test in Europe Conference and Exhibition, DATE 2022, 2022
Many cyber-physical systems are offloading computation-heavy programs to hardware accelerators (e.g., GPU and TPU) to reduce execution time. These applications will self-suspend between offloading data to the accelerators and obtaining the returned results. Previous efforts have shown that self-suspending tasks can cause scheduling anomalies, but none has examined inter-task communication. This paper aims to explore self-suspending tasks’ data chain latency with periodic activation and asynchronous message passing. We first present the cause for suspension-induced delays and worst-case latency analysis. We then propose a rule for utilizing the hardware co-processors to reduce data chain latency and schedulability analysis. Simulation results show that the proposed strategy can improve overall latency while preserving system schedulability. © 2022 EDAA.
@article{Kloda20221299, author = {Kloda, T. and Chen, J. and Bertout, A. and Sha, L. and Caccamo, M.}, title = {Latency analysis of self-suspending task chains}, journal = {2022 Design, Automation and Test in Europe Conference and Exhibition, DATE 2022}, year = {2022}, pages = {1299-1304}, doi = {10.23919/DATE54114.2022.9774655}, url = {https://www.scopus.com/inward/record.uri?eid=2-s2.0-85130835762&doi=10.23919%2fDATE54114.2022.9774655&partnerID=40&md5=e8b8a49d6d2e033e2daf4eb9cda79568}, author_keywords = {Hardware Accelerator; Latency; Real-time; Scheduling; Self-suspension}, keywords = {Embedded systems; Message passing, Data chain; Hardware accelerators; Latency; Latency Analysis; Message-passing; Offloading computations; Real- time; Self-suspension; Task chains; Worst-case latencies, Scheduling}, document_type = {Conference Paper}, source = {Scopus}, } -
Synergistic Redundancy: Towards Verifiable Safety for Autonomous VehiclesarXiv preprint arXiv:2209.01710, 2022@article{bansal2022synergistic, title = {Synergistic Redundancy: Towards Verifiable Safety for Autonomous Vehicles}, author = {Bansal, Ayoosh and Yu, Simon and Kim, Hunmin and Li, Bo and Hovakimyan, Naira and Caccamo, Marco and Sha, Lui}, journal = {arXiv preprint arXiv:2209.01710}, year = {2022}, }
2021
- An Analyzable Inter-core Communication Framework for High-Performance Multicore Embedded SystemsR. Tabish, J.-Y. Wen, R. Pellizzoni, R. Mancuso, H. Yun, M. Caccamo, and L.R. ShaJournal of Systems Architecture, 2021
Multicore processors provide great average-case performance. However, the use of multicore processors for safety-critical applications can lead to catastrophic consequences because of contention on shared resources. The problem has been well-studied in literature, and solutions such as partitioning of shared resources have been proposed. Strict partitioning of memory resources among cores, however, does not allow intercore communication. This paper proposes a Communication Core Model (CCM) that implements the inter-core communication by bounding the amount of intercore interference in a partitioned multicore system. A system-level perspective of how to realize such CCM along with the implementation details is provided. A formula to derive the WCET of the tasks using CCM is provided. We compare our proposed CCM with Contention-based Communication (CBC), where no private banking is enforced for any core. The analytical approach results using San Diego Vision Benchmark Suite (SD-VBS) for two models indicate that the CCM shows an improvement of up to 65 percent compared to the CBC. Moreover, our experimental results indicate that the measured WCET using SD-VBS is within the bounds calculated using the proposed analysis. © 2021
@article{Tabish2021, author = {Tabish, R. and Wen, J.-Y. and Pellizzoni, R. and Mancuso, R. and Yun, H. and Caccamo, M. and Sha, L.R.}, title = {An Analyzable Inter-core Communication Framework for High-Performance Multicore Embedded Systems}, journal = {Journal of Systems Architecture}, year = {2021}, volume = {118}, doi = {10.1016/j.sysarc.2021.102178}, art_number = {102178}, url = {https://www.scopus.com/inward/record.uri?eid=2-s2.0-85107706519&doi=10.1016%2fj.sysarc.2021.102178&partnerID=40&md5=8f57b1fb67f3685721485db9a6637ff0}, author_keywords = {Communication; Embedded systems; Heterogeneous systems; High-performance computing; Inter-core; Multicore}, keywords = {Safety engineering, Analytical approach; Average case performance; Catastrophic consequences; Inter-core communications; Multi-core embedded systems; Multi-core processor; Multi-core systems; Safety critical applications, Embedded systems}, document_type = {Article}, source = {Scopus}, } - Risk Ranked Recall: Collision Safety Metric for Object Detection Systems in Autonomous Vehicles2021 10th Mediterranean Conference on Embedded Computing, MECO 2021, 2021
Commonly used metrics for evaluation of object detection systems (precision, recall, mAP) do not give complete information about their suitability of use in safety critical tasks, like obstacle detection for collision avoidance in Autonomous Vehicles (AV). This work introduces the Risk Ranked Recall (R3) metrics for object detection systems. The R3 metrics categorize objects within three ranks. Ranks are assigned based on an objective cyber-physical model for the risk of collision. Recall is measured for each rank. © 2021 IEEE.
@article{bansal2021risk, author = {Bansal, A. and Singh, J. and Verucchi, M. and Caccamo, M. and Sha, L.}, title = {Risk Ranked Recall: Collision Safety Metric for Object Detection Systems in Autonomous Vehicles}, journal = {2021 10th Mediterranean Conference on Embedded Computing, MECO 2021}, year = {2021}, doi = {10.1109/MECO52532.2021.9460196}, art_number = {9460196}, url = {https://www.scopus.com/inward/record.uri?eid=2-s2.0-85114209303&doi=10.1109%2fMECO52532.2021.9460196&partnerID=40&md5=ec2964986f0861eb5d0bc3f3eaa72dee}, author_keywords = {Autonomous CPS; Dependable CPS; Safety}, keywords = {Object detection; Object recognition; Obstacle detectors; Safety engineering, Collision safety; Complete information; Critical tasks; Cyber physicals; Object detection systems; Obstacle detection, Autonomous vehicles}, document_type = {Conference Paper}, source = {Scopus}, } - Robust Vehicle Lane Keeping Control with Networked Proactive AdaptationAmerican Control Conference, 2021
Road condition is an important environmental factor for autonomous vehicle control. A dramatic change in the road condition from the nominal status is a source of uncertainty that can lead to a system failure. Once the vehicle encounters an uncertain environment, such as hitting an ice patch, it is too late to reduce the speed, and the vehicle can lose control. To cope with unforeseen uncertainties in advance, we study a proactive robust adaptive control architecture for autonomous vehicles’ lane-keeping control problems. The data center generates a prior environmental uncertainty estimate by combining weather forecasts and measurements from anonymous vehicles through a spatio-temporal filter. The prior estimate contributes to designing a robust heading controller and nominal longitudinal velocity for proactive adaptation to each new condition. The control parameters are updated based on posterior information fusion with on-board measurements. © 2021 American Automatic Control Council.
@article{Kim2021136, author = {Kim, H. and Wan, W. and Hovakimyan, N. and Sha, L. and Voulgaris, P.}, title = {Robust Vehicle Lane Keeping Control with Networked Proactive Adaptation}, journal = {American Control Conference}, year = {2021}, volume = {2021-May}, pages = {136-141}, doi = {10.23919/ACC50511.2021.9482669}, art_number = {9482669}, url = {https://www.scopus.com/inward/record.uri?eid=2-s2.0-85102831498&doi=10.23919%2fACC50511.2021.9482669&partnerID=40&md5=d60d9b9ba4fffde6231ccec9dc0ad294}, keywords = {Control system synthesis; Ice control; Roads and streets; Uncertainty analysis; Weather forecasting, Autonomous vehicle control; Environmental uncertainty; Longitudinal velocity; On-board measurements; Proactive adaptations; Robust-adaptive control; Spatio-temporal filter; Uncertain environments, Autonomous vehicles}, document_type = {Conference Paper}, source = {Scopus}, } - SchedGuard: Protecting against schedule leaks using Linux containersIEEE Real-Time and Embedded Technology and Applications Symposium, RTAS, 2021
Real-time systems have recently been shown to be vulnerable to timing inference attacks, mainly due to their predictable behavioral patterns. Existing solutions such as schedule randomization lack the ability to protect against such attacks, often limited by the system’s real-time nature. This paper presents ’SchedGuard’: a temporal protection framework for Linux-based hard real-time systems that protects against posterior scheduler side-channel attacks by preventing untrusted tasks from executing during specific time segments. SchedGuard is integrated into the Linux kernel using cgroups, making it amenable to use with container frameworks. We demonstrate the effectiveness of our system using a realistic radio-controlled rover platform and synthetically generated workloads. Not only is SchedGuard able to protect against the attacks mentioned above, but it also ensures that the real-time tasks/containers meet their temporal requirements. © 2021 IEEE.
@article{Chen202114, author = {Chen, J. and Kloda, T. and Bansal, A. and Tabish, R. and Chen, C.-Y. and Liu, B. and Mohan, S. and Caccamo, M. and Sha, L.}, title = {SchedGuard: Protecting against schedule leaks using Linux containers}, journal = {IEEE Real-Time and Embedded Technology and Applications Symposium, RTAS}, year = {2021}, volume = {2021-May}, pages = {14-26}, doi = {10.1109/RTAS52030.2021.00010}, art_number = {9470452}, url = {https://www.scopus.com/inward/record.uri?eid=2-s2.0-85113729007&doi=10.1109%2fRTAS52030.2021.00010&partnerID=40&md5=a4ef30099d2b5b913fc9e1d3138ea451}, author_keywords = {CPS; Linux Containers; Real-Time; Response time analysis; Security}, keywords = {Containers; Interactive computer systems; Linux; Side channel attack, Behavioral patterns; Hard real-time systems; Inference attacks; Linux kernel; Real time; Real-time tasks; Specific time, Real time systems}, document_type = {Conference Paper}, source = {Scopus}, } - Checking is Believing: Event-Aware Program Anomaly Detection in Cyber-Physical SystemsL. Cheng, K. Tian, D.D. Yao, L. Sha, and R.A. BeyahIEEE Transactions on Dependable and Secure Computing, 2021
Securing cyber-physical systems (CPS) against malicious attacks is of paramount importance because these attacks may cause irreparable damages to physical systems. Recent studies have revealed that control programs running on CPS devices suffer from both control-oriented attacks (e.g., code-injection or code-reuse attacks) and data-oriented attacks (e.g., non-control data attacks). Unfortunately, existing detection mechanisms are insufficient to detect runtime data-oriented exploits, due to the lack of runtime execution semantics checking. In this work, we propose Orpheus, a new security methodology for defending against data-oriented attacks by enforcing cyber-physical execution semantics. We first present a general method for reasoning cyber-physical execution semantics of a control program (i.e., causal dependencies between the physical context/event and program control flows), including the event identification and dependence analysis. As an instantiation of Orpheus, we then present a new program behavior model, i.e., the event-Aware finite-state automaton (eFSA). eFSA takes advantage of the event-driven nature of CPS control programs and incorporates event checking in anomaly detection. It detects data-oriented exploits if a specific physical event is missing along with the corresponding event dependent state transition. We evaluate our prototype’s performance by conducting case studies under data-oriented attacks. Results show that eFSA can successfully detect different runtime attacks. Our prototype on Raspberry Pi incurs a low overhead, taking 0.0001s for each state transition integrity checking, and 0.063s∼∼ 0.211s for the cyber-physical contextual consistency checking. © 2004-2012 IEEE.
@article{Cheng2021825, author = {Cheng, L. and Tian, K. and Yao, D.D. and Sha, L. and Beyah, R.A.}, title = {Checking is Believing: Event-Aware Program Anomaly Detection in Cyber-Physical Systems}, journal = {IEEE Transactions on Dependable and Secure Computing}, year = {2021}, volume = {18}, number = {2}, pages = {825-842}, doi = {10.1109/TDSC.2019.2906161}, art_number = {8669815}, url = {https://www.scopus.com/inward/record.uri?eid=2-s2.0-85102770270&doi=10.1109%2fTDSC.2019.2906161&partnerID=40&md5=78fb0e948a2a9cc7b449f5d3ae06f2a6}, author_keywords = {cyber-physical execution semantics; Cyber-physical systems; data-oriented attacks; program anomaly detection}, keywords = {Computer software reusability; Cyber Physical System; Embedded systems; Network security; Semantics, Causal dependencies; Contextual consistency; Cyber-physical systems (CPS); Detection mechanism; Event identification; Execution semantics; Non-control data attacks; Security methodologies, Anomaly detection}, document_type = {Article}, source = {Scopus}, } - Safety Constrained Multi-UAV Time Coordination: A Bi-level Control Framework in GPS Denied Environment∗AIAA Aviation and Aeronautics Forum and Exposition, AIAA AVIATION Forum 2021, 2021
Unmanned aerial vehicles (UAVs) suffer from sensor drifts in GPS denied environments, which can cause safety issues. To avoid intolerable sensor drifts while completing the time-critical coordination task for multi-UAV systems, we propose a safety constrained bi-level control framework. The first level is the time-critical coordination level that achieves a consensus of coordination states and provides a virtual target which is a function of the coordination state. The second level is the safety-critical control level that is designed to follow the virtual target while adapting the attacked UAV(s) at a path re-planning level to support resilient state estimation. In particular, the time-critical coordination level framework generates the desired speed and position profile of the virtual target based on the multi-UAV cooperative mission by the proposed consensus protocol algorithm. The safety-critical control level is able to make each UAV follow its assigned path while detecting the attacks, estimating the state resiliently, and driving the UAV(s) outside the effective range of the spoofing device within the escape time. The numerical simulations of a three-UAV system demonstrate the effectiveness of the proposed safety constrained bi-level control framework. © 2021, American Institute of Aeronautics and Astronautics Inc.. All rights reserved.
@article{Wan2021, author = {Wan, W. and Kim, H. and Cheng, Y. and Hovakimyan, N. and Voulgaris, P.G. and Sha, L.}, title = {Safety Constrained Multi-UAV Time Coordination: A Bi-level Control Framework in GPS Denied Environment∗}, journal = {AIAA Aviation and Aeronautics Forum and Exposition, AIAA AVIATION Forum 2021}, year = {2021}, doi = {10.2514/6.2021-2463}, art_number = {AIAA 2021-2463}, url = {https://www.scopus.com/inward/record.uri?eid=2-s2.0-85126764912&doi=10.2514%2f6.2021-2463&partnerID=40&md5=fee18b7e9ba45193e6000766b66f44ff}, keywords = {Aircraft control; Aircraft detection; Antennas; Level control; Safety engineering, Control framework; Control level; Coordination levels; Coordination state; Coordination tasks; Safety issues; Sensor drift; Time-critical; Unmanned aerial vehicle systems; Virtual target, Unmanned aerial vehicles (UAV)}, document_type = {Conference Paper}, source = {Scopus}, } - Backup Plan Constrained Model Predictive ControlIEEE Conference on Decision and Control, 2021
This article proposes a new safety concept: dynamically formulated backup plan safety. The backup plan safety is defined as the ability to complete one of the alternative missions formulated in real-time in the case of primary mission abortion. To incorporate this new safety concept in control problems, we formulate a feasibility maximization problem that adopts additional (virtual) input horizons toward the alternative missions on top of the input horizon toward the primary mission. Cost functions for the primary and alternative missions construct multiple objectives, and multi-horizon inputs evaluate them. To address the feasibility maximization problem, we develop a multi-horizon multi-objective model predictive path integral control (3M) algorithm. Model predictive path integral control (MPPI) is a sampling-based scheme that can help the proposed algorithm deal with nonlinear dynamic systems and achieve computational efficiency by parallel computation. Simulations of the aerial vehicle control problems demonstrate the new concept of backup plan safety and the performance of the proposed algorithm. © 2021 IEEE.
@article{Kim2021289, author = {Kim, H. and Yoon, H. and Wan, W. and Hovakimyan, N. and Sha, L. and Voulgaris, P.}, title = {Backup Plan Constrained Model Predictive Control}, journal = {IEEE Conference on Decision and Control}, year = {2021}, volume = {2021-December}, pages = {289-294}, doi = {10.1109/CDC45484.2021.9683388}, url = {https://www.scopus.com/inward/record.uri?eid=2-s2.0-85126032813&doi=10.1109%2fCDC45484.2021.9683388&partnerID=40&md5=8bff0fcf187b079714b455fcdb9c0e46}, keywords = {Antennas; Control system synthesis; Cost functions; Model predictive control; Nonlinear dynamical systems; Predictive control systems; Quantum theory, Constrained model predictive control; Control problems; Cost-function; In-control; Integral control; Maximization problem; Model predictive; Path integral; Real- time; Safety concepts, Computational efficiency}, document_type = {Conference Paper}, source = {Scopus}, }
2020
- A Safety Constrained Control Framework for UAVs in GPS Denied EnvironmentIEEE Conference on Decision and Control, 2020
Unmanned aerial vehicles (UAVs) suffer from sensor drifts in GPS denied environments, which can lead to potentially dangerous situations. To avoid intolerable sensor drifts in the presence of GPS spoofing attacks, we propose a safety constrained control framework that adapts the UAV at a path re-planning level to support resilient state estimation against GPS spoofing attacks. The attack detector is used to detect GPS spoofing attacks and provides a switching criterion between the robust control mode and emergency control mode. An attacker location tracker (ALT) is developed to track the attacker’s location and estimate the spoofing device’s output power by the unscented Kalman filter (UKF) with sliding window outputs. Using the estimates from ALT, we design an escape controller (ESC) based on the model predictive controller (MPC) such that the UAV escapes from the effective range of the spoofing device within the escape time. © 2020 IEEE.
@article{Wan2020214, author = {Wan, W. and Kim, H. and Hovakimyan, N. and Sha, L. and Voulgaris, P.G.}, title = {A Safety Constrained Control Framework for UAVs in GPS Denied Environment}, journal = {IEEE Conference on Decision and Control}, year = {2020}, volume = {2020-December}, pages = {214-219}, doi = {10.1109/CDC42340.2020.9304304}, art_number = {9304304}, url = {https://www.scopus.com/inward/record.uri?eid=2-s2.0-85099882167&doi=10.1109%2fCDC42340.2020.9304304&partnerID=40&md5=b91182793bc5a997bb18383f22123ee9}, keywords = {Antennas; Controllers; Predictive control systems; Robust control; Unmanned aerial vehicles (UAV), Constrained controls; Dangerous situations; Emergency control; Model predictive controllers; Path re-planning; Spoofing attacks; Switching criterion; Unscented Kalman Filter, Aircraft control}, document_type = {Conference Paper}, source = {Scopus}, } - On Removing Algorithmic Priority Inversion from Mission-critical Machine Inference PipelinesProceedings - Real-Time Systems Symposium, 2020
The paper discusses algorithmic priority inversion in mission-critical machine inference pipelines used in modern neural-network-based cyber-physical applications, and develops a scheduling solution to mitigate its effect. In general, priority inversion occurs in real-time systems when computations that are of lower priority are performed together with or ahead of those that are of higher priority.1 In current machine intelligence software, significant priority inversion occurs on the path from perception to decision-making, where the execution of underlying neural network algorithms does not differentiate between critical and less critical data. We describe a scheduling framework to resolve this problem, and demonstrate that it improves the system’s ability to react to critical inputs, while at the same time reducing platform cost. © 2020 IEEE.
@article{Liu2020319, author = {Liu, S. and Yao, S. and Fu, X. and Tabish, R. and Yu, S. and Bansal, A. and Yun, H. and Sha, L. and Abdelzaher, T.}, title = {On Removing Algorithmic Priority Inversion from Mission-critical Machine Inference Pipelines}, journal = {Proceedings - Real-Time Systems Symposium}, year = {2020}, volume = {2020-December}, pages = {319-332}, doi = {10.1109/RTSS49844.2020.00037}, art_number = {9355507}, url = {https://www.scopus.com/inward/record.uri?eid=2-s2.0-85101990148&doi=10.1109%2fRTSS49844.2020.00037&partnerID=40&md5=d93e69296e227cf784a1188a4d8b66a6}, author_keywords = {Algorithmic Priority Inversion; Cyber-Physical Systems (CPS); Machine Inference}, keywords = {Decision making; Interactive computer systems; Neural networks; Pipelines; Scheduling, Critical data; Critical inputs; Cyber physicals; Machine intelligence; Mission critical; Neural network algorithm; Priority inversion; Scheduling frameworks, Real time systems}, document_type = {Conference Paper}, source = {Scopus}, } - SCE-Comm: A Real-Time Inter-Core Communication Framework for Strictly Partitioned Multi-core ProcessorsR. Tabish, J.-Y. Wen, R. Pellizzoni, R. Mancuso, H. Yun, M. Caccamo, and L. Sha2020 9th Mediterranean Conference on Embedded Computing, MECO 2020, 2020
Multicore processors provide great average case performance. However, the use of multicore processors for safety-critical applications can lead to catastrophic consequences because of contention on shared resources. The problem has been well-studied in literature and solutions such as partitioning of shared resources have been proposed. Strict partitioning of memory resources among cores, however, does not allow inter-core communication. In this paper, we propose Communication Core Model (CCM) that implements the inter-core communication by bounding the amount of intercore interference in a partitioned multi-core system. A system-level perspective of how to realize such CCM along with the implementation details is provided. We compare our proposed CCM with Contention-based Communication (CBC) model where no private banking is enforced for any core. For evaluation, we consider San Diego vision benchmark suite (SD-VBS). The results of the evaluation show that the CCM offers 56 percent improvement in worst case execution time (WCET) when compared with CBC. © 2020 IEEE.
@article{Tabish2020, author = {Tabish, R. and Wen, J.-Y. and Pellizzoni, R. and Mancuso, R. and Yun, H. and Caccamo, M. and Sha, L.}, title = {SCE-Comm: A Real-Time Inter-Core Communication Framework for Strictly Partitioned Multi-core Processors}, journal = {2020 9th Mediterranean Conference on Embedded Computing, MECO 2020}, year = {2020}, doi = {10.1109/MECO49872.2020.9134178}, art_number = {9134178}, url = {https://www.scopus.com/inward/record.uri?eid=2-s2.0-85088528871&doi=10.1109%2fMECO49872.2020.9134178&partnerID=40&md5=5f89d61781225118fba08a98a30f2aa3}, keywords = {Computer programming; Computer science, Average case performance; Benchmark suites; Catastrophic consequences; Inter-core communications; Multi-core processor; Multi-core systems; Safety critical applications; Worst-case execution time, Safety engineering}, document_type = {Conference Paper}, source = {Scopus}, } - UACFinder: Mining Syntactic Carriers of Unspecified Assumptions in Medical Cyber-Physical System Design ModelsZ. Fu, C. Guo, Z. Zhang, S. Ren, and L. ShaACM Transactions on Cyber-Physical Systems, 2020
During the system development process, domain experts and developers often make assumptions about specifications and implementations. However, most of the assumptions being taken for granted by domain experts and developers are too tedious to be documented by them. When these unspecified assumptions are violated in an environment in which the system operates, failures can occur. According to the U.S. Food and Drug Administration (FDA) medical device recall database, medical device recalls caused by software failures are at an all-time high. One major cause of these recalls is violations of unspecified assumptions made in medical systems. Therefore, it is crucial to have tools to automatically identify such unspecified assumptions at an early stage of the systems development process to avoid fatal failures. In this article, we present a tool called Unspecified Assumption Carrier Finder (UACFinder) that uses data mining techniques to automatically identify potential syntactic carriers of unspecified assumptions in system design models. The main idea of this tool is based on the observation we obtained from our earlier analysis of software failures in medical device recalls caused by unspecified assumptions. We observed that unspecified assumptions often exist in medical systems through syntactic carriers, such as constant variables, frequently read/updated variables, and frequently executed action sequences. Therefore, we develop the UACFinder to automatically find these potential unspecified assumption syntactic carriers rather than unspecified assumptions themselves. Once the UACFinder identifies the potential unspecified assumption syntactic carriers, domain experts and developers can validate whether these syntactic carriers indeed carry unspecified assumptions. We use a simplified cardiac arrest treatment scenario as a case study to evaluate the UACFinder in mining potential syntactic carriers of unspecified assumptions. In addition, we invite a medical doctor to validate unspecified assumptions carried by the mined syntactic carriers. The case study demonstrates that the UACFinder is effective in helping to identify potential unspecified assumptions from system design models. © 2020 ACM.
@article{Fu2020, author = {Fu, Z. and Guo, C. and Zhang, Z. and Ren, S. and Sha, L.}, title = {UACFinder: Mining Syntactic Carriers of Unspecified Assumptions in Medical Cyber-Physical System Design Models}, journal = {ACM Transactions on Cyber-Physical Systems}, year = {2020}, volume = {4}, number = {3}, doi = {10.1145/3375405}, art_number = {3375405}, url = {https://www.scopus.com/inward/record.uri?eid=2-s2.0-85085528761&doi=10.1145%2f3375405&partnerID=40&md5=532ad3a1e2e40af1c5c3278d8081235f}, author_keywords = {data mining; Medical cyber-physical systems; statechart models; syntactic carriers; unspecified assumptions}, keywords = {Cyber Physical System; Data mining; Embedded systems; Systems analysis, Action sequences; Food and Drug Administration; Medical cyber physical systems; Medical doctors; Medical systems; Software failure; System development process; Systems development process, Syntactics}, document_type = {Article}, source = {Scopus}, } - A framework for supporting the development of verifiably safe medical best practice guideline systemsC. Guo, Z. Fu, Z. Zhang, S. Ren, and L. ShaJournal of Systems Architecture, 2020
Improving safety of patient care is an ultimate objective for medical systems. Though many medical best practice guidelines exist and are in hospital handbooks, they are often lengthy and difficult for medical professionals to remember and apply clinically. Hence, developing safe medical best practice guideline systems is an urgent need. The paper presents a framework to support the development of verifiably safe medical best practice guideline systems. The framework facilitates medical professionals’ participation in computer modeling, clinical validation, formal verification and root cause identification of safety failures at both model and code levels. To implement the framework, our strategies are to maximally utilize existing models/tools designed for validation and verification respectively, but build bridges among different selected models/tools. In particular, we use statechart tool to build statechart models for medical best practice guidelines and use statechart models to interact with medical professionals for clinical validations. The statechart models are then automatically transformed to verifiable models by the framework so that the safety properties can be formally verified. The computer models that are both validated by medical professionals and verified by formal verification tools are then used to generate computer executable code. To improve code level safety, the framework further transforms safety properties specified at the model level to runtime code monitors to ensure that these safety properties are complied at runtime. We use a simplified version of cardiac arrest treatment scenario provided to our team by Carle Foundation Hospital as a case study to evaluate the framework in developing a verifiably safe medical system. © 2019 Elsevier B.V.
@article{Guo2020, author = {Guo, C. and Fu, Z. and Zhang, Z. and Ren, S. and Sha, L.}, journal = {Journal of Systems Architecture}, year = {2020}, volume = {104}, doi = {10.1016/j.sysarc.2019.101693}, art_number = {101693}, url = {https://www.scopus.com/inward/record.uri?eid=2-s2.0-85076866059&doi=10.1016%2fj.sysarc.2019.101693&partnerID=40&md5=56b090078998a6a1eafb7a6ae63ca930}, author_keywords = {Medical cyber-physical systems; Medical guideline models; Runtime verification; Validation and verification}, keywords = {Bridges; Embedded systems; Hospitals, Best practice guidelines; Formal verification tools; Medical cyber physical systems; Medical guidelines; Medical professionals; Root cause identification; Run-time verification; Validation and verification, Formal verification}, document_type = {Article}, source = {Scopus}, } - Safety constrained multi-uav time coordination: A bi-level control framework in gps denied environment∗AIAA AVIATION 2020 FORUM, 2020
Unmanned aerial vehicles (UAVs) suffer from sensor drifts in GPS denied environments, which can cause safety issues. To avoid intolerable sensor drifts while completing the time-critical coordination task for multi-UAV systems, we propose a safety constrained bi-level control framework. The first level is the time-critical coordination level that achieves a consensus of coordination states and provides a virtual target which is a function of the coordination state. The second level is the safety-critical control level that is designed to follow the virtual target while adapting the attacked UAV(s) at a path re-planning level to support resilient state estimation. In particular, the time-critical coordination level framework generates the desired speed and position profile of the virtual target based on the multi-UAV cooperative mission by the proposed consensus protocol algorithm. The safety-critical control level is able to make each UAV follow its assigned path while detecting the attacks, estimating the state resiliently, and driving the UAV(s) outside the effective range of the spoofing device within the escape time. The numerical simulations of a three-UAV system demonstrate the effectiveness of the proposed safety constrained bi-level control framework. © 2020, American Institute of Aeronautics and Astronautics Inc, AIAA. All rights reserved.
@article{Wan2020, author = {Wan, W. and Kim, H. and Cheng, Y. and Hovakimyan, N. and Voulgaris, P.G. and Sha, L.}, title = {Safety constrained multi-uav time coordination: A bi-level control framework in gps denied environment∗}, journal = {AIAA AVIATION 2020 FORUM}, year = {2020}, page_count = {13}, doi = {10.2514/6.2020-2621}, url = {https://www.scopus.com/inward/record.uri?eid=2-s2.0-85092466227&doi=10.2514%2f6.2020-2621&partnerID=40&md5=7e9ce424d0af2312b4cc5fe248a6b427}, keywords = {Aircraft detection; Antennas; Level control; Safety engineering; Unmanned aerial vehicles (UAV), Consensus protocols; Control framework; Coordination levels; Coordination state; Coordination tasks; Effective range; Path re-planning; Virtual target, Aircraft control}, document_type = {Conference Paper}, source = {Scopus}, }
2019
- Towards resilient UAV: Escape time in GPS denied environment with sensor driftIFAC-PapersOnLine, 2019
This paper considers a resilient state estimation framework for unmanned aerial vehicles (UAVs) that integrates a Kalman filter-like state estimator and an attack detector. When an attack is detected, the state estimator uses only IMU signals as the GPS signals do not contain legitimate information. This limited sensor availability induces a sensor drift problem questioning the reliability of the sensor estimates. We propose a new resilience measure, escape time, as the safe time within which the estimation errors remain in a tolerable region with high probability. This paper analyzes the stability of the proposed resilient estimation framework and quantifies a lower bound for the escape time. Moreover, simulations of the UAV model demonstrate the performance of the proposed framework and provide analytical results. Copyright © 2019. The Authors. Published by Elsevier Ltd. All rights reserved.
@article{Yoon2019423, author = {Yoon, H.-J. and Wan, W. and Kim, H. and Hovakimyan, N. and Sha, L. and Voulgaris, P.G.}, title = {Towards resilient UAV: Escape time in GPS denied environment with sensor drift}, journal = {IFAC-PapersOnLine}, year = {2019}, volume = {52}, number = {12}, pages = {423-428}, doi = {10.1016/j.ifacol.2019.11.280}, url = {https://www.scopus.com/inward/record.uri?eid=2-s2.0-85077399181&doi=10.1016%2fj.ifacol.2019.11.280&partnerID=40&md5=60fa05d335aa5169f275076003e2f6d7}, author_keywords = {Resilient estimation; Stochastic system; Unmanned aerial vehicle}, keywords = {Antennas; Automation; State estimation; Stochastic control systems; Stochastic systems, Analytical results; Escape time; Estimation errors; GPS signals; High probability; Lower bounds; Sensor drift; State Estimators, Unmanned aerial vehicles (UAV)}, document_type = {Conference Paper}, source = {Scopus}, } - Design Verifiably Correct Model Patterns to Facilitate Modeling Medical Best Practice Guidelines with StatechartsC. Guo, Z. Fu, Z. Zhang, S. Ren, and L. ShaIEEE Internet of Things Journal, 2019
Improving patient care safety is an ultimate objective for medical cyber-physical systems. A recent study shows that the patients’ death rate can be significantly reduced by computerizing medical best practice guidelines. To facilitate the development of computerized medical best practice guidelines, statecharts are often used as a modeling tool because of their high resemblances to disease and treatment models and their capabilities to provide rapid prototyping and simulation for clinical validations. However, some implementations of statecharts, such as Yakindu statecharts, are priority-based and have synchronous execution semantics which makes it difficult to model certain functionalities that are essential in modeling medical guidelines, such as two-way communications and configurable execution orders. Rather than introducing new statechart elements or changing the statechart implementation’s underline semantics, we use existing basic statechart elements to design model patterns for the commonly occurring issues. In particular, we show the design of model patterns for two-way communications and configurable execution orders and formally prove the correctness of these model patterns. We further use a simplified airway laser surgery scenario as a case study to demonstrate how the developed model patterns address the two-way communication and configurable execution order issues and their impact on validation and verification of medical safety properties. © 2014 IEEE.
@article{Guo20196276, author = {Guo, C. and Fu, Z. and Zhang, Z. and Ren, S. and Sha, L.}, title = {Design Verifiably Correct Model Patterns to Facilitate Modeling Medical Best Practice Guidelines with Statecharts}, journal = {IEEE Internet of Things Journal}, year = {2019}, volume = {6}, number = {4}, pages = {6276-6284}, doi = {10.1109/JIOT.2018.2879475}, art_number = {8521661}, url = {https://www.scopus.com/inward/record.uri?eid=2-s2.0-85056168641&doi=10.1109%2fJIOT.2018.2879475&partnerID=40&md5=af6079c35010c63260c2e4956e6f4ccb}, author_keywords = {Medical guideline modeling; statechart models; verifiably correct model patterns}, keywords = {Embedded systems; Laser modes; Laser safety; Semantics; Surgery, Atmospheric model; Best practices; Computational model; Correct models; Guidelines; Medical guidelines; State charts, Laser surgery}, document_type = {Article}, source = {Scopus}, } - Decision-driven schedulingJ.-E. Kim, T. Abdelzaher, L. Sha, A. Bar-Noy, R.L. Hobbs, and W. DronReal-Time Systems, 2019
This paper presents a scheduling model, called decision-driven scheduling, elaborates key optimality results for a fundamental scheduling model, and evaluates new heuristics solving more general versions of the problem. In the context of applications that need control and actuation, the traditional execution model has often been either time-driven or event-driven. In time-driven applications, sensors are sampled periodically, leading to the classical periodic task model. In event-driven applications, sensors are sampled when an event of interest occurs, such as motion-activated cameras, leading to an event-driven task activation model. In contrast, in decision-driven applications, sensors are sampled when a particular decision must be made. We offer a justification for why decision-driven scheduling might be of increasing interest to Internet-of-things applications, and explain why it leads to interesting new scheduling problems (unlike time-driven and event-driven scheduling), including the problems addressed in this paper. © 2019, Springer Science+Business Media, LLC, part of Springer Nature.
@article{Kim2019514, author = {Kim, J.-E. and Abdelzaher, T. and Sha, L. and Bar-Noy, A. and Hobbs, R.L. and Dron, W.}, title = {Decision-driven scheduling}, journal = {Real-Time Systems}, year = {2019}, volume = {55}, number = {3}, pages = {514-551}, doi = {10.1007/s11241-018-09324-6}, url = {https://www.scopus.com/inward/record.uri?eid=2-s2.0-85058957427&doi=10.1007%2fs11241-018-09324-6&partnerID=40&md5=7c41f104eb4a9272baab46a0c7205f37}, author_keywords = {Decision-driven; Disaster response infrastructure; Freshness; Internet of Things; Smart cities}, keywords = {Internet of things; Smart city, Decision-driven; Disaster response; Driven scheduling; Event driven applications; Freshness; Scheduling models; Scheduling problem; Task activations, Scheduling}, document_type = {Article}, source = {Scopus}, } - A Container-based DoS Attack-Resilient Control Framework for Real-Time UAV SystemsJ. Chen, Z. Feng, J.-Y. Wen, B. Liu, and L. Sha2019 Design, Automation and Test in Europe Conference and Exhibition, DATE 2019, 2019
The Unmanned aerial vehicles (UAVs) sector is fast-expanding. Protection of real-time UAV applications against malicious attacks has become an urgent problem that needs to be solved. Denial-of-service (DoS) attack aims to exhaust system resources and cause important tasks to miss deadlines. DoS attack may be one of the common problems of UAV systems, due to its simple implementation. In this paper, we present a software framework that offers DoS attack-resilient control for real-time UAV systems using containers: ContainerDrone. The framework provides defense mechanisms for three critical system resources: CPU, memory, and communication channel. We restrict attacker’s access to CPU core set and utilization. Memory bandwidth throttling limits attacker’s memory usage. By simulating sensors and drivers in the container, a security monitor constantly checks DoS attacks over communication channels. Upon the detection of a security rule violation, the framework switches to the safety controller to mitigate the attack. We implemented a prototype quadcopter with commercially off-the-shelf (COTS) hardware and open-source software. Our experimental results demonstrated the effectiveness of the proposed framework defending against various DoS attacks. © 2019 EDAA.
@article{Chen20191222, author = {Chen, J. and Feng, Z. and Wen, J.-Y. and Liu, B. and Sha, L.}, title = {A Container-based DoS Attack-Resilient Control Framework for Real-Time UAV Systems}, journal = {2019 Design, Automation and Test in Europe Conference and Exhibition, DATE 2019}, year = {2019}, pages = {1222-1227}, doi = {10.23919/DATE.2019.8714888}, art_number = {8714888}, url = {https://www.scopus.com/inward/record.uri?eid=2-s2.0-85066629863&doi=10.23919%2fDATE.2019.8714888&partnerID=40&md5=5742e2fea4a687edebc452beef297f7d}, author_keywords = {Cyber Physical System; Denial of Service attack; Linux Container; Real-time System; Security; Simplex; Unmanned Aerial Vehicle Systems}, keywords = {Aircraft control; Antennas; Commercial off-the-shelf; Communication channels (information theory); Computer operating systems; Computer programming; Containers; Cyber Physical System; Embedded systems; Interactive computer systems; Network security; Open source software; Open systems; Real time systems; Unmanned aerial vehicles (UAV), Memory bandwidths; Real-time uav systems; Resilient control; Security; Security monitors; Simplex; Software frameworks; Unmanned aerial vehicle systems, Denial-of-service attack}, document_type = {Conference Paper}, source = {Scopus}, }
2018
- Safety-assured model-driven design of the multifunction vehicle bus controllerY. Jiang, H. Liu, H. Song, H. Kong, R. Wang, Y. Guan, and L. ShaIEEE Transactions on Intelligent Transportation Systems, 2018
In this paper, we present a formal model-driven design approach to establish a safety-assured implementation of multifunction vehicle bus controller (MVBC), which controls the data transmission among the devices of the vehicle. First, the generic models and safety requirements described in International Electrotechnical Commission Standard 61375 are formalized as time automata and timed computation tree logic formulas, respectively. With model checking tool Uppaal, we verify whether or not the constructed timed automata satisfy the formulas and several logic inconsistencies in the original standard are detected and corrected. Then, we apply the code generation tool Times to generate C code from the verified model, which is later synthesized into a real MVBC chip, with some handwriting glue code. Furthermore, the runtime verification tool RMOR is applied on the integrated code, to verify some safety requirements that cannot be formalized on the timed automata. For evaluation, we compare the proposed approach with existing MVBC design methods, such as BeagleBone, Galsblock, and Simulink. Experiments show that more ambiguousness or bugs in the standard are detected during Uppaal verification, and the generated code of Times outperforms the C code generated by others in terms of the synthesized binary code size. The errors in the standard have been confirmed and the resulting MVBC has been deployed in the real train communication network. © 2018 IEEE.
@article{Jiang20183320, author = {Jiang, Y. and Liu, H. and Song, H. and Kong, H. and Wang, R. and Guan, Y. and Sha, L.}, title = {Safety-assured model-driven design of the multifunction vehicle bus controller}, journal = {IEEE Transactions on Intelligent Transportation Systems}, year = {2018}, volume = {19}, number = {10}, pages = {3320-3333}, doi = {10.1109/TITS.2017.2778077}, art_number = {8260537}, url = {https://www.scopus.com/inward/record.uri?eid=2-s2.0-85041658161&doi=10.1109%2fTITS.2017.2778077&partnerID=40&md5=4bef08f938ae546fcc835ae80b7a7276}, author_keywords = {IEC-61375; model-driven development; Multifunction vehicle bus; train communication network}, keywords = {Accident prevention; Automata theory; Buses; Codes (symbols); Computer circuits; Data structures; Design; Model checking; Network protocols; Standards; Tools; Unified Modeling Language; Vehicle transmissions, Automata; IEC-61375; Model driven development; Multifunction vehicle bus; Train communication network, C (programming language)}, document_type = {Article}, source = {Scopus}, } - Model and Integrate Medical Resource Available Times and Relationships in Verifiably Correct Executable Medical Best Practice Guideline ModelsC. Guo, Z. Fu, Z. Zhang, S. Ren, and L. ShaProceedings - 9th ACM/IEEE International Conference on Cyber-Physical Systems, ICCPS 2018, 2018
Improving patient care safety is an ultimate objective for medical cyber-physical systems. A recent study shows that the patients’ death rate is significantly reduced by computerizing medical best practice guidelines [16]. Recent data also show that some morbidity and mortality in emergency care are directly caused by delayed or interrupted treatment due to lack of medical resources [15]. However, medical guidelines usually do not provide guidance on medical resource demands and how to manage potential unexpected delays in resource availability. If medical resources are temporarily unavailable, safety properties in existing executable medical guideline models may fail which may cause increased risk to patients under care. The paper presents a separately model and jointly verify (SMJV) architecture to separately model medical resource available times and relationships and jointly verify safety properties of existing medical best practice guideline models with resource models being integrated in. The separated modeling approach also allows different domain professionals to make independent model modifications, facilitates the management of frequent resource availability changes, and enables resource statechart reuse in multiple medical guideline models. A simplified stroke scenario is used as a case study to investigate the effectiveness and validity of the SMJV architecture. The case study indicates that the SMJV architecture is able to identify unsafe properties caused by unexpected resource delays. © 2018 IEEE.
@article{Guo2018253, author = {Guo, C. and Fu, Z. and Zhang, Z. and Ren, S. and Sha, L.}, title = {Model and Integrate Medical Resource Available Times and Relationships in Verifiably Correct Executable Medical Best Practice Guideline Models}, journal = {Proceedings - 9th ACM/IEEE International Conference on Cyber-Physical Systems, ICCPS 2018}, year = {2018}, pages = {253-262}, doi = {10.1109/ICCPS.2018.00032}, art_number = {8443739}, url = {https://www.scopus.com/inward/record.uri?eid=2-s2.0-85053556696&doi=10.1109%2fICCPS.2018.00032&partnerID=40&md5=9fcf62652fc6b1b36c8a3045c68605b9}, author_keywords = {Medical Resource Available Time Models; Medical Resource Relationship Models; Verifiably Correct Executable Medical Guideline Models}, keywords = {Cyber Physical System; Safety engineering, Available time model; Best practice guidelines; Different domains; Independent model; Medical cyber physical systems; Medical guidelines; Relationship model; Resource availability, Embedded systems}, document_type = {Conference Paper}, source = {Scopus}, } - RSimplex: A robust control architecture for cyber and physical failuresX. Wang, N. Hovakimyan, and L. ShaACM Transactions on Cyber-Physical Systems, 2018
As the complexity of Cyber-Physical Systems (CPS) increases, it becomes increasingly challenging to ensure CPS reliability, especially in the presence of software and/or physical failures. The Simplex architecture is shown to be an efficient tool to address software failures in such systems. When physical failures exist, however, Simplex may not function correctly because physical failures could change system dynamics and the original Simplex design may not work for the new faulty system. To address concurrent software and physical failures, this article presents the RSimplex architecture, which integrates Robust Fault-Tolerant Control (RFTC) techniques into the Simplex architecture. It includes the uncertainty monitor, the High-Performance Controller (HPC), the Robust High-Assurance Controller (RHAC), and the decision logic that triggers the switch of the controllers. Based on the output of the uncertainty monitor, we introduce a monitor-based switching rule in the decision logic in addition to the traditional envelope-based rule. The RHAC is designed based on RFTCs. We show that RSimplex can efficiently handle a class of software and physical failures. © 2018 ACM
@article{Wang2018, author = {Wang, X. and Hovakimyan, N. and Sha, L.}, title = {RSimplex: A robust control architecture for cyber and physical failures}, journal = {ACM Transactions on Cyber-Physical Systems}, year = {2018}, volume = {2}, number = {4}, doi = {10.1145/3121428}, art_number = {27}, url = {https://www.scopus.com/inward/record.uri?eid=2-s2.0-85075488707&doi=10.1145%2f3121428&partnerID=40&md5=710b3a1f31e87c7f538a3e4cda61405b}, author_keywords = {Cyber; Fault-tolerant control; Physical failures; Simplex architecture}, keywords = {Computer circuits; Controllers; Embedded systems; Fault tolerance; Robust control; Software reliability, Concurrent software; Control architecture; Cyber; Cyber-Physical System (CPS); Fault tolerant control; High-performance controllers; Software failure; System Dynamics, Concurrency control}, document_type = {Article}, source = {Scopus}, } - Dependable model-driven development of CPS: From Stateflow simulation to verified implementationY. Jiang, H. Song, Y. Yang, H. Liu, M. Gu, Y. Guan, J. Sun, and L. ShaACM Transactions on Cyber-Physical Systems, 2018
Simulink is widely used for model-driven development (MDD) of cyber-physical systems. Typically, the Simulink-based development starts with Stateflow modeling, followed by simulation, validation, and code generation mapped to physical execution platforms. However, recent trends have raised the demands of rigorous verification on safety-critical applications to prevent intrinsic development faults and improve the system dependability, which is unfortunately challenging. Even though the constructed Stateflow model and the generated code pass the validation of Simulink Design Verifier and Simulink Polyspace, respectively, the system may still fail due to some implicit defects contained in the design model (design defect) and the generated code (implementation defects). In this article, we bridge the Stateflow-basedMDD and a well-defined rigorous verification to reduce development faults. First, we develop a self-contained toolkit to translate a Stateflow model into timed automata, where major advanced modeling features in Stateflow are supported. Taking advantage of the strong verification capability of Uppaal, we can not only find bugs in Stateflow models that are missed by Simulink Design Verifier but also check more important temporal properties. Next, we customize a runtime verifier for the generated non-intrusive VHDL and C code of a Stateflow model for monitoring. The major strength of the customization is the flexibility to collect and analyze runtime properties with a pure software monitor, which offers more opportunities for engineers to achieve high reliability of the target system compared with the traditional act that only relies on Simulink Polyspace. In this way, safety-critical properties are both verified at the model level and at the consistent system implementation level with physical execution environment in consideration. We apply our approach to the development of a typical cyber-physical system-train communication controller based on the IEC standard 61375. Experiments show that more ambiguousness in the standard are detected and confirmed and more development faults and those corresponding errors that would lead to system failure have been removed. Furthermore, the verified implementation has been deployed on real trains. © 2018 Association for Computing Machinery.
@article{Jiang2018, author = {Jiang, Y. and Song, H. and Yang, Y. and Liu, H. and Gu, M. and Guan, Y. and Sun, J. and Sha, L.}, title = {Dependable model-driven development of CPS: From Stateflow simulation to verified implementation}, journal = {ACM Transactions on Cyber-Physical Systems}, year = {2018}, volume = {3}, number = {1}, doi = {10.1145/3078623}, art_number = {12}, url = {https://www.scopus.com/inward/record.uri?eid=2-s2.0-85070892364&doi=10.1145%2f3078623&partnerID=40&md5=33df7a07b0cb7efa1a9d9ca756f5e32a}, author_keywords = {Formal verification; Model-driven development; Runtime verification; Simulink stateflow; Timed automaton}, keywords = {Codes (symbols); Computer aided software engineering; Cyber Physical System; Defects; Embedded systems; Formal verification; Safety engineering; Software reliability; Systems engineering, Communication controllers; Execution environments; Model driven development; Run-time verification; Safety critical applications; STATEFLOW; System implementation; Timed Automata, C (programming language)}, document_type = {Article}, source = {Scopus}, } - IAFinder: Identifying potential implicit assumptions to facilitate validation in medical cyber-physical systemZ. Fu, Z. Wang, C. Guo, Z. Zhang, S. Ren, and L. ShaProceedings - Design Automation Conference, 2018
According to the U.S. Food and Drug Administration (FDA) medical device recall database, medical device recalls are at an all-time high. One of the major causes of the recalls is due to implicit assumptions of which either the medical device operating environment does not match, or the device operators are not aware of. In this paper, we present IAFinder (Implicit Assumption Finder), a tool that uses data mining techniques to automatically extract invariants from design models implemented with statecharts. By identifying invariants that are not explicitly specified in the design models, we are able to find implicit assumptions and better facilitate domain experts to validate them and make the validated implicit assumptions explicit. We use a cardiac arrest statechart model as a case study to illustrate the usage of IAFinder in identifying implicit assumptions. © 2018 Association for Computing Machinery.
@article{Fu2018, author = {Fu, Z. and Wang, Z. and Guo, C. and Zhang, Z. and Ren, S. and Sha, L.}, title = {IAFinder: Identifying potential implicit assumptions to facilitate validation in medical cyber-physical system}, journal = {Proceedings - Design Automation Conference}, year = {2018}, volume = {Part F137710}, doi = {10.1145/3195970.3196062}, art_number = {a143}, url = {https://www.scopus.com/inward/record.uri?eid=2-s2.0-85053658056&doi=10.1145%2f3195970.3196062&partnerID=40&md5=37867751ef4520842db0251661e1237b}, keywords = {Biomedical equipment; Computer aided design; Cyber Physical System; Embedded systems, Cardiac arrest; Design models; Domain experts; Food and Drug Administration; Medical cyber physical systems; Medical Devices; Operating environment; Statechart modeling, Data mining}, document_type = {Conference Paper}, source = {Scopus}, } - A cyber-physical system framework for early detection of paroxysmal diseasesZ. Gu, Y. Jiang, M. Zhou, M. Gu, X. Song, and L. ShaIEEE Access, 2018
Paroxysmal diseases of inpatients are globally recognized as one of the top challenges in medicine. Poor clinical outcomes are primarily caused by delayed recognition, especially due to diverse clinical diagnostic criteria with complex manifestations, irregular episodes, and already overloaded clinical activities. With the proliferation of measuring devices and increased computational capabilities, cyber-physical characterization plays an increasingly important role in many domains to provide enabling technologies. This paper presents a cyber-physical system (CPS) framework to assist physicians in making earlier diagnoses of paroxysmal sympathetic hyperactivity based on existing medical knowledge. We propose a configurable diagnostic knowledge model to characterize clinical criteria to reduce domain knowledge deficiency between physicians and computer scientists. We present a component-based medical CPS framework to employ the knowledge models and integrate medical devices. Our approach aims to relieve medical staff from the heavy burden of clinical activities and to provide timely decision support. We evaluate our approach on 128 real-world clinical cases. Compared with the state-of-the-art approach, the results demonstrate that we enable early detection in 11.02% more patients and detect the condition 16.57 hours earlier on average. © 2013 IEEE.
@article{Gu201834834, author = {Gu, Z. and Jiang, Y. and Zhou, M. and Gu, M. and Song, X. and Sha, L.}, title = {A cyber-physical system framework for early detection of paroxysmal diseases}, journal = {IEEE Access}, year = {2018}, volume = {6}, pages = {34834-34845}, doi = {10.1109/ACCESS.2018.2850039}, url = {https://www.scopus.com/inward/record.uri?eid=2-s2.0-85049064203&doi=10.1109%2fACCESS.2018.2850039&partnerID=40&md5=89b2ae0df47742e25bd91c1bb903a3ad}, author_keywords = {Cyber-physical system; early detection; knowledge model; paroxysmal disease}, document_type = {Article}, source = {Scopus}, } - SafeTrace: A safety-driven requirement traceability framework on device interaction hazards for MD PnPA.Y.-Z. Ou, M. Rahmaniheris, Y. Jiang, L. Sha, Z. Fu, and S. RenACM Symposium on Applied Computing, 2018
Requirements management and safety analysis have been the key foundations of the successful development of life-critical systems, and the traceability of safety-related artifacts across such systems is becoming ever more important. Unless safety analysts can trace when and how requirements and design change, their analysis will become inconsistent, and eventually fail as proof that a given system can mitigate certain faults during certification processes. However, most prior research on traceability has focused on requirements, design and source code changes, rather than the integration of safety analysis by considering device interactions such as the Medical Device plug-and-play (MD PnP) into traceability and change-impact analysis. To help fill this gap, this paper proposes a safety-driven requirement traceability framework, SafeTrace, that traces the relations between safety requirements, design, and safety analysis, and the impact of requirement and design changes on safety analysis for life-critical systems with a focus on medical device interaction hazards. © 2018 ACM.
@article{Ou20181282, author = {Ou, A.Y.-Z. and Rahmaniheris, M. and Jiang, Y. and Sha, L. and Fu, Z. and Ren, S.}, title = {SafeTrace: A safety-driven requirement traceability framework on device interaction hazards for MD PnP}, journal = {ACM Symposium on Applied Computing}, year = {2018}, pages = {1282-1291}, doi = {10.1145/3167132.3167270}, url = {https://www.scopus.com/inward/record.uri?eid=2-s2.0-85050554873&doi=10.1145%2f3167132.3167270&partnerID=40&md5=9249595fe8077df30a74357d05882dce}, author_keywords = {Fault-tree analysis; Requirement engineering; Traceability}, document_type = {Conference Paper}, source = {Scopus}, } - Study of Software-Related Causes in the FDA Medical Device RecallsZ. Fu, C. Guo, S. Ren, Y. Jiang, and L. ShaIEEE International Conference on Engineering of Complex Computer Systems, ICECCS, 2018
As technology advances, medical devices are playing increasingly more important roles in patient care. Unfortunately, based on the U.S. Food and Drug Administration (FDA) data, medical device recalls are at an all time high. One of the major causes of the recalls is due to defective software. In fact, one in every three medical devices that use software for operation has been recalled because of failures in the software itself. Unlike traditional software, software-based medical devices have specific domain fault modes, and these fault modes have been not addressed in software design literature, such as dosage calculation fault. In this paper, we first present a process that collects software-related medical device recalls from the FDA database. Collecting all software-related medical device recalls is an effort that needs the support and contributions from a large research, industrial, and medical community, To facility such effort, we have developed a web-based platform for different users to contribute and share new software-related medical device recalls into the collection. Second, we analyze one hundred software-related recalls that we have collected from the FDA database. Our analysis reveals that there are four major categories of software failures in medical device recalls and implicit assumptions made by medical device manufacturers are among one of the leading causes in medical device recalls. Last, we present an approach for implicit assumption management in medical cyber-physical system designs. © 2017 IEEE.
@article{Fu201860, author = {Fu, Z. and Guo, C. and Ren, S. and Jiang, Y. and Sha, L.}, title = {Study of Software-Related Causes in the FDA Medical Device Recalls}, journal = {IEEE International Conference on Engineering of Complex Computer Systems, ICECCS}, year = {2018}, volume = {2017-November}, pages = {60-69}, doi = {10.1109/ICECCS.2017.20}, url = {https://www.scopus.com/inward/record.uri?eid=2-s2.0-85045286162&doi=10.1109%2fICECCS.2017.20&partnerID=40&md5=b28890e42ef3d4332f0eae02c36143a0}, author_keywords = {Implicit assumptions; Medical cyberphysical systems; Medical device recalls analysis; Root causes; Software fault modes}, keywords = {Computer software; Embedded systems; Industrial research; Software design, Implicit assumptions; Medical cyber-physical systems; Medical Devices; Root cause; Software fault, Biomedical equipment}, document_type = {Conference Paper}, source = {Scopus}, } - Athena: Towards decision-centric anticipatory sensor information delivery†J. Lee, K. Marcus, T. Abdelzaher, T.A. Amin, A. Bar-Noy, W. Dron, R. Govindan, R. Hobbs, S. Hu, J.-E. Kim, L. Sha, S. Yao, and Y. ZhaoJournal of Sensor and Actuator Networks, 2018
The paper introduces a new direction in quality-of-service-aware networked sensing that designs communication protocols and scheduling policies for data delivery that are optimized specifically for decision needs. The work complements present decision monitoring and support tools and falls in the larger framework of decision-driven resource management. A hallmark of the new protocols is that they are aware of the inference structure used to arrive at decisions (from logical predicates), as well as the data (and data quality) that need to be furnished to successfully evaluate the unknowns on which these decisions are based. Such protocols can therefore anticipate and deliver precisely the right data, at the right level of quality, from the right sources, at the right time, to enable valid and timely decisions at minimum cost to the underlying network. This paper presents the decision model used and the protocol design philosophy, reviews the key recent results and describes a novel system, called Athena, that is the first to embody the aforementioned data delivery paradigm. Evaluation results are presented that compare the performance of decision-centric anticipatory information delivery to several baselines, demonstrating its various advantages in terms of decision timeliness, validity and network resources used. The paper concludes with a discussion of remaining future challenges in this emerging area. © 2018 by the authors.
@article{Lee2018, author = {Lee, J. and Marcus, K. and Abdelzaher, T. and Amin, T.A. and Bar-Noy, A. and Dron, W. and Govindan, R. and Hobbs, R. and Hu, S. and Kim, J.-E. and Sha, L. and Yao, S. and Zhao, Y.}, title = {Athena: Towards decision-centric anticipatory sensor information delivery†}, journal = {Journal of Sensor and Actuator Networks}, year = {2018}, volume = {7}, number = {1}, doi = {10.3390/jsan7010005}, art_number = {5}, url = {https://www.scopus.com/inward/record.uri?eid=2-s2.0-85041222758&doi=10.3390%2fjsan7010005&partnerID=40&md5=28dc5f788745e19cef2f94c2b2643fd3}, author_keywords = {Decision-centric Quality of Service (QoS); Information delivery for the Internet of Things (IoT); Real-time scheduling}, document_type = {Article}, source = {Scopus}, }
2017
- Toward safe interoperations in network connected medical cyber-physical systems using open-loop safe protocolsA.Y.-Z. Ou, M. Rahmaniheris, Y. Jiang, P.-L. Wu, and L. ShaIEEE/ACM International Conference on Computer-Aided Design, Digest of Technical Papers, ICCAD, 2017
Using wireless networks in medical Cyber-Physical Systems could be challenging. Because the medical system not only assists the medical personnel to deliver medical services to the patient but also needs to deal with accidental situations such as communication failures without compromising the patient’s safety. Previous research work tackled the communication failure problems in medical CPS from architecture perspectives. However, as medical devices configurations become more complex when a medical CPS is composed of many medical devices, we need to know that whether the certain configuration and a combination of the devices will not compromise the patient’s safety. We present an algorithm to tackle the problem that whether a given system configuration exists a possible series of system transitions that allows the physicians to perform medical operations; in the mean time, the system transitions ensure the patient’s safety while communication failures may happen during the transitions. © 2017 IEEE.
@article{Ou2017957, author = {Ou, A.Y.-Z. and Rahmaniheris, M. and Jiang, Y. and Wu, P.-L. and Sha, L.}, title = {Toward safe interoperations in network connected medical cyber-physical systems using open-loop safe protocols}, journal = {IEEE/ACM International Conference on Computer-Aided Design, Digest of Technical Papers, ICCAD}, year = {2017}, volume = {2017-November}, pages = {957-963}, doi = {10.1109/ICCAD.2017.8203884}, url = {https://www.scopus.com/inward/record.uri?eid=2-s2.0-85043512768&doi=10.1109%2fICCAD.2017.8203884&partnerID=40&md5=ca1a2ad7f4dfb39f51086f3c1c822838}, keywords = {Biomedical equipment; Computer aided design; Cyber Physical System; Embedded systems, Communication failure; Medical cyber physical systems; Medical Devices; Medical operations; Medical personnel; Medical services; System configurations; System transitions, Medical problems}, document_type = {Conference Paper}, source = {Scopus}, } - Model and integrate medical resource availability into verifiably correct executable medical guidelinesC. Guo, Z. Fu, Z. Zhang, S. Ren, and L. ShaIEEE/ACM International Conference on Computer-Aided Design, Digest of Technical Papers, ICCAD, 2017
Improving effectiveness and safety of patient care is an ultimate objective for medical cyber-physical systems. A recent study shows that the patients’ death rate can be reduced by computerizing medical guidelines [20]. Most existing medical guideline models are validated and/or verified based on the assumption that all necessary medical resources needed for a patient care are always available. However, the reality is that some medical resources, such as special medical equipment or medical specialists, can be temporarily unavailable for an individual patient. In such cases, safety properties validated and/or verified in existing medical guideline models without considering medical resource availability may not hold any more. © 2017 IEEE.
@article{Guo2017964, author = {Guo, C. and Fu, Z. and Zhang, Z. and Ren, S. and Sha, L.}, title = {Model and integrate medical resource availability into verifiably correct executable medical guidelines}, journal = {IEEE/ACM International Conference on Computer-Aided Design, Digest of Technical Papers, ICCAD}, year = {2017}, volume = {2017-November}, pages = {964-969}, doi = {10.1109/ICCAD.2017.8203885}, url = {https://www.scopus.com/inward/record.uri?eid=2-s2.0-85043497149&doi=10.1109%2fICCAD.2017.8203885&partnerID=40&md5=409cd81223a2064a9739a4a486d0725a}, keywords = {Embedded systems, Death rates; Medical cyber physical systems; Medical guidelines; Patient care; Resource availability; Safety property, Computer aided design}, document_type = {Conference Paper}, source = {Scopus}, } - Supporting Emergency Medical Care Teams with an Integrated Status Display Providing Real-Time Access to Medical Best Practices, Workflow Tracking, and Patient DataP.L. Wu, M.-Y. Nam, J. Choi, A. Kirlik, L. Sha, and Jr. BerlinJournal of Medical Systems, 2017
The work of a hospital’s medical staff is safety critical and often occurs under severe time constraints. To provide timely and effective cognitive support to medical teams working in such contexts, guidelines in the form of best practice workflows for healthcare have been developed by medical organizations. However, the high cognitive load imposed in such stressful and rapidly changing environments poses significant challenges to the medical staff or team in adhering to these workflows. In collaboration with physicians and nurses from Carle Foundation Hospital, we first studied and modeled medical team’s individual responsibilities and interactions in cardiac arrest resuscitation and decomposed their overall task into a set of distinct cognitive tasks that must be specifically supported to achieve successful human-centered system design. We then developed a medical Best Practice Guidance (BPG) system for reducing medical teams’ cognitive load, thus fostering real-time adherence to best practices. We evaluated the resulting system with physicians and nurses using a professional patient simulator used for medical training and certification. The evaluation results point to a reduction of cognitive load and enhanced adherence to medical best practices. © 2017, Springer Science+Business Media, LLC.
@article{Wu2017, author = {Wu, P.L. and Nam, M.-Y. and Choi, J. and Kirlik, A. and Sha, L. and Berlin, R.B., Jr.}, title = {Supporting Emergency Medical Care Teams with an Integrated Status Display Providing Real-Time Access to Medical Best Practices, Workflow Tracking, and Patient Data}, journal = {Journal of Medical Systems}, year = {2017}, volume = {41}, number = {12}, doi = {10.1007/s10916-017-0829-x}, art_number = {186}, url = {https://www.scopus.com/inward/record.uri?eid=2-s2.0-85032206667&doi=10.1007%2fs10916-017-0829-x&partnerID=40&md5=1b3e0dd8fbcadb70862b0f089c7ca40b}, author_keywords = {Best practice healthcare; Cognitive load; Integrated display; Situation awareness}, keywords = {bicarbonate; epinephrine, Article; Best Practice Guidance system; case report; certification; clinical article; clinical evaluation; cognition; computer simulation; controlled study; emergency care; health care access; health care system; heart arrest; human; medical education; medical practice; medical staff; nurse; patient coding; physician; responsibility; resuscitation; workflow; environment; heart arrest; information system; job stress; nursing staff; organization and management; patient care; physiologic monitoring; practice guideline; psychology; rapid response team; simulation training; time factor; workflow, Environment; Heart Arrest; Hospital Rapid Response Team; Humans; Information Systems; Medical Staff, Hospital; Monitoring, Physiologic; Nursing Staff, Hospital; Occupational Stress; Patient Care Team; Practice Guidelines as Topic; Simulation Training; Time Factors; Workflow}, document_type = {Article}, source = {Scopus}, } - Modeling and Integrating Human Interaction Assumptions in Medical Cyber-Physical System DesignZ. Fu, C. Guo, S. Ren, Y. Ou, and L. ShaProceedings - IEEE Symposium on Computer-Based Medical Systems, 2017
For a cyber-physical system, its execution behaviors are often impacted by human interactive behaviors. However, the assumptions about a cyber-physical systems expected human interactive behaviors are often informally documented, or even left implicit and unspecified in system design. Unfortunately, such implicit human interaction assumptions made by safety critical cyber-physical systems, such as medical cyber-physical systems (M-CPS), can lead to catastrophes. Several recent U.S. Food and Drug Administration (FDA) medical device recalls are due to implicit human interaction assumptions. In this paper, we classify the categories of constraints in human interaction assumptions in the medical domain and develop a mathematical assumption model that allow M-CPS engineers to explicitly and precisely specify assumptions about human interactions. Algorithms are developed to integrate mathematical assumption models with system model so that the safety of the system can be not only validated by both medical and engineering professionals but also formally verified by existing formal verification tools. We use an FDA recalled medical ventilator scenario as a case study to show how the mathematical assumption model and its integration in M-CPS design may improve the safety of the ventilator and M-CPS in general. © 2017 IEEE.
@article{Fu2017373, author = {Fu, Z. and Guo, C. and Ren, S. and Ou, Y. and Sha, L.}, title = {Modeling and Integrating Human Interaction Assumptions in Medical Cyber-Physical System Design}, journal = {Proceedings - IEEE Symposium on Computer-Based Medical Systems}, year = {2017}, volume = {2017-June}, pages = {373-378}, doi = {10.1109/CBMS.2017.50}, art_number = {8104222}, url = {https://www.scopus.com/inward/record.uri?eid=2-s2.0-85040357874&doi=10.1109%2fCBMS.2017.50&partnerID=40&md5=5e42d4b9727f4370b87c2285a0c88340}, keywords = {Behavioral research; Biomedical equipment; Cyber Physical System; Safety engineering; Systems analysis, Engineering professionals; Food and Drug Administration; Formal verification tools; Human interactions; Interactive behavior; Medical cyber physical systems; Medical ventilators; System modeling, Embedded systems}, document_type = {Conference Paper}, source = {Scopus}, } - Pattern-Based Statechart Modeling Approach for Medical Best Practice Guidelines - A Case StudyC. Guo, Z. Fu, S. Ren, Y. Jiang, M. Rahmaniheris, and L. ShaProceedings - IEEE Symposium on Computer-Based Medical Systems, 2017
Improving effectiveness and safety of patient care is an ultimate objective for medical cyber-physical systems. Many medical best practice guidelines exist in the format of hospital handbooks which are often lengthy and difficult for medical staff to remember and apply clinically. Statechart is an effective tool to model medical guidelines and enables clinical validation with medical staffs. However, some advanced statechart elements could result in high cost, such as low understandability, high difficulty in clinical validation, formal verification, and failure trace back. The paper presents a pattern-based statechart modeling approach for medical best practice guidelines, i.e., model medical guidelines with basic statechart elements and model patterns which are built upon these basic elements. For practical use, we implement the proposed approach based on open-source Yakindu statecharts. We also use a simplified cardiac arrest scenario provided to our team by Carle Foundation Hospital as a case study to validate the proposed approach. © 2017 IEEE.
@article{Guo2017117, author = {Guo, C. and Fu, Z. and Ren, S. and Jiang, Y. and Rahmaniheris, M. and Sha, L.}, title = {Pattern-Based Statechart Modeling Approach for Medical Best Practice Guidelines - A Case Study}, journal = {Proceedings - IEEE Symposium on Computer-Based Medical Systems}, year = {2017}, volume = {2017-June}, pages = {117-122}, doi = {10.1109/CBMS.2017.14}, art_number = {8104169}, url = {https://www.scopus.com/inward/record.uri?eid=2-s2.0-85031923073&doi=10.1109%2fCBMS.2017.14&partnerID=40&md5=e671a778a0581e2587e5b0be98ec7a01}, keywords = {Embedded systems; Hospitals, Basic elements; Best practice guidelines; Clinical validations; Effective tool; Medical cyber physical systems; Medical guidelines; Statechart modeling; Understandability, Trace elements}, document_type = {Conference Paper}, source = {Scopus}, } - CPS runtime architecture and automated transformation of applicationsFEAST 2017 - 2017 Workshop on Forming an Ecosystem Around Software Transformation, co-located with CCS 2017, 2017
National Academy of Science’s study on dependable software systems concluded that simplicity is the key. Reducing the complexity of software has been investigated by the FEAST community on automated transformation of application software and by the CPS runtime community on the development of runtime architectures that simply the development of applications. This creates the need of collaboration between these two communities. The goal of this review paper is to bring this need to the attention of FEAST community. © 2017 Association for Computing Machinery.
@article{Sha201731, author = {Sha, L.}, title = {CPS runtime architecture and automated transformation of applications}, journal = {FEAST 2017 - 2017 Workshop on Forming an Ecosystem Around Software Transformation, co-located with CCS 2017}, year = {2017}, pages = {31-34}, doi = {10.1145/3141235.3141238}, url = {https://www.scopus.com/inward/record.uri?eid=2-s2.0-85037091970&doi=10.1145%2f3141235.3141238&partnerID=40&md5=efca204097492d0bfdb9b01b17b0448a}, author_keywords = {Automated software transformation; Complexity reduction; CPS runtime architecture}, keywords = {Automation; Computer software; Ecology; Ecosystems, Automated transformations; Complexity reduction; Dependable softwares; National Academy of Science; Review papers; Runtime architecture; Runtimes; Software transformation, Application programs}, document_type = {Conference Paper}, source = {Scopus}, } - Toward physiology-aware DASH: Bandwidth-compliant prioritized clinical multimedia communication in ambulancesM. Hosseini, Y. Jiang, R.R. Berlin, L. Sha, and H. SongIEEE Transactions on Multimedia, 2017
The ultimate objective of medical cyber-physical systems is to enhance the safety and effectiveness of patient care. To ensure safe and effective care during emergency patient transfer from rural areas to center tertiary hospitals, reliable and real-time communication is essential. Unfortunately, real-time monitoring of patients involves transmission of various clinical multimedia data including videos, medical images, and vital signs, which requires use of mobile network with high-fidelity communication bandwidth. However, the wireless networks along the roads in rural areas range from 4G to 2G to low speed satellite links, which poses a significant challenge to transmit critical patient information. In this paper, we present a bandwidth-compliant criticality-aware system for transmission of massive clinical multimedia data adaptive to varying bandwidths during patient transport. Model-based clinical automata are used to determine the criticality of clinical multimedia data. We borrow concepts from DASH, and propose physiology-aware adaptation techniques to transmit more critical clinical data with higher fidelity in response to changes in disease, clinical states, and bandwidth condition. In collaboration with Carle’s ambulance service center, we develop a bandwidth profiler, and use it as proof of concept to support our experiments. Our preliminary evaluation results show that our solutions ensure that most critical patient’s clinical data are communicated with higher fidelity. © 1999-2012 IEEE.
@article{Hosseini20172307, author = {Hosseini, M. and Jiang, Y. and Berlin, R.R. and Sha, L. and Song, H.}, title = {Toward physiology-aware DASH: Bandwidth-compliant prioritized clinical multimedia communication in ambulances}, journal = {IEEE Transactions on Multimedia}, year = {2017}, volume = {19}, number = {10}, pages = {2307-2321}, doi = {10.1109/TMM.2017.2733298}, art_number = {7995124}, url = {https://www.scopus.com/inward/record.uri?eid=2-s2.0-85025659530&doi=10.1109%2fTMM.2017.2733298&partnerID=40&md5=c8ac1e546f6ff12e515516727d4bd73b}, author_keywords = {Medical services; Mobile applications; Mobile communication; Multimedia communication; Physiology}, keywords = {Bandwidth; Diseases; Embedded systems; Hospitals; Media streaming; Medical imaging; Multimedia systems; Rural areas; Satellite links; Wireless networks, Automata; Communication bandwidth; Medical cyber physical systems; Medical diagnostic imaging; Multi-media communications; Real time monitoring; Real-time communication; Streaming media, Diagnosis}, document_type = {Article}, source = {Scopus}, } - Physiology-Aware Rural Ambulance RoutingM. Hosseini, R.B. Berlin, and L. ShaProceedings - 2017 IEEE International Conference on Healthcare Informatics, ICHI 2017, 2017
The ultimate objective of medical cyber-physical systems is to enhance the effectiveness of patient care. During emergency patient transport from rural medical facility to center tertiary hospital, real-time monitoring of the patient in the ambulance by a physician expert at the tertiary center is crucial. The physician experts can provide vital assistance to the ambulance EMT personnel. While telemetry healthcare services using mobile networks may enable remote real-time monitoring of transported patients, physiologic measures and tracking are at least as important and requires the existence of high-fidelity communication coverage. However, the wireless networks along the roads especially in rural areas can range from 4G to low-speed 2G, some parts with communication breakage. From a patient care perspective, transport during critical illness can make route selection patient state dependent. Prompt decisions with the relative advantage of a longer more secure bandwidth route versus a shorter, more rapid transport route but with less secure bandwidth must be made. The trade-off between route selection and the quality of wireless communication is an important optimization problem which unfortunately has remained unaddressed by prior work.In this paper, we propose a novel physiology-aware route scheduling approach for emergency ambulance transport of rural patients with acute, high risk diseases in need of continuous remote monitoring. We mathematically model the problem into an NP-hard graph theory problem, and approximate a solution based on a trade-off between communication coverage and shortest path. We profile communication along two major routes in a large rural hospital settings in Illinois, and use the traces to manifest the concept. Further, we design our algorithms and run preliminary experiments for scalability analysis. We believe that our scheduling techniques can become a compelling aid that enables an always-connected remote monitoring system in emergency patient transfer scenarios aimed to prevent morbidity and mortality with early diagnosis and effective treatment. © 2017 IEEE.
@article{Hosseini2017332, author = {Hosseini, M. and Berlin, R.B. and Sha, L.}, title = {Physiology-Aware Rural Ambulance Routing}, journal = {Proceedings - 2017 IEEE International Conference on Healthcare Informatics, ICHI 2017}, year = {2017}, pages = {332-337}, doi = {10.1109/ICHI.2017.27}, art_number = {8031170}, url = {https://www.scopus.com/inward/record.uri?eid=2-s2.0-85030116981&doi=10.1109%2fICHI.2017.27&partnerID=40&md5=720f4e4fdd5db0351bb6d43f2bbe85f5}, author_keywords = {Ambulance routing; Physiology-aware scheduling; Remote monitoring; Route selection}, keywords = {Ambulances; Bandwidth; Diagnosis; Diseases; Economic and social effects; Embedded systems; Graph theory; Health care; Hospitals; Mobile telecommunication systems; Optimization; Patient treatment; Physiology; Remote control; Rural areas; Scheduling; Wireless networks; Wireless telecommunication systems, Ambulance routing; Communication coverage; Medical cyber physical systems; Remote monitoring; Remote monitoring system; Remote real-time monitoring; Route Selection; Wireless communications, Remote patient monitoring}, document_type = {Conference Paper}, source = {Scopus}, } - Towards Verifiable Safe and Correct Medical Best Practice Guideline SystemsC. Guo, Z. Fu, S. Ren, Y. Jiang, and L. ShaProceedings - International Computer Software and Applications Conference, 2017
Improving safety of patient care is an ultimate objective for medical systems. Though many medical best practice guidelines exist and are in hospital handbooks, they are often lengthy and difficult for medical professionals to remember and apply clinically. Hence, developing safe and correct medical best practice guideline systems is an urgent need. Many efforts have been made in modeling, clinical validation, model level formal verification of medical best practice guidelines. However, code level verification is also necessary to develop verifiable safe and correct medical guideline systems. The paper presents an approach to transform safety properties specified in verifiable medical guideline models to JavaMOP runtime monitor and specify JavaMOP monitors to runtime monitor these safety properties during execution of Java code generated from validated and verified statechart models. We use a simplified version of a cardiac arrest scenario provided by Carle Foundation Hospital as a case study to validate the proposed approach. © 2017 IEEE.
@article{Guo2017760, author = {Guo, C. and Fu, Z. and Ren, S. and Jiang, Y. and Sha, L.}, title = {Towards Verifiable Safe and Correct Medical Best Practice Guideline Systems}, journal = {Proceedings - International Computer Software and Applications Conference}, year = {2017}, volume = {1}, pages = {760-765}, doi = {10.1109/COMPSAC.2017.253}, art_number = {8029695}, url = {https://www.scopus.com/inward/record.uri?eid=2-s2.0-85031920923&doi=10.1109%2fCOMPSAC.2017.253&partnerID=40&md5=6d50204d05d32a3a7b907876c20ef4bb}, keywords = {Computer software; Formal verification; Hospitals, Best practice guidelines; Cardiac arrest; Clinical validations; Medical guidelines; Medical professionals; Medical systems; Runtime monitors; Safety property, Application programs}, document_type = {Conference Paper}, source = {Scopus}, } - Adaptive Clinical Data Communication for Remote Monitoring in Rural Ambulance TransportM. Hosseini, R.R. Berlin, Y. Jiang, and L. ShaProceedings - 2017 IEEE 2nd International Conference on Connected Health: Applications, Systems and Engineering Technologies, CHASE 2017, 2017
For emergency medical cyber-physical systems, enhancing the safety and effectiveness of patient care, especially in rural ambulance transport, is essential. Use of telecommunication technologies can enhance effectiveness and safety of remote monitoring of patients by the physicians at the center hospital during ambulance transport and provides vital assistance to the emergency medical technicians (EMT) to associate best treatments. However, the communication along the roads in rural areas can range from 4G to 2G to low speed satellite links, with some parts suffering from communication breakage. This unreliable and limited communication bandwidth together with the produced mass of clinical data and the many information exchanges pose a major challenge in real-time and smooth supervision of patients. In this paper, we present parts of developed physiology-aware communication architecture, a bandwidth-compliant criticality-aware system for transmission of clinical data adaptive to varying bandwidths during patient transport. We propose adaptation techniques to transmit more critical data with higher fidelity in response to changes in disease, clinical states, and bandwidth condition. In collaboration with Carle’s ambulance service center, we develop a bandwidth profiler, and use it to collect communication traces to support our experiments. Our evaluation results show that our solutions ensure that most critical patient’s clinical data are communicated with higher fidelity. © 2017 IEEE.
@article{Hosseini2017245, author = {Hosseini, M. and Berlin, R.R. and Jiang, Y. and Sha, L.}, title = {Adaptive Clinical Data Communication for Remote Monitoring in Rural Ambulance Transport}, journal = {Proceedings - 2017 IEEE 2nd International Conference on Connected Health: Applications, Systems and Engineering Technologies, CHASE 2017}, year = {2017}, pages = {245-246}, doi = {10.1109/CHASE.2017.85}, art_number = {8010640}, url = {https://www.scopus.com/inward/record.uri?eid=2-s2.0-85029389545&doi=10.1109%2fCHASE.2017.85&partnerID=40&md5=fadefa09573108a760e678d68633c263}, author_keywords = {adaptive data transmission; bandwidth saving; medical CPS; physiological data communication}, document_type = {Conference Paper}, source = {Scopus}, } - Data-centered runtime verification of wireless medical cyber-physical systemY. Jiang, H. Song, R. Wang, M. Gu, J. Sun, and L. ShaIEEE Transactions on Industrial Informatics, 2017
Wireless medical cyber-physical systems are widely adopted in the daily practices of medicine, where huge amounts of data are sampled by the wireless medical devices and sensors, and is passed to the decision support systems (DSSs). Many text-based guidelines have been encoded for work-flow simulation of DSS to automate health care based on those collected data. But for some complex and life-critical diseases, it is highly desirable to automatically rigorously verify some complex temporal properties encoded in those data, which brings new challenges to current simulation-based DSS with limited support of automatical formal verification and real-time data analysis. In this paper, we conduct the first study on applying runtime verification to cooperate with current DSS based on real-time data. Within the proposed technique, a user-friendly domain specific language, named DRTV, is designed to specify vital real-time data sampled by medical devices and temporal properties originated from clinical guidelines. Some interfaces are developed for data acquisition and communication. Then, for medical practice scenarios described in DRTV model, we will automatically generate event sequences and runtime property verifier automata. If a temporal property violates, real-time warnings will be produced by the formal verifier and passed to medical DSS. We have used DRTV to specify different kinds of medical care scenarios and have applied the proposed technique to assist existing wireless medical cyber-physical system. As presented in experiment results, in terms of warning detection, it outperforms the only use of DSS or human inspection, and improves the quality of clinical health care of hospital. © 2005-2012 IEEE.
@article{Jiang20171900, author = {Jiang, Y. and Song, H. and Wang, R. and Gu, M. and Sun, J. and Sha, L.}, title = {Data-centered runtime verification of wireless medical cyber-physical system}, journal = {IEEE Transactions on Industrial Informatics}, year = {2017}, volume = {13}, number = {4}, pages = {1900-1909}, doi = {10.1109/TII.2016.2573762}, art_number = {7480373}, url = {https://www.scopus.com/inward/record.uri?eid=2-s2.0-85029676612&doi=10.1109%2fTII.2016.2573762&partnerID=40&md5=4ebb96e39179720c8939934def1071c3}, document_type = {Article}, source = {Scopus}, } - A mobile geo-communication dataset for physiology-aware DASH in rural ambulance transportM. Hosseini, Y. Jiang, A. Yekkehkhany, R.R. Berlin, and L. Sha8th ACM Multimedia Systems Conference, MMSys 2017, 2017
Use of telecommunication technologies for remote, continuous monitoring of patients can enhance effectiveness of emergency ambulance care during transport from rural areas to a regional center hospital. However, the communication along the various routes in rural areas may have wide bandwidth ranges from 2G to 4G; some regions may have only lower satellite bandwidth available. Bandwidth fluctuation together with real-time communication of various clinical multimedia pose a major challenge during rural patient ambulance transport. The availability of a pre-transport route-dependent communication bandwidth database is an important resource in remote monitoring and clinical multimedia transmission in rural ambulance transport. Here, we present a geo-communication dataset from extensive profiling of 4 major US mobile carriers in Illinois, from the rural location of Hoopeston to the central referral hospital center at Urbana. In collaboration with Carle Foundation Hospital, we developed a profiler, and collected various geographical and communication traces for realistic emergency rural ambulance transport scenarios. Our dataset is to support our ongoing work of proposing "physiology-aware DASH", which is particularly useful for adaptive remote monitoring of critically ill patients in emergency rural ambulance transport. It provides insights on ensuring higher Quality of Service (QoS) for most critical clinical multimedia in response to changes in patients’ physiological states and bandwidth conditions. Our dataset is available online 1 for research community. © 2017 ACM.
@article{Hosseini2017158, author = {Hosseini, M. and Jiang, Y. and Yekkehkhany, A. and Berlin, R.R. and Sha, L.}, title = {A mobile geo-communication dataset for physiology-aware DASH in rural ambulance transport}, journal = {8th ACM Multimedia Systems Conference, MMSys 2017}, year = {2017}, pages = {158-163}, doi = {10.1145/3083187.3083211}, url = {https://www.scopus.com/inward/record.uri?eid=2-s2.0-85025665110&doi=10.1145%2f3083187.3083211&partnerID=40&md5=2a72c95faf0f719ce42fea4e2dcc7041}, author_keywords = {Bandwidth; GPS; Network profiling; Physiology-aware DASH}, keywords = {Ambulances; Global positioning system; Hospitals; Multimedia systems; Physiological models; Physiology; Quality of service; Remote control; Remote patient monitoring; Rural areas, Bandwidth fluctuations; Communication bandwidth; Continuous monitoring; Critically-ill patients; Multimedia transmissions; Real-time communication; Research communities; Telecommunication technologies, Bandwidth}, document_type = {Conference Paper}, source = {Scopus}, } - A schedulability test for software migration on multicore systemJ.-E. Kim, R. Bradford, T. Abdelzaher, and L. Sha2017 Design, Automation and Test in Europe, DATE 2017, 2017
This paper presents a new schedulability test for safety-critical software undergoing a transition from single-core to multicore systems - a challenge faced by multiple industries today. Our migration model consists of a schedulability test and execution model. Its properties enable us to obtain a utilization bound that places an allowable limit on total task execution times. Evaluation results demonstrate the advantages of our scheduling model over competing resource partitioning approaches, such as Periodic Server and TDMA. © 2017 IEEE.
@article{Kim20171261, author = {Kim, J.-E. and Bradford, R. and Abdelzaher, T. and Sha, L.}, title = {A schedulability test for software migration on multicore system}, journal = {2017 Design, Automation and Test in Europe, DATE 2017}, year = {2017}, pages = {1261-1264}, doi = {10.23919/DATE.2017.7927184}, art_number = {7927184}, url = {https://www.scopus.com/inward/record.uri?eid=2-s2.0-85020222209&doi=10.23919%2fDATE.2017.7927184&partnerID=40&md5=9867c82bf5ff4303a53400b9f48ae0f3}, keywords = {Accident prevention; Safety engineering, Evaluation results; Multi-core systems; Resource partitioning; Safety critical software; Schedulability test; Scheduling models; Software migration; Utilization bounds, Software testing}, document_type = {Conference Paper}, source = {Scopus}, } - Modeling and integrating physical environment assumptions in medical cyber-physical system designZ. Fu, C. Guo, S. Ren, Y. Jiang, and L. Sha2017 Design, Automation and Test in Europe, DATE 2017, 2017
Implicit physical environment assumptions made by safety critical cyber-physical systems, such as medical cyber-physical systems (M-CPS), can lead to catastrophes. Several recent U.S. Food and Drug Administration (FDA) medical device recalls are due to implicit physical environment assumptions. In this paper, we develop a mathematical assumption model and composition rules that allow M-CPS engineers to explicitly and precisely specify assumptions about the physical environment in which the designed M-CPS operates. Algorithms are developed to integrate the mathematical assumption model with system model so that the safety of the system can be not only validated by both medical and engineering professionals but also formally verified by existing formal verification tools. We use an FDA recalled medical ventilator scenario as a case study to show how the mathematical assumption model and its integration in M-CPS design may improve the safety of the ventilator and M-CPS in general. © 2017 IEEE.
@article{Fu20171615, author = {Fu, Z. and Guo, C. and Ren, S. and Jiang, Y. and Sha, L.}, title = {Modeling and integrating physical environment assumptions in medical cyber-physical system design}, journal = {2017 Design, Automation and Test in Europe, DATE 2017}, year = {2017}, pages = {1615-1618}, doi = {10.23919/DATE.2017.7927249}, art_number = {7927249}, url = {https://www.scopus.com/inward/record.uri?eid=2-s2.0-85020178143&doi=10.23919%2fDATE.2017.7927249&partnerID=40&md5=cad7443c9f1eff62a87157f4c3e7ad78}, keywords = {Biomedical equipment; Cyber Physical System; Safety engineering, Composition rule; Engineering professionals; Food and Drug Administration; Formal verification tools; Medical cyber physical systems; Medical ventilators; Physical environments; System modeling, Embedded systems}, document_type = {Conference Paper}, source = {Scopus}, } - VirtualDrone: Virtual sensing, actuation, and communication for attack-resilient unmanned aerial systemsM.-K. Yoon, B. Liu, N. Hovakimyan, and L. ShaProceedings - 2017 ACM/IEEE 8th International Conference on Cyber-Physical Systems, ICCPS 2017 (part of CPS Week), 2017
As modern unmanned aerial systems (UAS) continue to expand the frontiers of automation, new challenges to security and thus its safety are emerging. It is now difficult to completely secure modern UAS platforms due to their openness and increasing complexity. We present the VirtualDrone Framework, a software architecture that enables an attack-resilient control of modern UAS. It allows the system to operate with potentially untrustworthy software environment by virtualizing the sensors, actuators, and communication channels. The framework provides mechanisms to monitor physical and logical system behaviors and to detect security and safety violations. Upon detection of such an event, the framework switches to a trusted control mode in order to override malicious system state and to prevent potential safety violations. We built a prototype quadcoper running an embedded multicore processor that features a hardware-assisted virtualization technology. We present extensive experimental study and implementation details, and demonstrate how the framework can ensure the robustness of the UAS in the presence of security breaches. © 2017 ACM.
@article{Yoon2017143, author = {Yoon, M.-K. and Liu, B. and Hovakimyan, N. and Sha, L.}, title = {VirtualDrone: Virtual sensing, actuation, and communication for attack-resilient unmanned aerial systems}, journal = {Proceedings - 2017 ACM/IEEE 8th International Conference on Cyber-Physical Systems, ICCPS 2017 (part of CPS Week)}, year = {2017}, pages = {143-154}, doi = {10.1145/3055004.3055010}, url = {https://www.scopus.com/inward/record.uri?eid=2-s2.0-85019045873&doi=10.1145%2f3055004.3055010&partnerID=40&md5=e018777a62ef271dedc9886fce0d4c70}, author_keywords = {Security; Unmanned aerial systems; Virtualization}, keywords = {Embedded systems; Network function virtualization; Unmanned aerial vehicles (UAV); Virtual reality; Virtualization, Embedded multicore; Resilient control; Safety violations; Security; Security breaches; Software environments; Unmanned aerial systems; Virtualization technologies, Network security}, document_type = {Conference Paper}, source = {Scopus}, } - Learning execution contexts from system call distribution for anomaly detection in smart embedded systemM.-K. Yoon, S. Mohan, J. Choi, M. Christodorescu, and L. ShaProceedings - 2017 IEEE/ACM 2nd International Conference on Internet-of-Things Design and Implementation, IoTDI 2017 (part of CPS Week), 2017
Existing techniques used for anomaly detection do not fully utilize the intrinsic properties of embedded devices. In this paper, we propose a lightweight method for detecting anomalous executions using a distribution of system call frequencies. We use a cluster analysis to learn the legitimate execution contexts of embedded applications and then monitor them at run-time to capture abnormal executions. Our prototype applied to a real-world open-source embedded application shows that the proposed method can effectively detect anomalous executions without relying on sophisticated analyses or affecting the critical execution paths. © 2017 ACM.
@article{Yoon2017191, author = {Yoon, M.-K. and Mohan, S. and Choi, J. and Christodorescu, M. and Sha, L.}, title = {Learning execution contexts from system call distribution for anomaly detection in smart embedded system}, journal = {Proceedings - 2017 IEEE/ACM 2nd International Conference on Internet-of-Things Design and Implementation, IoTDI 2017 (part of CPS Week)}, year = {2017}, pages = {191-196}, doi = {10.1145/3054977.3054999}, url = {https://www.scopus.com/inward/record.uri?eid=2-s2.0-85019028806&doi=10.1145%2f3054977.3054999&partnerID=40&md5=3213b34e3fe70a3db82cb5c9f9b145b7}, author_keywords = {Anomaly detection; Embedded systems; Security}, keywords = {Cluster analysis; Internet of things, Anomaly detection; Embedded application; Embedded device; Execution context; Execution paths; Intrinsic property; Open sources; Security, Embedded systems}, document_type = {Conference Paper}, source = {Scopus}, } - WiP abstract: A physiology-aware communication architecture for distributed emergency medical CPSM. Hosseini, R.R. Berlin, and L. ShaProceedings - 2017 ACM/IEEE 8th International Conference on Cyber-Physical Systems, ICCPS 2017 (part of CPS Week), 2017
For emergency medical cyber-physical systems, enhancing the safety and effectiveness of patient care, especially in rural areas, is essential. While the doctor to patient ratio in the United States is 30 to 10,000 in large metropolitan areas, it is only 5 to 10,000 in most rural areas; and the highest death rates are often found in the most rural counties [3]. Use of telecommunication technologies can enhance effectiveness and safety of emergency ambulance transport of patients from rural areas to a regional center hospital. It enables remote monitoring of patients by the physicians at the center hospital and provides vital assistance to the emergency medical technicians (EMT) to associate best treatments. However, the communication along the roads in rural areas can range from 4G to 2G to low speed satellite links, with some parts suffering from communication breakage. This unreliable and limited communication bandwidth together with the produced mass of clinical data and the many information exchanges pose a major challenge in real-time supervision of patients. During this research, we are developing a novel adaptive physiology-aware communication architecture which is aware of the patient condition, the underlying network bandwidth, and the criticality of clinical data in the context of the specific disease to achieve an enhanced remote monitoring. Further, it features reliability, safety, and fault tolerance for cases such as network interruption. © 2017 ACM.
@article{Hosseini201783, author = {Hosseini, M. and Berlin, R.R. and Sha, L.}, journal = {Proceedings - 2017 ACM/IEEE 8th International Conference on Cyber-Physical Systems, ICCPS 2017 (part of CPS Week)}, year = {2017}, pages = {83}, doi = {10.1145/3055004.3064841}, url = {https://www.scopus.com/inward/record.uri?eid=2-s2.0-85019019256&doi=10.1145%2f3055004.3064841&partnerID=40&md5=3cbd900b9e7224cad1289a152ecba06d}, author_keywords = {Distributed models; Medical CPS; Physiology-aware communication}, keywords = {Bandwidth; Embedded systems; Fault tolerance; Hospitals; Network architecture; Physiology; Remote control; Rural areas; Satellite links, Communication architectures; Distributed models; Emergency medical technicians; Information exchanges; Medical CPS; Medical cyber physical systems; Real-time supervision; Telecommunication technologies, Remote patient monitoring}, document_type = {Conference Paper}, source = {Scopus}, } - Using human intellectual tasks as guidelines to systematically model medical cyber-physical systemsA.Y.-Z. Ou, J. Yu, P.-L. Wu, L. Sha, and Jr. Berlin2016 IEEE International Conference on Systems, Man, and Cybernetics, SMC 2016 - Conference Proceedings, 2017
In a medical environment such as Intensive Care Unit, there are many possible reasons to cause errors, and one important reason is the effect of human intellectual tasks. In this paper, we first provide five categories of generic intellectual tasks of humans, where tasks among each category may lead to potential medical errors. Then, we present an integrated modeling framework to model a medical Cyber-Physical-Human System (CPHSystem) and use UPPAAL as the foundation to integrate and verify the whole medical CPHSystem design models. When designing a medical CPHSystem, developers need to consider whether the system design can mitigate the errors caused by these tasks or not. With a verified and comprehensive model, we can design a more accurate and acceptable system. We use a cardiac arrest resuscitation guidance and navigation system (CAR-GNSystem) as the motivation example for such medical CPHSystem modeling. Experimental results show that the CPHSystem models help determine system design flaws and can mitigate the potential medical errors caused by the human intellectual tasks. © 2016 IEEE.
@article{Ou20174394, author = {Ou, A.Y.-Z. and Yu, J. and Wu, P.-L. and Sha, L. and Berlin, R.B., Jr.}, title = {Using human intellectual tasks as guidelines to systematically model medical cyber-physical systems}, journal = {2016 IEEE International Conference on Systems, Man, and Cybernetics, SMC 2016 - Conference Proceedings}, year = {2017}, pages = {4394-4399}, doi = {10.1109/SMC.2016.7844922}, art_number = {7844922}, url = {https://www.scopus.com/inward/record.uri?eid=2-s2.0-85015755890&doi=10.1109%2fSMC.2016.7844922&partnerID=40&md5=70f13b00c12fb2337d32025ce081f44a}, keywords = {Cybernetics; Embedded systems; Intensive care units; Navigation systems; Resuscitation; Systems analysis, Cardiac arrest; Comprehensive model; Cyber physicals; Design models; Guidance and navigation; Integrated model framework; Medical cyber physical systems; Medical errors, Errors}, document_type = {Conference Paper}, source = {Scopus}, } - An integrated Medical CPS for early detection of paroxysmal sympathetic hyperactivityZ. Gu, H. Song, Y. Jiang, J. Choi, H. He, L. Sha, and M. GuProceedings - 2016 IEEE International Conference on Bioinformatics and Biomedicine, BIBM 2016, 2017
Paroxysmal sympathetic hyperactivity (PSH) is an important clinical problem of severe traumatic brain injury (TBI) which incurs approximately 90% of all TBI-related costs. However, current detection approach is hampered by no consensus clinical diagnostic criteria, paroxysmal episode feature with complex manifestations, and already overloaded clinical activities. These limitations cause delayed recognitions which result in poor clinical outcomes. In this paper, we design an integrated Medical Cyber-Physical System (Medical CPS) for early detection of paroxysmal sympathetic hyperactivity patients. First, a formal model is proposed to describe clinical diagnostic criteria. With the formalized models employed, we implement an early detector and integrate it with revised medical device adapters into Medical CPS. Our system will monitor patient conditions automatically and continuously to relieve medical staff from the heavy burden of clinical activities and provide timely decision supports. Evaluations on 107 clinical cases extracted from medical publications demonstrate the effectiveness and the efficiency of our integrated system. © 2016 IEEE.
@article{Gu2017818, author = {Gu, Z. and Song, H. and Jiang, Y. and Choi, J. and He, H. and Sha, L. and Gu, M.}, title = {An integrated Medical CPS for early detection of paroxysmal sympathetic hyperactivity}, journal = {Proceedings - 2016 IEEE International Conference on Bioinformatics and Biomedicine, BIBM 2016}, year = {2017}, pages = {818-822}, doi = {10.1109/BIBM.2016.7822630}, art_number = {7822630}, url = {https://www.scopus.com/inward/record.uri?eid=2-s2.0-85013339851&doi=10.1109%2fBIBM.2016.7822630&partnerID=40&md5=475ca464d1483c2f835ebea2b79cbee2}, author_keywords = {Early Detection; Medical Cyber-Physical System; Paroxysmal Sympathetic Hyperactivity}, document_type = {Conference Paper}, source = {Scopus}, } - On exploiting structured human interactions to enhance sensing accuracy in cyber-physical systemsH. Wang, Y. Gao, S. Hu, S. Wang, R. Mancuso, M. Kim, P. Wu, L. Su, L. Sha, and T. AbdelzaherACM Transactions on Cyber-Physical Systems, 2017
In this article, we describe a general methodology for enhancing sensing accuracy in cyber-physical systems that involve structured human interactions in noisy physical environment. We define structured human interactions as domain-specific workflow. A novel workflow-aware sensing model is proposed to jointly correct unreliable sensor data and keep track of states in a workflow. We also propose a new inference algorithm to handle cases with partially known states and objects as supervision. Our model is evaluated with extensive simulations. As a concrete application, we develop a novel log service called Emergency Transcriber, which can automatically document operational procedures followed by teams of first responders in emergency response scenarios. Evaluation shows that our system has significant improvement over commercial off-theshelf (COTS) sensors and keeps track of workflow states with high accuracy in noisy physical environment. © 2017 ACM.
@article{Wang2017, author = {Wang, H. and Gao, Y. and Hu, S. and Wang, S. and Mancuso, R. and Kim, M. and Wu, P. and Su, L. and Sha, L. and Abdelzaher, T.}, title = {On exploiting structured human interactions to enhance sensing accuracy in cyber-physical systems}, journal = {ACM Transactions on Cyber-Physical Systems}, year = {2017}, volume = {1}, number = {3}, doi = {10.1145/3064006}, art_number = {16}, url = {https://www.scopus.com/inward/record.uri?eid=2-s2.0-85075488361&doi=10.1145%2f3064006&partnerID=40&md5=234dc39d0df299cf95b536068eef208c}, author_keywords = {Medical; Sensing; Workflow}, keywords = {Cyber Physical System; Embedded systems; Inference engines, Concrete applications; Extensive simulations; General methodologies; Medical; Operational procedures; Physical environments; Sensing; Workflow, Emergency services}, document_type = {Article}, source = {Scopus}, } - Preventable Medical Errors Driven Modeling of Medical Best Practice Guidance SystemsA.Y.-Z. Ou, Y. Jiang, P.-L. Wu, L. Sha, and Jr. BerlinJournal of Medical Systems, 2017
In a medical environment such as Intensive Care Unit, there are many possible reasons to cause errors, and one important reason is the effect of human intellectual tasks. When designing an interactive healthcare system such as medical Cyber-Physical-Human Systems (CPHSystems), it is important to consider whether the system design can mitigate the errors caused by these tasks or not. In this paper, we first introduce five categories of generic intellectual tasks of humans, where tasks among each category may lead to potential medical errors. Then, we present an integrated modeling framework to model a medical CPHSystem and use UPPAAL as the foundation to integrate and verify the whole medical CPHSystem design models. With a verified and comprehensive model capturing the human intellectual tasks effects, we can design a more accurate and acceptable system. We use a cardiac arrest resuscitation guidance and navigation system (CAR-GNSystem) for such medical CPHSystem modeling. Experimental results show that the CPHSystem models help determine system design flaws and can mitigate the potential medical errors caused by the human intellectual tasks. © 2016, Springer Science+Business Media New York.
@article{Ou2017, author = {Ou, A.Y.-Z. and Jiang, Y. and Wu, P.-L. and Sha, L. and Berlin, R.B., Jr.}, title = {Preventable Medical Errors Driven Modeling of Medical Best Practice Guidance Systems}, journal = {Journal of Medical Systems}, year = {2017}, volume = {41}, number = {1}, doi = {10.1007/s10916-016-0614-2}, art_number = {9}, url = {https://www.scopus.com/inward/record.uri?eid=2-s2.0-84995748170&doi=10.1007%2fs10916-016-0614-2&partnerID=40&md5=3d8b67f7020ab5364ad15acfb5b53369}, author_keywords = {Cardiac arrest resuscitation; Human intellectual tasks; Medical guidance systems}, keywords = {Article; attention; global positioning system; health care system; heart arrest; human; intensive care unit; knowledge; medical decision making; medical error; mental arithmetic; practice guideline; resuscitation; clinical decision making; computer assisted therapy; interpersonal communication; medical error; organization and management; practice guideline; prevention and control; procedures; recall; standards, Cardiopulmonary Resuscitation; Clinical Decision-Making; Communication; Humans; Intensive Care Units; Medical Errors; Mental Recall; Practice Guidelines as Topic; Therapy, Computer-Assisted}, document_type = {Article}, source = {Scopus}, }
2016
- A Pathophysiological Model-Driven Communication for Dynamic Distributed Medical Best Practice Guidance SystemsM. Hosseini, Y. Jiang, P. Wu, Jr. Berlin, S. Ren, and L. ShaJournal of Medical Systems, 2016
There is a great divide between rural and urban areas, particularly in medical emergency care. Although medical best practice guidelines exist and are in hospital handbooks, they are often lengthy and difficult to apply clinically. The challenges are exaggerated for doctors in rural areas and emergency medical technicians (EMT) during patient transport. In this paper, we propose the concept of distributed executable medical best practice guidance systems to assist adherence to best practice from the time that a patient first presents at a rural hospital, through diagnosis and ambulance transfer to arrival and treatment at a regional tertiary hospital center. We codify complex medical knowledge in the form of simplified distributed executable disease automata, from the thin automata at rural hospitals to the rich automata in the regional center hospitals. However, a main challenge is how to efficiently and safely synchronize distributed best practice models as the communication among medical facilities, devices, and professionals generates a large number of messages. This complex problem of patient diagnosis and transport from rural to center facility is also fraught with many uncertainties and changes resulting in a high degree of dynamism. A critically ill patient’s medical conditions can change abruptly in addition to changes in the wireless bandwidth during the ambulance transfer. Such dynamics have yet to be addressed in existing literature on telemedicine. To address this situation, we propose a pathophysiological model-driven message exchange communication architecture that ensures the real-time and dynamic requirements of synchronization among distributed emergency best practice models are met in a reliable and safe manner. Taking the signs, symptoms, and progress of stroke patients transported across a geographically distributed healthcare network as the motivating use case, we implement our communication system and apply it to our developed best practice automata using laboratory simulations. Our proof-of-concept experiments shows there is potential for the use of our system in a wide variety of domains. © 2016, Springer Science+Business Media New York.
@article{Hosseini2016, author = {Hosseini, M. and Jiang, Y. and Wu, P. and Berlin, R.B., Jr. and Ren, S. and Sha, L.}, title = {A Pathophysiological Model-Driven Communication for Dynamic Distributed Medical Best Practice Guidance Systems}, journal = {Journal of Medical Systems}, year = {2016}, volume = {40}, number = {11}, doi = {10.1007/s10916-016-0583-5}, art_number = {227}, url = {https://www.scopus.com/inward/record.uri?eid=2-s2.0-84987875941&doi=10.1007%2fs10916-016-0583-5&partnerID=40&md5=fe8f012b99df02cae0a4677551c9b9b2}, author_keywords = {Medical best practice guidance systems; Medical models; Model-drivel communication; Stroke}, keywords = {ambulance transportation; Article; cerebrovascular accident; communication protocol; emergency care; good clinical practice; human; pathophysiology; protocol compliance; rural area; simulation; stroke patient; symptomatology; tertiary care center; hospital; interpersonal communication; organization and management; patient transport; practice guideline; standards; Stroke; telemedicine; time factor, Communication; Hospitals, Rural; Humans; Practice Guidelines as Topic; Stroke; Telemedicine; Time Factors; Transportation of Patients}, document_type = {Article}, source = {Scopus}, } - On Maximizing Quality of Information for the Internet of Things: A Real-Time Scheduling Perspective (Invited Paper)J.-E. Kim, T. Abdelzaher, L. Sha, A. Bar-Noy, R. Hobbs, and W. DronProceedings - 2016 IEEE 22nd International Conference on Embedded and Real-Time Computing Systems and Applications, RTCSA 2016, 2016
The paper considers the challenge of maximizing the quality of information collected to meet decision needs of real-time Internet-of-Things applications. A novel scheduling model is proposed, where applications need multiple data items to make decisions, and where individual data items can be captured at different levels of quality. We assume the existence of a single bottleneck over which data objects are collected and schedule the transmission of these objects over the bottleneck to meet decision deadlines and data validity constraints, while maximizing quality. A family of heuristic algorithms is presented to solve this problem. Their performance is empirically compared leading to insights into the solution space. © 2016 IEEE.
@article{Kim2016202, author = {Kim, J.-E. and Abdelzaher, T. and Sha, L. and Bar-Noy, A. and Hobbs, R. and Dron, W.}, title = {On Maximizing Quality of Information for the Internet of Things: A Real-Time Scheduling Perspective (Invited Paper)}, journal = {Proceedings - 2016 IEEE 22nd International Conference on Embedded and Real-Time Computing Systems and Applications, RTCSA 2016}, year = {2016}, pages = {202-211}, doi = {10.1109/RTCSA.2016.47}, art_number = {7579957}, url = {https://www.scopus.com/inward/record.uri?eid=2-s2.0-84994504440&doi=10.1109%2fRTCSA.2016.47&partnerID=40&md5=aacd80f38eb1ec7f4b79d313054b5092}, author_keywords = {Internet of Things; Quality of Information; Scheduling}, keywords = {Embedded systems; Heuristic algorithms; Internet of things; Scheduling, Data objects; Data validity; Multiple data; Quality of information; Real - time scheduling; Real-time internet; Scheduling models; Solution space, Real time systems}, document_type = {Conference Paper}, source = {Scopus}, } - Real-Time Computing on Multicore ProcessorsL. Sha, M. Caccamo, R. Mancuso, J.-E. Kim, M.-K. Yoon, R. Pellizzoni, H. Yun, R.B. Kegley, D.R. Perlman, G. Arundale, and R. BradfordComputer, 2016
Architects of multicore chips for avionics must define and bound intercore interference, which requires assuming a constant worst-case execution time for tasks executing on the chip. With the Single Core Equivalent technology package, engineers can treat each core as if it were a single-core chip. © 2016 IEEE.
@article{Sha201669, author = {Sha, L. and Caccamo, M. and Mancuso, R. and Kim, J.-E. and Yoon, M.-K. and Pellizzoni, R. and Yun, H. and Kegley, R.B. and Perlman, D.R. and Arundale, G. and Bradford, R.}, title = {Real-Time Computing on Multicore Processors}, journal = {Computer}, year = {2016}, volume = {49}, number = {9}, pages = {69-77}, doi = {10.1109/MC.2016.271}, art_number = {7562325}, url = {https://www.scopus.com/inward/record.uri?eid=2-s2.0-84987624705&doi=10.1109%2fMC.2016.271&partnerID=40&md5=05d02e8c53230c76db1e32800937fa31}, author_keywords = {avionics computing; memory-access conflicts; multicore architecture; multicore chips; multicore processing; real-time systems; single-core equivalence}, keywords = {Avionics; Interactive computer systems; Memory architecture; Software architecture, Memory access; Multi-core processing; Multicore architectures; Multicore chips; single-core equivalence, Real time systems}, document_type = {Article}, source = {Scopus}, } - An organ-centric best practice assist system for acute careM. Rahmaniheris, P. Wu, L. Sha, and R.R. BerlinProceedings - IEEE Symposium on Computer-Based Medical Systems, 2016
As patient condition changes rapidly in acute care, the monitoring and treatment plan must be adapted accordingly to ensure safe and effective patient care. Most current medical monitoring systems provide little contextual information on patient state. We present best practice assist system to help medical staff assess patient state more accurately and adapt her care plan according to the best practice guidelines and community consensus. The main components of our system are 1) an efficient and clinically sound representation of patient state in the form of disease and interacting organ states 2) a best practice manager that encodes the best practice monitoring and treatment guidelines for a given patient condition. Both components are modeled using finite state machine formalism. In addition, we have implemented a patient control panel and a graphical display to simulate clinical scenarios. Using a cardiac arrest scenario, we demonstrate how our system can help medical staff with patient assessment and adherence to best practice. © 2016 IEEE.
@article{Rahmaniheris2016100, author = {Rahmaniheris, M. and Wu, P. and Sha, L. and Berlin, R.R.}, title = {An organ-centric best practice assist system for acute care}, journal = {Proceedings - IEEE Symposium on Computer-Based Medical Systems}, year = {2016}, volume = {2016-August}, pages = {100-105}, doi = {10.1109/CBMS.2016.12}, art_number = {7545965}, url = {https://www.scopus.com/inward/record.uri?eid=2-s2.0-84987657430&doi=10.1109%2fCBMS.2016.12&partnerID=40&md5=a97b7c90733a40cc0809c718efbaece5}, keywords = {Condition monitoring; Machine components; Patient treatment, Best practice guidelines; Cardiac arrest; Contextual information; Graphical displays; Patient condition; Patient control; Treatment guidelines; Treatment plans, Medical information systems}, document_type = {Conference Paper}, source = {Scopus}, } - A Self-Adaptively Evolutionary Screening Approach for Sepsis PatientY. Jiang, P. Tan, H. Song, B. Wan, M. Hosseini, and L. ShaProceedings - IEEE Symposium on Computer-Based Medical Systems, 2016
Today, sepsis syndrome is one of the leading cause of death globally, and is of great clinical importance. In this paper, we present a self-adaptively evolutionary sepsis screening system to shorten the time of syndrome detection and improve the positive effect of treatment, with the screening frequency and content can be automatically adjusted according to the current status of the patient. First, we propose a novel graphical computation model named AdapDBN with a clearly defined syntax for the medical knowledge presentation, especially for the presentation of the pathophysiology model of the disease. Then, the semantics of AdapDBN is formally defined for the evolutionary inference of syndrome onset probability. Finally, we demonstrate how to initialize AdapDBN with sepsis-related epidemiologic statics, published clinical research and physician’s knowledge and how to incorporate it into existing sepsis screening and decision support flow. We evaluate its effectiveness and superiority with comparisons to existing computation techniques. © 2016 IEEE.
@article{Jiang201660, author = {Jiang, Y. and Tan, P. and Song, H. and Wan, B. and Hosseini, M. and Sha, L.}, title = {A Self-Adaptively Evolutionary Screening Approach for Sepsis Patient}, journal = {Proceedings - IEEE Symposium on Computer-Based Medical Systems}, year = {2016}, volume = {2016-August}, pages = {60-65}, doi = {10.1109/CBMS.2016.8}, art_number = {7545957}, url = {https://www.scopus.com/inward/record.uri?eid=2-s2.0-84987608794&doi=10.1109%2fCBMS.2016.8&partnerID=40&md5=ae23ccefee5b8c8d143d53ffc262f0e7}, author_keywords = {Adaptively; Dynamic Bayesian Network; Sepsis}, document_type = {Conference Paper}, source = {Scopus}, } - Sporadic Decision-Centric Data Scheduling with Normally-off SensorsJ.-E. Kim, T. Abdelzaher, L. Sha, A. Bar-Noy, and R. HobbsProceedings - Real-Time Systems Symposium, 2016
The Internet of Things heralds a new generation of data-centric applications, where controllers connect to large numbers of heterogeneous sensing devices. We consider a model, where the control loop does not execute periodically. Instead, controllers are prompted by contextual cues to make one-off decisions, resulting in sporadic activations. Since the need for data arises only sporadically, sensors do not sample data continuously. Rather, they are normally off (e.g., to save energy), but are activated by the controller on demand, when data is needed. Collected data has validity intervals, after which it must be re-sampled, since the measured value may change. Once a decision is made based on the data, sensors are turned off again. We call this model sporadic decision-centric data scheduling with normally-off sensors. It gives rise to novel scheduling problems because of the way the timing of activation of different sensors affects load attributed to data sampling; the shorter the interval between activation of a given sensor and the time a corresponding decision is made, the lower the number of samples taken by that sensor to support the decision, and thus decision cost. The paper defines the aforementioned decision-centric data scheduling problem and derives the optimal scheduling policy, called EDEF-LVF, for this task model. Simulation results confirm the superiority of EDEF-LVF compared to several baselines. © 2016 IEEE.
@article{Kim2016135, author = {Kim, J.-E. and Abdelzaher, T. and Sha, L. and Bar-Noy, A. and Hobbs, R.}, title = {Sporadic Decision-Centric Data Scheduling with Normally-off Sensors}, journal = {Proceedings - Real-Time Systems Symposium}, year = {2016}, volume = {0}, pages = {135-145}, doi = {10.1109/RTSS.2016.022}, art_number = {7809850}, url = {https://www.scopus.com/inward/record.uri?eid=2-s2.0-85011654145&doi=10.1109%2fRTSS.2016.022&partnerID=40&md5=8f4983879e881a1599bd4832c7b6d6d7}, author_keywords = {data; decision; disaster response; freshness; Internet of Things; IoT; smart city; validity}, keywords = {Chemical activation; Controllers; Interactive computer systems; Internet of things; Scheduling; Smart city, data; decision; Disaster response; freshness; validity, Real time systems}, document_type = {Conference Paper}, source = {Scopus}, } - The dragonbeam framework: Hardware-protected security modules for in-place intrusion detectionM.-K. Yoon, M. Christodorescu, L. Sha, and S. MohanSYSTOR 2016 - 9th ACM International Systems and Storage Conference, 2016
The sophistication of malicious adversaries is increasing every day and most defenses are often easily overcome by such attackers. Many existing defensive mechanisms often make differing assumptions about the underlying systems and use varied architectures to implement their solutions. This often leads to fragmentation among solutions and could even open up additional vulnerabilities in the system. We present the DragonBeam Framework that enables system designers to implement their own monitoring methods and analyses engines to detect intrusions in modern operating systems. It is built upon a novel hardware/software mechanism. Depending on the type of monitoring that is implemented using this framework, the impact on the monitored system is very low. This is demonstrated by the use cases presented in this paper that also showcase how the DragonBeam framework can be used to detect different types of attack. Copyright © 2016 ACM.
@article{Yoon2016, author = {Yoon, M.-K. and Christodorescu, M. and Sha, L. and Mohan, S.}, title = {The dragonbeam framework: Hardware-protected security modules for in-place intrusion detection}, journal = {SYSTOR 2016 - 9th ACM International Systems and Storage Conference}, year = {2016}, doi = {10.1145/2928275.2928290}, art_number = {2928290}, url = {https://www.scopus.com/inward/record.uri?eid=2-s2.0-84978863532&doi=10.1145%2f2928275.2928290&partnerID=40&md5=62fd6f5164c7d41cb0d5e46feba39ff4}, keywords = {Hardware; Hardware security; Reconfigurable hardware, Defensive mechanism; Malicious adversaries; Monitored systems; Monitoring methods; Novel hardware; Security modules; System designers; Underlying systems, Intrusion detection}, document_type = {Conference Paper}, source = {Scopus}, } - Transforming Medical Best Practice Guidelines to Executable and Verifiable Statechart ModelsC. Guo, S. Ren, Y. Jiang, P.-L. Wu, L. Sha, and R.B. Berlin2016 ACM/IEEE 7th International Conference on Cyber-Physical Systems, ICCPS 2016 - Proceedings, 2016
Improving effectiveness and safety of patient care is an ultimate objective for medical cyber- physical systems. However, the existing medical best practice guidelines in hospital handbooks are often lengthy and difficult for medical staff to remember and apply clinically. Statechart is a widely used model in designing complex systems and enables rapid prototyping and clinical validation with medical doctors. However, clinical validation is often not adequate for guaranteeing the correctness and safety of medical cyber-physical systems, and formal verification is required. The paper presents an approach that transforms medical best practice guidelines to verifiable statechart models and supports both clinical validation in collaboration with medical doctors and formal verification. In particular, we use an open source statechart tool Yakindu to model best practice guidelines and use the statechart to interact with doctors for validating the model correctness. The statechart model is then automatically transformed to a verifiable formal model, such as timed automata, so that existing formal verification tool, such as UPPAAL, can be used to verify required safety properties. The approach also provides the ability to trace back to the paths in the statechart model (Yakindu model) when a specific property in its associated formal model (UPPAAL model) fails. A cardiac arrest scenario is used as a case study to validate the proposed approach. The tool is available on our website www.cs.iit.edu/ code/software/Y2U. © 2016 IEEE.
@article{Guo2016, author = {Guo, C. and Ren, S. and Jiang, Y. and Wu, P.-L. and Sha, L. and Berlin, R.B.}, title = {Transforming Medical Best Practice Guidelines to Executable and Verifiable Statechart Models}, journal = {2016 ACM/IEEE 7th International Conference on Cyber-Physical Systems, ICCPS 2016 - Proceedings}, year = {2016}, doi = {10.1109/ICCPS.2016.7479121}, art_number = {7479121}, url = {https://www.scopus.com/inward/record.uri?eid=2-s2.0-84979031654&doi=10.1109%2fICCPS.2016.7479121&partnerID=40&md5=b4a36396dbaf8ffafbcb08d3ffdccbd6}, keywords = {Embedded systems, Best practice guidelines; Clinical validations; Designing complex; Formal verification tools; Medical cyber physical systems; Medical doctors; Specific properties; Statechart modeling, Formal verification}, document_type = {Conference Paper}, source = {Scopus}, } - Use runtime verification to improve the quality of medical care practiceY. Jiang, H. Liu, H. Kong, R. Wang, M. Hosseini, J. Sun, and L. ShaProceedings - International Conference on Software Engineering, 2016
Clinical guidelines and decision support systems (DSS) play an important role in daily practices of medicine. Many text-based guidelines have been encoded for work-flow simulation of DSS to automate health care. During the collaboration with Carle hospital to develop a DSS, we identify that, for some complex and life-critical diseases, it is highly desirable to automatically rigorously verify some complex temporal properties in guidelines, which brings new challenges to current simulation based DSS with limited support of automatical formal verification and real-time data analysis. In this paper, we conduct the first study on applying runtime verification to cooperate with current DSS based on real-time data. Within the proposed technique, a user-friendly domain specific language, named DRTV, is designed to specify vital real-time data sampled by medical devices and temporal properties originated from clinical guidelines. Some interfaces are developed for data acquisition and communication. Then, for medical practice scenarios described in DRTV model, we will automatically generate event sequences and runtime property verifier automata. If a temporal property violates, real-time warnings will be produced by the formal verifier and passed to medical DSS. We have used DRTV to specify different kinds of medical care scenarios, and applied the proposed technique to assist existing DSS. As presented in experiment results, in terms of warning detection, it outperforms the only use of DSS or human inspection, and improves the quality of clinical health care of hospital. © 2016 ACM.
@article{Jiang2016112, author = {Jiang, Y. and Liu, H. and Kong, H. and Wang, R. and Hosseini, M. and Sun, J. and Sha, L.}, title = {Use runtime verification to improve the quality of medical care practice}, journal = {Proceedings - International Conference on Software Engineering}, year = {2016}, pages = {112-121}, doi = {10.1145/2889160.2889233}, url = {https://www.scopus.com/inward/record.uri?eid=2-s2.0-85019021928&doi=10.1145%2f2889160.2889233&partnerID=40&md5=038d8331c1e77745bcd9940c8ef1a26f}, document_type = {Conference Paper}, source = {Scopus}, } - From Stateflow Simulation to Verified Implementation: A Verification Approach and A Real-Time Train Controller DesignY. Jiang, Y. Yang, H. Liu, H. Kong, M. Gu, J. Sun, and L. Sha2016 IEEE Real-Time and Embedded Technology and Applications Symposium, RTAS 2016 - Proceedings, 2016
Simulink is widely used for model driven development (MDD) of industrial software systems. Typically, the Simulink based development is initiated from Stateflow modeling, followed by simulation, validation and code generation mapped to physical execution platforms. However, recent industrial trends have raised the demands of rigorous verification on safety-critical applications, which is unfortunately challenging for Simulink. In this paper, we present an approach to bridge the Stateflow based model driven development and a well- defined rigorous verification. First, we develop a self- contained toolkit to translate Stateflow model into timed automata, where major advanced modeling features in Stateflow are supported. Taking advantage of the strong verification capability of Uppaal, we can not only find bugs in Stateflow models which are missed by Simulink Design Verifier, but also check more important temporal properties. Next, we customize a runtime verifier for the generated nonintrusive VHDL and C code of Stateflow model for monitoring. The major strength of the customization is the flexibility to collect and analyze runtime properties with a pure software monitor, which opens more opportunities for engineers to achieve high reliability of the target system compared with the traditional act that only relies on Simulink Polyspace. We incorporate these two parts into original Stateflow based MDD seamlessly. In this way, safety-critical properties are both verified at the model level, and at the consistent system implementation level with physical execution environment in consideration. We apply our approach on a train controller design, and the verified implementation is tested and deployed on a real hardware platform. © 2016 IEEE.
@article{Jiang2016, author = {Jiang, Y. and Yang, Y. and Liu, H. and Kong, H. and Gu, M. and Sun, J. and Sha, L.}, title = {From Stateflow Simulation to Verified Implementation: A Verification Approach and A Real-Time Train Controller Design}, journal = {2016 IEEE Real-Time and Embedded Technology and Applications Symposium, RTAS 2016 - Proceedings}, year = {2016}, doi = {10.1109/RTAS.2016.7461337}, art_number = {7461337}, url = {https://www.scopus.com/inward/record.uri?eid=2-s2.0-84971320746&doi=10.1109%2fRTAS.2016.7461337&partnerID=40&md5=154351e93a66683928746b0f389a76de}, author_keywords = {Formal Verification; Model Driven Development; Runtime Verification; Simulink Stateflow; Timed Automaton}, keywords = {Accident prevention; C (programming language); Safety engineering; Software reliability, Execution environments; Execution platforms; Model driven development; Run-time verification; Safety critical applications; STATEFLOW; System implementation; Timed Automata, Formal verification}, document_type = {Conference Paper}, source = {Scopus}, } - TaskShuffler: A Schedule Randomization Protocol for Obfuscation against Timing Inference Attacks in Real-Time SystemsM.-K. Yoon, S. Mohan, C.-Y. Chen, and L. Sha2016 IEEE Real-Time and Embedded Technology and Applications Symposium, RTAS 2016 - Proceedings, 2016
The high degree of predictability in real-time systems makes it possible for adversaries to launch timing inference attacks such as those based on side-channels and covert-channels. We present TaskShuffler, a schedule obfuscation method aimed at randomizing the schedule for such systems while still providing the real-time guarantees that are necessary for their safe operation. This paper also analyzes the effect of these mechanisms by presenting schedule entropy - a metric to measure the uncertainty (as perceived by attackers) introduced by TaskShuffler. These mechanisms will increase the difficulty for would-be attackers thus improving the overall security guarantees for real-time systems. © 2016 IEEE.
@article{Yoon2017, author = {Yoon, M.-K. and Mohan, S. and Chen, C.-Y. and Sha, L.}, title = {TaskShuffler: A Schedule Randomization Protocol for Obfuscation against Timing Inference Attacks in Real-Time Systems}, journal = {2016 IEEE Real-Time and Embedded Technology and Applications Symposium, RTAS 2016 - Proceedings}, year = {2016}, doi = {10.1109/RTAS.2016.7461362}, art_number = {7461362}, url = {https://www.scopus.com/inward/record.uri?eid=2-s2.0-84971222629&doi=10.1109%2fRTAS.2016.7461362&partnerID=40&md5=b4250d36a7b65ee15a3b01c135aa3a6a}, keywords = {Interactive computer systems; Side channel attack, Covert channels; Inference attacks; Real time guarantees; Safe operation; Side-channel, Real time systems}, document_type = {Conference Paper}, source = {Scopus}, } - Sepsis Patient Detection and Monitor Based on Auto-BNY. Jiang, L. Sha, M. Rahmaniheris, B. Wan, M. Hosseini, P. Tan, and Jr. BerlinJournal of Medical Systems, 2016
Sepsis is a life-threatening condition caused by an inappropriate immune response to infection, and is a leading cause of elderly death globally. Early recognition of patients and timely antibiotic therapy based on guidelines improve survival rate. Unfortunately, for those patients, it is often detected late because it is too expensive and impractical to perform frequent monitoring for all the elderly. In this paper, we present a risk driven sepsis screening and monitoring framework to shorten the time of onset detection without frequent monitoring of all the elderly. Within this framework, the sepsis ultimate risk of onset probability and mortality is calculated based on a novel temporal probabilistic model named Auto-BN, which consists of time dependent state, state dependent property, and state dependent inference structures. Then, different stages of a patient are encoded into different states, monitoring frequency is encoded into the state dependent property, and screening content is encoded into different state dependent inference structures. In this way, the screening and monitoring frequency and content can be automatically adjusted when encoding the sepsis ultimate risk into the guard of state transition. This allows for flexible manipulation of the tradeoff between screening accuracy and frequency. We evaluate its effectiveness through empirical study, and incorporate it into existing medical guidance system to improve medical healthcare. © 2016, Springer Science+Business Media New York.
@article{Jiang2017, author = {Jiang, Y. and Sha, L. and Rahmaniheris, M. and Wan, B. and Hosseini, M. and Tan, P. and Berlin, R.B., Jr.}, title = {Sepsis Patient Detection and Monitor Based on Auto-BN}, journal = {Journal of Medical Systems}, year = {2016}, volume = {40}, number = {4}, doi = {10.1007/s10916-016-0444-2}, art_number = {111}, url = {https://www.scopus.com/inward/record.uri?eid=2-s2.0-84963612545&doi=10.1007%2fs10916-016-0444-2&partnerID=40&md5=98905e8f0662e8668253c272bc415ec3}, author_keywords = {Automata; Bayesian network; Early detection; Intensive monitoring; Sepsis management}, document_type = {Article}, source = {Scopus}, } - Real-time reachability for verified simplex designT.T. Johnson, S. Bak, M. Caccamo, and L. ShaACM Transactions on Embedded Computing Systems, 2016
The Simplex architecture ensures the safe use of an unverifiable complex/smart controller by using it in conjunction with a verified safety controller and verified supervisory controller (switching logic). This architecture enables the safe use of smart, high-performance, untrusted, and complex control algorithms to enable autonomy without requiring the smart controllers to be formally verified or certified. Simplex incorporates a supervisory controller that will take over control from the unverified complex/smart controller if it misbehaves and use a safety controller. The supervisory controller should (1) guarantee that the system never enters an unsafe state (safety), but should also (2) use the complex/smart controller asmuch as possible (minimize conservatism). The problem of precisely and correctly defining the switching logic of the supervisory controller has previously been considered either using a control-theoretic optimization approach or through an offline hybrid-systems reachability computation. In this work, we show that a combined online/offline approach that uses aspects of the two earlier methods, along with a real-time reachability computation, also maintains safety, but with significantly less conservatism, allowing the complex controller to be used more frequently.We demonstrate the advantages of this unified approach on a saturated inverted pendulum system, inwhich the verifiable region of attraction is over twice as large compared to the earlier approach. Additionally, to validate the claims that the real-time reachability approach may be implemented on embedded platforms, we have ported and conducted embedded hardware studies using both ARM processors and Atmel AVR microcontrollers. This is the first ever demonstration of a hybrid-systems reachability computation in real time on actual embedded platforms, which required addressing significant technical challenges. © 2016 ACM.
@article{Johnson2016, author = {Johnson, T.T. and Bak, S. and Caccamo, M. and Sha, L.}, title = {Real-time reachability for verified simplex design}, journal = {ACM Transactions on Embedded Computing Systems}, year = {2016}, volume = {15}, number = {2}, doi = {10.1145/2723871}, art_number = {2723871}, url = {https://www.scopus.com/inward/record.uri?eid=2-s2.0-84964788955&doi=10.1145%2f2723871&partnerID=40&md5=574271430b840d4bca5d485ac3affe1f}, author_keywords = {Cyber-physical systems; Formal verification; Hybrid systems}, keywords = {Algorithms; Computation theory; Computer circuits; Control theory; Embedded systems; Formal verification; Hybrid systems; Pendulums; Real time systems; Reconfigurable hardware, Atmel avr microcontrollers; Complex control algorithms; Cyber physical systems (CPSs); Inverted pendulum system; Optimization approach; Region of attraction; Supervisory controllers; Technical challenges, Controllers}, document_type = {Article}, source = {Scopus}, } - Memory bandwidth management for efficient performance isolation in multi-core platformsH. Yun, G. Yao, R. Pellizzoni, M. Caccamo, and L. ShaIEEE Transactions on Computers, 2016
Memory bandwidth in modern multi-core platforms is highly variable for many reasons and it is a big challenge in designing real-time systems as applications are increasingly becoming more memory intensive. In this work, we proposed, designed, and implemented an efficient memory bandwidth reservation system, that we call MemGuard. MemGuard separates memory bandwidth in two parts: guaranteed and best effort. It provides bandwidth reservation for the guaranteed bandwidth for temporal isolation, with efficient reclaiming to maximally utilize the reserved bandwidth. It further improves performance by exploiting the best effort bandwidth after satisfying each core’s reserved bandwidth. MemGuard is evaluated with SPEC2006 benchmarks on a real hardware platform, and the results demonstrate that it is able to provide memory performance isolation with minimal impact on overall throughput. © 1968-2012 IEEE.
@article{Yun2016562, author = {Yun, H. and Yao, G. and Pellizzoni, R. and Caccamo, M. and Sha, L.}, title = {Memory bandwidth management for efficient performance isolation in multi-core platforms}, journal = {IEEE Transactions on Computers}, year = {2016}, volume = {65}, number = {2}, pages = {562-576}, doi = {10.1109/TC.2015.2425889}, art_number = {7093151}, url = {https://www.scopus.com/inward/record.uri?eid=2-s2.0-84962129117&doi=10.1109%2fTC.2015.2425889&partnerID=40&md5=aeb7f00c56ce7d7eaccc44f97191a203}, author_keywords = {Bandwidth; Benchmark testing; Memory management; Multicore processing; Random access memory; Real-time systems; Regulators}, keywords = {Benchmarking; Electric current regulators; Interactive computer systems; Random access storage; Real time systems; Reservation systems; Storage allocation (computer), Bandwidth reservation; Benchmark testing; Guaranteed bandwidth; Memory management; Memory performance; Multi-core platforms; Multi-core processing; Random access memory, Bandwidth}, document_type = {Article}, source = {Scopus}, } - Schedulability analysis for memory bandwidth regulated multicore real-time systemsG. Yao, H. Yun, Z.P. Wu, R. Pellizzoni, M. Caccamo, and L. ShaIEEE Transactions on Computers, 2016
Multicore architecture brings a significant challenge in designing critical real-time systems because of timing variability caused by concurrent accesses to shared memory. We propose a memory bandwidth regulated system architecture and a novel analysis method to address this challenge. In the proposed architecture, each core’s memory access rate is regulated in a globally coordinated manner. The architecture allows system designers to control the system to satisfy desired real-time performance. The proposed analysis method provides a way to calculate worst case response time of each real-time task independently from other activities on other cores; it only depends on the task under analysis, the assigned bandwidth, and the number of cores in the system. We believe this independence is critical to enable modular certification of critical real-time systems. We implement the proposed system model on the gem5 architecture simulator. We evaluate the proposed analysis method by comparing the computed runtime with the measured runtime on the modified simulator. We show that the analysis method provides reasonable upper-bounds based on the SPEC2006 benchmark suite. © 1968-2012 IEEE.
@article{Yao2016601, author = {Yao, G. and Yun, H. and Wu, Z.P. and Pellizzoni, R. and Caccamo, M. and Sha, L.}, title = {Schedulability analysis for memory bandwidth regulated multicore real-time systems}, journal = {IEEE Transactions on Computers}, year = {2016}, volume = {65}, number = {2}, pages = {601-614}, doi = {10.1109/TC.2015.2425874}, art_number = {7093140}, url = {https://www.scopus.com/inward/record.uri?eid=2-s2.0-84962052761&doi=10.1109%2fTC.2015.2425874&partnerID=40&md5=0ed4dab61bb3e5f070feae97da2274a8}, author_keywords = {Gem5; Memory access control; Real-time system; Schedulability analysis; Scheduling}, keywords = {Access control; Bandwidth; Computer architecture; Interactive computer systems; Memory architecture; Scheduling; Software architecture, Gem5; Memory access; Multicore architectures; Proposed architectures; Real time performance; Schedulability analysis; System architectures; Worst case response time, Real time systems}, document_type = {Article}, source = {Scopus}, } - Safety-assured formal model-driven design of the multifunction vehicle bus controllerY. Jiang, H. Liu, H. Song, H. Kong, M. Gu, J. Sun, and L. ShaLecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics), 2016
In this paper, we present a formal model-driven engineering approach to establishing a safety-assured implementation of Multifunction vehicle bus controller (MVBC) based on the generic reference models and requirements described in the International Electrotechnical Commission (IEC) standard IEC-61375. First, the generic models described in IEC-61375 are translated into a network of timed automata, and some safety requirements tested in IEC-61375 are formalized as timed computation tree logic (TCTL) formulas. With the help of Uppaal, we check and debug whether the timed automata satisfy the formulas or not. Within this step, several logic inconsistencies in the original standard are detected and corrected. Then, we apply the tool Times to generate C code from the verified model, which was later synthesized into a real MVBC chip. Finally, the runtime verification tool RMOR is applied to verify some safety requirements at the implementation level. We set up a real platform with worldwide mostly used MVBC D113, and verify the correctness and the scalability of the synthesized MVBC chip more comprehensively. The errors in the standard has been confirmed and the resulted MVBC has been deployed in real train communication network. © Springer International Publishing AG 2016.
@article{Jiang2016757, author = {Jiang, Y. and Liu, H. and Song, H. and Kong, H. and Gu, M. and Sun, J. and Sha, L.}, title = {Safety-assured formal model-driven design of the multifunction vehicle bus controller}, journal = {Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)}, year = {2016}, volume = {9995 LNCS}, pages = {757-763}, doi = {10.1007/978-3-319-48989-6_47}, url = {https://www.scopus.com/inward/record.uri?eid=2-s2.0-84996567121&doi=10.1007%2f978-3-319-48989-6_47&partnerID=40&md5=d8dad3f985155c6d851b397b85e0adc1}, keywords = {Automata theory; C (programming language); Computation theory; Computer circuits; Safety engineering, International Electrotechnical Commission; Multifunction vehicle bus; Reference models; Run-time verification; Safety requirements; Timed Automata; Timed computation tree logic; Train communication network, Formal methods}, document_type = {Conference Paper}, source = {Scopus}, }
2015
- SINk: A middleware for synchronization of heterogeneous software interfacesM. Hosseini, Y. Jiang, P. Wu, Jr. Berlin, and L. Sha14th Workshop on Adaptive and Reflective Middleware, ARM 2015 - Collocated with ACM/IFIP/USENIX Middleware 2015, 2015
Software is everywhere. The increasing requirement of sup- porting a wide variety of domains has rapidly increased the complexity of software systems, making them hard to main- tain and the training process harder for end-users, which in turn ultimately demanded the development of user-friendly application software with simple interfaces that makes them easy, especially for non-professional personnel, to employ, and interact with. However, due to the lack of source code access for third- party software and the lack of non-graphical interfaces such as web-services or RMI (Remote Method Invocation) access to application functionality, synchronization between het- erogeneous closed-box software interfaces and a user-friendly version of those interfaces has become a major challenge. In this paper, we design SINk1, a middleware that enables synchronization of multiple heterogeneous software applica- tions, using only graphical interface, without the need for source code access or access to the entire platform’s con- trol. SINk helps with synchronization of closed-box industry software, where in fact the only possible way of communi- cation is through software interfaces. It leverages efficient client sever architecture, socket based protocol, adaptation to resolution changes, and parameter mapping mechanisms to transfer control events to ensure the real-time require- ments of synchronization among multiple interfaces are met. Our proof-of-concept evaluation shows there is in fact poten- tial usage of our middleware in a wide variety of domains. © 2015 ACM.
@article{Hosseini2015, author = {Hosseini, M. and Jiang, Y. and Wu, P. and Berlin, R.B., Jr. and Sha, L.}, title = {SINk: A middleware for synchronization of heterogeneous software interfaces}, journal = {14th Workshop on Adaptive and Reflective Middleware, ARM 2015 - Collocated with ACM/IFIP/USENIX Middleware 2015}, year = {2015}, doi = {10.1145/2834965.2834967}, art_number = {2}, url = {https://www.scopus.com/inward/record.uri?eid=2-s2.0-84967316117&doi=10.1145%2f2834965.2834967&partnerID=40&md5=93316b13d076724f7eca1b66693a4a88}, document_type = {Conference Paper}, source = {Scopus}, } - Worst Case Analysis of Packet Delay in Avionics Systems for Environmental MonitoringK. Kang, M.-Y. Nam, and L. ShaIEEE Systems Journal, 2015
Early analysis of timing is essential in the design of reliable avionics systems. We consider an environmental monitoring system that allows the surroundings of an aircraft to be observed continuously in real time. We analyze timing aspects of the partitions within the sensor and monitoring nodes, and of the intermediate switches that connect them. We use the application-specific I/O integration support tool (ASIIST) to evaluate the worst case delay in the peripheral component interconnect buses of the end nodes. We describe a novel switching algorithm that guarantees a bounded delay for any feasible traffic through each switch, and then derive the worst case delay incurred in a switched network that contains switches operating with the proposed algorithm. By composing these delays, we are able to determine the end-to-end delay over the internal buses and network comprising the entire system, and show how it can be bounded by using our switching algorithm. Our worst case end-to-end delay analysis contributes to more reliable and better verified environmental monitoring services over packet-switched networks in avionics systems. We expect that our work will help reduce the cost of designing and implementing environmental monitoring avionics systems, by making it easier to identify unsatisfactory designs at an early stage. © 2014 IEEE.
@article{Kang20151354, author = {Kang, K. and Nam, M.-Y. and Sha, L.}, title = {Worst Case Analysis of Packet Delay in Avionics Systems for Environmental Monitoring}, journal = {IEEE Systems Journal}, year = {2015}, volume = {9}, number = {4}, pages = {1354-1362}, doi = {10.1109/JSYST.2014.2336872}, art_number = {6872549}, url = {https://www.scopus.com/inward/record.uri?eid=2-s2.0-84960421374&doi=10.1109%2fJSYST.2014.2336872&partnerID=40&md5=dabbe15c85417842c1c1bac485106dfe}, author_keywords = {Avionics systems; environmental monitoring; real-time switch; system composition; Worst case time analysis}, keywords = {Avionics; Environmental engineering; Fighter aircraft; Packet networks; Real time systems; Switching circuits, Application specific; Avionics systems; Environmental Monitoring; Environmental monitoring system; Peripheral Component Interconnect bus; Switching algorithms; System composition; Time analysis, Monitoring}, document_type = {Article}, source = {Scopus}, } - Safe Workflow Adaptation and Validation Protocol for Medical Cyber-Physical SystemsP.-L. Wu, L. Sha, R.B. Berlin, and J.M. GoldmanProceedings - 41st Euromicro Conference on Software Engineering and Advanced Applications, SEAA 2015, 2015
In medical cyber-physical environments, synchronizing supervisory medical systems, physicians’ behavior and patient conditions in compliance with best practice workflow is essential for patient safety. However, patient conditions change rapidly and asynchronously, so workflows have to be adapted to the changes safely. In this paper, we propose a workflow adaptation and validation protocol to help physicians safely adapt workflows to react to patient adverse events based on the path physiological models. Unlike conventional validation protocols, the medical cyber-physical systems cannot lock or recover the states of physical components, such as patient conditions. Therefore, the proposed protocol dynamically adapts the workflow to the patient conditions while validating safety requirements in collaboration with physicians. Moreover, we use cardiac arrest resuscitation as a case study to verify the safety and correctness properties of the proposed protocol. © 2015 IEEE.
@article{Wu2015464, author = {Wu, P.-L. and Sha, L. and Berlin, R.B. and Goldman, J.M.}, title = {Safe Workflow Adaptation and Validation Protocol for Medical Cyber-Physical Systems}, journal = {Proceedings - 41st Euromicro Conference on Software Engineering and Advanced Applications, SEAA 2015}, year = {2015}, pages = {464-471}, doi = {10.1109/SEAA.2015.27}, art_number = {7302491}, url = {https://www.scopus.com/inward/record.uri?eid=2-s2.0-84958241918&doi=10.1109%2fSEAA.2015.27&partnerID=40&md5=20b3540fe8083a8f1fd2e2f6fb4c6aed}, author_keywords = {adaptation; medical workflow; validation}, keywords = {Application programs; Physiological models; Resuscitation; Safety engineering; Software engineering, adaptation; Correctness properties; Medical cyber physical systems; medical workflow; Physical components; validation; Validation protocols; Workflow adaptations, Embedded systems}, document_type = {Conference Paper}, source = {Scopus}, } - WCET(m) Estimation in Multi-core Systems Using Single Core EquivalenceR. Mancuso, R. Pellizzoni, M. Caccamo, L. Sha, and H. YunProceedings - Euromicro Conference on Real-Time Systems, 2015
Multi-core platforms represent the answer of the industry to the increasing demand for computational capabilities. From a real-time perspective, however, the inherent sharing of resources, such as memory subsystem and I/O channels, creates inter-core timing interference among critical tasks and applications deployed on different cores. As a result, modular per-core certification cannot be performed, meaning that: (1) current industrial engineering processes cannot be reused, (2) software developed and certified for single-core chips cannot be deployed on multi-core platforms as is. In this work, we propose the Single Core Equivalence (SCE) technology: a framework of OS-level techniques designed for commercial (COTS) architectures that exports a set of equivalent single-core virtual machines from a multi-core platform. This allows per-core schedulability results to be calculated in isolation and to hold when multiple cores of the system run in parallel. Thus, SCE allows each core of a multi-core chip to be considered as a conventional single-core chip, ultimately enabling industry to reuse existing software, schedulability analysis methodologies and engineering processes. © 2015 IEEE.
@article{Mancuso2015174, author = {Mancuso, R. and Pellizzoni, R. and Caccamo, M. and Sha, L. and Yun, H.}, title = {WCET(m) Estimation in Multi-core Systems Using Single Core Equivalence}, journal = {Proceedings - Euromicro Conference on Real-Time Systems}, year = {2015}, volume = {2015-August}, pages = {174-183}, doi = {10.1109/ECRTS.2015.23}, art_number = {7176036}, url = {https://www.scopus.com/inward/record.uri?eid=2-s2.0-84953375153&doi=10.1109%2fECRTS.2015.23&partnerID=40&md5=6f3b34c2b49acb7619455b1d4f9cc5c9}, keywords = {Computer software reusability; Interactive computer systems; Memory architecture; Microprocessor chips, Computational capability; Engineering process; Memory subsystems; Multi-core platforms; Multi-core systems; Schedulability analysis; Single core chips; Virtual machines, Real time systems}, document_type = {Conference Paper}, source = {Scopus}, } - Memory Heat Map: Anomaly detection in real-time embedded systems using memory behaviorM.-K. Yoon, S. Mohan, J. Choi, and L. ShaProceedings - Design Automation Conference, 2015
In this paper, we introduce a novel mechanism that identifies abnormal system-wide behaviors using the predictable nature of real-time embedded applications. We introduce Memory Heat Map (MHM) to characterize the memory behavior of the operating system. Our machine learning algorithms automatically (a) summarize the information contained in the MHMs and then (b) detect deviations from the normal memory behavior patterns. These methods are implemented on top of a multicore processor architecture to aid in the process of monitoring and detection. The techniques are evaluated using multIPle attack scenarios including kernel rootkits and shellcode. To the best of our knowledge, this is the first work that uses aggregated memory behavior for detecting system anomalies especially the concept of memory heat maps. © 2015 ACM.
@article{Yoon2015, author = {Yoon, M.-K. and Mohan, S. and Choi, J. and Sha, L.}, title = {Memory Heat Map: Anomaly detection in real-time embedded systems using memory behavior}, journal = {Proceedings - Design Automation Conference}, year = {2015}, volume = {2015-July}, doi = {10.1145/2744769.2744869}, art_number = {7167219}, url = {https://www.scopus.com/inward/record.uri?eid=2-s2.0-84944111499&doi=10.1145%2f2744769.2744869&partnerID=40&md5=f508b93054cd2b9018afa7b00c96aa1d}, author_keywords = {Intrusion detection; memory heat map; real-time systems}, document_type = {Conference Paper}, source = {Scopus}, } - Budgeted generalized rate monotonic analysis for the partitioned, yet globally scheduled uniprocessor modelJ.-E. Kim, T. Abdelzaher, and L. ShaIEEE Real-Time and Embedded Technology and Applications Symposium, RTAS, 2015
This paper solves the challenge of offline response time analysis of independent periodic tasks with constrained deadlines early in the software development cycle, under generalized rate-monotonic scheduling. CPU budgets are allocated to different applications and each application is composed of multiple periodic tasks that must share the same budget. Physical application requirements impose specifications on task periods and deadlines from the very beginning, but unlike the common assumption in traditional response time analysis, task execution times are not known. This is because task execution times depend on the exact system implementation, which is not finalized until later in the development cycle. Questions facing designers become: will my task meet its deadline given lack of knowledge of other tasks’ execution times? What is the smallest deadline that my task can meet? These questions are traditionally addressed by using a two level scheduler: CPU is partitioned and assigned to application, and task priorities are determined within the scope of an application, and when server becomes active it schedules the tasks locally. Such two level scheduling approach introduces priority inversion across applications. In our approach, different applications’ tasks are globally scheduled and yet the CPU resource is still partitioned and assigned to applications as a CPU budget. We schedule all the tasks globally while enforcing application budgets. The proposed new form of response time analysis is called budgeted generalized rate-monotonic analysis to compute the maximum response time for each task given only application budgets and task periods, but without knowledge of task execution times. We formulate this schedulability problem as a mixed integer linear programming problem and demonstrate a solution that computes the exact worst-case response times. Evaluation shows that our solution outperforms, in terms of schedulability, both global utilization bounds and mechanisms that attain temporal modularity via resource partitioning. © 2015 IEEE.
@article{Kim2015221, author = {Kim, J.-E. and Abdelzaher, T. and Sha, L.}, title = {Budgeted generalized rate monotonic analysis for the partitioned, yet globally scheduled uniprocessor model}, journal = {IEEE Real-Time and Embedded Technology and Applications Symposium, RTAS}, year = {2015}, volume = {2015-May}, pages = {221-231}, doi = {10.1109/RTAS.2015.7108445}, art_number = {7108445}, url = {https://www.scopus.com/inward/record.uri?eid=2-s2.0-84944677684&doi=10.1109%2fRTAS.2015.7108445&partnerID=40&md5=1864e3650a6ff33f1352e69c364aeb63}, keywords = {Integer programming; Scheduling; Software design, Maximum response time; Mixed integer linear programming problems; Rate monotonic analysis; Rate-monotonic scheduling; Resource partitioning; Response-time analysis; Software development cycles; System implementation, Budget control}, document_type = {Conference Paper}, source = {Scopus}, } - The design of safe networked supervisory medical systems using organ-centric hierarchical control architectureW. Kang, L. Sha, Jr. Berlin, and J.M. GoldmanIEEE Journal of Biomedical and Health Informatics, 2015
There are growing demands to leverage network connectivity and interoperability of medical devices in order to improve patient safety and the effectiveness of medical services. However, if not properly designed, the integration of medical devices through networking could significantly increase the complexity of the system and make the system more vulnerable to potential errors, jeopardizing patient safety. The system must be designed and verified to guarantee the safety of patients and the effectiveness of medical services in the face of potential problems such as network failures. In this paper, we propose organ-centric hierarchical control architecture as a viable solution that reduces the complexity in system design and verification. In our approach, medical devices are grouped into clusters according to organ-specific human physiology. Each cluster captures common patterns arising out of medical device interactions and becomes a survivable semiautonomous unit during network failures. Further, safety verification and runtime enforcement can be modularized along organ-centric hierarchical control structure. We showthe feasibility of the proposed approach under Simulink’s model-based development framework. A simplified scenario for airway laser surgery is used as a case study. © 2014 IEEE. Personal use is permitted, but republication/redistribution requires IEEE permission.
@article{Kang20151077, author = {Kang, W. and Sha, L. and Berlin, R.B., Jr. and Goldman, J.M.}, title = {The design of safe networked supervisory medical systems using organ-centric hierarchical control architecture}, journal = {IEEE Journal of Biomedical and Health Informatics}, year = {2015}, volume = {19}, number = {3}, pages = {1077-1086}, doi = {10.1109/JBHI.2014.2333778}, art_number = {6845329}, url = {https://www.scopus.com/inward/record.uri?eid=2-s2.0-84929305178&doi=10.1109%2fJBHI.2014.2333778&partnerID=40&md5=870b4c7893ec53d4d59e7e44913a4949}, author_keywords = {Device interoperability; Medical device; Networking; Organ-centric; Plug-and-play; Safety; Supervisory control}, keywords = {Accident prevention; Complex networks; Hierarchical systems; Interoperability; Laser surgery; Medical problems; Network architecture; Physiology, Device interoperability; Medical Devices; Networking; Organ-centric; Plug and play; Supervisory control, Networked control systems, computer interface; computer network; device safety; devices; human; reproducibility; system analysis, Computer Communication Networks; Equipment and Supplies; Equipment Safety; Humans; Reproducibility of Results; Systems Integration; User-Computer Interface}, document_type = {Article}, source = {Scopus}, } - Schedulability bound for integrated modular avionics partitionsJ.-E. Kim, T. Abdelzaher, and L. ShaProceedings -Design, Automation and Test in Europe, DATE, 2015
In the avionics industry, as a hierarchical scheduling architecture Integrated Modular Avionics System has been widely adopted for its isolating capability. In practice, in an early development phase, a system developer does not know much about task execution times, but only task periods and IMA partition information. In such a case the schedulability bound for a task in a given partition tells a developer how much of the execution time the task can have to be schedulable. Once the developer knows the bound, then the developer can deal with any combination of execution times under the bound, which is safe in terms of schedulability. We formulate the problem as linear programming that is commonly used in the avionics industry for schedulability analysis, and compare the bound with other existing ones which are obtained with no period information. © 2015 EDAA.
@article{Kim201537, author = {Kim, J.-E. and Abdelzaher, T. and Sha, L.}, title = {Schedulability bound for integrated modular avionics partitions}, journal = {Proceedings -Design, Automation and Test in Europe, DATE}, year = {2015}, volume = {2015-April}, pages = {37-42}, doi = {10.7873/date.2015.1026}, art_number = {7092355}, url = {https://www.scopus.com/inward/record.uri?eid=2-s2.0-84945930197&doi=10.7873%2fdate.2015.1026&partnerID=40&md5=0eb4b7f3a380ae736d4c4a542748ba9f}, keywords = {Linear programming, Development phase; Hierarchical scheduling; Integrated modular avionics; Schedulability; Schedulability analysis; System developers; Task executions, Avionics}, document_type = {Conference Paper}, source = {Scopus}, } - Exploiting structured human interactions to enhance estimation accuracy in cyber-Physical systemsY. Gao, S. Hu, R. Mancuso, H. Wang, M. Kim, P. Wu, L. Su, L. Sha, and T. AbdelzaherACM/IEEE 6th International Conference on Cyber-Physical Systems, ICCPS 2015, 2015
In this paper, we describe a general methodology for enhancing measurement accuracy in cyber-physical systems that involve structured human interactions with a noisy physical environment. We define structured human interactions as those that follow a domain-specific workflow. The idea of the paper is simple: We exploit knowledge of the workflow to correct unreliable sensor data. The intellectual contribution lies in an algorithm for joint estimation of the current state of the workflow together with correction of noisy sensor measurements, given only the noisy measurements and an overall workflow description. We demonstrate through simulations and a physical implementation the degree to which knowledge of workflow can increase sensing accuracy. As a specific instantiation of this idea, we present a novel situation-awareness tool called the Emergency Transcriber designed to automatically document operational procedures followed by teams of first responders in emergency-response scenarios. Evaluation shows that our system provides a significant fidelity enhancement over the state of the art, effectively coping with the noisy environment of emergency teams.
@article{Gao201560, author = {Gao, Y. and Hu, S. and Mancuso, R. and Wang, H. and Kim, M. and Wu, P. and Su, L. and Sha, L. and Abdelzaher, T.}, title = {Exploiting structured human interactions to enhance estimation accuracy in cyber-Physical systems}, journal = {ACM/IEEE 6th International Conference on Cyber-Physical Systems, ICCPS 2015}, year = {2015}, pages = {60-69}, doi = {10.1145/2735960.2735965}, url = {https://www.scopus.com/inward/record.uri?eid=2-s2.0-84954155593&doi=10.1145%2f2735960.2735965&partnerID=40&md5=c480d705eb5dd7408633ea2a6b9f2759}, author_keywords = {Emergency; Unreliable sensor data; Workflow}, keywords = {Cyber physical systems (CPSs); Emergency; General methodologies; Measurement accuracy; Operational procedures; Physical environments; Sensor data; Workflow, Embedded systems}, document_type = {Conference Paper}, source = {Scopus}, } - Medical-grade quality of service for real-time mobile healthcareK. Kang, Q. Wang, J. Hur, K.-J. Park, and L. ShaComputer, 2015
A wireless electrocardiogram case study suggests that current CDMA2000 cellular technology has considerable potential in medical telemetry. Modifications to the network protocol stack ensure the highest data integrity and lowest service delay. © 2015 IEEE.
@article{Kang201541, author = {Kang, K. and Wang, Q. and Hur, J. and Park, K.-J. and Sha, L.}, title = {Medical-grade quality of service for real-time mobile healthcare}, journal = {Computer}, year = {2015}, volume = {48}, number = {2}, pages = {41-49}, doi = {10.1109/MC.2015.52}, art_number = {7042701}, url = {https://www.scopus.com/inward/record.uri?eid=2-s2.0-84923922202&doi=10.1109%2fMC.2015.52&partnerID=40&md5=fc166cdc2f039ceca55bf943f61e83ca}, author_keywords = {bioinformatics; computing in healthcare; computing in medicine; health informatics; healthcare; medical computing; medical QoS; mobile; mobile healthcare; networking; wireless medical applications}, keywords = {Bioinformatics; Health care; Medical applications; Mobile security; Network protocols; Quality of service, Health informatics; mobile; Mobile health care; networking; Wireless medical applications, Medical computing}, document_type = {Article}, source = {Scopus}, } - Real-time reachability for verified simplex designS. Bak, T.T. Johnson, M. Caccamo, and L. ShaProceedings - Real-Time Systems Symposium, 2015
The Simplex Architecture ensures the safe use of an unverifiable complex controller by using a verified safety controller and verified switching logic. This architecture enables the safe use of high-performance, untrusted, and complex control algorithms without requiring them to be formally verified. Simplex incorporates a supervisory controller and safety controller that will take over control if the unverified logic misbehaves. The supervisory controller should (1) guarantee the system never enters and unsafe state (safety), but (2) use the complex controller as much as possible (minimize conservatism). The problem of precisely and correctly defining this switching logic has previously been considered either using a control-theoretic optimization approach, or through an offline hybrid systems reach ability computation. In this work, we prove that a combined online/offline approach, which uses aspects of the two earlier methods along with a real-time reach ability computation, also maintains safety, but with significantly less conservatism. We demonstrate the advantages of this unified approach on a saturated inverted pendulum system, where the usable region of attraction is 227% larger than the earlier approach. © 2014 IEEE.
@article{Bak2015138, author = {Bak, S. and Johnson, T.T. and Caccamo, M. and Sha, L.}, title = {Real-time reachability for verified simplex design}, journal = {Proceedings - Real-Time Systems Symposium}, year = {2015}, volume = {2015-January}, number = {January}, pages = {138-148}, doi = {10.1109/RTSS.2014.21}, art_number = {7010482}, url = {https://www.scopus.com/inward/record.uri?eid=2-s2.0-84936951807&doi=10.1109%2fRTSS.2014.21&partnerID=40&md5=c3f9cd74c3cb6f0e92646ac4889d81c8}, author_keywords = {hybrid systems; model checking; online; reachability computation; real-time reachability; verification}, keywords = {Computer circuits; Controllers; Hybrid systems; Interactive computer systems; Model checking; Online systems; Pendulums; Verification, Complex control algorithms; Complex controllers; Inverted pendulum system; online; Optimization approach; Reachability; Region of attraction; Supervisory controllers, Real time systems}, document_type = {Conference Paper}, source = {Scopus}, } - Controller Redundancy Design for Cyber-Physical SystemsJ. Yao, X. Liu, G. Zhu, and L. Sha2015
Continuous Systems 72 3.4.2 MSR of Interpolation Gain-Scheduling Controller with Delays 73 3.5 Stability Property of Switched Linear Systems from NetMSR and Reach Set Perspective 74 3.5.1 Reach Set of States with Delay 74 3.5.2 Switch Logic 75 3.5.3 Stability Analysis 75 3.6 Evaluations 77 3.6.1 Satellite Altitude Control Model 77 3.6.2 Simulation Configuration 77 3.6.3 NetMSR Evaluations 78 3.6.4 Reliability Evaluations 80 3.7 Conclusion and Future Work 82 Acknowledgments 82 3.A Appendix 83 3.A.1 Proof of Lemma 3.3 83 3.A.2 Proof of Lemma 3.4 84 References 85 Systems where the physical subsystem is tightly integrated with the cyber subsystem are usually referred as cyber-physical systems (CPS) [1-5]. CPS applications can be found in many areas, such as automated manufacturing, health care, civil infrastructure, avionics, aircraft, and vehicular communications [6]. Networked control systems (NCS) are considered to be a prominent subcategory of CPS, in which networks provide a means for communication among sensors, actuators, and controllers. As networking technology continues to increase in bandwidth capability and decrease in price, NCS will become more pervasive and have the potential to radically change the way the physical systems interact with each other and their environment. Communication networks have been used to exchange information among sensors, controllers, and actuators in digital control systems since the 1970s, originally motivated by the need of reducing costs for cabling, modularizing, and integrating system flexibly in the automobile industry. Today, many other applications of NCS can be easily found in diverse industries. For example, Avionics Full-Duplex Switched Ethernet (AFDX) is used in control systems of the Airbus A380 and Boeing B787 [7], and a new automotive network communications protocol, FlexRay was developed for vehicle control and is used in automobiles, such as the BMW 7 Series (F01), Audi A8, and Rolls-Royce Ghost [8]. Employing communications networks in control systems may considerably reduce integration complexity and make system architecture more scalable. © 2016 by Taylor and Francis Group, LLC.
@book{Yao201561, author = {Yao, J. and Liu, X. and Zhu, G. and Sha, L.}, title = {Controller Redundancy Design for Cyber-Physical Systems}, journal = {Cyber-Physical Systems: From Theory to Practice}, year = {2015}, pages = {61-86}, doi = {10.1201/b19290-9}, url = {https://www.scopus.com/inward/record.uri?eid=2-s2.0-85141224261&doi=10.1201%2fb19290-9&partnerID=40&md5=b45fa83bffbaeefffc20abd108ffa808}, document_type = {Book Chapter}, source = {Scopus}, }
2014
- Applying software model checking to PALS systemsM.-Y. Nam, L. Sha, S. Chaki, and C. KimAIAA/IEEE Digital Avionics Systems Conference - Proceedings, 2014
Physically Asynchronous/Logically Synchronous (PALS) is an architecture pattern that allows developers to design and verify a system as though all nodes executed synchronously. The correctness of PALS protocol was formally verified. However, the implementation of PALS adds additional code that is otherwise not needed. In our case, we have a middleware (PALSWare) that supports PALS systems. In this paper, we introduce a verification framework that shows how we can apply Software Model Checking (SMC) to verify a PALS system at the source code level. SMC is an automated and exhaustive source code checking technology. Compared to verifying (hardware or software) models, verifying the actual source code is more useful because it minimizes any chance of false interpretation and eliminates the possibility of missing software bugs that were absent in the model but introduced during implementation. In other words, SMC reduces the semantic gap between what is verified and what is executed. Our approach is compositional, i.e., the verification of PALSWare is done separately from applications. Since PALSWare is inherently concurrent, to verify it via SMC we must overcome the statespace explosion problem, which arises from concurrency and asynchrony. To this end, we develop novel simplification abstractions, prove their soundness, and then use these abstractions to reduce the verification of a system with many threads to verifying a system with a relatively small number of threads. When verifying an application, we leverage the (already verified) synchronicity guarantees provided by the PALSWare to reduce the verification complexity significantly. Thus, our approach uses both ’abstraction’ and ’composition’, the two main techniques to reduce statespace explosion. This separation between verification of PALSWare and applications also provides better management against upgrades to either. We validate our approach by verifying the current PALSWare implementation, and several PALSWare-based distributed real time applications. © 2014 IEEE.
@article{Nam20145B41, author = {Nam, M.-Y. and Sha, L. and Chaki, S. and Kim, C.}, title = {Applying software model checking to PALS systems}, journal = {AIAA/IEEE Digital Avionics Systems Conference - Proceedings}, year = {2014}, pages = {5B41-5B414}, doi = {10.1109/DASC.2014.6979483}, art_number = {6979483}, url = {https://www.scopus.com/inward/record.uri?eid=2-s2.0-84919789861&doi=10.1109%2fDASC.2014.6979483&partnerID=40&md5=88d52b6c9631f30b7163ae68ec3469a5}, keywords = {Abstracting; Codes (symbols); Computer programming languages; Digital avionics; Middleware; Model checking; Semantics, Architecture patterns; Number of threads; Real-time application; Software bug; Software model checking; State-space explosion; Verification complexity; Verification framework, Program debugging}, document_type = {Conference Paper}, source = {Scopus}, } - qPALS: Quality-aware synchrony protocol for distributed real-time systemsW. Kang, and L. ShaKSII Transactions on Internet and Information Systems, 2014
Synchronous computing models provided by real-time synchrony protocols, such as TTA [1] and PALS [2], greatly simplify the design, implementation, and verification of real-time distributed systems. However, their application to real systems has been limited since their assumptions on underlying systems are hard to satisfy. In particular, most previous real-time synchrony protocols hypothesize the existence of underlying fault tolerant real-time networks. This, however, might not be true in most soft real-time applications. In this paper, we propose a practical approach to a synchrony protocol, called Quality-Aware PALS (qPALS), which provides the benefits of a synchronous computing model in environments where no fault-tolerant real-time network is available. qPALS supports two flexible global synchronization protocols: one tailored for the performance and the other for the correctness of synchronization. Hence, applications can make a negotiation flexibly between performance and correctness. In qPALS, the Quality-of-Service (QoS) on synchronization and consistency is specified in a probabilistic manner, and the specified QoS is supported under dynamic and unpredictable network environments via a control-theoretic approach. Our simulation results show that qPALS supports highly reliable synchronization for critical events while still supporting the efficiency and performance even when the underlying network is not stable. © 2014 KSII.
@article{Kang20143361, author = {Kang, W. and Sha, L.}, title = {qPALS: Quality-aware synchrony protocol for distributed real-time systems}, journal = {KSII Transactions on Internet and Information Systems}, year = {2014}, volume = {8}, number = {10}, pages = {3361-3377}, doi = {10.3837/tiis.2014.10.004}, url = {https://www.scopus.com/inward/record.uri?eid=2-s2.0-84908465431&doi=10.3837%2ftiis.2014.10.004&partnerID=40&md5=86e02472f5642f4a678a8cc6aeaa11b4}, author_keywords = {Cyber physical systems; Feedback control; GALS; Globally asynchronous locally synchronous; Middleware; QoS; Quality-of-service; Real-time systems; Synchrony protocol}, keywords = {Cyber Physical System; Distributed computer systems; Distributed database systems; Embedded systems; Fault tolerance; Fault tolerant computer systems; Feedback control; Interactive computer systems; Internet protocols; Middleware; Quality control; Quality of service; Synchronization, Control-theoretic approach; Distributed real time system; Efficiency and performance; GALS; Global synchronization; Globally asynchronous locally synchronous; Real time distributed systems; Soft real-time applications, Real time systems}, document_type = {Article}, source = {Scopus}, } - A treatment validation protocol for cyber-physical-human medical systemsP.-L. Wu, D. Raguraman, L. Sha, R.B. Berlin, and J.M. GoldmanProceedings - 40th Euromicro Conference Series on Software Engineering and Advanced Applications, SEAA 2014, 2014
In cyber-physical-human medical environments, coordinating supervisory medical systems and medical staff to perform treatments in in accordance with best practice is essential for patient safety. However, the dynamics of patient conditions and the non-deterministic nature of potential side effects of treatments pose significant challenges. In this paper, we propose a validation protocol to enforce the correct execution sequence of performing treatment, regarding preconditions validation, side effects monitoring, and expected responses checking based on the path physiological models. The proposed protocol organizes the medical information concisely and comprehensively to help medical staff validate treatments. Unlike traditional validation mechanism for cyber systems, the medical system cannot lock or rollback the states of physical components, such as patient conditions. Therefore, the proposed protocol dynamically adapts to the patient conditions and side effects of treatments. Moreover, a cardiac arrest scenario is used as a case study to verify the safety and correctness properties of the proposed protocol. © 2014 IEEE.
@article{Wu2014183, author = {Wu, P.-L. and Raguraman, D. and Sha, L. and Berlin, R.B. and Goldman, J.M.}, title = {A treatment validation protocol for cyber-physical-human medical systems}, journal = {Proceedings - 40th Euromicro Conference Series on Software Engineering and Advanced Applications, SEAA 2014}, year = {2014}, pages = {183-190}, doi = {10.1109/SEAA.2014.10}, art_number = {6928810}, url = {https://www.scopus.com/inward/record.uri?eid=2-s2.0-84916593441&doi=10.1109%2fSEAA.2014.10&partnerID=40&md5=6b539345b97b5d317b44dce7779d54f2}, author_keywords = {medical cyber-physical-human systems; treatment validation}, keywords = {Application programs; Physiological models; Safety engineering, Correctness properties; Execution sequences; Human system; Medical information; Patient condition; Physical components; Treatment validation; Validation protocols, Cyber Physical System}, document_type = {Conference Paper}, source = {Scopus}, } - Integrated Modular Avionics (IMA) partition scheduling with conflict-free I/O for multicore avionics systemsJ.-E. Kim, M.-K. Yoon, R. Bradford, and L. ShaProceedings - International Computer Software and Applications Conference, 2014
The trend in the semiconductor industry toward multicore processors poses a significant challenge to many suppliers of safety-critical real-time embedded software. Having certified their systems for use on single-core processors, these companies may be forced to migrate their installed base of software onto multicore processors as single-core processors become harder to obtain. These companies naturally want to minimize the potentially high costs of recertifying their software for multicore processors. In support of this goal, we propose an approach to solving a fundamental problem in migrating legacy software applications to multicore systems, namely that of preventing conflicts among I/O transactions from applications residing on different cores. We formalize the problem as a partition scheduling problem that serializes I/O partitions. Although this problem is strongly NP-complete, we formulate it as a Constraint Programming (CP) problem. Since the CP approach scales poorly, we propose a heuristic algorithm that outperforms the CP approach in scalability. © 2014 IEEE.
@article{Kim2014321, author = {Kim, J.-E. and Yoon, M.-K. and Bradford, R. and Sha, L.}, title = {Integrated Modular Avionics (IMA) partition scheduling with conflict-free I/O for multicore avionics systems}, journal = {Proceedings - International Computer Software and Applications Conference}, year = {2014}, pages = {321-331}, doi = {10.1109/COMPSAC.2014.54}, art_number = {6899233}, url = {https://www.scopus.com/inward/record.uri?eid=2-s2.0-84928595574&doi=10.1109%2fCOMPSAC.2014.54&partnerID=40&md5=44179b1556e06987c2f3f6b6af9fe464}, author_keywords = {Conflict-free I/O; Integrated Modular Avionics (IMA); Multicore Avionics Systems}, keywords = {Accident prevention; Application programs; Avionics; Computer programming; Computer software; Constraint theory; Heuristic algorithms; Legacy systems; Problem solving; Scheduling; Semiconductor device manufacture, Avionics systems; Conflict free; Constraint programming; Integrated modular avionics; Multi-core processor; Real-time embedded software; Semiconductor industry; Single-core processors, Multicore programming}, document_type = {Conference Paper}, source = {Scopus}, } - Towards a cyber-medical model for device configuration safety in acute careM. Rahmaniheris, L. Sha, R.B. Berlin, and J.M. Goldman2014 IEEE Healthcare Innovation Conference, HIC 2014, 2014
The safety and efficacy of acute patient care depends on continuously proper use of medical monitoring and therapeutic devices. The device configuration safety depends on the rapidly changing patient condition. Therefore, the constraints to be enforced must be adapted dynamically. In this paper, we model the patient condition as communicating organ state machines, and the change of patient condition is modeled as the transition between organ states. The states are represented based on a pathophysiological model, which captures the changes in organ states as a results of one or more diseases. Applying the proposed patient state representation, we have a different set of device configuration requirements for each state. We introduce a new process for runtime validation of monitoring/ therapeutic configuration safety requirements using the proposed communicating organ state machines. We illustrate the usefulness of the proposed approach using a cardiac arrest scenario. © 2014 IEEE.
@article{Rahmaniheris2014118, author = {Rahmaniheris, M. and Sha, L. and Berlin, R.B. and Goldman, J.M.}, title = {Towards a cyber-medical model for device configuration safety in acute care}, journal = {2014 IEEE Healthcare Innovation Conference, HIC 2014}, year = {2014}, pages = {118-124}, doi = {10.1109/HIC.2014.7038889}, art_number = {7038889}, url = {https://www.scopus.com/inward/record.uri?eid=2-s2.0-84949922810&doi=10.1109%2fHIC.2014.7038889&partnerID=40&md5=00fabbfadb38393793e67fde8a37d508}, keywords = {Cardiac arrest; Device configurations; Medical modeling; Pathophysiological; Patient condition; Run-time validation; Safety requirements; State machine}, document_type = {Conference Paper}, source = {Scopus}, } - WiP abstract: A treatment coordination protocol for cyber-physical-human medical systemsP.-L. Wu, D. Raguraman, L. Sha, R.B. Berlin Jr., and J.M. Goldman2014 ACM/IEEE International Conference on Cyber-Physical Systems, ICCPS 2014, 2014
Improving effectiveness and safety of healthcare infrastructure is an important issue for cyber-physical-human medical systems. However, statistics indicates that preventable medical error rate is highest in ICU as compared to other hospital units. Many preventable medical errors are result from unintended deviation from the best practice guidelines, because medical staff are under tremendous pressure and overloaded by great amount of unorganized information. In order to reduce preventable medical errors, we develop a coordination protocol to validate treatments based on the pathophys-iological models 1. © 2014 IEEE.
@article{Wu2014226, author = {Wu, P.-L. and Raguraman, D. and Sha, L. and Berlin Jr., R.B. and Goldman, J.M.}, journal = {2014 ACM/IEEE International Conference on Cyber-Physical Systems, ICCPS 2014}, year = {2014}, pages = {226}, doi = {10.1109/ICCPS.2014.6843739}, art_number = {6843739}, url = {https://www.scopus.com/inward/record.uri?eid=2-s2.0-84904503346&doi=10.1109%2fICCPS.2014.6843739&partnerID=40&md5=ac1031d3a5bcb243801a336e5ca5e824}, keywords = {Embedded systems; Intensive care units, Best practice guidelines; Coordination protocols; Healthcare infrastructure; Medical errors; Medical systems, Errors}, document_type = {Conference Paper}, source = {Scopus}, } - Guaranteeing the end-to-end latency of an IMA system with an increasing workloadM.-Y. Nam, J. Lee, K.-J. Park, L. Sha, and K. KangIEEE Transactions on Computers, 2014
New features are often added incrementally to avionics systems to minimize the need for redesign and recertification. However, it then becomes necessary to check that the timing constraints of existing as well as new applications are met. We facilitate these checks by introducing a new data switch that bounds the latency of end-to-end communications across a network. This switch runs a clock-driven switching algorithm that is throughput-optimal with a bounded worst-case delay for all feasible traffic. We propose associated heuristics that determine whether the timing constraints of an integrated modular avionics (IMA) system network that uses this switch are met, even if new features have caused traffic to increase, and then search for alternative network configurations if necessary. Virtual integration is used to make a combined analysis of the worst-case delay in the network and the local buses of individual computing modules. This analysis considers the shared network topology, local hardware architectures, and specified IMA configurations. Our approach can be used by a system architect as an effective method for quickly determining which possible system architectures should be pursued to meet timing constraints, and it allows the cascading effects of changes to be tracked and managed. We demonstrate how these heuristics work through an example in which changes are made to an environmental monitoring facility within an avionics system that uses our switch. © 2013 IEEE.
@article{Nam20141460, author = {Nam, M.-Y. and Lee, J. and Park, K.-J. and Sha, L. and Kang, K.}, title = {Guaranteeing the end-to-end latency of an IMA system with an increasing workload}, journal = {IEEE Transactions on Computers}, year = {2014}, volume = {63}, number = {6}, pages = {1460-1473}, doi = {10.1109/TC.2012.300}, art_number = {6399465}, url = {https://www.scopus.com/inward/record.uri?eid=2-s2.0-84903118613&doi=10.1109%2fTC.2012.300&partnerID=40&md5=6394139efb72c07636cb8e303a4f622d}, author_keywords = {end-to-end latency; integrated modular avionics (IMA); real-time switch; Virtual integration}, keywords = {Avionics, End to end latencies; End-to-End communication; Environmental Monitoring; Individual computing; Integrated modular avionics; Switching algorithms; System architectures; Virtual integration, Network architecture}, document_type = {Article}, source = {Scopus}, }
2013
- Modeling and architecture design of an MDPnP acute care monitoring systemM. Rahmaniheris, W. Kang, L.-J. Lee, L. Sha, R.B. Berlin Jr., and J.M. GoldmanProceedings of CBMS 2013 - 26th IEEE International Symposium on Computer-Based Medical Systems, 2013
Medical Device Plug-and-Play (MDPnP) permits the mitigation of preventable medical errors. However, MDPnP results in a dynamic environment, which presents great challenges to traditional software architectures. This paper addresses these challenges by describing an abstract representation of dynamic clinical environment and a modular architecture is utilized to support safe system reconfiguration. © 2013 IEEE.
@article{Rahmaniheris2013514, author = {Rahmaniheris, M. and Kang, W. and Lee, L.-J. and Sha, L. and Berlin Jr., R.B. and Goldman, J.M.}, title = {Modeling and architecture design of an MDPnP acute care monitoring system}, journal = {Proceedings of CBMS 2013 - 26th IEEE International Symposium on Computer-Based Medical Systems}, year = {2013}, pages = {514-515}, doi = {10.1109/CBMS.2013.6627855}, art_number = {6627855}, url = {https://www.scopus.com/inward/record.uri?eid=2-s2.0-84889054792&doi=10.1109%2fCBMS.2013.6627855&partnerID=40&md5=892b8d60ac9a132d16441dbeca3f5a37}, keywords = {Abstract representation; Architecture designs; Clinical environments; Dynamic environments; Medical Devices; Modular architectures; Monitoring system; System reconfiguration, Computer science, Biomedical equipment}, document_type = {Conference Paper}, source = {Scopus}, } - Towards organ-centric compositional development of safe networked supervisory medical systemsW. Kang, P. Wu, M. Rahmaniheris, L. Sha, R.B. Berlin Jr., and J.M. GoldmanProceedings of CBMS 2013 - 26th IEEE International Symposium on Computer-Based Medical Systems, 2013
Medical devices are increasingly capable of interacting with each other by leveraging network connectivity and interoperability, promising a great benefit for patient safety and effectiveness of medical services. However, ad-hoc integration of medical devices through networking can significantly increase the complexity of the system and make the system more vulnerable to potential errors and safety hazards. In this paper, we address this problem and introduce an organ-centric compositional development approach. In our approach, medical devices are composed into semi-autonomous clusters according to organ-specific physiology in a network-fail-safe manner. Each organ-centric cluster captures common device interaction patterns of sensing and control to support human physiology. The library of these formally verified organ-centric architectural patterns enables rapid and safe composition of supervisory controllers, which are specialized for specific medical scenarios. Using airway-laser surgery as a case study of practical importance, we demonstrate the feasibility of our approach under Simulink’s model-driven development framework. © 2013 IEEE.
@article{Kang2013143, author = {Kang, W. and Wu, P. and Rahmaniheris, M. and Sha, L. and Berlin Jr., R.B. and Goldman, J.M.}, title = {Towards organ-centric compositional development of safe networked supervisory medical systems}, journal = {Proceedings of CBMS 2013 - 26th IEEE International Symposium on Computer-Based Medical Systems}, year = {2013}, pages = {143-148}, doi = {10.1109/CBMS.2013.6627779}, art_number = {6627779}, url = {https://www.scopus.com/inward/record.uri?eid=2-s2.0-84889008729&doi=10.1109%2fCBMS.2013.6627779&partnerID=40&md5=f6023d266a5d13f668c1f29aaa457384}, keywords = {Architectural pattern; Compositional development; Human physiology; Interaction pattern; Model driven development; Network connectivity; Practical importance; Supervisory controllers, Biomedical equipment; Complex networks; Laser surgery; Physiology, Interoperability}, document_type = {Conference Paper}, source = {Scopus}, } - L1Simplex: Fault-tolerant control of cyber-physical systemsX. Wang, N. Hovakimyan, and L. Sha2013 ACM/IEEE International Conference on Cyber-Physical Systems, ICCPS 2013, 2013
As the complexity of Cyber-Physical Systems (CPS) increases, it becomes more and more challenging to ensure the reliability of CPS, especially in the presence of system failures. Simplex architecture is shown to be an efficient tool to address the software failure in such systems. However, when physical failures also appear, Simplex does not work any more because the physical dynamics change due to physical failures. The Simplex architecture designed for the original physical model may not be suitable for the new dynamics. To address both software and physical failures, this paper presents the L1Simplex architecture, which contains the safety monitor, the high-performance controller (HPC), the L1- based high-assurance controller (HAC), and the decision logic for controller switching. The safety monitor is used to monitor the system behavior. It leads to another controller switching rule besides the stability-envelope-based rule in the decision logic. The HAC is designed based on the L1 adaptive controller, with which the stability envelope is computed. We show that the L1Simplex architecture can efficiently handle a class of software and physical failures. © 2013 IEEE.
@article{Wang201341, author = {Wang, X. and Hovakimyan, N. and Sha, L.}, title = {L1Simplex: Fault-tolerant control of cyber-physical systems}, journal = {2013 ACM/IEEE International Conference on Cyber-Physical Systems, ICCPS 2013}, year = {2013}, pages = {41-50}, doi = {10.1109/ICCPS.2013.6603998}, art_number = {6603998}, url = {https://www.scopus.com/inward/record.uri?eid=2-s2.0-84885229463&doi=10.1109%2fICCPS.2013.6603998&partnerID=40&md5=0438f511dd2ad15c2306f1ff508832d5}, author_keywords = {Fault; L1 Adaptive Control; Simplex; Tolerance}, keywords = {Adaptive controllers; Controller switching; Cyber physical systems (CPSs); Cyber-physical systems (CPS); Fault tolerant control; High-performance controllers; L1 adaptive controls; Simplex, Adaptive control systems; Embedded systems; Fault tolerance; Faulting; Fits and tolerances; Systems engineering, Physical addresses}, document_type = {Conference Paper}, source = {Scopus}, } - A low complexity coordination architecture for networked supervisory medical systemsP.-L. Wu, W. Kang, A. Ai-Nayeem, L. Sha, R.B. Berlin Jr., and J.M. Goldman2013 ACM/IEEE International Conference on Cyber-Physical Systems, ICCPS 2013, 2013
Cooperating medical devices, envisioned by Integrated Clinical Environment (ICE) of Medical Device Plug-and-Play (MDPnP), is expected to improve the safety and the quality of patient care. To ensure safety, the cooperating medical devices must be thoroughly verified and tested. However, concurrent control of devices without proper coordination poses a significant challenge for the verification of the safety, since complex interaction patterns between devices might cause the explosion of the verification state space. In this paper, we propose a low-complexity coordination architecture and protocol for networked supervisory medical systems. The proposed architecture organizes the systems in a hierarchical and organ-based manner in accordance to human physiology and home-ostasis. Further, the proposed protocol avoids potential conflicts and unsafe controls, while allowing efficient concurrent operations of medical devices. The evaluation results show that our approach reduce the complexity by several orders of magnitude. © 2013 IEEE.
@article{Wu201389, author = {Wu, P.-L. and Kang, W. and Ai-Nayeem, A. and Sha, L. and Berlin Jr., R.B. and Goldman, J.M.}, title = {A low complexity coordination architecture for networked supervisory medical systems}, journal = {2013 ACM/IEEE International Conference on Cyber-Physical Systems, ICCPS 2013}, year = {2013}, pages = {89-98}, doi = {10.1109/ICCPS.2013.6604003}, art_number = {6604003}, url = {https://www.scopus.com/inward/record.uri?eid=2-s2.0-84885201269&doi=10.1109%2fICCPS.2013.6604003&partnerID=40&md5=308a2b608d5dc75d25c90b43e3797854}, author_keywords = {Architectural patterns; networked supervisory medical systems; co; complexity reduction; ordination}, keywords = {Complexity reduction; Concurrent operations; Coordination architecture; Integrated clinical environments; Medical systems; Orders of magnitude; ordination; Proposed architectures, Biomedical equipment; Concurrency control; Coordination reactions; Embedded systems; Explosions; Network architecture, Hierarchical systems}, document_type = {Conference Paper}, source = {Scopus}, } - A low complexity coordination architecture for networked supervisory medical systemsP.-L. Wu, W. Kang, A. Al-Nayeem, L. Sha, R.B. Berlin Jr., and J.M. GoldmanACM/IEEE 4th International Conference on Cyber-Physical Systems, ICCPS 2013, 2013
Cooperating medical devices, envisioned by Integrated Clinical Environment (ICE) of Medical Device Plug-and-Play (MDPnP), is expected to improve the safety and the quality of patient care. To ensure safety, the cooperating medical devices must be thoroughly verified and tested. However, concurrent control of devices without proper coordination poses a significant challenge for the verification of the safety, since complex interaction patterns between devices might cause the explosion of the verification state space. In this paper, we propose a low-complexity coordination architecture and protocol for networked supervisory medical systems. The proposed architecture organizes the systems in a hierarchical and organ-based manner in accordance to human physiology and home-ostasis. Further, the proposed protocol avoids potential conflicts and unsafe controls, while allowing efficient concurrent operations of medical devices. The evaluation results show that our approach reduce the complexity by several orders of magnitude. Copyright 2013 ACM.
@article{Wu201390, author = {Wu, P.-L. and Kang, W. and Al-Nayeem, A. and Sha, L. and Berlin Jr., R.B. and Goldman, J.M.}, title = {A low complexity coordination architecture for networked supervisory medical systems}, journal = {ACM/IEEE 4th International Conference on Cyber-Physical Systems, ICCPS 2013}, year = {2013}, pages = {89-98}, doi = {10.1145/2502524.2502537}, url = {https://www.scopus.com/inward/record.uri?eid=2-s2.0-84883082584&doi=10.1145%2f2502524.2502537&partnerID=40&md5=0809cd73ad5b2b02f9d16a2e862b12bf}, author_keywords = {Architectural patterns; Complexity reduction; Coordination; Networked supervisory medical systems}, keywords = {Architectural pattern; Complexity reduction; Concurrent operations; Coordination; Coordination architecture; Integrated clinical environments; Medical systems; Proposed architectures, Biomedical equipment; Concurrency control; Coordination reactions; Embedded systems; Explosions; Network architecture, Hierarchical systems}, document_type = {Conference Paper}, source = {Scopus}, } - L1Simplex: Fault-tolerant control of cyber-physical systemsX. Wang, N. Hovakimyan, and L. ShaACM/IEEE 4th International Conference on Cyber-Physical Systems, ICCPS 2013, 2013
As the complexity of Cyber-Physical Systems (CPS) increases, it becomes more and more challenging to ensure the reliability of CPS, especially in the presence of system failures. Simplex architecture is shown to be an efficient tool to address the software failure in such systems. However, when physical failures also appear, Simplex does not work any more because the physical dynamics change due to physical failures. The Simplex architecture designed for the original physical model may not be suitable for the new dynamics. To address both software and physical failures, this paper presents the L1Simplex architecture, which contains the safety monitor, the high-performance controller (HPC), the L1-based high-assurance controller (HAC), and the decision logic for controller switching. The safety monitor is used to monitor the system behavior. It leads to another controller switching rule besides the stability-envelope-based rule in the decision logic. The HAC is designed based on the L1 adaptive controller, with which the stability envelope is computed. We show that the L1Simplex architecture can efficiently handle a class of software and physical failures. Copyright 2013 ACM.
@article{Wang201342, author = {Wang, X. and Hovakimyan, N. and Sha, L.}, title = {L1Simplex: Fault-tolerant control of cyber-physical systems}, journal = {ACM/IEEE 4th International Conference on Cyber-Physical Systems, ICCPS 2013}, year = {2013}, pages = {41-50}, doi = {10.1145/2502524.2502531}, url = {https://www.scopus.com/inward/record.uri?eid=2-s2.0-84883069564&doi=10.1145%2f2502524.2502531&partnerID=40&md5=6a9631c28491c4168500710b880f0f87}, author_keywords = {Fault-tolerance; L1 adaptive control; Simplex}, keywords = {Adaptive Control; Adaptive controllers; Controller switching; Cyber physical systems (CPSs); Cyber-physical systems (CPS); Fault tolerant control; High-performance controllers; Simplex, Adaptive control systems; Embedded systems; Fault tolerance; Systems engineering, Physical addresses}, document_type = {Conference Paper}, source = {Scopus}, } - SecureCore: A multicore-based intrusion detection architecture for real-time embedded systemsM.-K. Yoon, S. Mohan, J. Choi, J.-E. Kim, and L. ShaReal-Time Technology and Applications - Proceedings, 2013
Security violations are becoming more common in real-time systems - an area that was considered to be invulnerable in the past - as evidenced by the recent W32.Stuxnet and Duqu worms. A failure to protect such systems from malicious entities could result in significant harm to both humans as well as the environment. The increasing use of multicore architectures in such systems exacerbates the problem since shared resources on these processors increase the risk of being compromised. In this paper, we present the SecureCore framework that, coupled with novel monitoring techniques, is able to improve the security of realtime embedded systems. We aim to detect malicious activities by analyzing and observing the inherent properties of the real-time system using statistical analyses of their execution profiles. With careful analysis based on these profiles, we are able to detect malicious code execution as soon as it happens and also ensure that the physical system remains safe. © 2013 IEEE.
@article{Yoon201321, author = {Yoon, M.-K. and Mohan, S. and Choi, J. and Kim, J.-E. and Sha, L.}, title = {SecureCore: A multicore-based intrusion detection architecture for real-time embedded systems}, journal = {Real-Time Technology and Applications - Proceedings}, year = {2013}, pages = {21-32}, doi = {10.1109/RTAS.2013.6531076}, art_number = {6531076}, url = {https://www.scopus.com/inward/record.uri?eid=2-s2.0-84881112280&doi=10.1109%2fRTAS.2013.6531076&partnerID=40&md5=dd8bf47dc5d2526ebb030adcf03c4602}, keywords = {Malicious activities; Malicious entity; Monitoring techniques; Multicore architectures; Physical systems; Real-time embedded systems; Security violations; Shared resources, Intrusion detection; Real time systems; Software architecture, Embedded systems}, document_type = {Conference Paper}, source = {Scopus}, } - MemGuard: Memory bandwidth reservation system for efficient performance isolation in multi-core platformsH. Yun, G. Yao, R. Pellizzoni, M. Caccamo, and L. ShaReal-Time Technology and Applications - Proceedings, 2013
Memory bandwidth in modern multi-core platforms is highly variable for many reasons and is a big challenge in designing real-time systems as applications are increasingly becoming more memory intensive. In this work, we proposed, designed, and implemented an efficient memory bandwidth reservation system, that we call MemGuard. MemGuard distinguishes memory bandwidth as two parts: guaranteed and best effort. It provides bandwidth reservation for the guaranteed bandwidth for temporal isolation, with efficient reclaiming to maximally utilize the reserved bandwidth. It further improves performance by exploiting the best effort bandwidth after satisfying each core’s reserved bandwidth. MemGuard is evaluated with SPEC2006 benchmarks on a real hardware platform, and the results demonstrate that it is able to provide memory performance isolation with minimal impact on overall throughput. © 2013 IEEE.
@article{Yun201355, author = {Yun, H. and Yao, G. and Pellizzoni, R. and Caccamo, M. and Sha, L.}, title = {MemGuard: Memory bandwidth reservation system for efficient performance isolation in multi-core platforms}, journal = {Real-Time Technology and Applications - Proceedings}, year = {2013}, pages = {55-64}, doi = {10.1109/RTAS.2013.6531079}, art_number = {6531079}, url = {https://www.scopus.com/inward/record.uri?eid=2-s2.0-84881104524&doi=10.1109%2fRTAS.2013.6531079&partnerID=40&md5=1090c09d2d73279300e6499d38e124d3}, keywords = {Bandwidth reservation; Best effort; Guaranteed bandwidth; Hardware platform; Memory bandwidths; Memory performance; Multi-core platforms; Temporal isolation, Benchmarking; Real time systems; Reservation systems, Bandwidth}, document_type = {Conference Paper}, source = {Scopus}, } - S3A: Secure system simplex architecture for enhanced security and robustness of cyber-physical systemsS. Mohan, S. Bak, E. Betti, H. Yun, L. Sha, and M. CaccamoHiCoNS 2013 - 2nd ACM International Conference on High Confidence Networked Systems, Part of CPSWeek 2013, 2013
The recently discovered ’W32.Stuxnet’ worm has drastically changed the perception that systems managing critical infrastructure are invulnerable to software security attacks. Here we present an architecture that enhances the security of safety-critical cyber-physical systems despite the presence of such malware. Our architecture uses the property that control systems have deterministic real-time) execution behavior to detect an intrusion within 0.6 μs while still guaranteeing the safety of the plant. We also show that even if an attacker is successful (or gains access to the operating system’s administrative privileges), the overall state of the physical system still remains safe. © 2013 ACM.
@article{Mohan201365, author = {Mohan, S. and Bak, S. and Betti, E. and Yun, H. and Sha, L. and Caccamo, M.}, title = {S3A: Secure system simplex architecture for enhanced security and robustness of cyber-physical systems}, journal = {HiCoNS 2013 - 2nd ACM International Conference on High Confidence Networked Systems, Part of CPSWeek 2013}, year = {2013}, pages = {65-74}, doi = {10.1145/2461446.2461456}, url = {https://www.scopus.com/inward/record.uri?eid=2-s2.0-84877600779&doi=10.1145%2f2461446.2461456&partnerID=40&md5=097bb0d56911806c2ca97326bc355ba2}, author_keywords = {cyber-physical systems; intrusion detection; real-time systems; S3A; safety-critical systems; secure simplex; stuxnet}, keywords = {Cyber physical systems (CPSs); S3A; Safety critical systems; secure simplex; Stuxnet, Computer crime; Intrusion detection; Real time systems, Embedded systems}, document_type = {Conference Paper}, source = {Scopus}, } - Net simplex: Controller fault tolerance architecture in networked control systemsJ. Yao, X. Liu, G. Zhu, and L. ShaIEEE Transactions on Industrial Informatics, 2013
The assurance of reliability becomes increasingly challenging as the complexity of networked control systems (NCS) rapidly increases. Simplex architecture was designed to tolerate control software design and implementation. This architecture consists of a high assurance controller (HAC) and a high performance controller (HPC). The HAC uses the linear state feedback control to create a large maximum stability region (MSR). The HPC aims at achieving a better control performance and may use any design. However, the plant’s states under HPC must stay within the MSR, or the control is switched to HAC. © 2005-2012 IEEE.
@article{Yao2013346, author = {Yao, J. and Liu, X. and Zhu, G. and Sha, L.}, title = {Net simplex: Controller fault tolerance architecture in networked control systems}, journal = {IEEE Transactions on Industrial Informatics}, year = {2013}, volume = {9}, number = {1}, pages = {346-356}, doi = {10.1109/TII.2012.2219060}, art_number = {6303908}, url = {https://www.scopus.com/inward/record.uri?eid=2-s2.0-84871812178&doi=10.1109%2fTII.2012.2219060&partnerID=40&md5=bf932352af522aef3af5776619177328}, author_keywords = {Cyber-physical systems; NetSimplex; networked control systems; reliability}, keywords = {Control performance; Control software design; Cyber physical systems (CPSs); High assurance; High-performance controllers; Linear state feedback control; NetSimplex; Stability regions, Embedded systems; Fault tolerance; Networked control systems; Reliability, Controllers}, document_type = {Article}, source = {Scopus}, } - Model-based analysis of wireless system architectures for real-time applicationsK. Kang, M.-Y. Nam, and L. ShaIEEE Transactions on Mobile Computing, 2013
We propose a model-based description and analysis framework for the design of wireless system architectures. Its aim is to address the shortcomings of existing approaches to system verification and the tracking of anomalies in safety-critical wireless systems. We use Architecture Analysis and Description Language (AADL) to describe an analysis-oriented architecture model with highly modular components. We also develop the cooperative tool chains required to analyze the performance of a wireless system by simulation. We show how this framework can support a detailed and largely automated analysis of a complicated, networked wireless system using examples from wireless healthcare and video broadcasting. © 2002-2012 IEEE.
@article{Kang2013219, author = {Kang, K. and Nam, M.-Y. and Sha, L.}, title = {Model-based analysis of wireless system architectures for real-time applications}, journal = {IEEE Transactions on Mobile Computing}, year = {2013}, volume = {12}, number = {2}, pages = {219-232}, doi = {10.1109/TMC.2011.260}, art_number = {6104052}, url = {https://www.scopus.com/inward/record.uri?eid=2-s2.0-84871724468&doi=10.1109%2fTMC.2011.260&partnerID=40&md5=5ae08f9e9d7338d2d14951200e386161}, author_keywords = {Architecture analysis and description language (AADL); model-based analysis; wireless system architecture}, keywords = {Architecture analysis; Architecture models; Automated analysis; Description languages; Model-based analysis; Modular components; Real-time application; Safety-critical; System verifications; Video broadcasting; Wireless systems, Architecture; Health care, Tracking (position)}, document_type = {Article}, source = {Scopus}, } - Towards organ-centric compositional development of safe networked supervisory medical systemsW. Kang, P. Wu, M. Rahmaniheris, L. Sha, R.B. Berlin Jr., and J.M. GoldmanProceedings - IEEE Symposium on Computer-Based Medical Systems, 2013
Medical devices are increasingly capable of interacting with each other by leveraging network connectivity and interoperability, promising a great benefit for patient safety and effectiveness of medical services. However, ad-hoc integration of medical devices through networking can significantly increase the complexity of the system and make the system more vulnerable to potential errors and safety hazards. In this paper, we address this problem and introduce an organ-centric compositional development approach. In our approach, medical devices are composed into semi-autonomous clusters according to organ-specific physiology in a network-fail-safe manner. Each organ-centric cluster captures common device interaction patterns of sensing and control to support human physiology. The library of these formally verified organ-centric architectural patterns enables rapid and safe composition of supervisory controllers, which are specialized for specific medical scenarios. Using airway-laser surgery as a case study of practical importance, we demonstrate the feasibility of our approach under Simulink’s model-driven development framework. © 2013 IEEE.
@article{Kang2013144, author = {Kang, W. and Wu, P. and Rahmaniheris, M. and Sha, L. and Berlin Jr., R.B. and Goldman, J.M.}, title = {Towards organ-centric compositional development of safe networked supervisory medical systems}, journal = {Proceedings - IEEE Symposium on Computer-Based Medical Systems}, year = {2013}, pages = {143-148}, art_number = {6627779}, url = {https://www.scopus.com/inward/record.uri?eid=2-s2.0-84897094641&partnerID=40&md5=318d2034f5bfd51cbec59fe7cabf5d02}, keywords = {Biomedical equipment; Complex networks; Laser surgery; Physiology, Architectural pattern; Compositional development; Human physiology; Interaction pattern; Model driven development; Network connectivity; Practical importance; Supervisory controllers, Interoperability}, document_type = {Conference Paper}, source = {Scopus}, } - Modeling and architecture design of an MDPnP acute care monitoring systemM. Rahmaniheris, W. Kang, L.-J. Lee, L. Sha, R.B. Berlin Jr., and J.M. GoldmanProceedings - IEEE Symposium on Computer-Based Medical Systems, 2013
Medical Device Plug-and-Play (MDPnP) permits the mitigation of preventable medical errors. However, MDPnP results in a dynamic environment, which presents great challenges to traditional software architectures. This paper addresses these challenges by describing an abstract representation of dynamic clinical environment and a modular architecture is utilized to support safe system reconfiguration. © 2013 IEEE.
@article{Rahmaniheris2013515, author = {Rahmaniheris, M. and Kang, W. and Lee, L.-J. and Sha, L. and Berlin Jr., R.B. and Goldman, J.M.}, title = {Modeling and architecture design of an MDPnP acute care monitoring system}, journal = {Proceedings - IEEE Symposium on Computer-Based Medical Systems}, year = {2013}, pages = {514-515}, art_number = {6627855}, url = {https://www.scopus.com/inward/record.uri?eid=2-s2.0-84897075758&partnerID=40&md5=3482f563be3d2442383ae853ac5c99c0}, keywords = {Computer science; Computers, Abstract representation; Architecture designs; Clinical environments; Dynamic environments; Medical Devices; Modular architectures; Monitoring system; System reconfiguration, Biomedical equipment}, document_type = {Conference Paper}, source = {Scopus}, } - Middleware design for physically-asynchronous logically-synchronous (PALS) systemsA. Al-Nayeem, C. Kim, W. Kang, P.-L. Wu, and L. Sha2013 International Conference on Embedded Software, EMSOFT 2013, 2013
The Physically-Asynchronous Logically-Synchronous (PALS) system is a recently proposed architectural pattern for cyber-physical systems. It guarantees a logically synchronous design abstraction for real-time distributed computations. In this work, we develop a new middleware, called PALSware, to support an efficient and robust implementation of the PALS system and its extensions. PALSware guarantees consistency in distributed applications by eliminating any asynchronous interactions resulting from distributed clocks and node failures. We present a layered design for this middle-ware that is both reusable in different system architectures and can be extended with architecture-specific solutions for fault management. We demonstrate the middleware for an academic control testbed and show the consistency in a fault injection framework designed for this middleware. © 2013 IEEE.
@article{Al-Nayeem2013, author = {Al-Nayeem, A. and Kim, C. and Kang, W. and Wu, P.-L. and Sha, L.}, title = {Middleware design for physically-asynchronous logically-synchronous (PALS) systems}, journal = {2013 International Conference on Embedded Software, EMSOFT 2013}, year = {2013}, doi = {10.1109/EMSOFT.2013.6658583}, art_number = {6658583}, url = {https://www.scopus.com/inward/record.uri?eid=2-s2.0-84892651134&doi=10.1109%2fEMSOFT.2013.6658583&partnerID=40&md5=c17591abcb16da9ee01275e80d2ab49d}, keywords = {Embedded software; Embedded systems, Architectural pattern; Asynchronous interaction; Distributed applications; Distributed clocks; Distributed computations; Middleware design; Synchronous designs; System architectures, Middleware}, document_type = {Conference Paper}, source = {Scopus}, } - On-chip control flow integrity check for real time embedded systemsF.A.T. Abad, J.V.D. Woude, Y. Lu, S. Bak, M. Caccamo, L. Sha, R. Mancuso, and S. Mohan2013 IEEE 1st International Conference on Cyber-Physical Systems, Networks, and Applications, CPSNA 2013, 2013
Modern industrial plants, vehicles and other cyber-physical systems are increasingly being built as an aggregation of embedded platforms. Together with the soaring number of such systems and the current trends of increased connectivity, new security concerns are emerging. Classic approaches to security are not often suitable for embedded platforms. In this paper we propose a hardware based approach for checking the integrity of code flow of real-time tasks whit precisely predictable overheads that do not affect the critical path. Specifically, we employ a hardware module to perform control flow graph (CFG) validation at run-time of real-time component. For this purpose, we developed a binary-based, CFG generation tool. In addition, we also present our implementation of a CFG integrity checking module. The proposed approach is aimed at improving real-time systems security. © 2013 IEEE.
@article{Abad201326, author = {Abad, F.A.T. and Woude, J.V.D. and Lu, Y. and Bak, S. and Caccamo, M. and Sha, L. and Mancuso, R. and Mohan, S.}, title = {On-chip control flow integrity check for real time embedded systems}, journal = {2013 IEEE 1st International Conference on Cyber-Physical Systems, Networks, and Applications, CPSNA 2013}, year = {2013}, pages = {26-31}, doi = {10.1109/CPSNA.2013.6614242}, art_number = {6614242}, url = {https://www.scopus.com/inward/record.uri?eid=2-s2.0-84887362111&doi=10.1109%2fCPSNA.2013.6614242&partnerID=40&md5=7852a09356981f8f8e40b6c62ebba3df}, keywords = {Data flow analysis; Hardware; Industrial plants; Real time systems, Control flow graphs; Control-flow integrities; Cyber physical systems (CPSs); Embedded platforms; Hardware modules; Hardware-based approach; Integrity checking; Real-time embedded systems, Embedded systems}, document_type = {Conference Paper}, source = {Scopus}, } - Optimized scheduling of multi-IMA partitions with exclusive region for synchronized real-time multi-core systemsJ.-E. Kim, M.-K. Yoon, S. Im, R. Bradford, and L. ShaProceedings -Design, Automation and Test in Europe, DATE, 2013
Integrated Modular Avionics (IMA) architecture has been widely adopted by the avionics industry due to its strong temporal and spatial isolation capability for safety-critical realtime systems. The fundamental challenge to integrating an existing set of single-core IMA partitions into a multi-core system is to ensure that the isolation of the partitions will be maintained without incurring huge redevelopment and recertification costs. To address this challenge, we developed an optimized partition scheduling algorithm which considers exclusive regions to achieve the synchronization between partitions across cores. We show that the problem of finding the optimal partition schedule is NP-complete and present a Constraint Programming formulation. In addition, we relax this problem to find the minimum number of cores needed to schedule a given set of partitions and propose an approximation algorithm which is guaranteed to find a feasible schedule of partitions if there exists a feasible schedule of exclusive regions. © 2013 EDAA.
@article{Kim2013970, author = {Kim, J.-E. and Yoon, M.-K. and Im, S. and Bradford, R. and Sha, L.}, title = {Optimized scheduling of multi-IMA partitions with exclusive region for synchronized real-time multi-core systems}, journal = {Proceedings -Design, Automation and Test in Europe, DATE}, year = {2013}, pages = {970-975}, doi = {10.7873/date.2013.203}, art_number = {6513649}, url = {https://www.scopus.com/inward/record.uri?eid=2-s2.0-84885646626&doi=10.7873%2fdate.2013.203&partnerID=40&md5=407746dfc34264e3f42b1c533926ddd3}, keywords = {Accident prevention; Approximation algorithms; Avionics; Computer programming; Constraint theory; Optimization; Real time systems, Constraint programming; Feasible schedule; Integrated modular avionics; Multi-core systems; Optimal partitions; Optimized partition; Optimized scheduling; Temporal and spatial, Scheduling algorithms}, document_type = {Conference Paper}, source = {Scopus}, } - Holistic design parameter optimization of multiple periodic resources in hierarchical schedulingM.-K. Yoon, J.-E. Kim, R. Bradford, and L. ShaProceedings -Design, Automation and Test in Europe, DATE, 2013
Hierarchical scheduling of periodic resources has been increasingly applied to a wide variety of real-time systems due to its ability to accommodate various applications on a single system through strong temporal isolation. This leads to the question of how one can optimize over the resource parameters while satisfying the timing requirements of real-time applications. A great deal of research has been devoted to deriving the analytic model for the bounds on the design parameter of a single resource as well as its optimization. The optimization for multiple periodic resources, however, requires a holistic approach due to the conflicting requirements of the limited computational capacity of a system among resources. Thus, this paper addresses a holistic optimization of multiple periodic resources with regard to minimum system utilization. We extend the existing analysis of a single resource in order for the variable interferences among resources to be captured in the resource bound, and then solve the problem with Geometric Programming (GP). The experimental results show that the proposed method can find a solution very close to the one optimized via an exhaustive search and that it can explore more solutions than a known heuristic method. © 2013 EDAA.
@article{Yoon20131313, author = {Yoon, M.-K. and Kim, J.-E. and Bradford, R. and Sha, L.}, title = {Holistic design parameter optimization of multiple periodic resources in hierarchical scheduling}, journal = {Proceedings -Design, Automation and Test in Europe, DATE}, year = {2013}, pages = {1313-1318}, doi = {10.7873/date.2013.271}, art_number = {6513717}, url = {https://www.scopus.com/inward/record.uri?eid=2-s2.0-84885583317&doi=10.7873%2fdate.2013.271&partnerID=40&md5=6e91db35dfe549b93df0cf476d589739}, keywords = {Heuristic methods; Hierarchical systems; Interactive computer systems; Mathematical programming; Scheduling, Computational capacity; Geometric programming; Hierarchical scheduling; Holistic optimizations; Real-time application; Resource parameters; Temporal isolation; Timing requirements, Real time systems}, document_type = {Conference Paper}, source = {Scopus}, } - Design and QoS of a wireless system for real-time remote electrocardiographyK. Kang, J. Ryu, J. Hur, and L. ShaIEEE Journal of Biomedical and Health Informatics, 2013
Quality of service (QoS) and, in particular, reliability and a bounded low latency are essential attributes of safety-critical wireless systems for medical applications. However, wireless links are typically prone to bursts of errors, with characteristics which vary over time.We propose a wireless system suitable for real-time remote patient monitoring in which the necessary reliability and guaranteed latency are both achieved by an efficient error control scheme. We have paired an example remote electrocardiography application to this wireless system. We also developed a tool chain that uses a formal description of the proposed wireless medical system architecture in the architecture analysis and design language to assess various combinations of system parameters: we can determine the QoS in terms of packet-delivery ratio and the service latency, and also the size of jitter buffer required for seamless ECG monitoring. A realistic assessment, based on data from the MIT-BIT arrhythmia database, shows that the proposed wireless system can achieve an appropriate level of QoS for real-time ECG monitoring if link-level error control is correctly implemented. Additionally, we present guidelines for the design of energy-efficient link-level error control, derived from energy data, obtained from simulations. © 2013 IEEE.
@article{Kang2013745, author = {Kang, K. and Ryu, J. and Hur, J. and Sha, L.}, title = {Design and QoS of a wireless system for real-time remote electrocardiography}, journal = {IEEE Journal of Biomedical and Health Informatics}, year = {2013}, volume = {17}, number = {3}, pages = {745-755}, doi = {10.1109/JBHI.2013.2237782}, url = {https://www.scopus.com/inward/record.uri?eid=2-s2.0-84885095024&doi=10.1109%2fJBHI.2013.2237782&partnerID=40&md5=5a50fc93592a378c77cecb19d36c6f1e}, author_keywords = {Latency; Real-time ECG monitoring; Reliability; Wireless healthcare}, keywords = {Electrocardiography; Energy efficiency; Errors; Medical applications; Reliability; Remote patient monitoring; Safety engineering, Architecture analysis; Design languages; Ecg monitoring; Error control schemes; Formal Description; Latency; Packet delivery ratio; Wireless healthcares, Quality of service, algorithm; article; computer network; computer simulation; electrocardiography; equipment; factual database; human; medical informatics; methodology; signal processing; telemetry; wireless communication, Algorithms; Computer Communication Networks; Computer Simulation; Databases, Factual; Electrocardiography; Humans; Medical Informatics Computing; Signal Processing, Computer-Assisted; Telemetry; Wireless Technology}, document_type = {Article}, source = {Scopus}, } - Design of a crossbar VOQ real-time switch with clock-driven scheduling for a guaranteed delay boundK. Kang, K.-J. Park, L. Sha, and Q. WangReal-Time Systems, 2013
Most commercial network switches are designed to achieve good average throughput and delay needed for Internet traffic, whereas hard real-time applications demand a bounded delay. Our real-time switch combines clearance-time-optimal switching with clock-based scheduling on a crossbar switching fabric. We use real-time virtual machine tasks to serve both periodic and aperiodic traffic, which simplifies analysis and provides isolation from other system operations. We can then show that any feasible traffic will be switched in two clock periods. This delay bound is enabled by introducing one-shot traffic, which can be constructed at the cost of a fixed delay of one clock period. We carry out simulation to compare our switch with the popular iSLIP crossbar switch scheduler. Our switch has a larger schedulability region, a bounded lower end-to-end switching delay, and a shorter clearance time which is the time required to serve every packet in the system. © 2012 Springer Science+Business Media New York.
@article{Kang2013117, author = {Kang, K. and Park, K.-J. and Sha, L. and Wang, Q.}, title = {Design of a crossbar VOQ real-time switch with clock-driven scheduling for a guaranteed delay bound}, journal = {Real-Time Systems}, year = {2013}, volume = {49}, number = {1}, pages = {117-135}, doi = {10.1007/s11241-012-9169-6}, url = {https://www.scopus.com/inward/record.uri?eid=2-s2.0-84875839988&doi=10.1007%2fs11241-012-9169-6&partnerID=40&md5=8cd43aae968737fffb03fa4b7c3d50d6}, author_keywords = {Bounded delay; Clock-driven scheduling; Real-time switch; Schedulability analysis}, keywords = {Average throughput; Bounded delays; Commercial networks; Crossbar switching; Guaranteed delay bound; Schedulability analysis; System operation; Virtual machines, Scheduling; Time switches, Clocks}, document_type = {Article}, source = {Scopus}, } - Real-time I/O management system with COTS peripheralsE. Betti, S. Bak, R. Pellizzoni, M. Caccamo, and L. ShaIEEE Transactions on Computers, 2013
Real-time embedded systems are increasingly being built using commercial-off-the-shelf (COTS) components such as mass-produced peripherals and buses to reduce costs, time-to-market, and increase performance. Unfortunately, COTS-interconnect systems do not usually guarantee timeliness, and might experience severe timing degradation in the presence of high-bandwidth I/O peripherals. Moreover, peripherals do not implement any internal priority-based scheduling mechanism, hence, sharing a device can result in data of high priority tasks being delayed by data of low priority tasks. To address these problems, we designed a real-time I/O management system comprised of 1) real-time bridges with I/O virtualization capabilities, and 2) a peripheral scheduler. The proposed framework is used to transparently put the I/O subsystem of a COTS-based embedded system under the discipline of real-time scheduling, minimizing the timing unpredictability due to the peripherals sharing the bus. We also discuss computing the maximum delay due to buffered I/O data transactions as well as determining the buffer size needed to avoid data loss. Finally, we demonstrate experimentally that our prototype real-time I/O management system successfully exports multiple virtual devices for a single physical device and prioritizes I/O traffic, guaranteeing its timeliness. © 2012 IEEE.
@article{Betti201345, author = {Betti, E. and Bak, S. and Pellizzoni, R. and Caccamo, M. and Sha, L.}, title = {Real-time I/O management system with COTS peripherals}, journal = {IEEE Transactions on Computers}, year = {2013}, volume = {62}, number = {1}, pages = {45-58}, doi = {10.1109/TC.2011.202}, art_number = {6051430}, url = {https://www.scopus.com/inward/record.uri?eid=2-s2.0-84870565920&doi=10.1109%2fTC.2011.202&partnerID=40&md5=44e3fcd98ae72c7918197ce088202fb5}, author_keywords = {bus; COTS; input/output; Linux; peripheral; Real-time; scheduling}, keywords = {COTS; Input/output; Linux; peripheral; Real-time, Bridges; Buses; Computer operating systems; Embedded systems; International trade; Scheduling; Websites, Management}, document_type = {Article}, source = {Scopus}, }
2012
- Model-based design of a wireless telemetry system and QoS assessment using AADLK. Kang, M.-Y. Nam, J. Lee, J. Park, H. Yoo, and L. ShaProceedings - 2012 IEEE International Conference on Bioinformatics and Biomedicine Workshops, BIBMW 2012, 2012
High reliability and acceptable latency are major quality-of-service (QoS) considerations in the design of wireless telemetry systems. In this paper, we show how to analyze the QoS of the wireless telemetry system using its formal description written in the Architecture Analysis & Design Language (AADL) and integrated tool chain, with an exemplar electrocardiogram monitoring application. © 2012 IEEE.
@article{Kang2012748, author = {Kang, K. and Nam, M.-Y. and Lee, J. and Park, J. and Yoo, H. and Sha, L.}, title = {Model-based design of a wireless telemetry system and QoS assessment using AADL}, journal = {Proceedings - 2012 IEEE International Conference on Bioinformatics and Biomedicine Workshops, BIBMW 2012}, year = {2012}, pages = {748-749}, doi = {10.1109/BIBMW.2012.6470230}, art_number = {6470230}, url = {https://www.scopus.com/inward/record.uri?eid=2-s2.0-84875623599&doi=10.1109%2fBIBMW.2012.6470230&partnerID=40&md5=6e558dd138a39c2c4aca2944205e88dd}, keywords = {Architecture analysis; Design languages; Formal Description; High reliability; Integrated tools; Model-based design; Monitoring applications; Wireless telemetry systems, Bioinformatics; Design; Telemetering; Telemetering equipment, Quality of service}, document_type = {Conference Paper}, source = {Scopus}, } - Modeling towards incremental early analyzability of networked avionics systems using virtual integrationM.-Y. Nam, K. Kang, R. Pellizzoni, K.-J. Park, J.-E. Kim, and L. ShaTransactions on Embedded Computing Systems, 2012
With the advance of hardware technology, more features are incrementally added to already existing networked systems. Avionics has a stronger tendency to use preexisting applications due to its complexity and scale. As resource sharing becomes intense among the network and the computing modules, it has become a difficult task for the system designer to make confident architectural decisions even for incremental changes. Providing a tailored environment to model and analyze incremental changes requires a combination of software tools and hardware support.We have built a virtual integration tool called ASIIST which can provide a worst-case end-to-end latency of data that is sent through a network and the internal bus architecture of the end-systems. Also, we have devised a new real-time switching algorithm which guarantees the worst-case network delay of preexisting network traffic under feasible conditions. With the real-time switch support, ASIIST can provide an early modularized analysis of the end-to-end latency to make architectural design choices and incremental changes easier for the user. © 2012 ACM.
@article{Nam2012, author = {Nam, M.-Y. and Kang, K. and Pellizzoni, R. and Park, K.-J. and Kim, J.-E. and Sha, L.}, title = {Modeling towards incremental early analyzability of networked avionics systems using virtual integration}, journal = {Transactions on Embedded Computing Systems}, year = {2012}, volume = {11}, number = {4}, doi = {10.1145/2362336.2362348}, art_number = {81}, url = {https://www.scopus.com/inward/record.uri?eid=2-s2.0-84872470094&doi=10.1145%2f2362336.2362348&partnerID=40&md5=df548778e9e1a8cdfb3db0ff8187472b}, author_keywords = {AADL; Avionics system design; End-to-end delay analysis; Modeling; Switching algorithm; Virtual integration}, keywords = {AADL; Avionics systems; End to end delay; Switching algorithms; Virtual integration, Algorithms; Architectural design; Avionics; Hardware; Models, Systems analysis}, document_type = {Article}, source = {Scopus}, } - How to reliably integrate medical devices over wirelessC. Kim, M. Sun, M. Rahmaniheris, and L. ShaAnnual IEEE Communications Society Conference on Sensor, Mesh and Ad Hoc Communications and Networks workshops, 2012
This demonstration presents our NASS (Network Aware Supervisory System) framework prototype for medical device integration systems. The NASS framework interconnects medical devices over wireless for convenience, seamlessness and sanitation, and provides safety-guaranteed supervision. Our prototype was developed in Sun Java Real-time Environment. Real-time Java provides well-formed convenience of dynamically loading and unloading medical application logic and safety rules on the fly in real-time environments. To tackle the complexity of using real-time Java in the safety-critical system, we also applied HW/SW codesign method. Real-time Java Environment Linux operating system may not be robust enough for medical devices to fully rely on. In our prototype, the supervisor software in Java performs all logical decisions including contingency plan generation derived from the safety rules. Once logic is decided, the decisions and plans for the devices are delivered to the hardware implemented in FPGA at each device to physically drive medical equipments. Since the execution of decisions and plans are delegated to the hardware, any failure in software does not harm the integrated safety. Our demonstration shows how safety is managed in different kinds of failures from wireless network failures to device software failures. © 2012 IEEE.
@article{Kim201285, author = {Kim, C. and Sun, M. and Rahmaniheris, M. and Sha, L.}, title = {How to reliably integrate medical devices over wireless}, journal = {Annual IEEE Communications Society Conference on Sensor, Mesh and Ad Hoc Communications and Networks workshops}, year = {2012}, volume = {1}, pages = {85-87}, doi = {10.1109/SECON.2012.6276355}, art_number = {6276355}, url = {https://www.scopus.com/inward/record.uri?eid=2-s2.0-84867962749&doi=10.1109%2fSECON.2012.6276355&partnerID=40&md5=b9cf9bfc27a7f7eb47b17d32e6660388}, keywords = {Contingency plans; HW/SW Codesign; LINUX- operating system; Loading and unloading; Logical decisions; Medical Devices; On the flies; Real-time environment; Real-time Java; Safety critical systems; Safety rules; Software failure; Supervisory systems, Computer software; Dynamic loads; Hardware; Loading; Medical applications; MESH networking; Real time systems; Sensors; Software prototyping; Unloading, Biomedical equipment}, document_type = {Conference Paper}, source = {Scopus}, } - Memory access control in multiprocessor for real-time systems with mixed criticalityH. Yun, G. Yao, R. Pellizzoni, M. Caccamo, and L. ShaProceedings - Euromicro Conference on Real-Time Systems, 2012
Shared resource access interference, particularly memory and system bus, is a big challenge in designing predictable real-time systems because its worst case behavior can significantly differ. In this paper, we propose a software based memory throttling mechanism to explicitly control the memory interference. We developed analytic solutions to compute proper throttling parameters that satisfy schedulability of critical tasks while minimize performance impact caused by throttling. We implemented the mechanism in Linux kernel and evaluated isolation guarantee and overall performance impact using a set of synthetic and real applications. © 2012 IEEE.
@article{Yun2012299, author = {Yun, H. and Yao, G. and Pellizzoni, R. and Caccamo, M. and Sha, L.}, title = {Memory access control in multiprocessor for real-time systems with mixed criticality}, journal = {Proceedings - Euromicro Conference on Real-Time Systems}, year = {2012}, pages = {299-308}, doi = {10.1109/ECRTS.2012.32}, art_number = {6257581}, url = {https://www.scopus.com/inward/record.uri?eid=2-s2.0-84866464961&doi=10.1109%2fECRTS.2012.32&partnerID=40&md5=22fe0930679f905c1f1789ec282ff13f}, keywords = {Analytic solution; Critical tasks; Linux kernel; Performance impact; Real applications; Schedulability; Shared resources; Software-based; System bus; Throttling mechanism, Access control, Real time systems}, document_type = {Conference Paper}, source = {Scopus}, } - Pattern-based composition and analysis of virtually synchronized real-time distributed systemsA. Al-Nayeem, L. Sha, D.D. Cofer, and S.M. MillerProceedings - 2012 IEEE/ACM 3rd International Conference on Cyber-Physical Systems, ICCPS 2012, 2012
Designing and verifying distributed protocols in a multi-rate asynchronous system is, in general, extremely difficult when the distributed computations require consistent input views, consistent actions and synchronized state transitions. In this paper, we address this problem and introduce a formal, complexity-reducing architectural pattern, called Multi-Rate PALS system, to support virtual synchronization in multi-rate distributed computations. The pattern supports a component to be virtually synchronized with other components in different instantiations of this pattern. We present an application of a hierarchical control system to show that the composition of these instantiations can be used to achieve desired system-level properties, such as distributed consistency and distributed coordination. We verify the logical synchronization guarantee of this pattern, which holds as long as the pattern assumptions are satisfied. We also discuss the correctness analysis necessary to validate these assumptions and provide a tool support to perform this analysis automatically on the AADL models. © 2012 IEEE.
@article{Al-Nayeem201265, author = {Al-Nayeem, A. and Sha, L. and Cofer, D.D. and Miller, S.M.}, title = {Pattern-based composition and analysis of virtually synchronized real-time distributed systems}, journal = {Proceedings - 2012 IEEE/ACM 3rd International Conference on Cyber-Physical Systems, ICCPS 2012}, year = {2012}, pages = {65-74}, doi = {10.1109/ICCPS.2012.15}, art_number = {6197389}, url = {https://www.scopus.com/inward/record.uri?eid=2-s2.0-84861507919&doi=10.1109%2fICCPS.2012.15&partnerID=40&md5=2c7ef3bbeb045f9159265db048847954}, author_keywords = {complexity reduction; Design patterns; virtual synchronization}, document_type = {Conference Paper}, source = {Scopus}, } - Compositional verification of architectural modelsD. Cofer, A. Gacek, S. Miller, M.W. Whalen, B. LaValley, and L. ShaLecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics), 2012
This paper describes a design flow and supporting tools to significantly improve the design and verification of complex cyber-physical systems. We focus on system architecture models composed from libraries of components and complexity-reducing design patterns having formally verified properties. This allows new system designs to be developed rapidly using patterns that have been shown to reduce unnecessary complexity and coupling between components. Components and patterns are annotated with formal contracts describing their guaranteed behaviors and the contextual assumptions that must be satisfied for their correct operation. We describe the compositional reasoning framework that we have developed for proving the correctness of a system design, and provide a proof of the soundness of our compositional reasoning approach. An example based on an aircraft flight control system is provided to illustrate the method and supporting analysis tools. © 2012 Springer-Verlag.
@article{Cofer2012126, author = {Cofer, D. and Gacek, A. and Miller, S. and Whalen, M.W. and LaValley, B. and Sha, L.}, title = {Compositional verification of architectural models}, journal = {Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)}, year = {2012}, volume = {7226 LNCS}, pages = {126-140}, doi = {10.1007/978-3-642-28891-3_13}, url = {https://www.scopus.com/inward/record.uri?eid=2-s2.0-84859476804&doi=10.1007%2f978-3-642-28891-3_13&partnerID=40&md5=bc1438befd8357405fcf0eaec5d4a2c5}, author_keywords = {AADL; compositional verification; Cyber-physical systems; DARPA; design patterns; formal methods; META; model checking; SysML}, keywords = {AADL; compositional verification; Cyber physical systems (CPSs); DARPA; design patterns; META; SysML, Embedded systems; Formal methods; Model checking; NASA; Systems analysis, Models}, document_type = {Conference Paper}, source = {Scopus}, }
2011
- Optimizing tunable WCET with shared resource allocation and arbitration in hard real-time multicore systemsM.-K. Yoon, J.-E. Kim, and L. ShaProceedings - Real-Time Systems Symposium, 2011
The unpredictable worst-case timing behavior of multicore architectures has been the biggest stumbling block for a widespread use of multicores in hard real-time systems. A great deal of research effort has been devoted to address the issue. Among others, the development of a new multicore architecture has emerged as an attractive solution because it can eliminate the unpredictable interference sources in the first place. This opens a new possibility of system-level optimizations with multicore-based hard real-time systems. To address this issue, we propose a new perspective of WCET model called tunable WCET, in which the WCETs of tasks are elastically adjusted according to the optimal shared resource allocation and arbitration methods. For this, we propose novel WCET-aware harmonic round-robin bus scheduling and two-level cache partitioning method. We present a mixed integer linear programming formulation as the solution to the optimization of tunable WCETs. Our experimental results show that the proposed methods can significantly lower overall system utilizations. © 2011 IEEE.
@article{Yoon2011227, author = {Yoon, M.-K. and Kim, J.-E. and Sha, L.}, title = {Optimizing tunable WCET with shared resource allocation and arbitration in hard real-time multicore systems}, journal = {Proceedings - Real-Time Systems Symposium}, year = {2011}, pages = {227-238}, doi = {10.1109/RTSS.2011.28}, art_number = {6121441}, url = {https://www.scopus.com/inward/record.uri?eid=2-s2.0-84863024647&doi=10.1109%2fRTSS.2011.28&partnerID=40&md5=d3a80568d4c7e303f321a2418de3e9d8}, keywords = {Attractive solutions; Cache partitioning; Hard real-time; Hard real-time systems; Interference sources; Mixed integer linear programming; Multi-core systems; Multi-cores; Multicore architectures; Research efforts; Round Robin; Stumbling blocks; System level optimization; System utilization, Integer programming; Linear programming; Optimization; Resource allocation; Software architecture, Real time systems}, document_type = {Conference Paper}, source = {Scopus}, } - Limiting worst-case end-to-end latency when traffic increases in a switched avionics networkM.-Y. Nam, E. Seo, L. Sha, K.-J. Park, and K. KangProceedings - 17th IEEE International Conference on Embedded and Real-Time Computing Systems and Applications, RTCSA 2011, 2011
New features are often added incrementally to avionics systems. This avoids redesign and recertification but still requires verifying the timing constraints of both new and existing applications. We introduce a new switch that facilitates this verification by bounding the latency of end-to-end communication across a network. Our clock-driven real-time switching algorithm is throughput-optimal with a bounded worst-case delay for all feasible traffic. Associated heuristics can verify whether the timing constraints of an avionics network are met, after new features have caused traffic to increase, and then search for alternative network configurations if necessary. We show how these heuristics cope with changes to an example environmental monitoring architecture within an avionics system that incorporates our switch. Our approach to analysis can be used to determine, quickly but rigorously, which system architecture meet timing constraints; and it allows the system architect to manage the cascading effects of component changes in a comprehensive manner. © 2011 IEEE.
@article{Nam2011285, author = {Nam, M.-Y. and Seo, E. and Sha, L. and Park, K.-J. and Kang, K.}, title = {Limiting worst-case end-to-end latency when traffic increases in a switched avionics network}, journal = {Proceedings - 17th IEEE International Conference on Embedded and Real-Time Computing Systems and Applications, RTCSA 2011}, year = {2011}, volume = {1}, pages = {285-294}, doi = {10.1109/RTCSA.2011.9}, art_number = {6029839}, url = {https://www.scopus.com/inward/record.uri?eid=2-s2.0-84855565535&doi=10.1109%2fRTCSA.2011.9&partnerID=40&md5=1669da343a6a7f215c2b271753cdd7ec}, keywords = {Alternative network; Avionics systems; Cascading effects; End-to-End communication; End-to-end latency; Environmental Monitoring; Real-time switching; Recertification; System architects; System architectures; Timing constraints, Avionics; Embedded systems; Network architecture; Timing circuits, Switching circuits}, document_type = {Conference Paper}, source = {Scopus}, } - Resource allocation contracts for open analytic runtime modelsM.-Y. Nam, D. De Niz, L. Wrage, and L. ShaEmbedded Systems Week 2011, ESWEEK 2011 - 9th ACM International Conference on Embedded Software, EMSOFT’11, 2011
Open Analytic Runtime (OAR) Models embed analysis algorithms into runtime architectural models, thus integrating the model and its analytic interpretations. Such an integration is critical for Cyber-Physical Systems (CPS) when model parts are independently developed by different teams as it is the case in multi-tier industries, e.g. avionics and automotive. Analysis algorithms play a central role augmenting the designer’s capacity to automatically verify properties of interest in systems at the scale and complexity required by these industries. Unfortunately, the verification results are valid only if the assumptions of the different analysis algorithms (analytic assumptions) are consistent with each other. This paper presents our work on the automatic verification of one important class of analytic assumptions in OAR models: resource allocation assumptions. These assumptions are modeled as Resource Allocation (RA) contracts. RA contract constructs include not only the typical assumes and guarantees but also runtime facts and impli- cations. Finally, we automatically determine the correct sequence of execution of the analysis algorithms based on the contract input/output dependencies described in our models. Together these characteristics enable the automatic assumption verification that preserves the scalability of analytic models. We illustrate our approach using an example model with analysis algorithms for security, schedulability, and energy efficiency. Copyright © 2011 ACM.
@article{Nam201113, author = {Nam, M.-Y. and De Niz, D. and Wrage, L. and Sha, L.}, title = {Resource allocation contracts for open analytic runtime models}, journal = {Embedded Systems Week 2011, ESWEEK 2011 - 9th ACM International Conference on Embedded Software, EMSOFT'11}, year = {2011}, pages = {13-22}, doi = {10.1145/2038642.2038647}, url = {https://www.scopus.com/inward/record.uri?eid=2-s2.0-80455164863&doi=10.1145%2f2038642.2038647&partnerID=40&md5=57f9a2fddf15d304877f4452ce37568d}, author_keywords = {Aadl; Assumption; Cyber-physical systems; Design by contract; Management; Resource allocation}, keywords = {Aadl; Analysis algorithms; Analytic models; Architectural models; Assumption; Automatic verification; Cyber-physical systems; Design by contract; Input/output; Multi-tier; Runtime models; Runtimes; Schedulability; Verification results, Algorithms; Embedded software; Embedded systems; Energy efficiency; Resource allocation, Mathematical models}, document_type = {Conference Paper}, source = {Scopus}, } - System-wide energy optimization for multiple DVS components and real-time tasksH. Yun, P.-L. Wu, A. Arya, C. Kim, T. Abdelzaher, and L. ShaReal-Time Systems, 2011
Most dynamic voltage and frequency scaling (DVS) techniques adjust only CPU parameters; however, recent embedded systems provide multiple adjustable clocks which can be independently tuned. When considering multiple components, energy optimal frequencies depend on task set characteristics such as the number of CPU and memory access cycles. In this work, we propose a realistic energy model considering multiple components with individually adjustable frequencies such as CPUs, system bus and memory, and related task set characteristics. The model is validated on a real platform and shows less than 2% relative error compared to measured values. Based on the proposed energy model, we present an optimal static frequency assignment scheme for multiple DVS components to schedule a set of periodic real-time tasks. We simulate the energy gain of the proposed scheme compared to other DVS schemes for various task and system configurations, showing up to a 20% energy reduction. We also experimentally verify energy savings of the proposed scheme on a real hardware platform. © 2011 Springer Science+Business Media, LLC.
@article{Yun2011489, author = {Yun, H. and Wu, P.-L. and Arya, A. and Kim, C. and Abdelzaher, T. and Sha, L.}, title = {System-wide energy optimization for multiple DVS components and real-time tasks}, journal = {Real-Time Systems}, year = {2011}, volume = {47}, number = {5}, pages = {489-515}, doi = {10.1007/s11241-011-9125-x}, url = {https://www.scopus.com/inward/record.uri?eid=2-s2.0-80052647048&doi=10.1007%2fs11241-011-9125-x&partnerID=40&md5=03b5bcf4f80910bfa368a546a8c954cd}, author_keywords = {Dynamic voltage scaling (DVS); Energy model; Multi-DVS; Real-time task scheduling}, keywords = {Adjustable frequency; Dynamic voltage and frequency scaling; Dynamic voltage scaling; Energy gain; Energy model; Energy optimization; Energy reduction; Hardware platform; Memory access; Multi-DVS; Multiple components; Optimal frequency; Real-time tasks; Relative errors; Static frequency; System bus; System configurations, Embedded systems; Optimization; Program processors, Voltage stabilizing circuits}, document_type = {Article}, source = {Scopus}, } - Pre-verified safety control framework for real-time medical systemsC. Kim, H. Yun, H.-G. Kim, and L. ShaInformation, 2011
Interoperability of medical devices is a growing need in modern healthcare systems, not just for convenience, but also to preclude potential human errors during medical procedures. Caregivers, as end users, strongly prefer the use of wireless networks for such interconnections between clinical devices due to its seamless connectivity and ease of use/maintenance. In [10], we introduced a Network-Aware Safety Supervisior framework to integrate medical devices into clinical supervisory systems using finite state machine (FSM). In this paper, we simplify FSM into Boolean Logic to minimize safety logic overhead and introduce a generic method, called pre-verified safety control (PVSC) framework to integrate medical devices into clinical management systems using wireless technologies that have their safety properties verified in a formal manner. Our method provides (i) a PVSC safety layer that automatically generates the safety engine to guarantee given safety requirements and (ii) an abstracted application development environment so that applications can be developed independent of underlying complications of wireless communication. To mitigate negative effects due to packet losses, the PVSC framework employs a pipelined "pre-planning" of the device controls. The key motivation of the work in this paper is to preserve safety and the application development environment, as is, even after adding unreliable communication media, such as wireless, along with a pre-planning mechanism. © 2011 International Information Institute.
@article{Kim20111663, author = {Kim, C. and Yun, H. and Kim, H.-G. and Sha, L.}, title = {Pre-verified safety control framework for real-time medical systems}, journal = {Information}, year = {2011}, volume = {14}, number = {5}, pages = {1663-1674}, url = {https://www.scopus.com/inward/record.uri?eid=2-s2.0-84860191233&partnerID=40&md5=138b4ae534357819935b05614624e8c0}, document_type = {Conference Paper}, source = {Scopus}, } - A medical-grade wireless architecture for remote electrocardiographyK. Kang, K.-J. Park, J.-J. Song, C.-H. Yoon, and L. ShaIEEE Transactions on Information Technology in Biomedicine, 2011
In telecardiology, electrocardiogram (ECG) signals from a patient are acquired by sensors and transmitted in real time to medical personnel across a wireless network. The use of IEEE 802.11 wireless LANs (WLANs), which are already deployed in many hospitals, can provide ubiquitous connectivity and thus allow cardiology patients greater mobility. However, engineering issues, including the error-prone nature of wireless channels and the unpredictable delay and jitter due to the nondeterministic nature of access to the wireless medium, need to be addressed before telecardiology can be safely realized. We propose a medical-grade WLAN architecture for remote ECG monitoring, which employs the point-coordination function (PCF) for medium access control and ReedSolomon coding for error control. Realistic simulations with uncompressed two-lead ECG data from the MIT-BIH arrhythmia database demonstrate reliable wireless ECG monitoring; the reliability of ECG transmission exceeds 99.99% with the initial buffering delay of only 2.4 s. © 2006 IEEE.
@article{Kang2011260, author = {Kang, K. and Park, K.-J. and Song, J.-J. and Yoon, C.-H. and Sha, L.}, title = {A medical-grade wireless architecture for remote electrocardiography}, journal = {IEEE Transactions on Information Technology in Biomedicine}, year = {2011}, volume = {15}, number = {2}, pages = {260-267}, doi = {10.1109/TITB.2011.2104365}, art_number = {5682049}, url = {https://www.scopus.com/inward/record.uri?eid=2-s2.0-79952469171&doi=10.1109%2fTITB.2011.2104365&partnerID=40&md5=fa6876ab396224274fe7e918dcc427aa}, author_keywords = {Electrocardiogram (ECG); IEEE 802.11; telecardiology; wireless healthcare}, keywords = {Buffering delay; Coordination functions; Delay and jitter; ECG data; Electrocardiogram (ECG); Electrocardiogram signal; Error control; Error prones; IEEE 802.11; IEEE 802.11 wireless LAN; Medical personnel; Real time; Realistic simulation; Reed-Solomon coding; Telecardiology; Wireless architectures; Wireless channel; Wireless ECG monitoring; wireless healthcare; Wireless medium; WLAN architectures, Electrocardiography; Electrochromic devices; Health care; Jitter; Network architecture; Standards; Telecommunication networks, Medium access control, algorithm; article; computer simulation; electrocardiography; electronics; human; instrumentation; methodology; signal processing; telemedicine; telemetry; wireless communication, Algorithms; Computer Simulation; Electrocardiography, Ambulatory; Electronics, Medical; Humans; Signal Processing, Computer-Assisted; Telemedicine; Telemetry; Wireless Technology}, document_type = {Article}, source = {Scopus}, }
2010
- Reconstructing missing signals in multi-parameter physiologic data by mining the aligned contextual informationY. Li, Y. Sun, P. Sondhi, L. Sha, and C. ZhaiComputing in Cardiology, 2010
The PhysioNet Challenge 2010 is to recover missing segments of a particular signal in the given multiparameter physiologic data set. In this paper we propose a contextual information based framework to achieve robust reconstruction. For a given target signal that is to be reconstructed, our algorithm intelligently choose among three sub-algorithms to best recover the missing segments. Experiments are carried out on the Physionet/ CinC Challenge 2010 data sets. The results show that the proposed method is particularly effective on signals that have well aligned contextual signals.
@article{Li2010449, author = {Li, Y. and Sun, Y. and Sondhi, P. and Sha, L. and Zhai, C.}, title = {Reconstructing missing signals in multi-parameter physiologic data by mining the aligned contextual information}, journal = {Computing in Cardiology}, year = {2010}, volume = {37}, pages = {449-452}, art_number = {5738006}, url = {https://www.scopus.com/inward/record.uri?eid=2-s2.0-79953811463&partnerID=40&md5=c74520c58c421f11f0eb3aef85046211}, keywords = {Contextual information; Data sets; Missing signal; Multiparameters; PhysioNet; Robust reconstruction; Target signals; Well-aligned, Algorithms; Cardiology, Physiology}, document_type = {Conference Paper}, source = {Scopus}, } - Proceedings - IEEE/IFIP International Conference on Embedded and Ubiquitous Computing, EUC 2010: Message from the EUC 2010 general chairsJ. Cao, and L. ShaProceedings - IEEE/IFIP International Conference on Embedded and Ubiquitous Computing, EUC 2010, 2010
@article{Cao2010, author = {Cao, J. and Sha, L.}, title = {Proceedings - IEEE/IFIP International Conference on Embedded and Ubiquitous Computing, EUC 2010: Message from the EUC 2010 general chairs}, journal = {Proceedings - IEEE/IFIP International Conference on Embedded and Ubiquitous Computing, EUC 2010}, year = {2010}, pages = {xvii}, doi = {10.1109/EUC.2010.5}, art_number = {5703624}, url = {https://www.scopus.com/inward/record.uri?eid=2-s2.0-79951802170&doi=10.1109%2fEUC.2010.5&partnerID=40&md5=2f9d7c0d7bd2f26296a1919a8bf5a089}, document_type = {Editorial}, source = {Scopus}, } - Exploring the design space of IMA system architecturesR. Bradford, S. Fliginger, M.-Y. Nam, S. Mohan, R. Pellizzoni, C. Kim, M. Caccamo, and L. ShaAIAA/IEEE Digital Avionics Systems Conference - Proceedings, 2010
In systems such as integrated modular avionics (IMA), there is a substantial benefit from maintaining significant portions of a product family’s architecture unchanged from one system to the next. When there are tight constraints on resources such as bandwidth and processor capacity, however, certain seemingly small changes in a few components have the potential to create a cascade of timing problems. The ability to rapidly analyze and quantify the impact of these changes prior to implementation and system integration provides the engineering team with early validation of the changes, which can prevent substantially increased costs for design, integration, and verification, as well as delays in the development schedule. However, detailed early evaluation of architecture performance involves analysis of many complex interrelated variables and is therefore challenging. Consider the case of moving a task from a processor’s IMA partition to another processor’s partition. The tasks sets need to be updated. The I/O and network traffic must be rerouted. The schedulability equations of processor, I/O and network need to be recreated, and the analysis needs to be propagated end to end. Last but not least, all the architecture specification documents have to be updated. In order to reduce the detailed architecture evaluation effort, we have automated the performance analysis process with a system integration tool prototype called ASIIST (Application-Specific I/O Integration Support Tool). To move a task, we can now use a graphical interface to drag and drop a task from one processor’s IMA partition to another. All the steps described above are done automatically, including the updating of the architecture specification in AADL (Architecture Analysis and Description Language). In this paper, we show how to use this tool to explore the design space of an IMA system architecture, so as to derive designs with specified performance properties. © 2010 IEEE.
@article{Bradford2010, author = {Bradford, R. and Fliginger, S. and Nam, M.-Y. and Mohan, S. and Pellizzoni, R. and Kim, C. and Caccamo, M. and Sha, L.}, title = {Exploring the design space of IMA system architectures}, journal = {AIAA/IEEE Digital Avionics Systems Conference - Proceedings}, year = {2010}, pages = {5.E.51-5.E.515}, doi = {10.1109/DASC.2010.5655464}, art_number = {5655464}, url = {https://www.scopus.com/inward/record.uri?eid=2-s2.0-78650934570&doi=10.1109%2fDASC.2010.5655464&partnerID=40&md5=d894ccdccb011153eb636acd4356081d}, document_type = {Conference Paper}, source = {Scopus}, } - A formal pattern architecture for safe medical systemsM. Sun, J. Meseguer, and L. ShaLecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics), 2010
Design patterns have demonstrated major practical uses for cost savings and modular design in software engineering. For safety-critical systems, however, such patterns should also provide formal guarantees that critical safety properties are met. We leverage the power of rewriting logic and parameterization available in Real-Time Maude to add a formal basis for analysis of a novel safety pattern for medical devices. We demonstrate practicality and applicability of our pattern by instantiating it to a pacemaker specification, and we validate our pattern by verifying the safety invariant in the pacemaker instantiation. © 2010 Springer-Verlag Berlin Heidelberg.
@article{Sun2010157, author = {Sun, M. and Meseguer, J. and Sha, L.}, title = {A formal pattern architecture for safe medical systems}, journal = {Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)}, year = {2010}, volume = {6381 LNCS}, pages = {157-173}, doi = {10.1007/978-3-642-16310-4_11}, url = {https://www.scopus.com/inward/record.uri?eid=2-s2.0-78349232362&doi=10.1007%2f978-3-642-16310-4_11&partnerID=40&md5=15416f1478ca3144dde3f0ece1a293cb}, keywords = {Cost saving; Design Patterns; Medical Devices; Medical systems; Modular designs; Practical use; Rewriting logic; Safety critical systems; Safety property; Design Patterns; Medical Devices; Medical systems; Modular designs; Real-Time Maude; Rewriting logic; Safety critical systems; Safety property, Biomedical engineering; Real time systems; Software design; Application programs; Biomedical equipment; Computer circuits; Cost engineering; Real time systems; Software engineering, Safety engineering; Safety engineering}, document_type = {Conference Paper}, source = {Scopus}, } - System-wide energy optimization for multiple DVS components and real-time tasksH. Yun, P.-L. Wu, A. Arya, T. Abdelzaher, C. Kim, and L. ShaProceedings - Euromicro Conference on Real-Time Systems, 2010
Most dynamic voltage and frequency scaling (DVS) techniques adjust only CPU parameters; however, recent embedded systems provide multiple adjustable clocks which can be independently tuned. When considering multiple components, energy optimal frequencies depend on task set characteristics such as the number of CPU and memory access cycles. In this work, we propose a realistic energy model considering multiple components with individually adjustable frequencies such as CPU, system bus and memory, and related task set characteristics. The model is validated on a real platform and shows less than 2% relative error compared to measured values. Based on the proposed energy model, we present an optimal static frequency assignment scheme for multiple DVS components to schedule a set of periodic realtime tasks. We simulate the energy gain of the proposed scheme compared to other DVS schemes for various task and system configurations, showing up to a 20% energy reduction. © 2010 IEEE.
@article{Yun2010133, author = {Yun, H. and Wu, P.-L. and Arya, A. and Abdelzaher, T. and Kim, C. and Sha, L.}, title = {System-wide energy optimization for multiple DVS components and real-time tasks}, journal = {Proceedings - Euromicro Conference on Real-Time Systems}, year = {2010}, pages = {133-142}, doi = {10.1109/ECRTS.2010.14}, art_number = {5562906}, url = {https://www.scopus.com/inward/record.uri?eid=2-s2.0-77958461865&doi=10.1109%2fECRTS.2010.14&partnerID=40&md5=1e49b06266e2212b0d7dca1efa45c241}, keywords = {Adjustable frequency; Dynamic voltage and frequency scaling; Energy gain; Energy model; Energy optimization; Energy reduction; Memory access; Multiple components; Optimal frequency; Real-time tasks; Relative errors; Set characteristics; Static frequency; System bus; System configurations, Embedded systems; Optimization; Voltage stabilizing circuits, Real time systems}, document_type = {Conference Paper}, source = {Scopus}, } - Cyber-physical systems: The next computing revolutionR. Rajkumar, I. Lee, L. Sha, and J. StankovicProceedings - Design Automation Conference, 2010
Cyber-physical systems (CPS) are physical and engineered systems whose operations are monitored, coordinated, controlled and integrated by a computing and communication core. Just as the internet transformed how humans interact with one another, cyber-physical systems will transform how we interact with the physical world around us. Many grand challenges await in the economically vital domains of transportation, health-care, manufacturing, agriculture, energy, defense, aerospace and buildings. The design, construction and verification of cyber-physical systems pose a multitude of technical challenges that must be addressed by a cross-disciplinary community of researchers and educators. Copyright 2010 ACM.
@article{Rajkumar2010731, author = {Rajkumar, R. and Lee, I. and Sha, L. and Stankovic, J.}, title = {Cyber-physical systems: The next computing revolution}, journal = {Proceedings - Design Automation Conference}, year = {2010}, pages = {731-736}, doi = {10.1145/1837274.1837461}, url = {https://www.scopus.com/inward/record.uri?eid=2-s2.0-77956217277&doi=10.1145%2f1837274.1837461&partnerID=40&md5=9b9616c23f8b877affeb5403a3f62e6b}, author_keywords = {Computer science; Cyber-physical systems; Engineering; Grand challenges; New frontiers}, keywords = {Cross-disciplinary; Cyber-physical systems; Engineered systems; Grand Challenge; New frontiers; Physical world; Technical challenges, Computer aided design, Computer science}, document_type = {Conference Paper}, source = {Scopus}, } - A framework for the safe interoperability of medical devices in the presence of network failuresC. Kim, M. Sun, S. Mohan, H. Yun, L. Sha, and T.F. Abdelzaher1st ACM/IEEE International Conference on Cyber-Physical Systems, ICCPS ’10, 2010
There exists a growing need for automated interoperability among medical devices in modern healthcare systems. This requirement is not just for convenience, but to prevent the possibility of errors due to the complexity of interactions between the devices and human operators. Hence, a system supporting such interoperability is supposed to provide the means to interconnect distributed medial devices in an open space, so must be designed to account for network failures. In this paper, we introduce a generic framework, the Network-Aware Supervisory System (NASS) to integrate medical devices into such a clinical interoperability system that uses real networks. It provides a development environment, in which medical-device supervisory logic can be developed based on the assumptions of an ideal, robust network. A case study shows that the NASS framework provides the same procedural effectiveness as the original logic based on the ideal network model but with protection against real-world network failures. © 2010 ACM.
@article{Kim2010149, author = {Kim, C. and Sun, M. and Mohan, S. and Yun, H. and Sha, L. and Abdelzaher, T.F.}, title = {A framework for the safe interoperability of medical devices in the presence of network failures}, journal = {1st ACM/IEEE International Conference on Cyber-Physical Systems, ICCPS '10}, year = {2010}, pages = {149-158}, doi = {10.1145/1795194.1795215}, url = {https://www.scopus.com/inward/record.uri?eid=2-s2.0-77954615585&doi=10.1145%2f1795194.1795215&partnerID=40&md5=a82999b63edf1c07cadced7d1c6c5d12}, keywords = {Development environment; Generic frameworks; Health-care system; Human operator; Ideal network; Medical Devices; Network failure; Open space; Real networks; Real-world networks; Robust network; Supervisory logic; Supervisory systems, Biomedical engineering, Interoperability}, document_type = {Conference Paper}, source = {Scopus}, } - A reduced complexity design pattern for distributed hierarchical command and control systemH. Yun, P.-L. Wu, M. Rahmaniheris, C. Kim, and L. Sha1st ACM/IEEE International Conference on Cyber-Physical Systems, ICCPS ’10, 2010
Cyber Physical Systems (CPS) get a lot of attention due to the strong demand for the integration of physical devices and computing systems. There are many design aspects involved in CPS, such as efficiency, real-time, reliability and security. One of the major issues is system integration and verification. In many safety critical systems verification plays an essential role in system design. However, the high complexity for the composition of diverse systems is a major challenge for system verification. In this paper, we focus on command and control systems for search and rescue missions and propose a systematic design pattern called Interruptible RPC to compose complex systems while keeping the verification costs low. This has been made possible due to the reduced state space of the systems designed using our pattern. Therefore, the system models can be efficiently verified using available verification tools. In our experiments, the search and rescue system based on Interruptible RPC pattern had fewer states than the asynchronous one by several orders of magnitude. © 2010 ACM.
@article{Yun201042, author = {Yun, H. and Wu, P.-L. and Rahmaniheris, M. and Kim, C. and Sha, L.}, title = {A reduced complexity design pattern for distributed hierarchical command and control system}, journal = {1st ACM/IEEE International Conference on Cyber-Physical Systems, ICCPS '10}, year = {2010}, pages = {42-49}, doi = {10.1145/1795194.1795201}, url = {https://www.scopus.com/inward/record.uri?eid=2-s2.0-77954607532&doi=10.1145%2f1795194.1795201&partnerID=40&md5=fab97e64b7871f58dbf5ee7163691b02}, author_keywords = {command and control system; complexity; remote procedure call}, keywords = {Complex systems; complexity; Computing system; Cyber-physical systems; Orders of magnitude; Physical devices; Reduced complexity; Reduced-state; Remote Procedure Call; Safety critical systems; Search and rescue; Strong demand; System design; System integration; System models; System verifications; Systematic designs; Verification tools, Control theory; Design; Model structures; Pneumatic control equipment, Command and control systems}, document_type = {Conference Paper}, source = {Scopus}, } - An interleaving structure for guaranteed QoS in real-time broadcasting systemsK. Kang, and L. ShaIEEE Transactions on Computers, 2010
Providing high-quality broadcast services for soft real-time applications over wireless networks such as CDMA2000, which have high bit error rates, requires the control of errors that occur during data transmission. Reed-Solomon (RS) forward error correction (FEC) in the medium access control (MAC) layer performs this role in 3G broadcast services. We propose new analytic models for predicting the performance of RS coding and its execution time, which take into account the memory property of a fading channel, different channel conditions, and a variable level of block interleaving. We identify RS decoding as a significant cause of variability in execution time, taking the form of jitter, which depends on the channel conditions. We analyze the size of buffer required to absorb the jitter under different channel conditions. We then formulate a trade-off between the performance of RS coding and the delay that it causes in transmitting a fixed amount of data with different levels of block interleaving. Finally, we show how to balance the quality with which content is presented against an acceptable buffering delay, which is very important to soft real-time applications, by using an adequate level of block interleaving. This study offers a guide for the provision of efficient broadcast services in real time with stochastically guaranteed quality. © 2006 IEEE.
@article{Kang2010666, author = {Kang, K. and Sha, L.}, title = {An interleaving structure for guaranteed QoS in real-time broadcasting systems}, journal = {IEEE Transactions on Computers}, year = {2010}, volume = {59}, number = {5}, pages = {666-678}, doi = {10.1109/TC.2009.151}, art_number = {5276796}, url = {https://www.scopus.com/inward/record.uri?eid=2-s2.0-77950303099&doi=10.1109%2fTC.2009.151&partnerID=40&md5=642fae66e3759b8555de7100c643b8b2}, author_keywords = {Block interleaving; Buffering delay; Jitter analysis; Real-time broadcasting; Worst-case execution time}, keywords = {Analytic models; Block interleaving; Broadcast services; Broadcasting systems; Buffering delay; Cdma2000; Channel conditions; Data transmission; Execution time; Guaranteed QOS; Guaranteed quality; High bit error rates; High quality; Interleaving structure; Medium access control layer; Real time; Reed-Solomon; RS coding; Soft real-time applications; Worst-case execution time, Broadcasting; Channel coding; Decoding; Error correction; Fading (radio); Fading channels; Jitter; Medium access control; Optical communication; Rapid solidification, Real time systems}, document_type = {Article}, source = {Scopus}, } - Design of robust adaptive frequency hopping for wireless medical telemetry systemsK.-J. Park, T.R. Park, C.D. Schmitz, and L. ShaIET Communications, 2010
The authors propose an adaptive frequency hopping (AFH) algorithm, entitled robust adaptive frequency hopping (RAFH), for providing increased reliability of a wireless medical telemetry system (WMTS) under coexistence environment with non-medical devices. The conventional AFH scheme classifies channels into ’good’ or ’bad’ according to the threshold-based on-off decision by packet error rate (PER) measurement, and only uses good channels with a uniform hop probability. Unlike the conventional AFH scheme, RAFH is a novel technique, which solves a constrained entropy maximisation problem and assigns every channel a different hop probability as a decreasing function of the measured PER. The key novelty of RAFH over existing AFH schemes is that it reflects the relative channel condition by assigning non-uniform hop probabilities. By adopting constrained entropy maximisation, RAFH not only improves the average PER, but also reduces the PER fluctuation over time under a dynamic interference environment, both of which increase the reliability of WMTS. Through extensive simulation, we show that RAFH outperforms basic frequency hopping (FH) and the conventional AFH with respect to the PER under various scenarios of dynamic interference. © 2010 The Institution of Engineering and Technology.
@article{Park2010178, author = {Park, K.-J. and Park, T.R. and Schmitz, C.D. and Sha, L.}, title = {Design of robust adaptive frequency hopping for wireless medical telemetry systems}, journal = {IET Communications}, year = {2010}, volume = {4}, number = {2}, pages = {178-191}, doi = {10.1049/iet-com.2008.0693}, url = {https://www.scopus.com/inward/record.uri?eid=2-s2.0-75649142183&doi=10.1049%2fiet-com.2008.0693&partnerID=40&md5=2573ebd74bda915cee32058cd886c913}, keywords = {Adaptive frequency hopping; Channel conditions; Constrained entropy; Decreasing functions; Extensive simulations; Interference environments; Medical Devices; Medical telemetry; Nonuniform; Novel techniques; Packet error rates; Robust adaptive, Adaptive algorithms; Probability; Telemetering equipment, Frequency hopping}, document_type = {Article}, source = {Scopus}, }
2009
- Handling mixed-criticality in SoC-based real-time embedded systemsR. Pellizzoni, P. Meredith, M.-Y. Nam, M. Sun, M. Caccamo, and L. ShaEmbedded Systems Week 2009 - 7th ACM International Conference on Embedded Software, EMSOFT ’09, 2009
System-on-Chip (SoC) is a promising paradigm to implement safety-critical embedded systems, but it poses significant challenges from a design and verification point of view. In particular, in a mixed-criticality system, low criticality applications must be prevented from interfering with high criticality ones. In this paper, we introduce a new design methodology for SoC that provides strong isolation guarantees to applications with different criticalities. A set of certificates describing the assumed application behavior is extracted from a functional Architectural Analysis and Design Language (AADL) specification. Our tools then automatically generate hardware wrappers that enforce at run-time the behavior described by the certificates. In particular, we employ run-time monitoring to formally check all data communication in the system, and we enforce timing reservations for both computation and communication resources. Verification is greatly simplified because certificates are much simpler than the components used to implement low-criticality applications. The effectiveness of our methodology is proven on a case study consisting of a medical pacemaker. Copyright 2009 ACM.
@article{Pellizzoni2009235, author = {Pellizzoni, R. and Meredith, P. and Nam, M.-Y. and Sun, M. and Caccamo, M. and Sha, L.}, title = {Handling mixed-criticality in SoC-based real-time embedded systems}, journal = {Embedded Systems Week 2009 - 7th ACM International Conference on Embedded Software, EMSOFT '09}, year = {2009}, pages = {235-244}, doi = {10.1145/1629335.1629367}, url = {https://www.scopus.com/inward/record.uri?eid=2-s2.0-72249096888&doi=10.1145%2f1629335.1629367&partnerID=40&md5=b4d61b6f2d89f4aabc601865b18553b2}, author_keywords = {AADL; Mixed-criticality; Platform-based design; Runtime monitoring; System-on-chip}, keywords = {Architectural analysis; Communication resources; Criticality systems; Data-communication; New design; Platform based design; Real-time embedded systems; Runtime Monitoring; Runtimes; Safety-critical embedded systems; System-On-Chip, Application specific integrated circuits; Criticality (nuclear fission); Design; Embedded software; Monitoring; Network components; Programmable logic controllers; Real time systems, Embedded systems}, document_type = {Conference Paper}, source = {Scopus}, } - Implementing logical synchrony in integrated modular avionicsS.P. Miller, D.D. Cofer, L. Sha, J. Meseguer, and A. Al-NayeemAIAA/IEEE Digital Avionics Systems Conference - Proceedings, 2009
Many avionics systems must be implemented as redundant, distributed systems in order to provide the necessary level of fault tolerance. To correctly perform their function, the individual nodes of these systems must agree on some part of the global system state. Developing protocols to achieve this agreement is greatly simplified if the nodes execute synchronously relative to each other, but many Integrated Modular Avionics architectures assume nodes will execute asynchronously. This paper presents a simple design pattern, Physically Asynchronous/Logically Synchronous (PALS), that allows developers to design and verify a distributed, redundant system as though all nodes execute synchronously. This synchronous design can then be distributed over a physically asynchronous architecture in such a way that the logical correctness of the design is preserved. Use of this complexity reducing design pattern greatly simplifies the development and verification of fault tolerant distributed applications, ensures optimal system performance, and provides a standard argument for system certification. ©2009 IEEE.
@article{Miller2009, author = {Miller, S.P. and Cofer, D.D. and Sha, L. and Meseguer, J. and Al-Nayeem, A.}, title = {Implementing logical synchrony in integrated modular avionics}, journal = {AIAA/IEEE Digital Avionics Systems Conference - Proceedings}, year = {2009}, pages = {1.A.31-1.A.312}, doi = {10.1109/DASC.2009.5347579}, url = {https://www.scopus.com/inward/record.uri?eid=2-s2.0-77951063154&doi=10.1109%2fDASC.2009.5347579&partnerID=40&md5=d11f81bf1b89084fc8e22ba4a0167e22}, author_keywords = {Asynchronous; Design pattern; Fault tolerance; GALS; Globally asynchronous; IMA; Integrated modular avionics; Locally synchronous; Synchronous}, keywords = {Asynchronous design; Avionics systems; Design Patterns; Distributed applications; Distributed systems; Fault-tolerant; Global systems; Integrated modular avionics; Logical correctness; Optimal system performance; Redundant system, Asynchronous transfer mode; Automatic teller machines; Avionics; Design; Fault tolerance; Internet protocols; Network architecture; Positron annihilation spectroscopy; Quality assurance; Standardization, Fault tolerant computer systems}, document_type = {Conference Paper}, source = {Scopus}, } - Real-time control of I/O COTS peripherals for embedded systemsS. Bak, E. Betti, R. Pellizzoni, M. Caccamo, and L. ShaProceedings - Real-Time Systems Symposium, 2009
Real-time embedded systems are increasingly being built using commercial-off-the-shelf (COTS) components such as mass-produced peripherals and buses to reduce costs, time-to-market, and increase performance. Unfortunately, COTS interconnect systems do not usually guarantee timeliness, and might experience severe timing degradation in the presence of high-bandwidth I/O peripherals. To address this problem, we designed a real-time I/O management system comprised of 1) real-time bridges, and 2) a reservation controller. The proposed framework is used to transparently put the I/O subsystem of a COTS-based embedded system under the discipline of real-time scheduling. We also discuss computing a delay bound for I/O data transactions and determining worst-case buffer size. Finally, we demonstrate experimentally that our prototype real-time I/O management system successfully prioritizes I/O traffic and guarantees its timeliness. © 2009 IEEE.
@article{Bak2009193, author = {Bak, S. and Betti, E. and Pellizzoni, R. and Caccamo, M. and Sha, L.}, title = {Real-time control of I/O COTS peripherals for embedded systems}, journal = {Proceedings - Real-Time Systems Symposium}, year = {2009}, pages = {193-203}, doi = {10.1109/RTSS.2009.41}, art_number = {5368829}, url = {https://www.scopus.com/inward/record.uri?eid=2-s2.0-77649332933&doi=10.1109%2fRTSS.2009.41&partnerID=40&md5=c54f11db0c7b7010110e7f39fc37ce43}, keywords = {Buffer sizes; Commercial off-the-shelf components; Data transaction; Delay bound; High bandwidth; I/O peripherals; I/O subsystems; Interconnect systems; Management systems; Real time scheduling; Real-time embedded systems; Time-to-market, Bridges; Cost reduction; Management; Real time control, Embedded systems}, document_type = {Conference Paper}, source = {Scopus}, } - Rapid early-phase virtual integrationS. Mohan, M.-Y. Nam, R. Pellizoni, L. Sha, R. Bradford, and S. FligingerProceedings - Real-Time Systems Symposium, 2009
In complex hard real-time systems with tight constraints on system resources, small changes in one component of a system can cause a cascade of adverse effects on other parts of the system. We address the inherent complexity of making architectural decisions by raising the level of abstraction at which the analysis is performed. Our analysis approach gives the system architect a rigorous method for quickly determining which system architectures should be pursued, and it allows the architect to track and manage the cascading effects of subsystem/component changes in a comprehensive, quantitative manner. The end product is a virtual architecture analysis that systematically incorporates the inherent coupling among interacting system components that share limited system resources. © 2009 IEEE.
@article{Mohan200933, author = {Mohan, S. and Nam, M.-Y. and Pellizoni, R. and Sha, L. and Bradford, R. and Fliginger, S.}, title = {Rapid early-phase virtual integration}, journal = {Proceedings - Real-Time Systems Symposium}, year = {2009}, pages = {33-44}, doi = {10.1109/RTSS.2009.48}, art_number = {5369343}, url = {https://www.scopus.com/inward/record.uri?eid=2-s2.0-77649318847&doi=10.1109%2fRTSS.2009.48&partnerID=40&md5=06cd8e7bc2e869d695b41c1d4b33be32}, document_type = {Conference Paper}, source = {Scopus}, } - A formal architecture pattern for real-time distributed systemsA. Al-Nayeem, M. Sun, X. Qiu, L. Sha, S.P. Miller, and D.D. CoferProceedings - Real-Time Systems Symposium, 2009
Pattern solutions [1] for software and architectures have significantly reduced design, verification, and validation times by mapping challenging problems into a solved generic problem. In the paper, we present an architecture pattern for ensuring synchronous computation semantics using the PALS protocol [2]. We develop a modeling framework in AADL to automatically transform a synchronous design of a real-time distributed system into an asynchronous design satisfying the PALS protocol. We present a detailed example of how the PALS transformation works for a dual-redundant system. From the example, we also describe the general transformation in terms of intuitively defined AADL semantics. Furthermore, we develop a static analysis checker to find necessary conditions that must be satisfied in order for the PALS transformation to work correctly. The transformations and static checks that we have described are implemented in OSATE using the generated EMF metamodel API for model manipulation. © 2009 IEEE.
@article{Al-Nayeem2009161, author = {Al-Nayeem, A. and Sun, M. and Qiu, X. and Sha, L. and Miller, S.P. and Cofer, D.D.}, title = {A formal architecture pattern for real-time distributed systems}, journal = {Proceedings - Real-Time Systems Symposium}, year = {2009}, pages = {161-170}, doi = {10.1109/RTSS.2009.50}, art_number = {5368818}, url = {https://www.scopus.com/inward/record.uri?eid=2-s2.0-77649314785&doi=10.1109%2fRTSS.2009.50&partnerID=40&md5=a087089f9abcf9d811170f85c8f0c01f}, author_keywords = {Architecture description language; Architecture pattern; Formal verification; GALS; Logical synchronization}, keywords = {Architecture description language; Architecture description languages; Asynchronous design; Formal verification; Formal verifications; Meta model; Modeling frameworks; Real-time distributed systems; Redundant system, Linguistics; Network architecture; Positron annihilation spectroscopy; Semantics; Software architecture; Verification, Real time systems}, document_type = {Conference Paper}, source = {Scopus}, } - ASIIST: Application specific I/O integration support tool for real-time bus architecture designsM.-Y. Nam, R. Pellizzoni, L. Sha, and R.M. BradfordIEEE International Conference on Engineering of Complex Computer Systems, ICECCS, 2009
In hard real-time systems such as avionics, computer board level designs are typically customized to meet specific reliability and real time requirements. This paper focuses on computer-aided application-specific design of I/O architecture using PCI as an example. We have built a tool (ASIIST) that will enable engineers to explore design spaces at the I/O bus architecture level, performing analysis that incorporates bus protocols, to provide guarantees of real-time properties. © 2009 IEEE.
@article{Nam200911, author = {Nam, M.-Y. and Pellizzoni, R. and Sha, L. and Bradford, R.M.}, journal = {IEEE International Conference on Engineering of Complex Computer Systems, ICECCS}, year = {2009}, pages = {11-22}, doi = {10.1109/ICECCS.2009.31}, art_number = {5090507}, url = {https://www.scopus.com/inward/record.uri?eid=2-s2.0-70350059337&doi=10.1109%2fICECCS.2009.31&partnerID=40&md5=88aa32791546ab888ce7efa37209277f}, document_type = {Conference Paper}, source = {Scopus}, } - Resilient mixed-criticality systemsCrossTalk, 2009
University of Illinois at Urbana-Champaign Most complex cyber-physical systems (CPSs) are mixed-criticality systems that have to be resilient against software design faults, hardware failures, and physical hazards under software control. This article reviews useful design principles and architecture patterns for the development of such systems.
@article{Sha20099, author = {Sha, L.}, title = {Resilient mixed-criticality systems}, journal = {CrossTalk}, year = {2009}, volume = {22}, number = {9-10}, pages = {9-14}, url = {https://www.scopus.com/inward/record.uri?eid=2-s2.0-69949161622&partnerID=40&md5=c2d344ca62e92ef1ebef0360183e2639}, keywords = {Criticality systems; Cyber-physical systems; Design Principles; Hardware failures; Software control; University of Illinois, Computer software; Criticality (nuclear fission), Software design}, document_type = {Article}, source = {Scopus}, } - The system-level simplex architecture for improved real-time embedded system safetyS. Bak, D.K. Chivukula, O. Adekunle, M. Sun, M. Caccamo, and L. ShaIEEE Real-Time and Embedded Technology and Applications Symposium, RTAS, 2009
Embedded systems in safety-critical environments demand safety guarantees while providing many useful services that are too complex to formally verify or fully test. Existing application-level fault-tolerance methods, even if formally verified, leave the system vulnerable to errors in the realtime operating system (RTOS), middleware, and microprocessor. We introduce the System-Level Simplex Architecture, which uses hardware/software co-design to provide failoperational guarantees for both logical application-level faults, as well as faults in previously dependent layers including the RTOS and microprocessor. We also provide an end-to-end design process for the System-Level Simplex Architecture where the AADL architecture description is automatically constructed and checked and the VHDL hardware code is generated. To show the efficacy of System-Level Simplex design, we apply the approach to both a classic inverted pendulum and a cardiac pacemaker. We perform fault-injection tests on the inverted pendulum design which demonstrate robustness in spite of software controller and operating system faults. For the pacemaker, we contrast the provided safety guarantees with those of a previous-generation pacemaker. © 2009 IEEE.
@article{Bak200999, author = {Bak, S. and Chivukula, D.K. and Adekunle, O. and Sun, M. and Caccamo, M. and Sha, L.}, title = {The system-level simplex architecture for improved real-time embedded system safety}, journal = {IEEE Real-Time and Embedded Technology and Applications Symposium, RTAS}, year = {2009}, pages = {99-107}, doi = {10.1109/RTAS.2009.20}, art_number = {4840571}, url = {https://www.scopus.com/inward/record.uri?eid=2-s2.0-67650239588&doi=10.1109%2fRTAS.2009.20&partnerID=40&md5=7cc71a1379a36e5a5980f0e247f37cc0}, keywords = {Architecture description; Cardiac pacemakers; End-to-end design; Hardware/software co-design; Injection test; Inverted pendulum; Operating systems; Real time operating system; Real-time embedded systems; Safety guarantees; Safety-critical; Simplex design; Software controllers; System levels, Computer hardware description languages; Computer operating systems; Design; Fault tolerance; Microprocessor chips; Middleware; Pacemakers; Pendulums; Quality assurance; Systems engineering, Embedded systems}, document_type = {Conference Paper}, source = {Scopus}, } - End-to-end delay analysis of wireless ECG over cellular networksM.-K. Yoon, J.-E. Kim, K. Kang, K.-J. Park, M.-Y. Nam, and L. ShaWiMD 2009 - 1st ACM International Workshop on Medical-Grade Wireless Networks, co-located with MobiHoc 2009, 2009
In this paper, we present a medical-grade network architecture based on the wireless cellular technology of CDMA2000 1xEV-DO (Evolution-Data Optimized). It can provide highly reliable communication with a bounded delay by exploiting its inherent channel access structure and cooperative packet scheduler at the access network. Additionally, we propose a way of analyzing the worst-case end-to-end delay over the candidate cellular architecture, and apply it to wireless ECG (Electrocardiogram) to examine its applicability. Our simulation study shows how the proposed architecture can provide acceptable quality of service for wireless medical applications. Copyright 2009 ACM.
@article{Yoon200921, author = {Yoon, M.-K. and Kim, J.-E. and Kang, K. and Park, K.-J. and Nam, M.-Y. and Sha, L.}, title = {End-to-end delay analysis of wireless ECG over cellular networks}, journal = {WiMD 2009 - 1st ACM International Workshop on Medical-Grade Wireless Networks, co-located with MobiHoc 2009}, year = {2009}, pages = {21-26}, doi = {10.1145/1540373.1540379}, url = {https://www.scopus.com/inward/record.uri?eid=2-s2.0-84908891175&doi=10.1145%2f1540373.1540379&partnerID=40&md5=43fcdbc8831ca3fdb72ef493d6912322}, author_keywords = {CDMA 1xEV-DO; End-to-end delay analysis; Wireless cellular network; Wireless ECG; Wireless medical application}, keywords = {Cooperative communication; Electrocardiography; Medical applications; Mobile telecommunication systems; Network architecture; Quality of service; Wireless networks, 1XEV-DO; End to end delay; Wireless cellular networks; Wireless ecg; Wireless medical applications, Code division multiple access}, document_type = {Conference Paper}, source = {Scopus}, } - Entropy-maximization based adaptive frequency hopping for wireless medical telemetry systemsK.-J. Park, T.R. Park, C.D. Schmitz, and L. ShaWiMD 2009 - 1st ACM International Workshop on Medical-Grade Wireless Networks, co-located with MobiHoc 2009, 2009
In this paper, we propose an adaptive frequency hopping algorithm, entitled robust adaptive frequency hopping (RAFH), for increased reliability of wireless medical telemetry system (WMTS) under coexistence environment with non-medical devices. The conventional adaptive frequency hopping (AFH) scheme classifies channels into "good" or "bad" according to the threshold-based on-off decision, and uses good channels with a uniform hop probability. Unlike the conventional AFH scheme, RAFH solves a constrained entropy maximization problem and assigns each channel a different hop probability, which is a decreasing function of the measured PER. By adopting constrained entropy maximization, RAFH not only improves the average PER, but also reduces the PER fluctuation under dynamic interference environment. Our simulation studies show that RAFH outperforms the basic FH and the conventional AFH with respect to the PER under various scenarios of dynamic interference. Copyright 2009 ACM.
@article{Park200915, author = {Park, K.-J. and Park, T.R. and Schmitz, C.D. and Sha, L.}, title = {Entropy-maximization based adaptive frequency hopping for wireless medical telemetry systems}, journal = {WiMD 2009 - 1st ACM International Workshop on Medical-Grade Wireless Networks, co-located with MobiHoc 2009}, year = {2009}, pages = {15-20}, doi = {10.1145/1540373.1540378}, url = {https://www.scopus.com/inward/record.uri?eid=2-s2.0-84894198716&doi=10.1145%2f1540373.1540378&partnerID=40&md5=294bc4f2d202fdab88241296a6286053}, author_keywords = {Entropy maximization; Frequency hopping spread spectrum; Wireless coexistence; Wireless medical telemetry system}, keywords = {Biomedical equipment; Entropy; Telemetering equipment; Wireless networks, Adaptive frequency hopping; Constrained entropy; Decreasing functions; Entropy maximization; Frequency hopping spread spectrum; Interference environments; Medical telemetry; Simulation studies, Frequency hopping}, document_type = {Conference Paper}, source = {Scopus}, } - IEEE 802.11 WLAN for medical-grade QoSK.-J. Park, D.M. Shrestha, Y.-B. Ko, N.H. Vaidya, and L. ShaWiMD 2009 - 1st ACM International Workshop on Medical-Grade Wireless Networks, co-located with MobiHoc 2009, 2009
In this paper, we study the problem of how to design a medicalgrade wireless LAN for healthcare facilities. Unlike IEEE 802.11e MAC, which categorizes traffic primarily by delay constraint, we prioritize medical applications into access categories according to medical criticality. We design a fully-distributed contention control mechanism that can efficiently utilize wireless channel for improving medical-grade QoS. We further derive a sufficient condition for the convergence of the proposed algorithm. Our simulation result shows that our medical access categorization and the contention control mechanism significantly improve the performance of a medical network over the conventional IEEE 802.11e MAC. Copyright 2009 ACM.
@article{Park20093, author = {Park, K.-J. and Shrestha, D.M. and Ko, Y.-B. and Vaidya, N.H. and Sha, L.}, title = {IEEE 802.11 WLAN for medical-grade QoS}, journal = {WiMD 2009 - 1st ACM International Workshop on Medical-Grade Wireless Networks, co-located with MobiHoc 2009}, year = {2009}, pages = {3-8}, doi = {10.1145/1540373.1540376}, url = {https://www.scopus.com/inward/record.uri?eid=2-s2.0-79958114025&doi=10.1145%2f1540373.1540376&partnerID=40&md5=cf82e0c3a20273d0b4e0f7b13c163a3f}, author_keywords = {Contention control; IEEE 802.11e; Medical-grade QoS; Wireless healthcare system}, keywords = {Health care; Medical applications; Standards; Wireless networks, Contention controls; Delay constraints; Distributed contention control mechanism; Healthcare facility; IEEE802.11E; Medical grades; Wireless channel; Wireless healthcares, Wireless local area networks (WLAN)}, document_type = {Conference Paper}, source = {Scopus}, } - Cyber-physical systems: A new frontierL. Sha, S. Gopalakrishnan, X. Liu, and Q. Wang2009
The report of the President’s Council of Advisors on Science and Technology (PCAST) has placed cyber-physical systems on the top of the priority list for federal research investment in the United States of America in 2008. This article reviews some of the challenges and promises of cyber-physical systems. © 2009 Springer-Verlag US.
@book{Sha20093, author = {Sha, L. and Gopalakrishnan, S. and Liu, X. and Wang, Q.}, title = {Cyber-physical systems: A new frontier}, journal = {Machine Learning in Cyber Trust: Security, Privacy, and Reliability}, year = {2009}, pages = {3-13}, doi = {10.1007/978-0-387-88735-7_1}, url = {https://www.scopus.com/inward/record.uri?eid=2-s2.0-84892198803&doi=10.1007%2f978-0-387-88735-7_1&partnerID=40&md5=1eda27ce934baa3f454fa4da1c0e253e}, author_keywords = {CPS; QoS composition; real time; robustness}, keywords = {Embedded systems; Robustness (control systems), Federal research; Priority list; Real time; Science and Technology; United States of America, Cyber Physical System}, document_type = {Book Chapter}, source = {Scopus}, }
2008
- Coscheduling of CPU and I/O transactions in COTS-based embedded systemsR. Pellizzoni, B.D. Bui, M. Caccamo, and L. ShaProceedings - Real-Time Systems Symposium, 2008
Integrating COTS components in critical real-time systems is challenging. In particular, we show that the interference between cache activity and I/O traffic generated by COTS peripherals can unpredictably slow down a real-time task by up to 44%. To solve this issue, we propose a framework comprised of three main components: 1) a COTScompatible device, the peripheral gate, that controls peripheral access to the system; 2) an analytical technique that computes safe bounds on the I/O-induced task delay; 3) a coscheduling algorithm that maximizes the amount of allowed peripheral traffic while guaranteeing all real-time task constraints. We implemented the complete framework on a COTS-based system using PCI peripherals, and we performed extensive experiments to show its feasibility. © 2008 IEEE.
@article{Pellizzoni2008221, author = {Pellizzoni, R. and Bui, B.D. and Caccamo, M. and Sha, L.}, title = {Coscheduling of CPU and I/O transactions in COTS-based embedded systems}, journal = {Proceedings - Real-Time Systems Symposium}, year = {2008}, pages = {221-231}, doi = {10.1109/RTSS.2008.42}, art_number = {4700437}, url = {https://www.scopus.com/inward/record.uri?eid=2-s2.0-67249152411&doi=10.1109%2fRTSS.2008.42&partnerID=40&md5=9bd24858cd2aa85a9f27c23b3a417c04}, keywords = {Analytical techniques; Co-scheduling; COTS component; COTS-based systems; Main component; Real-time tasks; Task delay, Aberrations; Embedded systems, Real time systems}, document_type = {Conference Paper}, source = {Scopus}, } - Queueing-model-based adaptive control of multi-tiered web applicationsX. Liu, J. Heo, L. Sha, and X. ZhuIEEE Transactions on Network and Service Management, 2008
Web applications have been increasingly deployed on the Internet. How to effectively allocate system resources to meet the Service Level Objectives (SLOs) is a challenging problem for Web application providers. In this article, we propose a scheme for automated performance control of Web applications via dynamic resource allocations. The scheme uses a queueing model predictor and an online adaptive feedback loop that enforces admission control of the incoming requests to ensure the desired response time target is met. The proposed Queueing-Model-Based Adaptive Control approach combines both the modeling power of queueing theory and the self-tuning power of adaptive control. Therefore, it can handle both modeling inaccuracies and load disturbances in a better way. To evaluate the proposed approach, we built a multi-tiered Web application testbed with open-source components widely adopted in industry. Experimental studies conducted on the testbed demonstrated the effectiveness of the proposed scheme. © 2009 IEEE.
@article{Liu2008157, author = {Liu, X. and Heo, J. and Sha, L. and Zhu, X.}, title = {Queueing-model-based adaptive control of multi-tiered web applications}, journal = {IEEE Transactions on Network and Service Management}, year = {2008}, volume = {5}, number = {3}, pages = {157-167}, doi = {10.1109/TNSM.2009.031103}, url = {https://www.scopus.com/inward/record.uri?eid=2-s2.0-65449159723&doi=10.1109%2fTNSM.2009.031103&partnerID=40&md5=39f3849bb81bd0456ca41be8a6880726}, author_keywords = {Dynamic resource allocations; E-commerce; Web applications}, keywords = {Adaptive controls; Adaptive feedbacks; Admission controls; Dynamic resource allocations; E-commerce; Experimental studies; Load disturbances; Model-based; Modeling power; Multi-tiered; Open-source components; Performance controls; Queueing models; Response time; Self-tuning; Service level objectives; System resources; Web applications, Adaptive control systems; Applications; Electronic commerce; Game theory; Planning; Resource allocation; Test facilities; Testbeds; World Wide Web, Queueing theory}, document_type = {Article}, source = {Scopus}, } - ORTEGA: An efficient and flexible online fault tolerance architecture for real-time control systemsX. Liu, Q. Wang, S. Gopalakrishnan, W. He, L. Sha, H. Ding, and K. LeeIEEE Transactions on Industrial Informatics, 2008
Fault tolerance is an important aspect in real-time computing. In real-time control systems, tasks could be faulty due to various reasons. Faulty tasks may compromise the performance and safety of the whole system and even cause disastrous consequences. In this paper, we describe On-demand Real-TimE GuArd (ORTEGA), a new software fault tolerance architecture for real-time control systems. ORTEGA has high fault coverage and reliability. Compared with existing real-time fault tolerance architectures, such as Simplex, ORTEGA allows more efficient resource utilizations and enhances flexibility. These advantages are achieved through the on-demand detection and recovery of faulty tasks. ORTEGA is applicable to most industrial control applications where both efficient resource usage and high fault coverage are desired. © 2006 IEEE.
@article{Liu2008213, author = {Liu, X. and Wang, Q. and Gopalakrishnan, S. and He, W. and Sha, L. and Ding, H. and Lee, K.}, title = {ORTEGA: An efficient and flexible online fault tolerance architecture for real-time control systems}, journal = {IEEE Transactions on Industrial Informatics}, year = {2008}, volume = {4}, number = {4}, pages = {213-224}, doi = {10.1109/TII.2008.2010774}, art_number = {4753900}, url = {https://www.scopus.com/inward/record.uri?eid=2-s2.0-59049087991&doi=10.1109%2fTII.2008.2010774&partnerID=40&md5=f8d82396420ccbf6cf09f6c5db7d8d15}, author_keywords = {Industrial control; Real-time and embedded systems; Reliability and robustness}, keywords = {Concurrency control; Control system analysis; Control systems; Control theory; Embedded systems; Errors; Fault tolerance; Fault tolerant computer systems; Integrated circuits; Online systems; Quality assurance; Real time control; Reliability; Robustness (control systems), Fault coverages; Industrial control; Industrial control applications; On demands; Real-time and embedded systems; Real-time computing; Real-time control systems; Reliability and robustness; Resource usages; Resource utilizations; Software fault tolerances; Whole systems, Real time systems}, document_type = {Article}, source = {Scopus}, } - Impact of cache partitioning on multi-tasking real time embedded systemsB.D. Bui, M. Caccamo, L. Sha, and J. MartinezProceedings - 14th IEEE International Conference on Embedded and Real-Time Computing Systems and Applications, RTCSA 2008, 2008
Cache partitioning techniques have been proposed in the past as a solution for the cache interference problem. Due to qualitative differences with general purpose platforms, real-time embedded systems need to minimize task real-time utilization (function of execution time and period) instead of only minimizing the number of cache misses. In this work, the partitioning problem is presented as an optimization problem whose solution sets the size of each cache partition and assigns tasks to partitions such that system worst-case utilization is minimized thus increasing real-time schedulability. Since the problem is NP-Hard, a genetic algorithm is presented to find a near optimal solution. A case study and experiments show that in a typical real-time embedded system, the proposed algorithm is able to reduce the worst-case utilization by 15% (on average) if compared to the case when the system uses a shared cache or a proportional cache partitioned environment.
@article{Bui2008101, author = {Bui, B.D. and Caccamo, M. and Sha, L. and Martinez, J.}, title = {Impact of cache partitioning on multi-tasking real time embedded systems}, journal = {Proceedings - 14th IEEE International Conference on Embedded and Real-Time Computing Systems and Applications, RTCSA 2008}, year = {2008}, pages = {101-110}, doi = {10.1109/RTCSA.2008.42}, art_number = {4617278}, url = {https://www.scopus.com/inward/record.uri?eid=2-s2.0-53549130720&doi=10.1109%2fRTCSA.2008.42&partnerID=40&md5=2b36caf13ee96a3d92668dfe865386d4}, keywords = {Cache misses; Cache partitioning; Case studies; Execution time; General-purpose platforms; Interference problems; International conferences; Near-optimal solutions; Np-hard; Optimiz ation problems; Partitioning problems; Qualitative differences; Real-time computing systems; Real-time embedded systems; Schedulability; Shared cache; Solution sets, Boolean functions; Computer programming languages; Computer systems; Diesel engines; Embedded systems; Genetic algorithms; Integrated circuits; Nuclear propulsion; Problem solving; Wireless telecommunication systems, Real time systems}, document_type = {Conference Paper}, source = {Scopus}, } - ORTEGA: An efficient and flexible software fault tolerance architecture for real-time control systemsX. Liu, H. Ding, K. Lee, Q. Wang, and L. ShaProceedings - Euromicro Conference on Real-Time Systems, 2008
Fault tolerance is an important aspect in real-time computing. In real-time control systems, tasks could be faulty due to various reasons. Faulty tasks may compromise the performance and safety of the whole system and even cause disastrous consequences. In this paper, we describe ORTEGA (On-demand Real-TimE GuArd), a new software fault tolerance architecture for real-time control systems. ORTEGA has high fault coverage and reliability. Compared with existing real-time fault tolerance architectures, such as Simplex, ORTEGA allows more efficient resource utilizations and enhances flexibility. These advantages are achieved through the on-demand detection and recovery of faulty tasks. ORTEGA is applicable to most industrial control applications where both efficient resource usage and high fault coverage are desired. ©2008 IEEE.
@article{Liu2008125, author = {Liu, X. and Ding, H. and Lee, K. and Wang, Q. and Sha, L.}, title = {ORTEGA: An efficient and flexible software fault tolerance architecture for real-time control systems}, journal = {Proceedings - Euromicro Conference on Real-Time Systems}, year = {2008}, pages = {125-134}, doi = {10.1109/ECRTS.2008.17}, art_number = {4573109}, url = {https://www.scopus.com/inward/record.uri?eid=2-s2.0-52049124995&doi=10.1109%2fECRTS.2008.17&partnerID=40&md5=9f88fca520671309075df87f89b3274c}, keywords = {And recovery; Disastrous consequences; Fault coverage; Industrial control applications; On-demand; Real-time computing; Real-time control systems; Resource usage; Resource utilizations; Software fault tolerances, Concurrency control; Control systems; Errors; Fault tolerance; Fault tolerant computer systems; Identification (control systems); Industrial engineering; Quality assurance; Real time control; Reliability, Real time systems}, document_type = {Conference Paper}, source = {Scopus}, } - A switch design for real-time industrial networksQ. Wang, S. Gopalakrishnan, X. Liu, and L. ShaIEEE Real-Time and Embedded Technology and Applications Symposium, RTAS, 2008
The convergence of computers and the physical world is the theme for next generation networking research. This trend calls for real-time network infrastructure, which requires a high-speed real-time WAN to serve as its backbone. However, commercially available high-speed WAN switches (routers) are designed for best-effort Internet traffic. A real-time switch design for the aforementioned networks is missing. We propose a real-time switch design using a crossbar switching fabric. The proposed switch can be implemented by making minimal modification, or even simplification, to the widely implemented iSLIP crossbar switch scheduler. Our real-time switch serves periodic and aperiodic traffic with real-time virtual machine tasks, which simplifies analysis, provides isolation, and facilitates future hierarchical scheduling and flow aggregation. Taking advantage of the fact that most industrial real-time network flows rarely change, our switch is better adapted to providing high bandwidths and low latencies. © 2008 IEEE.
@article{Wang2008367, author = {Wang, Q. and Gopalakrishnan, S. and Liu, X. and Sha, L.}, title = {A switch design for real-time industrial networks}, journal = {IEEE Real-Time and Embedded Technology and Applications Symposium, RTAS}, year = {2008}, pages = {367-376}, doi = {10.1109/RTAS.2008.8}, art_number = {4550807}, url = {https://www.scopus.com/inward/record.uri?eid=2-s2.0-51249116708&doi=10.1109%2fRTAS.2008.8&partnerID=40&md5=3890946ae5921f8cef6ec0c53662c690}, keywords = {Embedded technology; High speeds; Switch designs, Agglomeration; Electric switches; Scheduling; Speed; Switches; Time switches, Switching circuits}, document_type = {Conference Paper}, source = {Scopus}, } - Cyber-physical systems: A new frontierL. Sha, S. Gopalakrishnan, X. Liu, and Q. WangProceedings - IEEE International Conference on Sensor Networks, Ubiquitous, and Trustworthy Computing, 2008
The report of the President’s Council of Advisors on Science and Technology (PCAST) has placed CPS on the top of the priority list for federal research investment [6]. This article first reviews some of the challenges and promises of CPS, followed by an articulation of some specific challenges and promises that are more closely related to the Sensor Networks, Ubiquitous and Trustworthy Computing Conference. © 2008 IEEE.
@article{Sha20081, author = {Sha, L. and Gopalakrishnan, S. and Liu, X. and Wang, Q.}, title = {Cyber-physical systems: A new frontier}, journal = {Proceedings - IEEE International Conference on Sensor Networks, Ubiquitous, and Trustworthy Computing}, year = {2008}, pages = {1-9}, doi = {10.1109/SUTC.2008.85}, art_number = {4545732}, url = {https://www.scopus.com/inward/record.uri?eid=2-s2.0-50949110438&doi=10.1109%2fSUTC.2008.85&partnerID=40&md5=b3313cf7a726f3a7a6a4bdbc1b577a5b}, keywords = {Computer networks; Sensors, Trustworthy computing, Sensor networks}, document_type = {Conference Paper}, source = {Scopus}, } - Sharp thresholds for scheduling recurring tasks with distance constraintsS. Gopalakrishnan, M. Caccamo, and L. ShaIEEE Transactions on Computers, 2008
The problem of identifying suitable conditions for the schedulability of (nonpreemptive) recurring tasks with deadlines is of great importance to real-time systems. In this paper, motivated by the problem of scheduling radar dwells, we show that scheduling problems of this nature show a sharp threshold behavior with respect to system utilization. Sharp thresholds are associated with phase transitions: When the utilization of a task set is less than a critical value, it can be scheduled almost surely and, when the utilization increases beyond the critical level, almost no task set can be scheduled. We make connections to work on random graphs to prove the sharp threshold behavior in the scheduling problem of interest. Using extensive experiments, we determine the threshold for the radar dwell scheduling problem and use it for performance optimization. The connections to random graph theory suggest new ways for understanding the average-case behavior of scheduling policies. These results emphasize the ease with which performance can be controlled in a variety of real-time systems. © 2008 IEEE.
@article{Gopalakrishnan2008344, author = {Gopalakrishnan, S. and Caccamo, M. and Sha, L.}, title = {Sharp thresholds for scheduling recurring tasks with distance constraints}, journal = {IEEE Transactions on Computers}, year = {2008}, volume = {57}, number = {3}, pages = {344-358}, doi = {10.1109/TC.2007.70808}, url = {https://www.scopus.com/inward/record.uri?eid=2-s2.0-43049102074&doi=10.1109%2fTC.2007.70808&partnerID=40&md5=970a44dde0fbe4029a2955f1309df66a}, author_keywords = {Phase transitions; QoS optimization; Radar systems; Real-time systems; Scheduling; Sharp thresholds}, keywords = {Graph theory; Optimization; Quality of service; Radar systems; Real time systems, Recurring task; Sharp thresholds, Scheduling algorithms}, document_type = {Article}, source = {Scopus}, } - Design of complex cyber physical systems with formalized architectural patternsL. Sha, and J. MeseguerLecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics), 2008
The design of cyber physical systems (CPS) presents many challenges because of their complexity, strong safety requirements, distribution, and real-time nature. We propose a novel paradigm, based on the idea of using simplicity to control complexity, to achieve highly reliable CPS designs. The goal is to embody design rules of this complexity-control nature in highly reusable, very robust, and formally verified architectural patterns. We discuss some preliminary work and experiments illustrating how this can be done for CPS systems. © 2008 Springer Berlin Heidelberg.
@article{Sha200892, author = {Sha, L. and Meseguer, J.}, title = {Design of complex cyber physical systems with formalized architectural patterns}, journal = {Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)}, year = {2008}, volume = {5380 LNCS}, pages = {92-100}, doi = {10.1007/978-3-540-89437-7_5}, url = {https://www.scopus.com/inward/record.uri?eid=2-s2.0-58049133301&doi=10.1007%2f978-3-540-89437-7_5&partnerID=40&md5=215db1e767b4c5c641e150e0fd3e2e8b}, keywords = {Architectural design; Cyber Physical System; Embedded systems, Architectural pattern; Complexity controls; Control complexity; CPS design; Cyber-physical systems (CPS); Design rules; Real time; Safety requirements, Real time systems}, document_type = {Conference Paper}, source = {Scopus}, } - Lightning: A hard real-time, fast, and lightweight low-end wireless sensor election protocol for acoustic event localizationQ. Wang, R. Zheng, A. Tirumala, X. Liu, and L. ShaIEEE Transactions on Mobile Computing, 2008
We present the Lightning Protocol, a hard real-time, fast, and lightweight protocol to elect the sensor closest to an impulsive sound source. This protocol can serve proximity-based localization or leader election for sensor collaboration. It utilizes the fact that electromagnetic waves propagate much faster than acoustic waves to efficiently reduce the number of contending sensors in the election. With simple RF bursts, most basic comparison operations, no need of clock synchronization, and a memory footprint as small as 5,330 bytes of ROM and 187 bytes of RAM, the protocol incurs O(1) transmissions, irrespective of the sensor density, and guarantees hard real-time (O(1)) localization time cost. Experiment results using UC Berkeley Motes in a common office environment demonstrate that the time delay for the Lightning Protocol is on the order of milliseconds. The simplicity of the protocol reduces memory cost, computation complexity, and programming difficulty, making it desirable for low-end wireless sensors. © 2008 IEEE.
@article{Wang2008570, author = {Wang, Q. and Zheng, R. and Tirumala, A. and Liu, X. and Sha, L.}, title = {Lightning: A hard real-time, fast, and lightweight low-end wireless sensor election protocol for acoustic event localization}, journal = {IEEE Transactions on Mobile Computing}, year = {2008}, volume = {7}, number = {5}, pages = {570-584}, doi = {10.1109/TMC.2007.70752}, art_number = {4358996}, url = {https://www.scopus.com/inward/record.uri?eid=2-s2.0-41549166263&doi=10.1109%2fTMC.2007.70752&partnerID=40&md5=58f6a543b4d3e2cf775f6097b3b37944}, author_keywords = {Location-dependent and sensitive; Pervasive computing; Real time; Wireless sensor networks}, keywords = {Electromagnetic waves; Network protocols; Real time systems; Ubiquitous computing, Programming difficulty; Sensor density, Wireless sensor networks}, document_type = {Article}, source = {Scopus}, }
2007
- The simplex reference model: Limiting fault-propagation due to unreliable components in cyber-physical system architecturesT.L. Crenshaw, E. Gunter, C.L. Robinson, L. Sha, and P.R. KumarProceedings - Real-Time Systems Symposium, 2007
Cyber-Physical Systems are networked, component-based, real-time systems that control and monitor the physical world. We need software architectures that limit fault-propagation across unreliable components. This paper introduces our Simplex reference model which is distinguished by: a Plant being controlled in an external context, a Machine performing the control, a Domain Model that estimates the Plant state, and the Safety Requirements that must be met. The Simplex reference model assists with constructing CPS architectures which limit fault-propagation. We present a representative case study to highlight the ideas behind the model and our particular decomposition. © 2007 IEEE.
@article{Crenshaw2007400, author = {Crenshaw, T.L. and Gunter, E. and Robinson, C.L. and Sha, L. and Kumar, P.R.}, title = {The simplex reference model: Limiting fault-propagation due to unreliable components in cyber-physical system architectures}, journal = {Proceedings - Real-Time Systems Symposium}, year = {2007}, pages = {400-409}, doi = {10.1109/RTSS.2007.34}, art_number = {4408323}, url = {https://www.scopus.com/inward/record.uri?eid=2-s2.0-48649096882&doi=10.1109%2fRTSS.2007.34&partnerID=40&md5=387363884f161a854e6bc6338edeb4cc}, keywords = {Control systems; Crack propagation; Software architecture, A-Plant; Case studies; Component-based; Control and monitoring; Domain modeling; External-; Fault-propagation; Physical systems; Reference models; Safety requirements, Real time systems}, document_type = {Conference Paper}, source = {Scopus}, } - GD-aggregate: A WAN virtual topology building tool for hard real-time and embedded applicationsQ. Wang, X. Liu, J. Hou, and L. ShaProceedings - Real-Time Systems Symposium, 2007
The convergence of computer and physical world calls for next generation Wide Area Network (WAN) infrastructures for hard real-time and embedded applications. Such networks need virtual topologies to achieve scalability, configurability, and flexibility. Virtual topologies are made of virtual links, for which, the state-of-the-art building tool is Guaranteed Rate server based aggregates (GR-aggregates). However, common-practice weight assignment scheme couples GR-aggregate End-to-End (E2E) delay bound with aggregate’s data throughput inverse proportionally. This is undesirable for many hard real-time embedded sensing/actuating applications, whose traffic has small data throughput but requires short E2E delay. We propose Guaranteed Delay server based aggregates (GD-aggregates), which allow assigning weights according to priorities instead of data throughput. This decouples E2E delay guarantee from data throughput, hence meets the needs of hard realtime embedded applications. In addition, GD-aggregates can be analyzed with simple closed form formulae, and can be easily planned with optimization tools. © 2007 IEEE.
@article{Wang2007379, author = {Wang, Q. and Liu, X. and Hou, J. and Sha, L.}, title = {GD-aggregate: A WAN virtual topology building tool for hard real-time and embedded applications}, journal = {Proceedings - Real-Time Systems Symposium}, year = {2007}, pages = {379-388}, doi = {10.1109/RTSS.2007.8}, art_number = {4408321}, url = {https://www.scopus.com/inward/record.uri?eid=2-s2.0-48649089326&doi=10.1109%2fRTSS.2007.8&partnerID=40&md5=b6b24e0a3f47956442109b8945a9a1e6}, keywords = {Aggregates; Throughput; Topology; Wide area networks, Assignment scheme; Closed-form formulae; Configurability; Data throughput; Delay bounds; Delay guarantees; Embedded applications; Guaranteed rate; Hard real-time; Optimization tools; Real time; Server based; Virtual links; Virtual topologies; Wide area network (WAN), Real time systems}, document_type = {Conference Paper}, source = {Scopus}, } - Building reliable MD PnP systemsM. Sun, Q. Wang, and L. ShaProceedings - 2007 Joint Workshop on High Confidence Medical Devices, Software, and Systems and Medical Device Plug-and-Play Interoperability, HCMDSS/MDPnP 2007, 2007
We address two necessary issues needed for developing safe and reliable MD PnP systems: robust wireless networking and automated checking for component interoperability and reliability. First, the robustness of a wireless network can be improved by the use of DSSS-CDMA, which tradeoff throughput to achieve higher reliability and persistence of connections as needed. Second, automated checking of components interoperability and reliability can be partially addressed by the use of the Integrated Framework for Assumptions and Dependencies (IFAD) by specifying a machine-checkable encoding of component information, checking interface assumptions, and finding how various environmental changes can impact the system. © 2007 IEEE.
@article{Sun2007104, author = {Sun, M. and Wang, Q. and Sha, L.}, title = {Building reliable MD PnP systems}, journal = {Proceedings - 2007 Joint Workshop on High Confidence Medical Devices, Software, and Systems and Medical Device Plug-and-Play Interoperability, HCMDSS/MDPnP 2007}, year = {2007}, pages = {104-110}, doi = {10.1109/HCMDSS-MDPnP.2007.10}, art_number = {4438169}, url = {https://www.scopus.com/inward/record.uri?eid=2-s2.0-48349120267&doi=10.1109%2fHCMDSS-MDPnP.2007.10&partnerID=40&md5=d03b52fde14930d9eae70e08c1774ecc}, keywords = {Component informations; Component interoperability; Environmental changes; Wireless networkings, Interoperability; Machine components; Quality assurance; Reliability; Technical presentations, Wireless networks}, document_type = {Conference Paper}, source = {Scopus}, } - PAS: A wireless-enabled, sensor-integrated personal assistance system for independent and assisted livingJ.C. Hou, Q. Wang, B.K. Alshebli, L. Ball, S. Birge, M. Caccamo, C.-F. Cheah, E. Gilbert, C.A. Gunter, E. Gunter, C.-G. Lee, K. Karahalios, M.-Y. Nam, N. Nitya, C. Rohit, L. Sha, W. Shin, S. Yu, Y. Yu, and Z. ZengProceedings - 2007 Joint Workshop on High Confidence Medical Devices, Software, and Systems and Medical Device Plug-and-Play Interoperability, HCMDSS/MDPnP 2007, 2007
Advances in networking, sensors, and embedded devices have made it feasible to monitor and provide medical and other assistance to people in their homes. Aging populations will benefit from reduced costs and improved health-care through assisted living based on these technologies. However, these systems challenge current state-of-the-art techniques for usability, reliability, and security. In this paper we present the PAS open architecture for assisted living, which allows independently developed third party components to collaborate. We discuss key technological issues in assisted living systems, such as tracking, fall detection, security and privacy; and results from our pilot study in a real assisted living facility are presented. © 2007 IEEE.
@article{Hou200764, author = {Hou, J.C. and Wang, Q. and Alshebli, B.K. and Ball, L. and Birge, S. and Caccamo, M. and Cheah, C.-F. and Gilbert, E. and Gunter, C.A. and Gunter, E. and Lee, C.-G. and Karahalios, K. and Nam, M.-Y. and Nitya, N. and Rohit, C. and Sha, L. and Shin, W. and Yu, S. and Yu, Y. and Zeng, Z.}, title = {PAS: A wireless-enabled, sensor-integrated personal assistance system for independent and assisted living}, journal = {Proceedings - 2007 Joint Workshop on High Confidence Medical Devices, Software, and Systems and Medical Device Plug-and-Play Interoperability, HCMDSS/MDPnP 2007}, year = {2007}, pages = {64-75}, doi = {10.1109/HCMDSS-MDPnP.2007.13}, art_number = {4438165}, url = {https://www.scopus.com/inward/record.uri?eid=2-s2.0-48349090370&doi=10.1109%2fHCMDSS-MDPnP.2007.13&partnerID=40&md5=cbcd57e8492e559771b76ff0c5e12a29}, keywords = {Aging populations; Assistance systems; Assisted livings; Current states; Embedded devices; Fall detections; Open architectures; Pilot studies; Reduced costs; Security and privacies; Technological issues; Third parties, Interoperability; Sensors; Technical presentations; Wireless networks, Photoacoustic spectroscopy}, document_type = {Conference Paper}, source = {Scopus}, } - Building robust wireless LAN for industrial control with the DSSS-CDMA n cell phone network paradigmQ. Wang, X. Liu, W. Chen, L. Sha, and M. CaccamoIEEE Transactions on Mobile Computing, 2007
Wireless LAN for Industrial Control (IC-WLAN) provides many benefits, such as mobility, low deployment cost, and ease of reconfiguration. However, the top concern is robustness of wireless communications. Wireless control loops must be maintained under persistent adverse channel conditions, such as noise, large-scale path loss, fading, and many electromagnetic interference sources in industrial environments. The conventional IEEE 802.11 WLANs, originally designed for high bandwidth instead of high robustness, are therefore inappropriate for IC-WLAN. A solution lies in the Direct Sequence Spread Spectrum (DSSS) technology: By deploying the largest possible processing gain (slowest bit rate) that fully exploits the low data rate feature of industrial control, much higher robustness can be achieved. We hereby propose using DSSS-CDMA to build IC-WLAN. We carry out fine-grained physical layer simulations and Monte Carlo comparisons. The results show that DSSS-CDMA IC-WLAN provides much higher robustness than IEEE 802.11/802.15.4 WLAN, so that reliable wireless industrial control loops become feasible. We also show that deploying larger processing gain is preferable to deploying more intensive convolutional coding. The DSSS-CDMA IC-WLAN scheme also opens up a new problem space for interdisciplinary study, involving real-time scheduling, resource management, communication, networking, and control. © 2007 IEEE.
@article{Wang2007706, author = {Wang, Q. and Liu, X. and Chen, W. and Sha, L. and Caccamo, M.}, title = {Building robust wireless LAN for industrial control with the DSSS-CDMA n cell phone network paradigm}, journal = {IEEE Transactions on Mobile Computing}, year = {2007}, volume = {6}, number = {6}, pages = {706-719}, doi = {10.1109/TMC.2007.1018}, url = {https://www.scopus.com/inward/record.uri?eid=2-s2.0-34247599452&doi=10.1109%2fTMC.2007.1018&partnerID=40&md5=386977a82feb98408d2fcb12b8dafa3e}, author_keywords = {Industrial control; Real-time and embedded systems; Reliability and robustness; Wireless communication}, keywords = {Control loops; Industrial control; Monte Carlo comparisons; Wireless communication, Bandwidth; Code division multiple access; Computer simulation; Fading channels; Monte Carlo methods; Robustness (control systems); Signal interference, Wireless local area networks (WLAN)}, document_type = {Conference Paper}, source = {Scopus}, }
2006
- Static analysis to enforce safe value flow in embedded control systemsS. Kowshik, G. Rosu, and L. ShaInternational Conference on Dependable Systems and Networks, 2006
Embedded control systems consist of multiple components with different criticality levels interacting with each other. For example, in a passenger jet, the navigation system interacts with the passenger entertainment system in providing passengers the distance-to-destination information. It is imperative that failures in the non-critical subsystem should not compromise critical functionality. This architectural principle for robustness can, however, be easily compromised by implementation-level errors. We describe Safe-Flow, which statically analyzes core components in the system to ensure that they use non-core values communicated through shared memory only if they are run-time monitored for safety or recoverability. Using simple, local annotations and semantic restrictions on shared memory usage in the core component, SafeFlow precisely identifies accesses to unmonitored non-core values. With a few false positives, it identifies erroneous dependencies of critical data on non-core values that can arise due to programming errors, inadvertent accesses, or wrong assumptions regarding the absence of difficult-to-detect implementation errors such as data races and synchronization. We demonstrate the utility of SafeFlow by applying it to discover critical value flow dependencies in three prototype systems. © 2006 IEEE.
@article{Kowshik200623, author = {Kowshik, S. and Rosu, G. and Sha, L.}, title = {Static analysis to enforce safe value flow in embedded control systems}, journal = {International Conference on Dependable Systems and Networks}, year = {2006}, volume = {2006}, pages = {23-32}, doi = {10.1109/DSN.2006.66}, art_number = {1633492}, url = {https://www.scopus.com/inward/record.uri?eid=2-s2.0-33845596872&doi=10.1109%2fDSN.2006.66&partnerID=40&md5=4b915d394d550424b0185370f3fedef9}, keywords = {Embedded control systems; Passenger entertainment systems; Programming errors; Prototype systems, Computer architecture; Control systems; Information retrieval; Instrument errors; Jet aircraft; Navigation systems; Semantics, Embedded systems}, document_type = {Conference Paper}, source = {Scopus}, } - Switch scheduling and network design for real-time systemsS. Gopalakrishnan, M. Caccamo, and L. ShaReal-Time Technology and Applications - Proceedings, 2006
The rapid need for high bandwidth and low latency communication in distributed real-time systems is driving system architects towards high-speed switches developed for high volume data transfer on the Internet. These switches employ complex scheduling algorithms for transferring data cells from the input line to the output line. From a real-time systems perspective, it is necessary to understand the behavior of these switching algorithms and obtain worst-case delay bounds for message transfer across these switches. Many researchers have derived average-case delay bounds for switching algorithms but mission-critical systems require guarantees for the worst-case. In this context, we derive upper bounds on cell delays across commonly available switches. Our bounds provide a starting point for research in this direction. Moreover, we use the delay bounds to construct low-cost networks of switches given a set of processors and their real-time communication requirements. Experiments with the heuristic algorithm that we propose for network design have produced encouraging results. Importantly, the algorithm is independent of the delay analysis technique and better techniques can be incorporated trivially. By addressing the network design problem, we hope to transform the system architecting process from a manual, ad-hoc operation to a simple and automated step that will result in better designs and cost savings. © 2006 IEEE.
@article{Gopalakrishnan2006289, author = {Gopalakrishnan, S. and Caccamo, M. and Sha, L.}, title = {Switch scheduling and network design for real-time systems}, journal = {Real-Time Technology and Applications - Proceedings}, year = {2006}, pages = {289-300}, doi = {10.1109/RTAS.2006.42}, art_number = {1613344}, url = {https://www.scopus.com/inward/record.uri?eid=2-s2.0-84884395891&doi=10.1109%2fRTAS.2006.42&partnerID=40&md5=aefce5bd16a73f279fca8a7a96d6b402}, keywords = {Distributed real time system; High-speed switches; Low-latency communication; Mission critical systems; Network design problems; Real-time communication; Switching algorithms; System architecting, Data transfer; Design; Heuristic algorithms; Switching circuits; Telecommunication systems, Real time systems}, document_type = {Conference Paper}, source = {Scopus}, } - Autonomous delay regulation for multi-threaded internet serversJ. Heo, X. Liu, L. Sha, and T.F. AbdelzaherInternational Symposium on Performance Evaluation of Computer and Telecommunication Systems 2006, SPECTS’06, Part of the 2006 Summer Simulation Multiconference, SummerSim’06, 2006
How to properly assign system resources to satisfy the Service Level Agreement (SLA) is a challenging research problem. Previous approaches include queuing model based feedback control strategies with queuing predictor for feed-forward delay prediction. However, ignorance of the multi-threaded nature can induce large model errors. To compensate this, previous approaches typically perform offline identification, thus making the system dependent on a particular workload and a specific Internet application. In this paper, we propose a novel framework for autonomous delay regulation for multi-threaded Internet servers. We formulate a processor-sharing queuing model for the multi-threaded server architecture to precisely predict service rate for worker threads. In addition, the proposed scheme uses the sleep actuator to properly assign resources based on the calculated service rale. We evaluate our techniques experimentally using an Apache web server test-bed. We demonstrate that the proposed strategy performs better than the previous approaches under a realistic workload.
@article{Heo2006465, author = {Heo, J. and Liu, X. and Sha, L. and Abdelzaher, T.F.}, title = {Autonomous delay regulation for multi-threaded internet servers}, journal = {International Symposium on Performance Evaluation of Computer and Telecommunication Systems 2006, SPECTS'06, Part of the 2006 Summer Simulation Multiconference, SummerSim'06}, year = {2006}, pages = {465-472}, url = {https://www.scopus.com/inward/record.uri?eid=2-s2.0-78751618914&partnerID=40&md5=b59115a3a648d96975aea1c72834da21}, keywords = {Apache web server; Delay regulation; Feed-Forward; Feedback control strategies; Internet application; Internet servers; Model errors; Multithreaded; Offline; Queuing models; Research problems; Server architecture; Service Level Agreements; Service rates; System resources, Computer simulation; Internet; Queueing networks; Telecommunication systems, Computer architecture}, document_type = {Conference Paper}, source = {Scopus}, } - A pattern for adaptive behavior in safety-critical, real-time middlewareT.L. Crenshaw, C.L. Robinson, H. Ding, P.R. Kumar, and L. ShaProceedings - Real-Time Systems Symposium, 2006
Patterns are a valuable method for communicating software engineering expertise about proven solutions for common problems. This paper evaluates the use of domain-independent patterns in a case study of Etherware, a middleware for networked control with a real-time, safety-critical applications model. The case study illustrates the positive and negative impact that four existing patterns have on availability, reliability, and robustness for real-time, safety-critical systems. In particular, we observe Etherware’s specialized usage of the Filter pattern, confirm this usage among other middleware technologies, and subsequently present the Adaptive Control Filter, a design pattern for real-time, safety-critical middleware which can mitigate timing dependencies in networked control. © 2006 IEEE.
@article{Crenshaw2006127, author = {Crenshaw, T.L. and Robinson, C.L. and Ding, H. and Kumar, P.R. and Sha, L.}, title = {A pattern for adaptive behavior in safety-critical, real-time middleware}, journal = {Proceedings - Real-Time Systems Symposium}, year = {2006}, pages = {127-136}, doi = {10.1109/RTSS.2006.8}, art_number = {4032342}, url = {https://www.scopus.com/inward/record.uri?eid=2-s2.0-38949126568&doi=10.1109%2fRTSS.2006.8&partnerID=40&md5=548818881030d0d59b948fcab1bdf0fd}, keywords = {Adaptive behavior; Networked control; Safety-critical applications model, Adaptive control systems; Middleware; Problem solving; Real time systems; Reliability theory; Robustness (control systems); Software engineering, Pattern recognition}, document_type = {Conference Paper}, source = {Scopus}, } - Adaptive control of multi-tiered Web applications using queueing predictorX. Liu, J. Heo, L. Sha, and X. ZhuIEEE Symposium Record on Network Operations and Management Symposium, 2006
How to effectively allocate system resources to meet Service Level Objectives (SLOs) is a challenging problem for Web services providers. In this paper, we propose a scheme for autonomous performance control of Web applications. It uses a queueing model predictor and an online adaptive feedback loop that enforces admission control of the incoming requests to ensure the desired response time target is met. The proposed Queueing-Model-Based Adaptive Control approach combines both the modeling power of queueing theory and self-tuning power of adaptive control. Therefore, it can handle both modeling inaccuracies and load disturbances in a better way. To evaluate the proposed approach, we built a multi-tiered Web application testbed with open-source components widely used in industry. Experimental studies conducted on the testbed demonstrated the effectiveness of the proposed approach. © 2006 IEEE.
@article{Liu2006107, author = {Liu, X. and Heo, J. and Sha, L. and Zhu, X.}, title = {Adaptive control of multi-tiered Web applications using queueing predictor}, journal = {IEEE Symposium Record on Network Operations and Management Symposium}, year = {2006}, pages = {107-114}, art_number = {1687543}, url = {https://www.scopus.com/inward/record.uri?eid=2-s2.0-34250752251&partnerID=40&md5=fa00ae117ea92393907b712da218d60e}, keywords = {Feedback loop; Load disturbances; Queueing model; Service Level Objectives (SLO), Access control; Adaptive control systems; Mathematical models; Queueing theory; Tuning, Web services}, document_type = {Conference Paper}, source = {Scopus}, } - Schedulability envelope for real-time radar dwell schedulingC.-G. Lee, P.-S. Kang, C.-S. Shih, and L. ShaIEEE Transactions on Computers, 2006
This paper proposes novel techniques for scheduling radar dwells in phased array radar systems. In order to handle complex physical characteristics such as dwell interleaving, transmitting duty cycle constraint, and energy constraint, we propose a notion of schedulability envelope. The schedulability envelope designed offline hides the details of complex radar dwell scheduling and provides a simple measure for the schedulability check. Using the schedulability envelope, the proposed technique can efficiently perform the admission control for dynamic target tracking tasks. The simulation results show that the proposed approach can significantly improve the system utilization by taking advantage of dwell interleaving while guaranteeing the schedulability and physical constraints. © 2006 IEEE.
@article{Lee20061599, author = {Lee, C.-G. and Kang, P.-S. and Shih, C.-S. and Sha, L.}, title = {Schedulability envelope for real-time radar dwell scheduling}, journal = {IEEE Transactions on Computers}, year = {2006}, volume = {55}, number = {12}, pages = {1599-1612}, doi = {10.1109/TC.2006.205}, url = {https://www.scopus.com/inward/record.uri?eid=2-s2.0-33947240198&doi=10.1109%2fTC.2006.205&partnerID=40&md5=1b3c70e5f16fbbdf0133b0b4a0d343bc}, author_keywords = {Finite-time guarantee; Online admission control; Phased-array radar; Radar dwell; Real-time scheduling; Schedulability envelope}, keywords = {Finite-time guarantee; Online admission control; Phased-array radar; Radar dwell; Schedulability envelopes, Antenna phased arrays; Computer simulation; Constraint theory; Online systems; Real time control; Scheduling, Radar systems}, document_type = {Article}, source = {Scopus}, } - Switch scheduling and network design for real-time systemsS. Gopalakrishnan, M. Caccamo, and L. ShaIEEE Real-Time and Embedded Technology and Applications Symposium, RTAS, 2006
The rapid need for high bandwidth and low latency communication in distributed real-time systems is driving system architects towards high-speed switches developed for high volume data transfer on the Internet. These switches employ complex scheduling algorithms for transferring data cells from the input line to the output line. From a real-time systems perspective, it is necessary to understand the behavior of these switching algorithms and obtain worst-case delay bounds for message transfer across these switches. Many researchers have derived average-case delay bounds for switching algorithms but mission-critical systems require guarantees for the worst-case. In this context, we derive upper bounds on cell delays across commonly available switches. Our bounds provide a starting point for research in this direction. Moreover, we use the delay bounds to construct low-cost networks of switches given a set of processors and their real-time communication requirements. Experiments with the heuristic algorithm that we propose for network design have produced encouraging results. Importantly, the algorithm is independent of the delay analysis technique and better techniques can be incorporated trivially. By addressing the network design problem, we hope to transform the system architecting process from a manual, ad-hoc operation to a simple and automated step that will result in better designs and cost savings. © 2006 IEEE.
@article{Gopalakrishnan2006290, author = {Gopalakrishnan, S. and Caccamo, M. and Sha, L.}, title = {Switch scheduling and network design for real-time systems}, journal = {IEEE Real-Time and Embedded Technology and Applications Symposium, RTAS}, year = {2006}, volume = {2006}, pages = {289-300}, doi = {10.1109/RTAS.2006.42}, art_number = {1613344}, url = {https://www.scopus.com/inward/record.uri?eid=2-s2.0-33749594229&doi=10.1109%2fRTAS.2006.42&partnerID=40&md5=1c5d1651b993955ff53f522176d0432c}, keywords = {Low-cost networks; Message transfer; Network design; Scheduling algorithms; Switching algorithms, Algorithms; Bandwidth; Communication; Cost accounting; Data transfer; Design; Heuristic methods; Scheduling, Real time systems}, document_type = {Conference Paper}, source = {Scopus}, } - Local group communication-aware MAC protocol in wireless sensor networksR. Zheng, J.S. Walia, and L. ShaInternational Journal of Wireless Information Networks, 2006
In this paper, we investigate the problem of providing efficient communication primitives across domains of wireless sensor network (WSN) applications. We argue both qualitatively and quantitatively that group communication among sensors of geographic proximity is one of the basic building blocks of many WSN applications. Furthermore, group communication awareness needs to be embedded and implemented at the MAC layer due to the broadcast nature of wireless medium. We devise a MAC protocol, called LGC-MAC to enable efficient single-hop one-to-many and many-to-one communication. We present case studies of two example applications, acoustic target tracking and propagation of information with feedback using LGC-MAC and demonstrate that LGC-MAC can improve the response time, alleviate channel contention and provide better fault tolerance to packet collisions and wireless errors. © Springer Science+Business Media, LLC 2006.
@article{Zheng2006275, author = {Zheng, R. and Walia, J.S. and Sha, L.}, title = {Local group communication-aware MAC protocol in wireless sensor networks}, journal = {International Journal of Wireless Information Networks}, year = {2006}, volume = {13}, number = {4}, pages = {275-287}, doi = {10.1007/s10776-006-0038-x}, url = {https://www.scopus.com/inward/record.uri?eid=2-s2.0-33750001182&doi=10.1007%2fs10776-006-0038-x&partnerID=40&md5=2f89814a1b102937d8b4a9210b9f45c4}, author_keywords = {Atomicity; Fate-sharing; Group communication; MAC; WSNs}, keywords = {Acoustic target tracking; Channel contention; Group communication; Packet collisions, Embedded systems; Fault tolerant computer systems; Feedback; Network protocols; Response time (computer systems), Wireless telecommunication systems}, document_type = {Conference Paper}, source = {Scopus}, } - Optimal block design for asynchronous wake-up schedules and its applications in multihop wireless networksR. Zheng, J.C. Hou, and L. ShaIEEE Transactions on Mobile Computing, 2006
In this paper, we consider the problem of designing optimal asynchronous wake-up schedules to facilitate distributed power management and neighbor discovery in multihop wireless networks. We first formulate it as a block design problem and derive the fundamental trade-offs between wake-up latency and the average duty cycle of a node. After the theoretical foundation is laid, we then devise a neighbor discovery and schedule bookkeeping protocol that can operate on the optimal wake-up schedule derived. To demonstrate the usefulness of asynchronous wake-up, we investigate the efficiency of neighbor discovery and the application of on-demand power management, which overlays a desirable communication schedule over the wake-up schedule mandated by the asynchronous wake-up mechanism. Simulation studies demonstrate that the proposed asynchronous wake-up protocol has short discovery time which scales with the density of the network; it can accommodate various traffic characteristics and loads to achieve an energy savings that can be as high as 70 percent, while the packet delivery ratio is comparable to that without power management. © 2006 IEEE.
@article{Zheng20061228, author = {Zheng, R. and Hou, J.C. and Sha, L.}, title = {Optimal block design for asynchronous wake-up schedules and its applications in multihop wireless networks}, journal = {IEEE Transactions on Mobile Computing}, year = {2006}, volume = {5}, number = {9}, pages = {1228-1240}, doi = {10.1109/TMC.2006.134}, art_number = {1661531}, url = {https://www.scopus.com/inward/record.uri?eid=2-s2.0-33746907121&doi=10.1109%2fTMC.2006.134&partnerID=40&md5=7b46ba4c545755a0b5140399956649e9}, author_keywords = {Asynchronous wake-up; Block design; Multihop wireless networks; Power management}, keywords = {Asynchronous wake-up; Block design; Multihop wireless networks; Power management, Asynchronous transfer mode; Computer simulation; Energy utilization; Network protocols; Telecommunication traffic; Wireless telecommunication systems, Telecommunication networks}, document_type = {Article}, source = {Scopus}, } - Optimal real-time sampling rate assignment for wireless sensor networksX. Liu, Q. Wang, W. He, M. Caccamo, and L. ShaACM Transactions on Sensor Networks, 2006
How to allocate computing and communication resources in a way that maximizes the effectiveness of control and signal processing, has been an important area of research. The characteristic of a multi-hop Real-Time Wireless Sensor Network raises new challenges. First, the constraints are more complicated and a new solution method is needed. Second, a distributed solution is needed to achieve scalability. This article presents solutions to both of the new challenges. The first solution to the optimal rate allocation is a centralized solution that can handle the more general form of constraints as compared with prior research. The second solution is a distributed version for large sensor networks using a pricing scheme. It is capable of incremental adjustment when utility functions change. This article also presents a new sensor device/network backbone architecture-Real-time Independent CHannels (RICH), which can easily realize multi-hop real-time wireless sensor networking. © 2006 ACM.
@article{Liu2006263, author = {Liu, X. and Wang, Q. and He, W. and Caccamo, M. and Sha, L.}, title = {Optimal real-time sampling rate assignment for wireless sensor networks}, journal = {ACM Transactions on Sensor Networks}, year = {2006}, volume = {2}, number = {2}, pages = {263-295}, doi = {10.1145/1149283.1149288}, url = {https://www.scopus.com/inward/record.uri?eid=2-s2.0-33746903087&doi=10.1145%2f1149283.1149288&partnerID=40&md5=d3f092c48ad1a7fbbdda00cd54a4ca6d}, author_keywords = {Distributed algorithms; Optimization; Pricing; Real-time wireless sensor network; Sensor network}, keywords = {Distributed algorithms; Pricing; Real-time wireless sensor network; Sensor networks, Computation theory; Constraint theory; Optimization; Problem solving; Real time systems; Signal processing, Wireless telecommunication systems}, document_type = {Article}, source = {Scopus}, } - Finite-horizon scheduling of radar dwells with online template constructionS. Gopalakrishnan, M. Caccamo, C.-S. Shih, C.-G. Lee, and L. ShaReal-Time Systems, 2006
Timing constraints for radar tasks are usually specified in terms of the minimum and maximum temporal distance between successive radar dwells. We utilize the idea of feasible intervals for dealing with the temporal distance constraints. In order to increase the freedom that the scheduler can offer a high-level resource manager, we introduce a technique for nesting and interleaving dwells online while accounting for the energy constraint that radar systems need to satisfy. Further, in radar systems, the task set changes frequently and we advocate the use of finite horizon scheduling in order to avoid the pessimism inherent in schedulers that assume a task will execute forever. The combination of feasible intervals and online dwell packing allows modular schedule updates whereby portions of a schedule can be altered without affecting the entire schedule, hence reducing the complexity of the scheduler. Through extensive simulations we validate our claims of providing greater scheduling flexibility without compromising on performance when compared with earlier work based on templates constructed offline. We also evaluate the impact of two parameters in our scheduling approach: the template length (or the extent of dwell nesting and interleaving) and the length of the finite horizon. © Springer Science + Business Media, LLC 2006.
@article{Gopalakrishnan200647, author = {Gopalakrishnan, S. and Caccamo, M. and Shih, C.-S. and Lee, C.-G. and Sha, L.}, title = {Finite-horizon scheduling of radar dwells with online template construction}, journal = {Real-Time Systems}, year = {2006}, volume = {33}, number = {1-3}, pages = {47-75}, doi = {10.1007/s11241-006-6882-z}, url = {https://www.scopus.com/inward/record.uri?eid=2-s2.0-33746924376&doi=10.1007%2fs11241-006-6882-z&partnerID=40&md5=95d5b03fe37e13426eb3201e6889a274}, author_keywords = {Energy constraints; Finite horizon; Radar dwell scheduling; Real-time scheduling}, keywords = {Constraint theory; Parameter estimation; Radar systems; Real time systems; Scheduling, Energy constraints; Finite horizon; Radar dwell scheduling; Real-time scheduling, Online systems}, document_type = {Article}, source = {Scopus}, } - Performance analysis of power management policies in wireless networksR. Zheng, J.C. Hou, and L. ShaIEEE Transactions on Wireless Communications, 2006
It has long been recognized that energy conservation usually comes at the cost of degraded performance such as longer delay and lower throughput in stand-alone systems and communication networks. However, there have been very few research efforts in quantifying such trade-offs. In this paper, we develop analytical models to characterize the relationships among energy, delay and throughput for different power management policies in wireless communication. Based on the decision when to put nodes to low-power states, we divide power management policies into two categories, i.e., 1) time-out driven and 2) polling-based. M/G/1/K queues with multiple vacations and an attention span are used to model time-out driven policies while transient analysis is applied to derive the state transition probability in polling-based systems. We find that For time-out driven power management policies, the "optimal" policy exhibits a threshold structure, i.e., when the traffic load is below certain threshold, a node should switch to the low-power state whenever possible and always remain active otherwise. From our analysis, contrary to general beliefs, polling-based policies such as the IEEE 802.11 PSM are not energy efficient for light traffic load. © 2006 IEEE.
@article{Zheng20061351, author = {Zheng, R. and Hou, J.C. and Sha, L.}, title = {Performance analysis of power management policies in wireless networks}, journal = {IEEE Transactions on Wireless Communications}, year = {2006}, volume = {5}, number = {6}, pages = {1351-1361}, doi = {10.1109/TWC.2006.1638656}, art_number = {1638656}, url = {https://www.scopus.com/inward/record.uri?eid=2-s2.0-33745069633&doi=10.1109%2fTWC.2006.1638656&partnerID=40&md5=f51145a00c9f226b511acdee58f5dd1c}, author_keywords = {M/G/1/K with multiple vacations and attention span; Power management; Transient analysis}, keywords = {M/G/1/K with multiple vacations and attention span; Polling-based systems; Power management; Transient analysis, Mathematical models; Probability; Telecommunication networks; Telecommunication traffic; Throughput, Wireless telecommunication systems}, document_type = {Article}, source = {Scopus}, } - High-Confidence medical device software and systemsI. Lee, G.J. Pappas, R. Cleaveland, J. Hatcliff, B.H. Krogh, P. Lee, H. Rubin, and L. ShaComputer, 2006
Given the shortage of caregivers and the increase in an aging US population, the future of US healthcare quality does not look promising and definitely is unlikely to be cheaper. Advances in health information systems and healthcare technology offer a tremendous opportunity for improving the quality of care while reducing costs. © 2006 IEEE.
@article{Lee200633, author = {Lee, I. and Pappas, G.J. and Cleaveland, R. and Hatcliff, J. and Krogh, B.H. and Lee, P. and Rubin, H. and Sha, L.}, title = {High-Confidence medical device software and systems}, journal = {Computer}, year = {2006}, volume = {39}, number = {4}, pages = {33-38}, doi = {10.1109/MC.2006.127}, url = {https://www.scopus.com/inward/record.uri?eid=2-s2.0-33645966521&doi=10.1109%2fMC.2006.127&partnerID=40&md5=93e984e8675c9924aa56e8102973a0e4}, keywords = {Algorithms; Health care; Information technology; Real time systems; Research and development management; Software engineering; Technical presentations, Adaptive patient-specific algorithms; Embedded real-time system design; High-confidence medical device software and systems, Biomedical equipment}, document_type = {Article}, source = {Scopus}, } - Real-time virtual machines for avionics software migrationL. Sha, and C.-G. LeeInternational Journal of Embedded Systems, 2006
Generalised Rate Monotonic Scheduling (GRMS) theory has now been widely adopted in practice and supported by open standards. In recent years, Ada runtime and COTS RTOSs supporting GRMS have met the DO 178B flight control standard (http://www.ddci.com/products_darts.shtml; http://ic.arc.nasa.gov/publications/pdf/2000–0213.pdf). This creates strong incentives for the avionics industry to migrate from a traditional cyclical executive based system called a federated architecture to a GRMS based system to take advantage of GRMS’s flexibility, and theoretical schedulability analysis. However, the industry is reluctant to migrate due to enormous potential re-certification cost. This paper presents a novel software architecture called a Logical Federated Architecture (LFA) that greatly reduces re-certification cost due to the change of scheduling methods. © 2006 Inderscience Enterprises Ltd.
@article{Sha2006156, author = {Sha, L. and Lee, C.-G.}, title = {Real-time virtual machines for avionics software migration}, journal = {International Journal of Embedded Systems}, year = {2006}, volume = {2}, number = {3-4}, pages = {156-165}, doi = {10.1504/ijes.2006.014852}, url = {https://www.scopus.com/inward/record.uri?eid=2-s2.0-84949687049&doi=10.1504%2fijes.2006.014852&partnerID=40&md5=4646abd648cf9f908d757d0a590c83b1}, author_keywords = {avionics software migration; generalised rate monotonic scheduling; GRMS; logical federation architecture; schedulability}, document_type = {Article}, source = {Scopus}, } - A microscopic study of power management in IEEE 802.11 wireless networksC. Hu, R. Zheng, J.C. Hou, and L. ShaInternational Journal of Wireless and Mobile Computing, 2006
In this paper, we demonstrate via a rigorous, analytical model that the periodic structure in IEEE 802.11 Power-Save Mode (PSM) together with its signalling overhead leads to both energy and bandwidth under-utilisation. We then devise Sleep In the Middle and Prolonged Activeness (SIMPA), a new power management protocol based on IEEE 802.11 PSM, to decouple the power management decision points and the Beacon Intervals (BIs), so as to allow fine grained control. In SIMPA, wireless devices can switch to the sleep state inside a BI or extend their active states beyond one BI. A comprehensive simulation study in both single hop wireless LANs without the AP support and multihop wireless networks demonstrates that as compared to IEEE 802.11 PSM, SIMPA can effectively reduce energy consumed under light to medium traffic loads and retain the network capacity for data transport at high traffic loads. Copyright © 2006 Inderscience Enterprises Ltd.
@article{Hu2006165, author = {Hu, C. and Zheng, R. and Hou, J.C. and Sha, L.}, title = {A microscopic study of power management in IEEE 802.11 wireless networks}, journal = {International Journal of Wireless and Mobile Computing}, year = {2006}, volume = {1}, number = {3-4}, pages = {165-178}, doi = {10.1504/ijwmc.2006.012553}, url = {https://www.scopus.com/inward/record.uri?eid=2-s2.0-42149102804&doi=10.1504%2fijwmc.2006.012553&partnerID=40&md5=09f2b3d8296dc740df67e0b18e429f3f}, author_keywords = {IEEE 802.11 Power-Save Mode (PSM); Power management; Wireless networks}, keywords = {Ad hoc networks; Medium access control; Power management; Power management (telecommunication); Sensor networks; Wireless local area networks (WLAN); Wireless networks, Fine-grained control; IEEE 802.11 power save modes; IEEE 802.11 wireless networks; Management decisions; Microscopic study; Multihop wireless network; Power management protocol; Simulation studies, IEEE Standards}, document_type = {Article}, source = {Scopus}, } - I-living: An open system architecture for assisted livingW. Qixin, S. Wook, L. Xue, Z. Zheng, C. Oh, B.K. Alshebli, M. Caccamo, C.A. Gunter, E. Gunter, J. Hou, K. Karahalios, and S. LuiConference Proceedings - IEEE International Conference on Systems, Man and Cybernetics, 2006
Advances in networking, sensors, and embedded devices have made it feasible to monitor and provide medical and other assistance to people in their homes. Aging populations will benefit from reduced costs and improved healthcare through assisted living based on these technologies. However, these systems challenge current state-of-the-art techniques for usability, reliability, and security. This is a particular challenge for open and extensible systems that combine software and hardware from many vendors and provide information to diverse clinicians. In this paper we present the I-Living architecture for assisted living that allows independent parties work together in a dependable, secure, and low-cost fashion with predictable properties. Our approach is based on an Assisted Living Service Provider (ALSP) who provides a server that collects and maintains encrypted Assisted Persons (APs)’ records. Our ALSP can be a third party distinct from APs, communication providers, and clinicians; or it can be part of an ISP, hospital or similar enterprise. We have explored the architecture by developing a collection of applications and implementing them in a prototype system. Our system shows the feasibility and opportunity of an open approach to assisted living systems. © 2006 IEEE.
@article{Qixin20064268, author = {Qixin, W. and Wook, S. and Xue, L. and Zheng, Z. and Oh, C. and Alshebli, B.K. and Caccamo, M. and Gunter, C.A. and Gunter, E. and Hou, J. and Karahalios, K. and Lui, S.}, title = {I-living: An open system architecture for assisted living}, journal = {Conference Proceedings - IEEE International Conference on Systems, Man and Cybernetics}, year = {2006}, volume = {5}, pages = {4268-4275}, doi = {10.1109/ICSMC.2006.384805}, art_number = {4274570}, url = {https://www.scopus.com/inward/record.uri?eid=2-s2.0-34548134027&doi=10.1109%2fICSMC.2006.384805&partnerID=40&md5=d34d01f07dc6851ee941ac118db02396}, keywords = {Computer networks; Cost reduction; Embedded systems; Reliability theory; Security of data; Sensors; Usability engineering, Assisted Living Service Provider (ALSP); Extensible systems; Living systems, Systems analysis}, document_type = {Conference Paper}, source = {Scopus}, } - The dependency management framework: A case study of the ION CubeSatH. Ding, L. Arber, L. Sha, and M. CaccamoProceedings - Euromicro Conference on Real-Time Systems, 2006
Due to the complexity and requirements of modern real-time systems, multiple teams must often work concurrently and independently to develop the various components of the system. Since a team typically only knows the dependency relations between the components they wrote and those they directly use, keeping track of system-wide dependency relations is not possible for any individual team. To further complicate matters, dependency relations often change as software components are refined or their interactions modified. Because the robustness of any real-time system hinges on the availability of essential services in spite of faults and failures in useful but non-essential components, keeping track of the constantly evolving dependency relations between the system’s components is crucial. If a system’s designers cannot ensure that critical services only USE but do not DEPEND ON less critical components, a seemingly minor fault can propagate along complex and unforeseen dependency chains and bring down the entire system. Therefore, automatically tracking and analyzing system-wide dependency relations given only local dependency information is vital for the development of robust real time systems. This paper presents DMF (Dependency Management Framework), a prototype toolkit for dependency management in designing robust real-time systems. We demonstrate the usability and scalability of DMF with a case study of ION CubeSat, the University of Illinois at Urbana-Champaign ’s first student-developed satellite. © 2006 IEEE.
@article{Ding200655, author = {Ding, H. and Arber, L. and Sha, L. and Caccamo, M.}, title = {The dependency management framework: A case study of the ION CubeSat}, journal = {Proceedings - Euromicro Conference on Real-Time Systems}, year = {2006}, volume = {2006}, pages = {55-64}, doi = {10.1109/ECRTS.2006.28}, art_number = {1647725}, url = {https://www.scopus.com/inward/record.uri?eid=2-s2.0-33947635681&doi=10.1109%2fECRTS.2006.28&partnerID=40&md5=1bba6df2f8d07c2039fb5e7dda537622}, keywords = {Computer software; Failure (mechanical); Robustness (control systems), Dependency chains; Essential services, Real time systems}, document_type = {Conference Paper}, source = {Scopus}, }
2005
- Dependency algebra: A theoretical framework for dependency management in real-time control systemsH. Ding, K. Lee, and L. ShaProceedings - 12th IEEE International Conference and Workshops on the Engineering of Computer-Based Systems, ECS 2005, 2005
The large and complex dependency relationship between software components is at the root of system instability. A seemingly minor fault can propagate along dependency chains and bring down the system. Therefore, the first step in the development of a robust system is the management and control of dependency relations between software components. The two contributions of this paper are: 1) a refinement of the commonly used failure semantics in the context of a real time control system: 2) the development of a Dependency Algebra. Component dependency relationships can be described in terms of a set of refined failure semantics mappings, enabling differentiation and comparison of different relationships and designs. The system-wide evaluation and tracking of these dependency relationships are performed using Dependency Algebra. © 2005 IEEE.
@article{Ding200541, author = {Ding, H. and Lee, K. and Sha, L.}, title = {Dependency algebra: A theoretical framework for dependency management in real-time control systems}, journal = {Proceedings - 12th IEEE International Conference and Workshops on the Engineering of Computer-Based Systems, ECS 2005}, year = {2005}, pages = {41-48}, url = {https://www.scopus.com/inward/record.uri?eid=2-s2.0-28344441689&partnerID=40&md5=1c954bd8faed32c36f9a5d620ee97076}, keywords = {Algebra; Control systems; Differentiation (calculus); Real time systems; Robustness (control systems); Semantics; Set theory, Dependency algebra; Failure semantics; Robust system; Software components, Computer software}, document_type = {Conference Paper}, source = {Scopus}, } - Dependency algebra: A tool for designing robust real-time systemsH. Ding, and L. ShaProceedings - Real-Time Systems Symposium, 2005
A robust system is one that can ensure essential services in spite of faults and failures in useful but non-essential components. Unless we can ensure that critical services can only USE but not depend on less critical components, a seemingly minor fault can propagate along complex and implicit dependency chains and bring down the system. Modern real time systems are often developed concurrently by multiple teams. A team typically only knows the dependency relations between their components and neighboring components. In addition, dependency relations will change as software components and their interactions are being modified. Therefore, how to automatically track and analyze the system wide dependency from local information is important for the development of robust real time systems. This paper presents dependency algebra - a unified theoretical framework plus a prototype toolkit for dependency management in real-time systems. © 2005 IEEE.
@article{Ding2005, author = {Ding, H. and Sha, L.}, title = {Dependency algebra: A tool for designing robust real-time systems}, journal = {Proceedings - Real-Time Systems Symposium}, year = {2005}, doi = {10.1109/RTSS.2005.16}, art_number = {1563109}, url = {https://www.scopus.com/inward/record.uri?eid=2-s2.0-84879382694&doi=10.1109%2fRTSS.2005.16&partnerID=40&md5=e89083aeaeea42125f93c5bda201da3e}, keywords = {Critical component; Dependency algebra; Dependency chains; Dependency relation; Essential services; Local information; Software component; Theoretical framework, Algebra; Interactive computer systems, Real time systems}, document_type = {Conference Paper}, source = {Scopus}, } - Improved timing control for web server systems using internal state informationX. Liu, R. Zheng, J. Heo, and L. Sha14th International World Wide Web Conference, WWW2005, 2005
How to effectively allocate system resource to meet the Service Level Agreement (SLA) of Web servers is a challenging problem. In this paper, we propose an improved scheme for autonomous timing performance control in Web servers under highly dynamic traffic loads. We devise a novel delay regulation technique called Queue Length Model Based Feedback Control utilizing server internal state information to reduce response time variance in presence of bursty traffic. Both simulation and experimental studies using synthesized workloads and real-world Web traces demonstrate the effectiveness of the proposed approach.
@article{Liu20051068, author = {Liu, X. and Zheng, R. and Heo, J. and Sha, L.}, title = {Improved timing control for web server systems using internal state information}, journal = {14th International World Wide Web Conference, WWW2005}, year = {2005}, pages = {1068-1069}, doi = {10.1145/1062745.1062872}, url = {https://www.scopus.com/inward/record.uri?eid=2-s2.0-77953077998&doi=10.1145%2f1062745.1062872&partnerID=40&md5=3a8ab1e6e90f7689093affce16d1c4db}, author_keywords = {Control theory; Feedback; Queueing model; SLA; Web server}, keywords = {Bursty traffic; Delay regulation; Dynamic traffic; Experimental studies; Improved scheme; Internal state; Model-based; Queue lengths; Queueing model; Real-world; Response time; Service Level Agreements; SLA; System resources; Timing control; Timing performance; Web Server system; Web servers, Control theory; Feedback; Ocean currents; Queueing networks; Servers; State feedback; Synthesis (chemical); System theory; Time measurement; Web services; Wireless sensor networks, Queueing theory}, document_type = {Conference Paper}, source = {Scopus}, } - A distributed, energy-aware, utility-based approach for data transport in wireless sensor networksW.-P. Chen, J.C. Hou, L. Sha, and M. CaccamoProceedings - IEEE Military Communications Conference MILCOM, 2005
Distinct from wireless ad hoc networks, wireless sensor networks are data-centric, application-oriented, collaborative, and energy-constrained in nature. In this paper, we formulate the problem of data transport in sensor networks as an optimization problem, with the objective of maximizing the amount of information (utility) collected at sinks, subject to both the channel band-width and energy constraints. We then devise a distributed solution of the convex optimization problem, and explore in three directions. First, we devise a simple node capacity estimation method to online measure the node capacity. Second, we linearize the energy constraint by properly setting the value of the system lifetime in advance and controlling the data rate of a node so as to sustain its battery lifetime longer than the specified lifetime. Finally, we incorporate the optimization results into routing so as to provide sensors with opportunities to select better routes. The simulation results show that the utility-based approach balances between system utility and system lifetime.
@article{Chen2005, author = {Chen, W.-P. and Hou, J.C. and Sha, L. and Caccamo, M.}, title = {A distributed, energy-aware, utility-based approach for data transport in wireless sensor networks}, journal = {Proceedings - IEEE Military Communications Conference MILCOM}, year = {2005}, volume = {2005}, doi = {10.1109/MILCOM.2005.1605928}, art_number = {1605928}, url = {https://www.scopus.com/inward/record.uri?eid=2-s2.0-33847342547&doi=10.1109%2fMILCOM.2005.1605928&partnerID=40&md5=62571692c4db64a620045cb1da655978}, author_keywords = {Mathematical programming/optimization; Pricing; Simulations; System design; Utility-based; Wireless sensor networks}, document_type = {Conference Paper}, source = {Scopus}, } - Timing performance control in Web server systems utilizing server internal state informationX. Liu, R. Zheng, J. Heo, Q. Wang, and L. ShaJoint International Conference on Autonomic and Autonomous Systems and International Conference on Networking and Services, ICAS/ICNS 2005, 2005
How to effectively allocate system resource to meet the Service Level Agreement (SLA) of Web servers is a challenging problem. In this paper, we propose an improved scheme for autonomous timing performance control in Web servers under highly dynamic traffic loads. We devise a novel delay regulation technique called Queue Length Model Based Feedback Control utilizing server internal state information to reduce response time variance in presence of bursty traffic. Both simulation and experimental studies using synthesized workloads and real-world Web traces demonstrate the effectiveness of the proposed approach. © 2005 IEEE.
@article{Liu200575, author = {Liu, X. and Zheng, R. and Heo, J. and Wang, Q. and Sha, L.}, title = {Timing performance control in Web server systems utilizing server internal state information}, journal = {Joint International Conference on Autonomic and Autonomous Systems and International Conference on Networking and Services, ICAS/ICNS 2005}, year = {2005}, volume = {2005}, pages = {75}, doi = {10.1109/ICAS-ICNS.2005.89}, art_number = {1559927}, url = {https://www.scopus.com/inward/record.uri?eid=2-s2.0-33845294761&doi=10.1109%2fICAS-ICNS.2005.89&partnerID=40&md5=3db7007f0752d4e95252a925e107c0be}, keywords = {Delay regulation technique; Queue Length Model Based Feedback Control; Service Level Agreement (SLA); Web servers, Computer simulation; Feedback control; Queueing theory; Telecommunication traffic; World Wide Web, Servers}, document_type = {Conference Paper}, source = {Scopus}, } - MAC layer support for group communication in wireless sensor networksR. Zheng, L. Sha, and W. Feng2nd IEEE International Conference on Mobile Ad-hoc and Sensor Systems, MASS 2005, 2005
In this paper, we investigate the problem of providing efficient communication primitives across domains of wireless sensor network (WSN) applications. We argue both qualitatively and quantitatively that group communication among sensors of geographic proximity is one of the basic building blocks of many WSN applications. Furthermore, group communication awareness needs to be embedded and implemented at the MAC layer due to the broadcast nature of wireless medium. We devise a MAC protocol, called LGC-MAC to enable efficient single-hop one-to-many and many-to-one communication. We present case studies of two example applications, acoustic target tracking and propagation of information with feedback using LGC-MAC and demonstrate that LGC-MAC can improve the response time, alleviate channel contention and provide better fault tolerance to packet collisions and wireless errors. © 2005 IEEE.
@article{Zheng2005388, author = {Zheng, R. and Sha, L. and Feng, W.}, journal = {2nd IEEE International Conference on Mobile Ad-hoc and Sensor Systems, MASS 2005}, year = {2005}, volume = {2005}, pages = {388-395}, doi = {10.1109/MAHSS.2005.1542824}, art_number = {1542824}, url = {https://www.scopus.com/inward/record.uri?eid=2-s2.0-33750298991&doi=10.1109%2fMAHSS.2005.1542824&partnerID=40&md5=d03cfa86bbbd1118990107950803c154}, author_keywords = {Atomicity; Fatesharing; Group communication; MAC; WSNs}, keywords = {Atomicity; Fatesharing; Group communication; MAC; Wireless sensor network (WSN), Broadcasting; Communication channels (information theory); Embedded systems; Feedback; Sensors; Wireless telecommunication systems, Telecommunication networks}, document_type = {Conference Paper}, source = {Scopus}, } - A dependable online testing and upgrade architecture for real-time embedded systemsK. Lee, and L. ShaProceedings - 11th IEEE International Conference on Embedded and Real-Time Computing Systems and Applications, 2005
When real-time embedded system software needs to be upgraded, it will be more dependable if the new software is sufficiently tested on the actual deployment platform. The challenge is to provide a safeguard for protecting the normal operations from faulty upgrades. However, the safeguard must be not only efficient but also able to be added and taken away as needed without shutting down the normal operations. We have developed an architecture based on Simplex Architecture and Process Resurrection and have applied it to the inverted pendulum control system. The measurements show that the overhead is small and justifiable. © 2005 IEEE.
@article{Lee2005160, author = {Lee, K. and Sha, L.}, title = {A dependable online testing and upgrade architecture for real-time embedded systems}, journal = {Proceedings - 11th IEEE International Conference on Embedded and Real-Time Computing Systems and Applications}, year = {2005}, pages = {160-168}, doi = {10.1109/RTCSA.2005.8}, art_number = {1541073}, url = {https://www.scopus.com/inward/record.uri?eid=2-s2.0-33749069695&doi=10.1109%2fRTCSA.2005.8&partnerID=40&md5=eff494e6a6ba7b3212c9dfcff9779880}, keywords = {Faulty upgrades; Online testing; Pendulum control system; Simplex Architecture, Computer architecture; Computer software; Computer software selection and evaluation; Control systems; Embedded systems; Real time systems, Online systems}, document_type = {Conference Paper}, source = {Scopus}, } - Modeling 3-tiered web applicationsX. Liu, J. Heo, and L. ShaProceedings - IEEE Computer Society’s Annual International Symposium on Modeling, Analysis, and Simulation of Computer and Telecommunications Systems, MASCOTS, 2005
The rapid advancement and deployment of Web applications call for a precise yet simple model for capacity planning and analysis purposes. The most widely deployed Web application architecture is the 3-tiered system, which is composed of a front-end Web server, an application server and a hackend database server. In this paper, we present an analytical model of the 3-tiered Web application architecture. We show by using queueing network theory, we can model the 3-tiered Web application architecture accurately. A test-bed is built to measure model parameters based on industry standard server components and TPC-W benchmark. Validation results show that the proposed model predicts performance measures such as response time and throughput accurately. © 2005 IEEE.
@article{Liu2005307, author = {Liu, X. and Heo, J. and Sha, L.}, title = {Modeling 3-tiered web applications}, journal = {Proceedings - IEEE Computer Society's Annual International Symposium on Modeling, Analysis, and Simulation of Computer and Telecommunications Systems, MASCOTS}, year = {2005}, volume = {2005}, pages = {307-310}, doi = {10.1109/MASCOTS.2005.40}, art_number = {1521145}, url = {https://www.scopus.com/inward/record.uri?eid=2-s2.0-33646928363&doi=10.1109%2fMASCOTS.2005.40&partnerID=40&md5=5d5364f2354da89d2d52ca39c771c4fb}, keywords = {Capacity planning; Database server; Queueing network theory, Benchmarking; Computer architecture; Computer simulation; Database systems; Queueing networks; Servers, World Wide Web}, document_type = {Conference Paper}, source = {Scopus}, } - Co-design based approach to improve robustness in networked control systemsS. Kowshik, G. Baliga, S. Graham, and L. ShaInternational Conference on Dependable Systems and Networks, 2005
Traditional control systems consist of sensors, controllers, and actuators operating with tight periodic dependencies, and communicating over dedicated real-time channels such as CAN or FDDI. However, best effort networks such as 802.11 are being increasingly used in such systems. The unpredictable delays and losses in such networks violate the periodicity assumptions of digital control design, and the consequent fail-safe actions incur significant performance penalties. In this paper, we propose a co-design based approach to address the periodicity requirements of digital control design, and improve robustness by extending deadlines through graceful degradation to the fail-safe action. In particular, we analytically demonstrate significant deadline extensions in the control loop of a traffic control testbed based on our approach. Such deadline extensions also facilitate fault tolerance techniques such as component restarts, and system management mechanisms such as online component upgrades. We validate the results by experiments in the testbed. © 2005 IEEE.
@article{Kowshik2005454, author = {Kowshik, S. and Baliga, G. and Graham, S. and Sha, L.}, title = {Co-design based approach to improve robustness in networked control systems}, journal = {International Conference on Dependable Systems and Networks}, year = {2005}, pages = {454-463}, doi = {10.1109/DSN.2005.26}, url = {https://www.scopus.com/inward/record.uri?eid=2-s2.0-27544460739&doi=10.1109%2fDSN.2005.26&partnerID=40&md5=03edc45191f99405449f42cd982a2e2a}, keywords = {CAN; Co-design based approach; FDDI; Networked controls, Control equipment; Control system analysis; Digital control systems; Fault tolerant computer systems; Online systems; Robustness (control systems), Systems analysis}, document_type = {Conference Paper}, source = {Scopus}, } - Process Resurrection: A fast recovery mechanism for real-time embedded systemsK. Lee, and L. ShaIEEE Real-Time and Embedded Technology and Applications Symposium, RTAS, 2005
This paper describes a fast recovery mechanism that meets the requirements of embedded real-time systems. In general purpose computing, restart is an established technology for achieving high availability. Restart has also been used in soft real-time systems where the temporary interruption of service is undesirable but acceptable. However, it has not been widely used in small embedded realtime systems with hard deadlines, mainly because the traditional approaches do not meet their requirements of low memory and processor overhead, and fast response times with little variations. We have developed Process Resurrection, a novel restart mechanism for recovering from crash failures to meet these requirements. The experiments on an inverted pendulum control system shows that it can recover the control process in time after a crash (eg. segmentation fault). Another experiment conducted on an MP3 audio player shows that this technique is also applicable to some multimedia applications. © 2005 IEEE.
@article{Lee2005292, author = {Lee, K. and Sha, L.}, title = {Process Resurrection: A fast recovery mechanism for real-time embedded systems}, journal = {IEEE Real-Time and Embedded Technology and Applications Symposium, RTAS}, year = {2005}, pages = {292-301}, url = {https://www.scopus.com/inward/record.uri?eid=2-s2.0-24944565453&partnerID=40&md5=89557a7d5082f76b6ed4135f4a28cb12}, keywords = {MP3 audio player; Process resurrection; Real-time embedded systems; Restart mechanism, Control systems; Electronic equipment; Embedded systems; Multimedia systems; Pendulums, Real time systems}, document_type = {Conference Paper}, source = {Scopus}, } - A Framework for Time Indexing in Sensor NetworksG. He, I. Gupta, L. Sha, and R. ZhengACM Transactions on Sensor Networks, 2005
In this article, we define the time-indexing problem as the in-network storage and querying of sensor network data based solely on the time attribute. We argue qualitatively why existing storage schemes may be insufficient as solutions. We then present, analyze, and evaluate novel and lightweight solutions to both the storage and the querying subproblems for time indexing. First, the time-indexed storage problem is formally defined and two formulations are presented seeking to optimize generic utility functions that are derived from concerns about energy, bandwidth usage, and storage balancing. We present and analyze decentralized protocols to solve these formulations and prove the optimality of some of our solutions. Secondly, maintenance and use of simple overlays among rendezvous point nodes in order to enable fault-tolerant and efficient time-indexed queries are discussed. Finally, simulation results are presented to quantify performance characteristics of the protocols, and we find that our proposed scheme has low query overhead that scales with system size and density while exhibiting very good load-balancing and fault-tolerance properties. The use of time-indexed structure is shown to achieve more than double the lifetime of sensor networks compared to existing approaches in some scenarios. Copyright © 2005, ACM. All rights reserved.
@article{He2005101, author = {He, G. and Gupta, I. and Sha, L. and Zheng, R.}, title = {A Framework for Time Indexing in Sensor Networks}, journal = {ACM Transactions on Sensor Networks}, year = {2005}, volume = {1}, number = {1}, pages = {101-133}, doi = {10.1145/1077391.1077396}, url = {https://www.scopus.com/inward/record.uri?eid=2-s2.0-84893596798&doi=10.1145%2f1077391.1077396&partnerID=40&md5=d41789e6e1b93e152727aa5faa089230}, author_keywords = {Design; information retrieval; rendezvous point; Time indexing}, document_type = {Article}, source = {Scopus}, } - Design and analysis of an MST-based topology control algorithmN. Li, J.C. Hou, and L. ShaIEEE Transactions on Wireless Communications, 2005
In this paper, we present a minimum spanning tree (MST)-based algorithm, called local minimum spanning tree (LMST), for topology control in wireless multihop networks. In this algorithm, each node builds its LMST independently and only keeps on-tree nodes that are one-hop away as its neighbors in the final topology. We analytically prove several important properties of LMST: 1) the topology derived under LMST preserves the network connectivity; 2) the node degree of any node in the resulting topology is bounded by 6; and 3) the topology can be transformed into one with bidirectional links (without impairing the network connectivity) after removal of all unidirectional links. Simulation results show that LMST can increase the network capacity as well as reduce the energy consumption. © 2005 IEEE.
@article{Li20051195, author = {Li, N. and Hou, J.C. and Sha, L.}, title = {Design and analysis of an MST-based topology control algorithm}, journal = {IEEE Transactions on Wireless Communications}, year = {2005}, volume = {4}, number = {3}, pages = {1195-1206}, doi = {10.1109/TWC.2005.846971}, url = {https://www.scopus.com/inward/record.uri?eid=2-s2.0-18844404710&doi=10.1109%2fTWC.2005.846971&partnerID=40&md5=6a147ce758e6dc34f1181d78e5de7029}, author_keywords = {Graph theory; Spatial reuse; Topology control}, keywords = {Computer simulation; Energy efficiency; Graph theory; Network protocols; Routers; Telecommunication links; Telecommunication traffic; Wireless telecommunication systems, Minimum spanning tree (MST); Network capacity; Spatial reuse; Topology control, Algorithms}, document_type = {Article}, source = {Scopus}, } - 11th IEEE International Conference on Embedded and Real-Time Computing Systems and Applications (RTCSA’05): ForewordJ.K. Ng, L. Sha, V.C.S. Lee, K. Takashio, M. Ryu, and L. NiProceedings - 11th IEEE International Conference on Embedded and Real-Time Computing Systems and Applications, 2005
@article{Ng2005, author = {Ng, J.K. and Sha, L. and Lee, V.C.S. and Takashio, K. and Ryu, M. and Ni, L.}, title = {11th IEEE International Conference on Embedded and Real-Time Computing Systems and Applications (RTCSA'05): Foreword}, journal = {Proceedings - 11th IEEE International Conference on Embedded and Real-Time Computing Systems and Applications}, year = {2005}, pages = {xii}, doi = {10.1109/RTCSA.2005.54}, art_number = {1541046}, url = {https://www.scopus.com/inward/record.uri?eid=2-s2.0-33749052921&doi=10.1109%2fRTCSA.2005.54&partnerID=40&md5=5a423e47d997a114650c6a93f3eeb1d2}, keywords = {Embedded systems, Real time computing systems, Real time systems}, document_type = {Editorial}, source = {Scopus}, }
2004
- A case for resource heterogeneity in large sensor networksS. Kandula, J. Hou, and L. ShaProceedings - IEEE Military Communications Conference MILCOM, 2004
Sensor networks have traditionally consisted of nodes with the same amount of resources such as battery life and computational power. While such homogeneity has distinct advantages in terms of ease-of-fabrication, it has also been shown that in multi-hop ad-hoc scenarios homogeneity leads to large duty cycles, small end-to-end data throughput and poor deployment lifetimes. In this paper, we investigate sensor networks that have a single degree of heterogeneity, a random subset of the sensors, called accumulators, have more power and computational capability. To this end, we develop a decentralized, hierarchical clustering algorithm, called Hierarchical Clustering and Routing (HCR) algorithm. HCR exploits heterogeneity among sensor nodes to form a cluster hierarchy, with the objective of achieving better information throughput and improving network lifetime. A unique feature of HCR is its integration of routing with cluster formation and data delivery. Routing tables are constructed/updated in the course of cluster formation and data transmission, therefore incurring essentially no routing overhead. By exploiting geometrical features of hexagons, we show several desirable properties of HCR. In particular, we show via ns-2 simulations that HCR improves message overhead in cluster formation by 120-210%. We also show that heterogeneity achieves performance improvements of (i) upto 200% in terms of information throughput, (ii) power savings of upto 30% of the power spent in data transmission and (iii) a 2% density of accumulators is sufficient for most improvements. ©2004 IEEE.
@article{Kandula2004502, author = {Kandula, S. and Hou, J. and Sha, L.}, title = {A case for resource heterogeneity in large sensor networks}, journal = {Proceedings - IEEE Military Communications Conference MILCOM}, year = {2004}, volume = {1}, pages = {502-509}, url = {https://www.scopus.com/inward/record.uri?eid=2-s2.0-27744447596&partnerID=40&md5=55f841706356ea11fa41ca5babd35331}, keywords = {Data delivery; Hierarchical clustering and routing (HCR); Resource homogeneity; Sensor networks, Algorithms; Computation theory; Computer simulation; Frequency hopping; Network protocols; Resource allocation, Sensor data fusion}, document_type = {Conference Paper}, source = {Scopus}, } - Fixed or dynamic priority? That is the questionD. Mossé, T. Baker, S. Baruah, G. Buttazzo, A. Burns, L. Sha, and J. StankovicProceedings - Real-Time Systems Symposium, 2004
Since the first results published in 1973 by Liu and Layland on the Rate Monotonic (RM) and Earliest Deadline First (EDF) algorithms, a lot of progress has been made in the schedulability analysis of periodic task sets. Nevertheless, many important results are not widely known and several misconceptions still exist about the properties of these two scheduling methods. Surprisingly, an exhaustive comparison between fixed priority and dynamic priority scheduling is still missing and there is not a general agreement in the real-time community about the suitability of these two scheduling approaches for future real-time systems. The purpose of the panel is to present the most controversial issues to a wide specialized audience, starting a constructive and interactive discussion aimed at clarifying some critical points and drawing some missing research lines.
@article{Mossé20049, author = {Mossé, D. and Baker, T. and Baruah, S. and Buttazzo, G. and Burns, A. and Sha, L. and Stankovic, J.}, title = {Fixed or dynamic priority? That is the question}, journal = {Proceedings - Real-Time Systems Symposium}, year = {2004}, pages = {9}, doi = {10.1109/REAL.2004.22}, url = {https://www.scopus.com/inward/record.uri?eid=2-s2.0-21644476261&doi=10.1109%2fREAL.2004.22&partnerID=40&md5=fe3bb9d887828a5f82ed225fb25be126}, keywords = {Earliest Deadline First (EDF) algorithms; Rate Monotonic (RM) algorithms; Real-time community; Schedulability analysis, Algorithms; Computer science; Scheduling, Real time systems}, document_type = {Conference Paper}, source = {Scopus}, } - Finite-horizon scheduling of radar dwells with online template constructionS. Gopalakrishnan, M. Caccamo, C.-S. Shih, C.-G. Lee, and L. ShaProceedings - Real-Time Systems Symposium, 2004
Timing constraints for radar tasks are usually specified in terms of the minimum and maximum temporal distance between successive radar dwells. We utilize the idea of feasible intervals for dealing with the temporal distance constraints. In order to increase the freedom that the scheduler can offer a high-level resource manager, we introduce a technique for nesting and interleaving dwells online while accounting for the energy constraint that radar systems need to satisfy. Further, in radar systems, the task set changes frequently and we advocate the use of finite horizon scheduling in order to avoid the pessimism that is inherent in schedulers that assume a task will execute forever. We also develop the notion of modular schedule update which allows portions of a schedule to be altered without affecting the entire schedule, thereby simplifying the scheduler. Through extensive simulations we validate our claims of providing greater scheduling flexibility without compromising on performance when compared with earlier work based on templates constructed offline. © 2004 IEEE.
@article{Gopalakrishnan200423, author = {Gopalakrishnan, S. and Caccamo, M. and Shih, C.-S. and Lee, C.-G. and Sha, L.}, title = {Finite-horizon scheduling of radar dwells with online template construction}, journal = {Proceedings - Real-Time Systems Symposium}, year = {2004}, pages = {23-33}, doi = {10.1109/REAL.2004.21}, url = {https://www.scopus.com/inward/record.uri?eid=2-s2.0-21644469644&doi=10.1109%2fREAL.2004.21&partnerID=40&md5=d7e9f6a25d6b6c0e594db9ee33a176ad}, keywords = {Energy constraints; High-level resource manager; Phased array radar systems; Radar dwells, Algorithms; Antenna arrays; Computer simulation; Constraint theory; Electromagnetic waves; Online systems; Probability; Radar tracking; Scheduling; Signal processing, Radar systems}, document_type = {Conference Paper}, source = {Scopus}, } - Hard real-time communication in bus-based networksS. Gopalakrishnan, L. Sha, and M. CaccamoProceedings - Real-Time Systems Symposium, 2004
Route selection is an important aspect of the design of real-time systems in which messages might have to travel over multiple hops to reach their destination and multiple paths exist between a source and a destination. The length of a route affects the ability to meet deadlines and greedy routing might leave certain messages with no feasible route. We consider bus-based networks on which periodic message transmissions need to be scheduled and present a technique for synthesizing routes such that all messages meet their deadlines. Our offline technique enables system designers to configure routes in a large-scale embedded system. In our solution, we allow message fragmentation and utilize multiple paths to satisfy the requirements of each message. The routing problem is NP-complete and our approximation algorithm is based on a linear programming formulation. In our methodology, we deal with both earliest deadline first and rate monotonie scheduling at each bus in the system. Apart from point-to-point messages, we discuss scheduling multicast messages to facilitate the publisher/subscriber model. Finally, we also mention some heuristics for online routing which might be of value in soft real-time systems. © 2004 IEEE.
@article{Gopalakrishnan2004405, author = {Gopalakrishnan, S. and Sha, L. and Caccamo, M.}, title = {Hard real-time communication in bus-based networks}, journal = {Proceedings - Real-Time Systems Symposium}, year = {2004}, pages = {405-414}, doi = {10.1109/REAL.2004.24}, url = {https://www.scopus.com/inward/record.uri?eid=2-s2.0-21644461810&doi=10.1109%2fREAL.2004.24&partnerID=40&md5=4d37b2a81fb0aa58267d30e37863be0a}, keywords = {Bus-based networks; Drive-by-wire; Message transmissions; Video sensors, Algorithms; Avionics; Closed loop control systems; Electronic warfare; Heuristic methods; Linear programming; Probability; Real time systems; Routers; Scheduling; Sensors; Signal processing, Telecommunication networks}, document_type = {Conference Paper}, source = {Scopus}, } - Lightning: A fast and lightweight acoustic localization protocol using low-end wireless micro-sensorsQ. Wang, R. Zheng, A. Tirumala, X. Liu, and L. ShaProceedings - Real-Time Systems Symposium, 2004
Acoustic awareness is an important service in ubiquitous computing environments. This paper presents a fast lightweight acoustic event localization protocol, the Lightning protocol, to locate impulsive sound sources using arrays of wireless micro-sensors. This protocol utilizes domain-invariant knowledge of acoustic and electromagnetic wave propagation to efficiently reduce the number of contending sensors in the localization process. It incurs O(1) transmissions irrespective of the sensor density and guarantees O(1) time delay in localization. Experiment results using UC Berkeley Motes demonstrate that the time delay for Lightning Protocol to locate hand clap sounds is in terms of milliseconds. Dept. of Computer Science, Univ. of Houston © 2004 IEEE.
@article{Wang2004371, author = {Wang, Q. and Zheng, R. and Tirumala, A. and Liu, X. and Sha, L.}, title = {Lightning: A fast and lightweight acoustic localization protocol using low-end wireless micro-sensors}, journal = {Proceedings - Real-Time Systems Symposium}, year = {2004}, pages = {371-381}, url = {https://www.scopus.com/inward/record.uri?eid=2-s2.0-21644452139&partnerID=40&md5=4775edebcb94ccf3e1f35aebeeb757f0}, keywords = {Acoustic event localization; Lightning protocol; Proximity-based localization; Wireless sensor networks (WSN), Algorithms; Electromagnetic wave propagation; Interconnection networks; Real time systems; Sensors; Telecommunication networks; Wireless telecommunication systems, Acoustic wave propagation}, document_type = {Conference Paper}, source = {Scopus}, } - Time indexing in sensor networksR. Zheng, G. He, I. Gupta, and L. Sha2004 IEEE International Conference on Mobile Ad-Hoc and Sensor Systems, 2004
In this paper, we define the time indexing problem as the in-network storage and querying of sensor network data based solely on the time attribute. We argue qualitatively why existing storage schemes may be insufficient as solutions. We then present, analyze, and evaluate novel and lightweight solutions to both the storage and the querying sub-problems for time indexing. First, the time-indexed storage problem is formally defined, and two formulations are presented, seeking to optimize generic utility functions that are derived from concerns about energy, bandwidth usage, and storage balancing. We present and analyze decentralized protocols to solve these formulations, and prove the optimality of some of our solutions. Secondly, maintenance and use of simple overlays among rendezvous point nodes, in order to enable fault-tolerant and efficient time-indexed queries, are discussed. Finally, simulation results are presented to quantify performance characteristics of the protocols, and we find that our proposed scheme has low query overhead that scales with system size and density while exhibiting very good load balancing and fault tolerance properties. ©2004 IEEE.
@article{Zheng2004274, author = {Zheng, R. and He, G. and Gupta, I. and Sha, L.}, title = {Time indexing in sensor networks}, journal = {2004 IEEE International Conference on Mobile Ad-Hoc and Sensor Systems}, year = {2004}, pages = {274-283}, url = {https://www.scopus.com/inward/record.uri?eid=2-s2.0-20344396353&partnerID=40&md5=3dccfef366080e7a443fdd7e7eec2027}, keywords = {Data-centric storage (DCS); Rendezvous points (RP); Sensor networks; Time indexing, Bandwidth; Computer simulation; Data acquisition; Fault tolerant computer systems; Network protocols; Problem solving, Sensors}, document_type = {Conference Paper}, source = {Scopus}, } - On time-out driven power management policies in wireless networksR. Zheng, J.C. Hou, and L. ShaGLOBECOM - IEEE Global Telecommunications Conference, 2004
Switching the devices to low-power states in prolonged period of inactivity is a widely used technique to conserve energy for battery-powered wireless devices. In this paper, we present a mathematical abstraction of time-out driven power management policies together with different wakeup mechanism in wireless networks to characterize the energy-performance trade-offs. The time-out driven power management is modeled as a M/G/1/K queue with multiple vacations and an attention span. We then derive the steady state behaviors of such systems, and present a closed-form solution for systems with large buffers. The analysis reveals that the "best" power management policy to minimize energy-delay product exhibits a threshold structure, i.e., when the traffic load is below certain threshold, a node should switch to the low-power state whenever possible and always remain active otherwise, and suggests a threshold-based power management protocol. © 2004 IEEE.
@article{Zheng20044097, author = {Zheng, R. and Hou, J.C. and Sha, L.}, title = {On time-out driven power management policies in wireless networks}, journal = {GLOBECOM - IEEE Global Telecommunications Conference}, year = {2004}, volume = {6}, pages = {4097-4103}, art_number = {WC42-7}, url = {https://www.scopus.com/inward/record.uri?eid=2-s2.0-18144381928&partnerID=40&md5=b839412211d772bf09aae04911936ced}, keywords = {Packet delivery; Power management; Traffic characteristics; Wireless networks, Data communication systems; Energy efficiency; Mathematical models; Packet networks; Power control; Queueing theory; Telecommunication networks; Telecommunication traffic, Wireless telecommunication systems}, document_type = {Conference Paper}, source = {Scopus}, } - Real time scheduling theory: A historical perspectiveL. Sha, T. Abdelzaher, K.-E. Årzén, A. Cervin, T. Baker, A. Burns, G. Buttazzo, M. Caccamo, J. Lehoczky, and A.K. MokReal-Time Systems, 2004
In this 25th year anniversary paper for the IEEE Real Time Systems Symposium, we review the key results in real-time scheduling theory and the historical events that led to the establishment of the current real-time computing infrastructure. We conclude this paper by looking at the challenges ahead of us.
@article{Sha2004101, author = {Sha, L. and Abdelzaher, T. and Årzén, K.-E. and Cervin, A. and Baker, T. and Burns, A. and Buttazzo, G. and Caccamo, M. and Lehoczky, J. and Mok, A.K.}, title = {Real time scheduling theory: A historical perspective}, journal = {Real-Time Systems}, year = {2004}, volume = {28}, number = {2-3 SPEC. ISS.}, pages = {101-155}, doi = {10.1023/B:TIME.0000045315.61234.1e}, url = {https://www.scopus.com/inward/record.uri?eid=2-s2.0-6944244346&doi=10.1023%2fB%3aTIME.0000045315.61234.1e&partnerID=40&md5=6d6c9a99d5b6adfe10c016e46f636282}, author_keywords = {Dynamic-priority scheduling; Earliest dead-line first; Feedback; Fixed-priority scheduling; Hard real-time; New challenges; Rate-monotonic scheduling; Scheduling models; Soft real-time}, keywords = {Communication systems; Fault tolerant computer systems; Mathematical models; Network protocols; Probability; Problem solving; Real time systems, Dynamic-priority scheduling; Fixed-priority scheduling; Rate-monotonic scheduling; Scheduling models; Soft real-time, Scheduling}, document_type = {Review}, source = {Scopus}, } - Online QoS optimization using service classes in surveillance radar systemsC.-G. Lee, C.-S. Shih, and L. ShaReal-Time Systems, 2004
Many application level qualities are functions of available computation resources. Recent studies have handled the computation resource allocation problem to maximize the overall application quality. However, such QoS problems are fundamentally multi-dimensional optimization problems that require extensive computation. Therefore, online usage of optimization procedures may significantly reduce the computation resource available for applications. This raises the question of how to best use the optimization procedures for dynamic real-time task sets. In dynamic real-time systems, it is important to improve the performance by re-allocating the resources adapting to dynamic situations. However, the overhead of changing task parameters (i.e., algorithms and frequencies) for resource re-allocation is non-negligible in many applications. Thus, too frequent change of resource allocation may not be desirable. This paper proposes a method called service classes configuration to address the QoS problem with dynamic arrival and departure of tasks. The method avoids online usage of optimization procedures by offline designing templates (called service classes) of resource allocation, which will be adaptively used depending on online situations. The service classes are designed by best trading-off the accuracy of dynamic adaptation against the overhead of resource reallocation. A simplified radar application is used as an illustrative example.
@article{Lee20045, author = {Lee, C.-G. and Shih, C.-S. and Sha, L.}, title = {Online QoS optimization using service classes in surveillance radar systems}, journal = {Real-Time Systems}, year = {2004}, volume = {28}, number = {1}, pages = {5-37}, doi = {10.1023/B:TIME.0000033377.75148.d0}, url = {https://www.scopus.com/inward/record.uri?eid=2-s2.0-3142664030&doi=10.1023%2fB%3aTIME.0000033377.75148.d0&partnerID=40&md5=a4888b25476f39ecc1b8fa628334b42e}, author_keywords = {Online QoS management; Optimal resource allocation; Quality of service; Real-time system; Service class; Surveillance radar system}, keywords = {Computational methods; Online systems; Optimization; Problem solving; Quality of service; Real time systems; Resource allocation; Systems analysis, Online QoS management; Optimal resource allocation; Service classes, Surveillance radar}, document_type = {Article}, source = {Scopus}, } - Etherware: Domainware for wireless control networksG. Baliga, S. Graham, L. Sha, and P.R. KumarProceedings - Seventh IEEE International Symposium on Object-Oriented Real-Time Distributed Computing, 2004
The promise of middleware is to enable integration and evolution of complex systems dynamically. In demanding domains such as wireless control networks, fulfilling this promise while maintaining complete generality is extremely complicated. Understanding and exploiting the forcing functions of a domain helps manage this complexity by avoiding redundant generalizations. Domainware exploits this technique and adopts a simpler architecture to support more important non-functional requirements effectively. This paper presents Etherware, a Domainware for wireless control networks. Capitalizing on our development of a fairly complex control system testbed, commonly supported yet redundant generalizations are identified and eliminated. The resulting architecture is simple, and can support a wide range of trade-offs that can be manipulated easily at run-time. This is illustrated by showing how the performance of Control Time Protocol (CTP), an Etherware service, is optimized by the additional options available in Etherware.
@article{Baliga2004155, author = {Baliga, G. and Graham, S. and Sha, L. and Kumar, P.R.}, title = {Etherware: Domainware for wireless control networks}, journal = {Proceedings - Seventh IEEE International Symposium on Object-Oriented Real-Time Distributed Computing}, year = {2004}, pages = {155-162}, doi = {10.1109/ISORC.2004.1300341}, url = {https://www.scopus.com/inward/record.uri?eid=2-s2.0-4544361194&doi=10.1109%2fISORC.2004.1300341&partnerID=40&md5=0c0b4e3dc6f9422b2973f288c23f21bf}, keywords = {Control time protocol (CTP); Etherware services; Specific domains; Wireless control networks, Communication channels (information theory); Computational complexity; Computer control; Computer software; Fault tolerant computer systems; Functions; Integration; Local area networks; Network protocols; Optimization, Wireless telecommunication systems}, document_type = {Conference Paper}, source = {Scopus}, } - Synthesizing task periods for dwells in multi-function phased array radarsC.-S. Shih, P. Ganti, S. Gopalakrishnan, M. Caccamo, and L. ShaIEEE National Radar Conference - Proceedings, 2004
This paper addresses the problem of scheduling radar dwells in multi-function phased array radar systems. The timing constraint of radar tasks are usually modeled by the minimal and maximal temporal distance between any two consecutive dwells of a task. Such a timing constraint makes it difficult for traditional real-time scheduling techniques to provide predicatable timing guarantee, without over-consuming the resources. We propose a novel approach to model the dwells as periodic real-time tasks. The periods of the tasks are synthesized by the minimal and maximal temporal distance constraint of the dwells. The synthetic periods allow the template-based scheduling algorithm to compute efficient dwell schedules with low overhead. We evaluate the algorithms via extensive simulations. Simulation results show that this algorithm can significantly improve the resource utilization, comparing with traditional dwell scheduling algorithms.
@article{Shih2004145, author = {Shih, C.-S. and Ganti, P. and Gopalakrishnan, S. and Caccamo, M. and Sha, L.}, title = {Synthesizing task periods for dwells in multi-function phased array radars}, journal = {IEEE National Radar Conference - Proceedings}, year = {2004}, pages = {145-150}, url = {https://www.scopus.com/inward/record.uri?eid=2-s2.0-4544226945&partnerID=40&md5=9aeee456d8b7c4d89bb4fc3fc9396796}, keywords = {Algorithms; Antenna phased arrays; Constraint theory; Probability; Real time systems; Scheduling; Time measurement, Dwells; Illumination window; Phased array radars, Surveillance radar}, document_type = {Conference Paper}, source = {Scopus}, } - Dynamic clustering for acoustic target tracking in wireless sensor networksW.-P. Chen, J.C. Hou, and L. ShaIEEE Transactions on Mobile Computing, 2004
In the paper, we devise and evaluate a fully decentralized, light-weight, dynamic clustering algorithm for target tracking. Instead of assuming the same role for all the sensors, we envision a hierarchical sensor network that is composed of 1) a static backbone of sparsely placed high-capability sensors which will assume the role of a cluster head (CH) upon triggered by certain signal events and 2) moderately to densely populated low-end sensors whose function is to provide sensor information to CHs upon request. A cluster is formed and a CH becomes active, when the acoustic signal strength detected by the CH exceeds a predetermined threshold. The active CH then broadcasts an information solicitation packet, asking sensors in its vicinity to join the cluster and provide their sensing information. We address and devise solution approaches (with the use of Voronoi diagram) to realize dynamic clustering: (1×1) how CHs cooperate with one another to ensure that only one CH (preferably the CH that is closest to the target) is active with high probability, (1×2) when the active CH solicits for sensor information, instead of having all the sensors in its vicinity reply, only a sufficient number of sensors respond with nonredundant, essential information to determine the target location, and (1×3) both the packets that sensors send to their CHs and packets that CHs report to subscribers do not incur significant collision. Through both probabilistic analysis and ns-2 simulation, we show with the use of Voronoi diagram, the CH that is usually closest to the target is (implicitly) selected as the leader and that the proposed dynamic clustering algorithm effectively eliminates contention among sensors and renders more accurate estimates of target locations as a result of better quality data collected and less collision incurred.
@article{Chen2004258, author = {Chen, W.-P. and Hou, J.C. and Sha, L.}, title = {Dynamic clustering for acoustic target tracking in wireless sensor networks}, journal = {IEEE Transactions on Mobile Computing}, year = {2004}, volume = {3}, number = {3}, pages = {258-271}, doi = {10.1109/TMC.2004.22}, url = {https://www.scopus.com/inward/record.uri?eid=2-s2.0-4544253268&doi=10.1109%2fTMC.2004.22&partnerID=40&md5=616767ea41662fe683cd34614a352dcf}, author_keywords = {Dynamic clustering; Localization; Sensor networks; Tracking}, keywords = {Dynamic clustering; Localization; Sensor networks; Tracking, Algorithms; Data processing; Microelectromechanical devices; Packet networks; Sensors; Signal processing; Signal to noise ratio; Tracking (position), Wireless telecommunication systems}, document_type = {Article}, source = {Scopus}, } - Enhanced Utilization Bounds for QoS ManagementC.-G. Lee, L. Sha, and A. PeddiIEEE Transactions on Computers, 2004
In many practical real-time applications, there is a given set of task frequencies (i.e., inverse of task periods) corresponding to predetermined QoS options that the applications can choose. For example, in audio applications, the typical choices of playback frequencies are for CD quality, radio quality, and phone quality. Similar configurations can be found in streaming video and in control applications. In such systems, applications dynamically arrive requesting one of the periods provided by the QoS manager. Thus, the accurate and efficient online schedulability test is essential for any task set whose periods are chosen from the QoS period set. For this purpose, this paper proposes new utilization bounds as a function of given QoS periods. As long as there is a set of given periods that can be chosen by applications, the bounds developed in this paper can be used by the QoS manager to quickly determine the schedulability of dynamic applications.
@article{Lee2004187, author = {Lee, C.-G. and Sha, L. and Peddi, A.}, title = {Enhanced Utilization Bounds for QoS Management}, journal = {IEEE Transactions on Computers}, year = {2004}, volume = {53}, number = {2}, pages = {187-200}, doi = {10.1109/TC.2004.1261828}, url = {https://www.scopus.com/inward/record.uri?eid=2-s2.0-1342323877&doi=10.1109%2fTC.2004.1261828&partnerID=40&md5=ccf6bae0a7dfa9fe182f8c9f01af703f}, author_keywords = {Multiframe task model; Online admission control; QoS (Quality of Service); Real-time system; Scheduling; Utilization bound}, keywords = {Multiframe task model; Online admission control; Utilization bound, Acoustic streaming; Online systems; Polynomials; Quality of service; Scheduling, Real time systems}, document_type = {Article}, source = {Scopus}, } - Real-time synchronization protocolsL. Sha, and M. Caccamo2004
An important problem that arises in the context of real-time systems is the duration for which high-priority tasks are blocked by the execution of low-priority jobs. A milestone in this area was the discovery, analysis, and solutions of the unbounded priority inversion problem in the 1980s. © 2004 by CRC Press LLC.
@book{Sha200429-1, author = {Sha, L. and Caccamo, M.}, title = {Real-time synchronization protocols}, journal = {Handbook of Scheduling: Algorithms, Models, and Performance Analysis}, year = {2004}, pages = {29-1-29-26}, url = {https://www.scopus.com/inward/record.uri?eid=2-s2.0-85055812819&partnerID=40&md5=e78e16d53e1bb3a5aaf841dc2b03b408}, document_type = {Book Chapter}, source = {Scopus}, } - Real-time virtual machines for avionics software porting and developmentLecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics), 2004
Generalized rate monotonic scheduling (GRMS) theory has now been widely adopted in practice and supported by open standards. This creates strong incentives for the avionics industry to migrate from traditional cyclical executive based system to a GRMS based systems. This paper presents some of the important considerations in the migration of a cyclical executive based system to a GRMS based system. © Springer-Verlag 2004.
@article{Sha2004123, author = {Sha, L.}, title = {Real-time virtual machines for avionics software porting and development}, journal = {Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)}, year = {2004}, volume = {2968}, pages = {123-135}, doi = {10.1007/978-3-540-24686-2_8}, url = {https://www.scopus.com/inward/record.uri?eid=2-s2.0-35048889558&doi=10.1007%2f978-3-540-24686-2_8&partnerID=40&md5=52dda7b05d07f5b31b6021572820648f}, keywords = {Avionics; Computation theory; Embedded systems, Open Standards; Rate-monotonic scheduling; Real time; Software porting; Virtual machines, Real time systems}, document_type = {Article}, source = {Scopus}, } - An energy-aware data-centric generic utility based approach in wireless sensor networksW.-P. Chen, and L. ShaThird International Symposium on Information Processing in Sensor Networks, IPSN 2004, 2004
Distinct from wireless ad hoc networks, wireless sensor networks are data-centric, application-oriented, collaborative, and energy-constrained in nature. In this paper, formulate the problem of data transport in sensor networks as an optimization problem whose objective function is to maximize the amount of information (utility) collected at sinks (subscribers), subject to the flow, energy and channel bandwidth constraints. Also, based on a Markov model extended from [3], we derive the link delay and the node capacity in both the single and multi-hop environments, and figure them in the problem formulation. We study three special cases under the problem formulation. In particular, we consider the energy-aware flow control problem, derive an energy aware flow control solution, and investigate via ns-2 simulation its performance. The simulation results show that the proposed energy-aware flow control solution can achieve high utility and low delay without congesting the network.
@article{Chen2004215, author = {Chen, W.-P. and Sha, L.}, title = {An energy-aware data-centric generic utility based approach in wireless sensor networks}, journal = {Third International Symposium on Information Processing in Sensor Networks, IPSN 2004}, year = {2004}, pages = {215-224}, doi = {10.1145/984622.984654}, url = {https://www.scopus.com/inward/record.uri?eid=2-s2.0-3042739258&doi=10.1145%2f984622.984654&partnerID=40&md5=912cd927e5536ed20883fb0789760b76}, author_keywords = {Utility-based; Wireless sensor networks}, keywords = {Bandwidth; Computer simulation; Optimization; Problem solving; Telecommunication networks; Wireless telecommunication systems, Bandwidth constraints; Link delay; Utility-based; Wireless sensor networks, Sensors}, document_type = {Conference Paper}, source = {Scopus}, } - Service continuity in networked control using etherwareG. Baliga, S. Graham, L. Sha, and P.R. KumarIEEE Distributed Systems Online, 2004
@article{Baliga2004, author = {Baliga, G. and Graham, S. and Sha, L. and Kumar, P.R.}, title = {Service continuity in networked control using etherware}, journal = {IEEE Distributed Systems Online}, year = {2004}, volume = {5}, number = {9}, page_count = {15}, doi = {10.1109/mdso.2004.23}, url = {https://www.scopus.com/inward/record.uri?eid=2-s2.0-18444414561&doi=10.1109%2fmdso.2004.23&partnerID=40&md5=6f10b3d43dd1476ff42adaeaba176eea}, keywords = {Actuators; Computer architecture; Computer operating systems; Computer software; Control system analysis; Fault tolerant computer systems; Semantics; Sensors, Etherware; Networked control systems; Neumann architecture; Software systems, Computer networks}, document_type = {Article}, source = {Scopus}, }
2003
- Feedback control with queueing-theoretic prediction for relative delay guarantees in web serversY. Lu, T. Abdelzaher, C. Lu, L. Sha, and X. LiuReal-Time Technology and Applications - Proceedings, 2003
The use of feedback control theory for performance guarantees in QoS-aware systems has gained much attention in recent years. In this paper, we investigate merging, within a single framework, the predictive power of queueing theory with the reactive power of feedback control to produce software systems with a superior ability to achieve QoS specifications in highly unpredictable environments. The approach is applied to the problem of achieving relative delay guarantees in high-performance servers. Experimental evaluation of this approach on an Apache web server shows that the combined schemes perform significantly better in terms of keeping the relative delay on target compared to feedback control or queueing prediction alone. © 2003 IEEE.
@article{Lu2003208, author = {Lu, Y. and Abdelzaher, T. and Lu, C. and Sha, L. and Liu, X.}, title = {Feedback control with queueing-theoretic prediction for relative delay guarantees in web servers}, journal = {Real-Time Technology and Applications - Proceedings}, year = {2003}, pages = {208-217}, doi = {10.1109/RTTAS.2003.1203053}, art_number = {1203053}, url = {https://www.scopus.com/inward/record.uri?eid=2-s2.0-84884190045&doi=10.1109%2fRTTAS.2003.1203053&partnerID=40&md5=ab4ac65818711a623b2dfd50cfce467a}, keywords = {Apache web server; Combined schemes; Experimental evaluation; Performance guarantees; Predictive power; QoS specifications; Software systems; Unpredictable environments, Queueing theory; World Wide Web, Feedback control}, document_type = {Conference Paper}, source = {Scopus}, } - Automated verification of the dependability of object-oriented real-time systemsH. Ding, C. Zheng, G. Agha, and L. ShaProceedings - International Workshop on Object-Oriented Real-Time Dependable Systems, WORDS, 2003
We develop an effective approach to formally specify and automatically verify the dependability of object-oriented real-time systems based on the Actor model and Real-Time Maude. Our approach decomposes an application into functional components represented as concurrent objects or actors, and separately specifies the timing constraints using RTSynchronizer. It achieves the goal of automatically verifying the dependability and timing properties of the target system by implementing the operational semantics of Actor and RTSynchronizer in Real-Time Maude, which supports executable specification and various temporal model checking analysis. We demonstrate the effectiveness of our approach by an annotated case study of the Simplex architecture. © 2003 IEEE.
@article{Ding2003171, author = {Ding, H. and Zheng, C. and Agha, G. and Sha, L.}, title = {Automated verification of the dependability of object-oriented real-time systems}, journal = {Proceedings - International Workshop on Object-Oriented Real-Time Dependable Systems, WORDS}, year = {2003}, pages = {171-178}, doi = {10.1109/WORDS.2003.1267505}, art_number = {1410960}, url = {https://www.scopus.com/inward/record.uri?eid=2-s2.0-84883131864&doi=10.1109%2fWORDS.2003.1267505&partnerID=40&md5=8a85eb8d39a3088cb3dc8a4125f898a5}, keywords = {Automated verification; Concurrent objects; Effective approaches; Executable specifications; Functional components; Operational semantics; Temporal modeling; Timing constraints, Model checking, Real time systems}, document_type = {Conference Paper}, source = {Scopus}, } - Template-based real-time dwell scheduling with energy constraintC.-S. Shih, S. Gopalakrishnan, P. Ganti, M. Caccamo, and L. ShaReal-Time Technology and Applications - Proceedings, 2003
This paper addresses the scheduling problem of radar dwells in multi-function phase array radars. Well-known and new challenges make it difficult to provide predictable performance for real-time dwell scheduling. We developed the template-based scheduling algorithm to guarantee the performance requirement with low on-line overhead. Simulation results show that the template-based scheduling approach increases utilization and provides predictable performance. © 2003 IEEE.
@article{Shih200319, author = {Shih, C.-S. and Gopalakrishnan, S. and Ganti, P. and Caccamo, M. and Sha, L.}, title = {Template-based real-time dwell scheduling with energy constraint}, journal = {Real-Time Technology and Applications - Proceedings}, year = {2003}, pages = {19-27}, doi = {10.1109/RTTAS.2003.1203033}, art_number = {1203033}, url = {https://www.scopus.com/inward/record.uri?eid=2-s2.0-61849176418&doi=10.1109%2fRTTAS.2003.1203033&partnerID=40&md5=4873045e69ef919640ad83789512b3a9}, keywords = {Dwell scheduling; Energy constraint; Multi-functions; Performance requirements; Phase-array radars; Radar dwells; Scheduling problem; Template-based, Scheduling}, document_type = {Conference Paper}, source = {Scopus}, } - Radar dwell scheduling considering physical characteristics of phased array antennaC.-G. Lee, P.-S. Kang, C.-S. Shih, and L. ShaProceedings - Real-Time Systems Symposium, 2003
This paper proposes novel techniques for scheduling radar dwells in phased array radar systems. In order to handle complex physical characteristics such as dwell interleaving, transmitting duty cycle constraint, and energy constraint, we propose a notion of schedulability envelope. The schedulability envelope designed offline hides the details of complex radar dwell scheduling and provides a simple measure for the schedulability check. Using the schedulability envelope, the proposed technique can efficiently perform the admission control for dynamic target tracking tasks. The simulation results show that the proposed approach can significantly improve the system utilization by taking advantage of dwell interleaving while guaranteeing the schedulability and physical constraints.
@article{Lee200314, author = {Lee, C.-G. and Kang, P.-S. and Shih, C.-S. and Sha, L.}, title = {Radar dwell scheduling considering physical characteristics of phased array antenna}, journal = {Proceedings - Real-Time Systems Symposium}, year = {2003}, pages = {14-24}, url = {https://www.scopus.com/inward/record.uri?eid=2-s2.0-0348195820&partnerID=40&md5=3fee277e71aa4d99456837740b7e7835}, keywords = {Antenna phased arrays; Computer simulation; Congestion control (communication); Radar systems; Radar tracking; Resource allocation; Telecommunication traffic, Admission control; Radar dwell scheduling; Schedulability envelope, Radar antennas}, document_type = {Conference Paper}, source = {Scopus}, } - Scheduling real-time dwells using tasks with synthetic periodsC.-S. Shih, S. Gopalakrishnan, P. Ganti, M. Caccamo, and L. ShaProceedings - Real-Time Systems Symposium, 2003
This paper addresses the problem of scheduling real-time dwells in multi-function phase array radar systems. To keep track of targets, a radar system must meet its timing and energy constraints. We propose a new task model for radar dwells to accurately characterize their timing parameters. We develop an algorithm of transforming every dwell task as a semi-period task so the dwell task can meet its timing constraint and the interarrival times of the task may not a constant. We also develop an enhanced template-based scheduling algorithm to schedule such tasks to meet the timing and energy constraints. Simulation results show that this algorithm can significantly improve the resource utilization.
@article{Shih2003210, author = {Shih, C.-S. and Gopalakrishnan, S. and Ganti, P. and Caccamo, M. and Sha, L.}, title = {Scheduling real-time dwells using tasks with synthetic periods}, journal = {Proceedings - Real-Time Systems Symposium}, year = {2003}, pages = {210-219}, url = {https://www.scopus.com/inward/record.uri?eid=2-s2.0-0348195804&partnerID=40&md5=d0dc99e297065d92bb3d35d5c5ea0bab}, keywords = {Algorithms; Computer simulation; Constraint theory; Probability; Radar systems; Real time systems; Resource allocation, Estimated illumination time; Maximal temporal distance; Multi-function phase array radar systems; Resource utilization, Scheduling}, document_type = {Conference Paper}, source = {Scopus}, } - Optimal QoS sampling frequency assignment for real-time wireless sensor networksX. Liu, Q. Wang, L. Sha, and W. HeProceedings - Real-Time Systems Symposium, 2003
How to allocate computing and communication resources in a way that maximizes the effectiveness of control and signal processing has been an important area of research. The characteristic of a multi-hop Real-Time Wireless Sensor Network raises new challenges. First, the constraints are more complicated and a new solution method is needed. Second, we need a distributed solution to achieve scalability. This paper presents solutions to both of the new challenges. The first solution to the optimal frequency allocation is a centralized solution that can handle the more general form of constraints as compared with prior research. The second solution is a distributed version for large networks using a pricing scheme. It is capable of incremental adjustment when utility functions change.
@article{Liu2003308, author = {Liu, X. and Wang, Q. and Sha, L. and He, W.}, title = {Optimal QoS sampling frequency assignment for real-time wireless sensor networks}, journal = {Proceedings - Real-Time Systems Symposium}, year = {2003}, pages = {308-319}, url = {https://www.scopus.com/inward/record.uri?eid=2-s2.0-0346305014&partnerID=40&md5=58af6d6bcead6486d35fd5bcfc39a097}, keywords = {Algorithms; Carrier sense multiple access; Congestion control (communication); Constraint theory; Frequency allocation; Mathematical models; Matrix algebra; Nonlinear programming; Quality of service; Sensors; Time division multiple access; Wireless telecommunication systems, Frequency assignment; Interior point method; Multiple constraint optimization; Quality of service sampling; Real time independent channels; Real time wireless sensor networks, Real time systems}, document_type = {Conference Paper}, source = {Scopus}, } - Design and analysis of an MST-based topology control algorithmN. Li, J.C. Hou, and L. ShaProceedings - IEEE INFOCOM, 2003
In this paper, we present a minimum spanning tree (MST) based topology control algorithm, called local minimum spanning tree (LMST), for wireless multi-hop networks. In this algorithm, each node builds its local minimum spanning tree independently and only keeps on-tree nodes that are one-hop away as its neighbors in the final topology. We analytically prove several important properties of LMST: (1) the topology derived under LMST preserves the network connectivity; (2) the node degree of any node in the resulting topology is bounded by 6; and (3) the topology can be transformed into one with bidirectional links (without impairing the network connectivity) after removal of all uni-directional links. These results are corroborated in the simulation study. © 2003 IEEE.
@article{Li20031702, author = {Li, N. and Hou, J.C. and Sha, L.}, title = {Design and analysis of an MST-based topology control algorithm}, journal = {Proceedings - IEEE INFOCOM}, year = {2003}, volume = {3}, pages = {1702-1712}, doi = {10.1109/INFCOM.2003.1209193}, art_number = {1209193}, url = {https://www.scopus.com/inward/record.uri?eid=2-s2.0-0041973675&doi=10.1109%2fINFCOM.2003.1209193&partnerID=40&md5=f177829665bb67575de293000f3b7c69}, keywords = {Bi-directional links; Design and analysis; Local Minimum Spanning tree; Minimum spanning trees; Network connectivity; Node degree; Simulation studies; Topology control algorithms; Wireless multi-hop network, Algorithms; Parallel architectures; Telecommunication networks; Topology, Trees (mathematics)}, document_type = {Conference Paper}, source = {Scopus}, } - A Bluetooth loop scatternet formation algorithmH. Zhang, J.C. Hou, and L. ShaIEEE International Conference on Communications, 2003
Bluetooth is a promising new wireless technology that enables portable devices to form short-range wireless ad hoc networks. In this paper, we present a new, distributed Bluetooth scatternet formation algorithm, called loop scatternet formation, that forms scatternets with slave/slave bridges only. In addition to meeting the criteria of maintaining connectivity, minimizing the number of piconets and the maximum degree of devices, the proposed algorithm formalizes the notion of network diameter and node contention. The loop scatternet thus formed incurs a much smaller network diameter and the number of node pairs for which a device has to serve as a relay node is significantly smaller than that in the other types of scatternets. To validate the design, we derive the bounds of the number of piconets, the network diameter, and the maximum node contention. We also conduct ns-2 simulation to evaluate the performance of loop scatternets. Both analytical and simulation results validate the desirable features of loop scatternets.
@article{Zhang20031174, author = {Zhang, H. and Hou, J.C. and Sha, L.}, title = {A Bluetooth loop scatternet formation algorithm}, journal = {IEEE International Conference on Communications}, year = {2003}, volume = {2}, pages = {1174-1180}, url = {https://www.scopus.com/inward/record.uri?eid=2-s2.0-0038306687&partnerID=40&md5=14b3104aa47fa35dd8664ae4982a99fd}, keywords = {Algorithms; Computer simulation; Network protocols; Portable equipment; Telecommunication links; Topology, Loop scatternet formation, Wireless telecommunication systems}, document_type = {Conference Paper}, source = {Scopus}, } - On the scheduling of flexible and reliable real-time control systemsR. Chandra, X. Liu, and L. ShaReal-Time Systems, 2003
Many real-time systems, such as manufacturing plants, have long life cycles. To enable the realization of technological innovations and to mitigate the risk and cost of bringing new control technologies into functioning systems, flexible and reliable real-time software architectures such as Simplex have been developed. There is also an emerging trend that integrates the design of controllers and schedulers. For example, algorithms that identify the optimal frequencies of control tasks subject to schedulability constraints have been developed, and the notion of feedback schedulers has been investigated. However, the optimization of the performance of flexible and reliable architectures with analytically redundant software controllers has remained an open problem. In fact, a direct application of the existing optimization methods would not yield the optimal frequencies. In this paper, we present a method that correctly finds the optimal frequencies for systems using analytically redundant controllers. We also show that the proposed method is robust against inaccuracies in the estimation of failure rates of the controllers.
@article{Chandra2003153, author = {Chandra, R. and Liu, X. and Sha, L.}, title = {On the scheduling of flexible and reliable real-time control systems}, journal = {Real-Time Systems}, year = {2003}, volume = {24}, number = {2}, pages = {153-169}, doi = {10.1023/A:1021726418716}, url = {https://www.scopus.com/inward/record.uri?eid=2-s2.0-0037368523&doi=10.1023%2fA%3a1021726418716&partnerID=40&md5=7e77de2397cb3f6b65b55f5a41e1fdc1}, author_keywords = {Analytical redundancy; Co-design of controller and scheduler; Dependable systems; Real-time control systems; Scheduling}, keywords = {Computer networks; Computer software; Control system analysis; Flexible manufacturing systems; Redundancy; Robustness (control systems); Scheduling, Analytical redundancy; Schedulers, Real time systems}, document_type = {Article}, source = {Scopus}, } - Enhanced processor budget for QoS management in multimedia systemsC.-G. Lee, and L. ShaProceedings - International Parallel and Distributed Processing Symposium, IPDPS 2003, 2003
Resource reservation and QoS negotiation is a common way to guarantee timely progress of programs in distributed multimedia systems. For this, determining the available resource capacity, resource budget, is important. The resource budget depends on resource characteristics (e.g., processor, memory, disk, and network bandwidth) and scheduling algorithms. The paper provides an improved processor budget for the fixed-priority scheduling algorithm, which is most common in commercial real-time operating systems. The improvement is possible by noting that, in multimedia systems, there is a prefixed set of task periods for the finite set of QoS options and parameters. Our approach explicitly takes these periods into account and calculates the tight bound of the processor budget using the linear programming technique. This bound significantly improves Liu and Layland bound (Liu and Layland, 1973) and also it is proved to be better than any other bounds in the literature. We also show how this bound is effectively used for resource reservation and QoS re-negotiation for adapting to dynamic workload. © 2003 IEEE.
@article{Lee2003, author = {Lee, C.-G. and Sha, L.}, title = {Enhanced processor budget for QoS management in multimedia systems}, journal = {Proceedings - International Parallel and Distributed Processing Symposium, IPDPS 2003}, year = {2003}, doi = {10.1109/IPDPS.2003.1213244}, art_number = {1213244}, url = {https://www.scopus.com/inward/record.uri?eid=2-s2.0-84947215652&doi=10.1109%2fIPDPS.2003.1213244&partnerID=40&md5=72d2af0f6b78668b67e5ae4bd0ac7ffa}, author_keywords = {Fixedpriority scheduling; Multimedia; QoS; Resource reservation; Utilization bound}, keywords = {Budget control; Computer operating systems; Distributed computer systems; Distributed parameter networks; Linear programming; Parallel processing systems; Quality of service; Real time systems; Scheduling algorithms, Distributed multimedia systems; Fixed-priority scheduling; Linear programming techniques; Multimedia; Real time operating system; Resource characteristic; Resource reservations; Utilization bounds, Multimedia systems}, document_type = {Conference Paper}, source = {Scopus}, } - Dynamic clustering for acoustic target tracking in wireless sensor networksW.-P. Chen, J.C. Hou, and L. ShaProceedings - International Conference on Network Protocols, ICNP, 2003
In the paper, we devise and evaluate a fully decentralized, light-weight, dynamic clustering algorithm for target tracking. Instead of assuming the same role for all the sensors, we envision a hierarchical sensor network that is composed of (a) a static backbone of sparsely placed high-capability sensors which assume the role of a cluster head (CH) upon triggered by certain signal events; and (b) moderately to densely populated low-end sensors whose function is to provide sensor information to CHs upon request. A cluster is formed and a CH becomes active, when the acoustic signal strength detected by the CH exceeds a pre-determined threshold. The active CH then broadcasts an information solicitation packet, asking sensors in its vicinity to join the cluster and provide their sensing information. We address and devise solution approaches (with the use of Voronoi diagram) to realize dynamic clustering: (I1) how CHs cooperate with one another to ensure that for the most of time only one CH (preferably the CH that is closest to the target) is active; (I2) when the active CH solicits for sensor information, instead of having all the sensors in its vicinity reply, only a sufficient number of sensors respond with non-redundant, essential information to determine the target location; and (I3) both packets with which sensors respond to their CHs and packets that CHs report to subscribers do not incur significant collision. Through both probabilistic analysis and ns-2 simulation, we show with the use of Voronoi diagram, the CH that is usually closest to the target is (implicitly) selected as the leader and that the proposed dynamic clustering algorithm effectively eliminates contention among sensors and renders more accurate estimates of target locations as a result of better quality data collected and less collision incurred. © 2003 IEEE.
@article{Chen2003284, author = {Chen, W.-P. and Hou, J.C. and Sha, L.}, title = {Dynamic clustering for acoustic target tracking in wireless sensor networks}, journal = {Proceedings - International Conference on Network Protocols, ICNP}, year = {2003}, volume = {2003-January}, pages = {284-294}, doi = {10.1109/ICNP.2003.1249778}, art_number = {1249778}, url = {https://www.scopus.com/inward/record.uri?eid=2-s2.0-84943513524&doi=10.1109%2fICNP.2003.1249778&partnerID=40&md5=be3d4f9f9c90e67f8a2c99fc9a9b42e0}, author_keywords = {Acoustic sensors; Acoustic signal detection; Algorithm design and analysis; Broadcasting; Clustering algorithms; Heuristic algorithms; Signal detection; Spine; Target tracking; Wireless sensor networks}, keywords = {Acoustic signal processing; Acoustic waves; Algorithms; Broadcasting; Clutter (information theory); Computational geometry; Graphic methods; Heuristic algorithms; Network protocols; Quality control; Signal detection; Target tracking; Tracking (position); Wireless sensor networks, Acoustic Sensors; Acoustic signal detection; Acoustic target tracking; Algorithm design and analysis; Dynamic clustering algorithm; Hierarchical sensor network; Probabilistic analysis; Spine, Clustering algorithms}, document_type = {Conference Paper}, source = {Scopus}, } - Upgrading real-time control software in the fieldIEEE, 2003
The new millennium heralds the convergence between computing, communication, and the intelligent control of our physical environments. Embedded systems often have a long life cycle. This paper reviews our research group’s work on how to upgrade embedded control systems without shutting them down, and how to protect the system from bugs and attacks that could be introduced by software upgrades. © 2003 IEEE.
@article{Sha20031131, author = {Sha, L.}, title = {Upgrading real-time control software in the field}, journal = {IEEE}, year = {2003}, volume = {91}, number = {7}, pages = {1131-1140}, doi = {10.1109/JPROC.2003.814611}, url = {https://www.scopus.com/inward/record.uri?eid=2-s2.0-7744239493&doi=10.1109%2fJPROC.2003.814611&partnerID=40&md5=60f79bb4ddcc3ceb93b76cc92d780a17}, author_keywords = {Real time; Recoverable region; Reliability; Reliable upgrade; Secured upgrade; Security; Stability}, keywords = {Communication channels (information theory); Computation theory; Computer software; Control systems; Embedded systems; Reliability, Real-time control software; Recoverable region; Reliable upgrade; Secured upgrade, Real time systems}, document_type = {Conference Paper}, source = {Scopus}, } - Online response time optimization of apache web serverX. Liu, L. Sha, Y. Diao, S. Froehlich, J.L. Hellerstein, and S. ParekhLecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics), 2003
Properly optimizing the setting of configuration parameters can greatly improve performance, especially in the presence of changing workloads. This paper explores approaches to online optimization of the Apache web server, focusing on the MaxClients parameter (which controls the maximum number of workers). Using both empirical and analytic techniques, we show that MaxClients has a concave upward effect on response time and hence hill climbing techniques can be used to find the optimal value of MaxClients. We investigate two optimizers that employ hill climbing - one based on Newton’s Method and the second based on fuzzy control. A third technique is a heuristic that exploits relationships between bottleneck utilizations and response time minimization. In all cases, online optimization reduces response times by a factor of 10 or more compared to using a static, default value. The trade-offs between the online schemes are as follows. Newton’s method is well known but does not produce consistent results for highly variable data such as response times. Fuzzy control is more robust, but converges slowly. The heuristic works well in our prototype system, but it may be difficult to generalize because it requires knowledge of bottleneck resources and an ability to measure their utilizations. © Springer-Verlag Berlin Heidelberg 2003.
@article{Liu2003461, author = {Liu, X. and Sha, L. and Diao, Y. and Froehlich, S. and Hellerstein, J.L. and Parekh, S.}, title = {Online response time optimization of apache web server}, journal = {Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)}, year = {2003}, volume = {2707}, pages = {461-478}, doi = {10.1007/3-540-44884-5_25}, url = {https://www.scopus.com/inward/record.uri?eid=2-s2.0-35248877648&doi=10.1007%2f3-540-44884-5_25&partnerID=40&md5=2f961fcb3b5d03779062cfbc79602a54}, keywords = {Economic and social effects; Fuzzy control; Newton-Raphson method; Quality of service; Web services; World Wide Web, Analytic technique; Apache web server; Bottleneck resources; Configuration parameters; Hillclimbing technique; Improve performance; Online optimization; Response time optimization, Optimization}, document_type = {Article}, source = {Scopus}, } - Acoustic target tracking using tiny wireless sensor devicesQ. Wang, W.-P. Chen, R. Zheng, K. Lee, and L. ShaLecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics), 2003
With the advancement of MEMS technologies, wireless networks consist of tiny sensor devices hold the promise of revolutionizing sensing in a wide range of application domains because of their flexibility, low cost and ease of deployment. However, the constrained computation power, battery power, storage capacity and communication bandwidth of the tiny devices pose challenging problems in the design and deployment of such systems. Target localization using acoustic signal with tiny wireless devices is a particularly difficult task due to the amount of signal processing and computation involved. In this paper, we provide an in-depth study of designing such wireless sensor networks for real-world acoustic tracking applications. We layout a cluster-based architecture to address the limitations of the tiny sensing devices. To achieve effective utilization of the scarce wireless bandwidth, a quality-driven paradigm to suppress redundant information and resolve contention is proposed. One instance of the quality-driven approach is implemented in the acoustic tracking system, where the quality of the tracking reports can be quantified numerically. We demonstrate the effectiveness of our proposed architecture and protocols using a sensor network testbed based on UCBerkeley mica motes. Considering the performance limitations of tiny sensor devices, the achieved acoustic target tracking accuracy is extraordinarily good. Our experimental study also shows that the acoustic target tracking quality can be indeed measured and used to assist resource allocation decisions. This application-driven design and implementation exercises also serve to identify important areas of further work in in-network processing and communications. © Springer-Verlag Berlin Heidelberg 2003.
@article{Wang2003642, author = {Wang, Q. and Chen, W.-P. and Zheng, R. and Lee, K. and Sha, L.}, title = {Acoustic target tracking using tiny wireless sensor devices}, journal = {Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)}, year = {2003}, volume = {2634}, pages = {642-657}, doi = {10.1007/3-540-36978-3_43}, url = {https://www.scopus.com/inward/record.uri?eid=2-s2.0-35248861581&doi=10.1007%2f3-540-36978-3_43&partnerID=40&md5=2721cd38c60d27efccc8ab9fe27e88c9}, keywords = {Acoustic signal processing; Bandwidth; Cluster computing; Clutter (information theory); Mica; Network architecture; Sensor nodes; Signal processing; Silicate minerals; Tracking (position); Wireless sensor networks, Acoustic target tracking; Cluster-based architecture; Communication bandwidth; Design and implementations; Performance limitations; Resource allocation decision; Sensor network test-bed; Sink trees, Target tracking}, document_type = {Article}, source = {Scopus}, } - Reliable upgrade of group communication software in sensor networksP.V. Krishnan, L. Sha, and K. Mechitov1st IEEE International Workshop on Sensor Network Protocols and Applications, SNPA 2003, 2003
Communication is critical between nodes in wireless sensor networks. Upgrades to their communication software need to be done reliably because residual software errors in the new module can cause complete system failure. We present a software architecture, called cSimplex, which can reliably upgrade multicast-based group communication software in sensor networks. Errors in the new module are detected using statistical checks and a stability definition that we propose. Error recovery is done by switching to a well-tested, reliable safety module without any interruption in the functioning of the system. cSimplex has been implemented and demonstrated in a network of acoustic sensors with mobile robots functioning as base stations. Experimental results show that faults in the upgraded software can be detected with an accuracy of 99.71% on average. The architecture, which can be easily extended to other reliable upgrade problems, will facilitate a paradigm shift in system evolution from static design and extensive testing to reliable upgrades of critical communication components in networked systems, thus also enabling substantial savings in testing time and resources. © 2003 IEEE.
@article{Krishnan200382, author = {Krishnan, P.V. and Sha, L. and Mechitov, K.}, title = {Reliable upgrade of group communication software in sensor networks}, journal = {1st IEEE International Workshop on Sensor Network Protocols and Applications, SNPA 2003}, year = {2003}, pages = {82-92}, doi = {10.1109/SNPA.2003.1203359}, art_number = {1203359}, url = {https://www.scopus.com/inward/record.uri?eid=2-s2.0-33846865270&doi=10.1109%2fSNPA.2003.1203359&partnerID=40&md5=fbd129b2ca10d0f6242bb690176a1ca5}, author_keywords = {Acoustic sensors; Acoustic signal detection; Communication switching; Communication system software; Safety; Software architecture; Stability; System testing; Telecommunication network reliability; Wireless sensor networks}, keywords = {Accident prevention; Acoustic devices; Acoustic equipment; Computer architecture; Convergence of numerical methods; Errors; Network architecture; Network protocols; Safety testing; Sensor nodes; Software architecture; Software reliability; Software testing; Systems engineering; Telecommunication networks, Acoustic Sensors; Acoustic signal detection; Communication switching; Communication system software; System testing, Wireless sensor networks}, document_type = {Conference Paper}, source = {Scopus}, } - Real-time communication and coordination in embedded sensor networksJ.A. Stankovic, T.F. Abdelzaher, C. Lu, L. Sha, and J.C. HouIEEE, 2003
Sensor networks can be considered distributed computing platforms with many severe constraints, including limited CPU speed, memory size, power, and bandwidth. Individual nodes in sensor networks are typically unreliable and the network topology dynamically changes, possibly frequently. Sensor networks also differ because of their tight interaction with the physical environment via sensors and actuators. Because of this interaction, we find that sensor networks are very data-centric. Due to all of these differences, many solutions developed for general distributed computing platforms and for ad-hoc networks cannot be applied to sensor networks. After discussing several motivating applications, this paper first discusses the state of the art with respect to general research challenges, then focuses on more specific research challenges that appear in the networking, operating system, and middleware layers. For some of the research challenges, initial solutions or approaches are identified. © 2003 IEEE.
@article{Stankovic20031002, author = {Stankovic, J.A. and Abdelzaher, T.F. and Lu, C. and Sha, L. and Hou, J.C.}, title = {Real-time communication and coordination in embedded sensor networks}, journal = {IEEE}, year = {2003}, volume = {91}, number = {7}, pages = {1002-1022}, doi = {10.1109/JPROC.2003.814620}, url = {https://www.scopus.com/inward/record.uri?eid=2-s2.0-14344252668&doi=10.1109%2fJPROC.2003.814620&partnerID=40&md5=3f743b2f99a7bc61e0f7dae787c00013}, author_keywords = {Embedded systems; Middleware; Networking; Operating systems; Real time; Sensor networks}, keywords = {Actuators; Bandwidth; Computer operating systems; Distributed computer systems; Embedded systems; Middleware; Real time systems, Ad-hoc networks; Network topology; Real-time communication; Sensor networks, Sensors}, document_type = {Conference Paper}, source = {Scopus}, } - Asynchronous wakeup for ad hoc networksR. Zheng, J.C. Hou, and L. ShaInternational Symposium on Mobile Ad Hoc Networking and Computing (MobiHoc), 2003
Due to the slow advancement of battery technology, power management in wireless networks remains to be a critical issue. Asynchronous wakeup has the merits of not requiring global clock synchronization and being resilient to network dynamics. This paper presents a systematic approach to designing and implementing asynchronous wakeup mechanisms in ad hoc networks. The optimal wakeup schedule design can be formulated as a block design problem in combinatorics. We propose a neighbor discovery and schedule bookkeeping protocol that can operate on the optimal wakeup schedule derived. Two power management policies, i.e. slot-based power management and on-demand power management, are studied to overlay desirable communication schedule over the wakeup schedule mandated by the asynchronous wakeup mechanism. Simulation studies indicate that the proposed asynchronous wakeup protocol is quite effective under various traffic characteristics and loads: energy saving can be as high as 70%, while the packet delivery ratio is comparable to that without power management.
@article{Zheng200335, author = {Zheng, R. and Hou, J.C. and Sha, L.}, title = {Asynchronous wakeup for ad hoc networks}, journal = {International Symposium on Mobile Ad Hoc Networking and Computing (MobiHoc)}, year = {2003}, pages = {35-45}, doi = {10.1145/778416.778420}, url = {https://www.scopus.com/inward/record.uri?eid=2-s2.0-0242612027&doi=10.1145%2f778416.778420&partnerID=40&md5=dbcb3058c144f854a2bebe3c97cafff1}, author_keywords = {Asynchronous wakeup; Block design and ad hoc networks; Power management}, keywords = {Asynchronous transfer mode; Congestion control (communication); Network protocols; Packet networks; Power control; Telecommunication traffic, Ad hoc networks; Asynchronous wakeup; Power management, Mobile computing}, document_type = {Conference Paper}, source = {Scopus}, }
2002
- An implicit prioritized access protocol for wireless sensor networksM. Caccamo, L.Y. Zhang, L. Sha, and G. ButtazzoProceedings - Real-Time Systems Symposium, 2002
Recent advances in wireless technology have brought us closer to the vision of pervasive computing where sensors/actuators can be connected through a wireless network. Due to cost constraints and the dynamic nature of sensor networks, it is undesirable to assume the existence of base stations connected by a wired backbone. In this paper, we present a network architecture suitable for sensor networks along with a medium access control protocol based on Earliest Deadline First.
@article{Caccamo200239, author = {Caccamo, M. and Zhang, L.Y. and Sha, L. and Buttazzo, G.}, title = {An implicit prioritized access protocol for wireless sensor networks}, journal = {Proceedings - Real-Time Systems Symposium}, year = {2002}, pages = {39-48}, url = {https://www.scopus.com/inward/record.uri?eid=2-s2.0-0036991785&partnerID=40&md5=2ed63b7bf12060727ffded22aff3d203}, keywords = {Actuators; Algorithms; Cellular radio systems; Computer simulation; Frequency division multiplexing; Multicasting; Network protocols; Routers; Sensors; Theorem proving; Wireless telecommunication systems, Earliest deadline first; Intracell communication; Medium access control protocol; Wireless sensor networks, Real time systems}, document_type = {Conference Paper}, source = {Scopus}, } - Handling execution overruns in hard real-time control systemsM. Caccamo, G. Buttazzo, and L. ShaIEEE Transactions on Computers, 2002
In many real-time control applications, the task periods are typically fixed and worst-case execution times are used in schedulability analysis. With the advancement of robotics, flexible visual sensing using cameras has become a popular alternative to the use of embedded sensors. Unfortunately, the execution time of visual tracking varies greatly. In such environments, control tasks have a normally short computation time, but also an occasional long computation time; therefore, the use of worst-case execution time is inefficient for control performance optimization. Nevertheless, to maintain the control stability, we still need to guarantee the schedulability of the task set, even if the worst case arises. In this paper, we propose an integrated approach to control performance optimization and task scheduling for control applications where the execution time of each task can vary greatly. We present an innovative approach to overrun management that allows us to fully utilize the processor for optimizing the control performance and yet guaranteeing the schedulability of all tasks under worst-case conditions.
@article{Caccamo2002835, author = {Caccamo, M. and Buttazzo, G. and Sha, L.}, title = {Handling execution overruns in hard real-time control systems}, journal = {IEEE Transactions on Computers}, year = {2002}, volume = {51}, number = {7}, pages = {835-849}, doi = {10.1109/TC.2002.1017703}, url = {https://www.scopus.com/inward/record.uri?eid=2-s2.0-0036647058&doi=10.1109%2fTC.2002.1017703&partnerID=40&md5=5032c7002bc42863aeb5f93854c5ec75}, author_keywords = {Overrun management; Rate adaptation; Real-time scheduling}, keywords = {Cameras; Computational methods; Computer control systems; Embedded systems; Optimization; Response time (computer systems); Robotics; Scheduling; System stability, Execution times; Overrun management; Rate adaptation; Real time control systems; Schedulability analysis, Real time systems}, document_type = {Article}, source = {Scopus}, } - Guest editorialL. Sha, and T. AbdelzaherReal-Time Systems, 2002
@article{Sha20025, author = {Sha, L. and Abdelzaher, T.}, title = {Guest editorial}, journal = {Real-Time Systems}, year = {2002}, volume = {23}, number = {1-2}, pages = {5-6}, doi = {10.1023/A:1015344501520}, url = {https://www.scopus.com/inward/record.uri?eid=2-s2.0-0036642329&doi=10.1023%2fA%3a1015344501520&partnerID=40&md5=d294bd84c3812c4e13aa77f44c29c573}, keywords = {Computer operating systems; Constraint theory; Feedback control; Mathematical models; Resource allocation; Scheduling; Systems analysis, Real time schedulers; Real time software performance control; Worst case models, Real time systems}, document_type = {Editorial}, source = {Scopus}, } - Upgrading embedded software in the field: Dependability and survivabilityLecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics), 2002
The new millennium heralds the convergence between computing, communication and the intelligent control of our physical environments. Computers embedded in roads, bridges, buildings and vehicles tend to have a long life cycle. Application needs will change and computing, communication and control technologies willevolve rapidly. To keep systems modern, we need technologies to dependably and securely upgrade embedded software in the field. This paper provides a review of our work on how to upgrade embedded control systems without shutting them down, and how to protect the system from bugs and attacks that could be introduced by software upgrades. © Springer-Verlag Berlin Heidelberg 2002.
@article{Sha2002166, author = {Sha, L.}, title = {Upgrading embedded software in the field: Dependability and survivability}, journal = {Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)}, year = {2002}, volume = {2491}, pages = {166-181}, doi = {10.1007/3-540-45828-x_13}, url = {https://www.scopus.com/inward/record.uri?eid=2-s2.0-84883102608&doi=10.1007%2f3-540-45828-x_13&partnerID=40&md5=2c3f21935c59ccf4981939c0fef29998}, keywords = {Embedded software; Embedded systems; Life cycle, Communication and control; Embedded control systems; Long life cycles; Physical environments; Software upgrades, Program debugging}, document_type = {Conference Paper}, source = {Scopus}, } - Queueing model based network server performance controlL. Sha, X. Liu, Y. Lu, and T. AbdelzaherProceedings-Real-Time Systems Symposium, 2002
Controlling the timing performance of a network server is a challenging problem. This paper presents a Queueing Model Based Feedback Control approach to keep the timing performance of a network server close to the service level specification. We show that in an instrumented Apache server, combining feedback control with a queueing model leads to better tracking of QoS specifications than with feedback control alone or queueing model based feed forward control alone.
@article{Sha200281, author = {Sha, L. and Liu, X. and Lu, Y. and Abdelzaher, T.}, title = {Queueing model based network server performance control}, journal = {Proceedings-Real-Time Systems Symposium}, year = {2002}, pages = {81-90}, doi = {10.1109/REAL.2002.1181564}, art_number = {9}, url = {https://www.scopus.com/inward/record.uri?eid=2-s2.0-0036991512&doi=10.1109%2fREAL.2002.1181564&partnerID=40&md5=d83fc5bb52e613a7f5e75a015d87c21d}, keywords = {Computer simulation; Control system synthesis; Difference equations; Feedback control; HTTP; Mathematical models; Quality of service; Queueing networks; Queueing theory; Three term control systems; World Wide Web, Feedforward control; Network server systems; Queueing model based network; Web servers, Client server computer systems}, document_type = {Article}, source = {Scopus}, }
2001
- Trade-off analysis of real-time control performance and schedulabilityD. Seto, J.P. Lehoczky, L. Sha, and K.G. ShinReal-Time Systems, 2001
Most real-time computer-controlled systems are developed in two separate stages: controller design followed by its digital implementation. Computational tasks that implement the control algorithms are usually scheduled by treating their execution times and periods as unchangeable parameters. Task schedulability therefore depends only on the limited computing resources available. On the other hand, controller design is primarily based on the continuous-time dynamics of the physical system being controlled. The set of tasks resulting from this controller design may not be schedulable with the limited computing resources available. Even if the given set of tasks is schedulable, their overall performance may not be optimal in the sense that they do not make a full use of the computing resources. In this paper, we propose an integrated approach to controller design and task scheduling. Specifically, task frequencies (or periods) are allowed to vary within a certain range as long as such changes do not affect critical control functions such as the maintenance of system stability. We present an algorithm that determines the task frequencies such that a prescribed aspect of system performance is optimized subject to satisfaction of computing resource constraints. The tasks are then scheduled with the chosen frequencies. The proposed approach also addresses the issue of choosing controller processors.
@article{Seto2001199, author = {Seto, D. and Lehoczky, J.P. and Sha, L. and Shin, K.G.}, title = {Trade-off analysis of real-time control performance and schedulability}, journal = {Real-Time Systems}, year = {2001}, volume = {21}, number = {3}, pages = {199-217}, doi = {10.1023/A:1011151320157}, url = {https://www.scopus.com/inward/record.uri?eid=2-s2.0-0035501703&doi=10.1023%2fA%3a1011151320157&partnerID=40&md5=eb48412d1838bf6fe8761d0500446d50}, author_keywords = {Real-time control; Resource management; Task schedulability}, keywords = {Algorithms; Computer control systems; Constraint theory; Control system analysis; Control system synthesis; Optimization; Resource allocation; Scheduling; System stability, Real time control; Resource management; Task schedulability, Real time systems}, document_type = {Article}, source = {Scopus}, } - Using simplicity to control complexityIEEE Software, 2001
@article{Sha200120, author = {Sha, L.}, title = {Using simplicity to control complexity}, journal = {IEEE Software}, year = {2001}, volume = {18}, number = {4}, pages = {20-28}, doi = {10.1109/MS.2001.936213}, url = {https://www.scopus.com/inward/record.uri?eid=2-s2.0-0035394327&doi=10.1109%2fMS.2001.936213&partnerID=40&md5=a1c0ec229a96f99865e12fd90a02459a}, document_type = {Article}, source = {Scopus}, } - What are the top ten most influential parallel and distributed processing concepts of the past millenium?M.D. Theys, S. Ali, H.J. Siegel, M. Chandy, K. Hwang, K. Kennedy, L. Sha, K.G. Shin, M. Snir, L. Snyder, and T. SterlingJournal of Parallel and Distributed Computing, 2001
This is a report on a panel titled "What are the top ten most influential parallel and distributed processing concepts of the last millenium?" that was held at the IEEE Computer Society sponsored "14th International Parallel and Distributed Processing Symposium (IPDPS 2000)." The panelists were chosen to represent a variety of perspectives and technical areas. After the panelists had presented their choices for the top ten, an open discussion was held among the audience and panelists. At the end of the discussion, a ballot was distributed for the audience to vote on the top ten concepts (in arbitrary order). The voting identified the following ten most influential parallel and distributed processing concepts of the last millenium: (1) Amdahl’s law and scalability, (2) Arpanet and Internet, (3) pipelining, (4) divide and conquer approach, (5) multiprogramming, (6) synchronization (including semaphores), (7) load balancing, (8) message passing and packet switching, (9) cluster computing, and (10) multithreaded (lightweight) program execution. © 2001 Academic Press.
@article{Theys20011827, author = {Theys, M.D. and Ali, S. and Siegel, H.J. and Chandy, M. and Hwang, K. and Kennedy, K. and Sha, L. and Shin, K.G. and Snir, M. and Snyder, L. and Sterling, T.}, title = {What are the top ten most influential parallel and distributed processing concepts of the past millenium?}, journal = {Journal of Parallel and Distributed Computing}, year = {2001}, volume = {61}, number = {12}, pages = {1827-1841}, doi = {10.1006/jpdc.2001.1767}, url = {https://www.scopus.com/inward/record.uri?eid=2-s2.0-0035708606&doi=10.1006%2fjpdc.2001.1767&partnerID=40&md5=b2f67b2da0648567e9c2cec1b61e906e}, document_type = {Note}, source = {Scopus}, } - Aperiodic servers with resource constraintsM. Caccamo, and L. ShaProceedings - Real-Time Systems Symposium, 2001
Integrating soft and hard activities in a real-time environment has been an active area of research both under fixed priority scheduling and dynamic priority scheduling. Most of the existing work, however, has been done under the assumption that soft real-time tasks and hard real-time tasks are independent. The paper presents an efficient method that allows soft real-time aperiodic tasks and hard real-time tasks to share resources.
@article{Caccamo2001161, author = {Caccamo, M. and Sha, L.}, title = {Aperiodic servers with resource constraints}, journal = {Proceedings - Real-Time Systems Symposium}, year = {2001}, pages = {161-170}, doi = {10.1109/REAL.2001.990607}, url = {https://www.scopus.com/inward/record.uri?eid=2-s2.0-0035684052&doi=10.1109%2fREAL.2001.990607&partnerID=40&md5=e7aaae427260beb97a461a72b6623a71}, keywords = {Constraint theory; Real time systems; Resource allocation; Scheduling, Aperiodic servers; Resource constraints, Servers}, document_type = {Article}, source = {Scopus}, } - Service class based online QoS management in surveillance radar systemsC.-G. Lee, C.-S. Shih, and L. ShaProceedings - Real-Time Systems Symposium, 2001
Many application level qualities are functions of available computation resources. Recent studies have handled the computation resource allocation problem to maximize the overall application quality. However, such QoS problem is fundamentally a multi-dimensional optimization problem that requires extensive computation. Therefore, online usage of optimization procedures may significantly reduce the computation resource available for applications. This raises the question of how to best use the optimization procedures for dynamic real-time task sets. This paper proposes a method called service classes configuration to address the QoS problem with dynamic arrival and departure of tasks. A simplified radar application is used as an illustrative example.
@article{Lee2001139, author = {Lee, C.-G. and Shih, C.-S. and Sha, L.}, title = {Service class based online QoS management in surveillance radar systems}, journal = {Proceedings - Real-Time Systems Symposium}, year = {2001}, pages = {139-148}, doi = {10.1109/REAL.2001.990605}, url = {https://www.scopus.com/inward/record.uri?eid=2-s2.0-0035683852&doi=10.1109%2fREAL.2001.990605&partnerID=40&md5=a81955695d66ff3153cf456821ecc976}, keywords = {Algorithms; Online systems; Optimization; Quality of service; Real time systems; Resource allocation; Scheduling, Quality of service (QoS) measurements, Surveillance radar}, document_type = {Article}, source = {Scopus}, } - Scheduling tasks with variable deadlinesC.-S. Shih, L. Sha, and J. LiuReal-Time Technology and Applications - Proceedings, 2001
Traditional real-time scheduling algorithms typically assume that deadlines of tasks do not change with time. Task deadlines in many real-time command, control and communication applications change over time. Deadlines of some tasks in these applications depend on the states of the objects monitored and controlled by the applications. Because the states of the objects change with time, the deadlines may also change with time. This paper discusses the problem of scheduling tasks with variable deadlines and presents preliminary results and on-going work.
@article{Shih2001120, author = {Shih, C.-S. and Sha, L. and Liu, J.}, title = {Scheduling tasks with variable deadlines}, journal = {Real-Time Technology and Applications - Proceedings}, year = {2001}, pages = {120-122}, doi = {10.1109/RTTAS.2001.929874}, url = {https://www.scopus.com/inward/record.uri?eid=2-s2.0-0034835750&doi=10.1109%2fRTTAS.2001.929874&partnerID=40&md5=e8dba1130562b912ce60860ab17bab55}, keywords = {Algorithms; Command and control systems; Scheduling; Real time systems, Real-time scheduling algorithms, Real time systems; Scheduling, Command , control and communication; Real time; Real-time scheduling algorithms; Scheduling tasks}, document_type = {Article}, source = {Scopus}, }
2000
- Elastic feedback controlM. Caccamo, G. Buttazzo, and L. ShaProceedings - Euromicro Conference on Real-Time Systems, 2000
In many real time control applications, the task periods are typically fixed and worst case execution times are used in schedulability analysis. With the advancement of robotics, flexible visual sensing using cameras has become a popular alternative to the use of embedded sensors. Unfortunately, the execution time of visual tracking varies greatly. In such environments, control tasks have a normally short computation time but also an occasional long computation time; therefore, the use of worst case execution time is inefficient for controlling performance optimization. Nevertheless, to maintain the control stability, we still need to guarantee the task set, even if the worst case arises. We propose an integrated approach to control performance optimization and task scheduling for control applications where the execution time of each task can vary greatly. We create an innovative approach to elastic control that allows us to fully utilize the processor to optimize the control performance and yet guarantee the schedulability of all tasks under worst case conditions. © 2000 IEEE.
@article{Caccamo2000121, author = {Caccamo, M. and Buttazzo, G. and Sha, L.}, title = {Elastic feedback control}, journal = {Proceedings - Euromicro Conference on Real-Time Systems}, year = {2000}, pages = {121-128}, doi = {10.1109/EMRTS.2000.853999}, art_number = {853999}, url = {https://www.scopus.com/inward/record.uri?eid=2-s2.0-84884684179&doi=10.1109%2fEMRTS.2000.853999&partnerID=40&md5=4eb2fe83dba2fd52052aea5555a3288f}, keywords = {Control applications; Control performance; Control stability; Innovative approaches; Integrated approach; Performance optimizations; Schedulability analysis; Worst-case execution time, Program processors; Real time control, Optimization}, document_type = {Conference Paper}, source = {Scopus}, } - Capacity sharing for overrun controlMarco Caccamo, Giorgio Buttazzo, and Lui ShaProceedings - Real-Time Systems Symposium, 2000
In this paper, we present a general scheduling methodology for managing overruns in a real-time environment, where tasks may have different criticality and flexible timing constraints. The proposed method achieves isolation among tasks through a resource reservation mechanism which bounds the effects of task interference, but also performs efficient reclaiming of the unused computation times to relax the utilization constraints imposed by isolation. The enhancements achieved by the proposed approach resulted to be very effective with respect to classical reservation schemes. The performance has been evaluated by implementing the algorithm on a real-time kernel. The runtime overhead introduced by the scheduling mechanism has also been investigated with specific experiments, in order to be taken into account in the schedulability analysis. However, it resulted to be negligible in most practical cases.
@article{Caccamo2000295, author = {Caccamo, Marco and Buttazzo, Giorgio and Sha, Lui}, title = {Capacity sharing for overrun control}, journal = {Proceedings - Real-Time Systems Symposium}, year = {2000}, pages = {295-304}, url = {https://www.scopus.com/inward/record.uri?eid=2-s2.0-0034471127&partnerID=40&md5=30c8bb5536fd663104abb516df96e75e}, keywords = {Algorithms; Computer systems programming; Constraint theory; Response time (computer systems); Scheduling, Capacity sharing, Real time systems}, document_type = {Conference Paper}, source = {Scopus}, } - Integration of CORBA services with a dynamic real-time architectureA. Polze, J. Schwarz, K. Wehner, and L. ShaReal-Time Technology and Applications - Proceedings, 2000
The Common Object Request Broker Architecture (CORBA) is the most successful representative for an object based distributed computing architecture. Although CORBA simplifies the implementation of complex, distributed systems significantly, support of techniques for reliable fault-tolerant software, such as online-replacement or replication is not within the scope of today’s CORBA or Real-time CORBA. The Simplex architecture developed at the Software Engineering Institute at Carnegie Mellon University supports the online replacement of software components within a fault-tolerant, real time control application. Simplex middleware consists of both a hard real time publisher/subscriber service and a soft real time service to support human-in-the-loop supervisor control activities. We have replaced Simplex’ soft real time services with CORBA services while retaining its hard real time publication and subscription service. This composite approach allows us to take advantage of both the strength of CORBA in distributed computing and Simplex’ strength in hard real time control applications. The authors discuss the trade-off issues in this composite system approach and present the tele-laboratory experiment, which is based on the extended Simplex system. © 2000 IEEE.
@article{Polze2000198, author = {Polze, A. and Schwarz, J. and Wehner, K. and Sha, L.}, title = {Integration of CORBA services with a dynamic real-time architecture}, journal = {Real-Time Technology and Applications - Proceedings}, year = {2000}, pages = {198-206}, doi = {10.1109/RTTAS.2000.852464}, art_number = {852464}, url = {https://www.scopus.com/inward/record.uri?eid=2-s2.0-0033723282&doi=10.1109%2fRTTAS.2000.852464&partnerID=40&md5=8d17c780b1fdc1487198f1164cf96851}, keywords = {Carnegie Mellon University; Distributed computing architectures; Fault-tolerant software; Hard real-time control; Publisher/subscriber; Real-time architecture; Software engineering institutes; Subscription services, Computer architecture; Fault tolerant computer systems; Middleware; Real time control; Software engineering; Computer systems programming; Distributed computer systems; Information services; Real time systems; Response time (computer systems), Common object request broker architecture (CORBA); Computer architecture, Common object request broker architecture (CORBA)}, document_type = {Conference Paper}, source = {Scopus}, } - A distributed real time coordination protocolL. Sha, and D. SetoLecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics), 2000
When the communication channels are subject to interruptions such as jamming, the coordination of the real time motions of distributed autonomous vehicles becomes a challenging problem, that differs significantly with fault tolerance communication problems such as reliable broadcast. In this paper, we investigate the issues on the maintenance of the coordination in spite of arbitrarily long interruptions to the communication. © 2000 Springer-Verlag Berlin Heidelberg.
@article{Sha2000671, author = {Sha, L. and Seto, D.}, title = {A distributed real time coordination protocol}, journal = {Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)}, year = {2000}, volume = {1800 LNCS}, pages = {671-677}, doi = {10.1007/3-540-45591-4_91}, url = {https://www.scopus.com/inward/record.uri?eid=2-s2.0-84876370761&doi=10.1007%2f3-540-45591-4_91&partnerID=40&md5=51a8f3586bb68a0d6011f2f0a34cad2c}, keywords = {Fault tolerance; Real time control, Communication problems; Real time coordination; Real-time motion; Reliable broadcast; Autonomous Vehicles, Vehicle to vehicle communications}, document_type = {Conference Paper}, source = {Scopus}, } - Online control optimization using load driven schedulingL. Sha, X. Liu, M. Caccamo, and G. ButtazzoIEEE Conference on Decision and Control, 2000
In many real-time control applications, the task periods are typically fixed and worst-case execution times are used in schedulability analysis. With the advancement of robotics, flexible visual sensing using cameras becomes a popular alternative to the use of embedded sensors. Unfortunately, the execution time of visual tracking varies greatly. In this paper, we integrate load driven online scheduling with direct digital designs to optimize control performance as a function of varying workload.
@article{Sha20004877, author = {Sha, L. and Liu, X. and Caccamo, M. and Buttazzo, G.}, title = {Online control optimization using load driven scheduling}, journal = {IEEE Conference on Decision and Control}, year = {2000}, volume = {5}, pages = {4877-4882}, doi = {10.1109/CDC.2001.914703}, url = {https://www.scopus.com/inward/record.uri?eid=2-s2.0-0034444225&doi=10.1109%2fCDC.2001.914703&partnerID=40&md5=e6421c0c0d8c29697a3c402d2a905c50}, keywords = {Algorithms; Computer simulation; Control system synthesis; Discrete time control systems; Matrix algebra; Online systems; Optimization; Real time systems; Response time (computer systems); System stability; Time varying control systems, Direct digital design; Linear matrix inequality; Load driven scheduling; Online control; Worst case execution times, Integrated control}, document_type = {Article}, source = {Scopus}, } - An introduction to control and scheduling co-designK.-E. Årzén, A. Cervin, J. Eker, and L. ShaIEEE Conference on Decision and Control, 2000
The paper presents the emerging field of integrated control and CPU-time scheduling, where more general scheduling models and methods that better suit the needs of control systems are developed. This creates possibilities for dynamic and flexible integrated control and scheduling frameworks, where the control design methodology takes the availability of computing resources into account during design and allows on-line trade-offs between control performance and computing resource utilization.
@article{Årzén20004865, author = {Årzén, K.-E. and Cervin, A. and Eker, J. and Sha, L.}, title = {An introduction to control and scheduling co-design}, journal = {IEEE Conference on Decision and Control}, year = {2000}, volume = {5}, pages = {4865-4870}, doi = {10.1109/CDC.2001.914701}, url = {https://www.scopus.com/inward/record.uri?eid=2-s2.0-0034440408&doi=10.1109%2fCDC.2001.914701&partnerID=40&md5=8f05133b53fc687be5eb7ae2e88619c4}, keywords = {Algorithms; Computer operating systems; Computer simulation; Feedback control; Integrated control; Multiprogramming; Real time systems, Central processing unit time scheduling; Computing resource utilization; Real time operating systems, Control system synthesis}, document_type = {Article}, source = {Scopus}, }
1999
- High assurance bio-medical device controlAnnual International Conference of the IEEE Engineering in Medicine and Biology - Proceedings, 1999
Software faults are a major reliability concern in medical devices. They are the result of logical complexity that exceeds developers’ ability to specify, design, develop and verify. An effective way is to use simple and reliable control software to ensure the essential functionality and integrity of medical devices controlled by complex software.
@article{Sha1999879, author = {Sha, Lui}, title = {High assurance bio-medical device control}, journal = {Annual International Conference of the IEEE Engineering in Medicine and Biology - Proceedings}, year = {1999}, volume = {2}, pages = {879}, url = {https://www.scopus.com/inward/record.uri?eid=2-s2.0-0033344439&partnerID=40&md5=4c34605d77514036c0f17844417b682b}, keywords = {Computer software; Fault tolerant computer systems, High assurance computing, Biomedical equipment}, document_type = {Conference Paper}, source = {Scopus}, } - Flexible bio-medical instrumentationAnnual International Conference of the IEEE Engineering in Medicine and Biology - Proceedings, 1999
The rapid advancement in the biomedical field leads to the need of frequently modifying instrumentation and control software. In applications where the restart of an experiment is costly, the ability to reinstrumentation as needed online was shown to be beneficial. A dynamic real time component binding architecture that permits the flexible addition or replacement of software modules is presented.
@article{Sha1999895, author = {Sha, Lui}, title = {Flexible bio-medical instrumentation}, journal = {Annual International Conference of the IEEE Engineering in Medicine and Biology - Proceedings}, year = {1999}, volume = {2}, pages = {895}, url = {https://www.scopus.com/inward/record.uri?eid=2-s2.0-0033341458&partnerID=40&md5=37756a38bdd807d487d1ef77f2279ad1}, keywords = {Computer architecture; Online systems; Real time systems; Software engineering, Biomedical instrumentations; Software modifications, Electronic medical equipment}, document_type = {Conference Paper}, source = {Scopus}, } - On scheduling tasks in reliable real-time control systemsRamesh Chandra, and Lui ShaProceedings - Real-Time Systems Symposium, 1999
Feedback control is one of the most common applications of real time systems. However, the design of controller frequencies, task scheduling and reliability engineering are often done separately, resulting in suboptimal results. Here, an overview of an integrated approach to reliable real-time controller design by optimizing the system control performance subject to schedulability and software reliability constraints.
@article{Chandra1999164, author = {Chandra, Ramesh and Sha, Lui}, title = {On scheduling tasks in reliable real-time control systems}, journal = {Proceedings - Real-Time Systems Symposium}, year = {1999}, pages = {164-165}, url = {https://www.scopus.com/inward/record.uri?eid=2-s2.0-0033328166&partnerID=40&md5=90bba45bc3cecc96ebe735a74e678a84}, keywords = {Computer simulation; Computer software; Constraint theory; Fault tolerant computer systems; Feedback control; Markov processes; Mathematical models; Neural networks; Nonlinear control systems; Optimization; Scheduling, Schedulability; Software reliability constraints, Real time systems}, document_type = {Conference Paper}, source = {Scopus}, } - Using COTS software in high assurance control applicationsProceedings - 4th IEEE International Symposium on High-Assurance Systems Engineering, HASE 1999, 1999
@article{Sha1999118, author = {Sha, L.}, title = {Using COTS software in high assurance control applications}, journal = {Proceedings - 4th IEEE International Symposium on High-Assurance Systems Engineering, HASE 1999}, year = {1999}, pages = {118}, doi = {10.1109/HASE.1999.809485}, art_number = {809485}, url = {https://www.scopus.com/inward/record.uri?eid=2-s2.0-85040785319&doi=10.1109%2fHASE.1999.809485&partnerID=40&md5=81433a8cb891b86b9219c4cce07e0cec}, document_type = {Conference Paper}, source = {Scopus}, } - A fault tolerant real-Time publisher/subscriber inter-process communication architectureX. He, and L. ShaProceedings - 6th International Conference on Real-Time Computing Systems and Applications, RTCSA 1999, 1999
Real-Time publication and subscription (P/S) is an important communication paradigm that can be used to support the flexible integration and upgrading of distributed real-Time systems. In this paper, we present a fault-Tolerant extension of a real-Time P/S service in the context of a duplex architecture. We also present the rationale for the key design decisions and show how to improve the response time of the real-Time P/S service with an acceptable impact on control tasks that share the processor with the P/S service. © 1999 IEEE.
@article{He1999204, author = {He, X. and Sha, L.}, title = {A fault tolerant real-Time publisher/subscriber inter-process communication architecture}, journal = {Proceedings - 6th International Conference on Real-Time Computing Systems and Applications, RTCSA 1999}, year = {1999}, pages = {204-207}, doi = {10.1109/RTCSA.1999.811225}, art_number = {811225}, url = {https://www.scopus.com/inward/record.uri?eid=2-s2.0-85040781178&doi=10.1109%2fRTCSA.1999.811225&partnerID=40&md5=b9e37972c6d33bfbd9534e255be56b50}, keywords = {Fault tolerance; Fault tolerant computer systems; Interactive computer systems, Communication paradigm; Control task; Design decisions; Distributed real time system; Fault-tolerant; Flexible integration; Interprocess communication; Publisher/subscriber, Real time systems}, document_type = {Conference Paper}, source = {Scopus}, }
1998
- Task period selection and schedulability in real-time systemsDanbing Seto, John P. Lehoczky, and Lui ShaProceedings - Real-Time Systems Symposium, 1998
In many real-time applications, especially those involving computer-controlled systems, the application tasks often have a maximal acceptable latency, and small latency is preferred to large. The interaction between choosing task periods to meet the individual latency requirements and scheduling the resulting task set was investigated in [4] using dynamic priority scheduling methods. In this paper, we present algorithms based on static priority scheduling methods to determine optimal periods for each task in the task set. The solution to the period selection problem optimizes a system-wide performance measure subject to meeting the maximal acceptable latency requirements of each task. This paper also contributes to a new aspect of rate monotonic scheduling, the optimal design of task periods in connection with application related timing specifications and task set schedulability.
@article{Seto1998188, author = {Seto, Danbing and Lehoczky, John P. and Sha, Lui}, title = {Task period selection and schedulability in real-time systems}, journal = {Proceedings - Real-Time Systems Symposium}, year = {1998}, pages = {188-198}, url = {https://www.scopus.com/inward/record.uri?eid=2-s2.0-0032296746&partnerID=40&md5=ecaf4f7c61abd072bcea05a6ce0d6e4e}, keywords = {Algorithms; Computer control systems; Optimization; Resource allocation, Rate monotonic scheduling, Real time systems}, document_type = {Conference Paper}, source = {Scopus}, } - Dependable system upgradeProceedings - Real-Time Systems Symposium, 1998
The rate of innovations in technologies has far exceeded the rate of adopting them in at least the past 20 years. To fully realize the potential of innovations, a paradigm shift is needed, from a focus on enabling technologies for completely new installations to one which is designed to mitigate the risk and cost of bringing new technologies into functioning systems. In this paper, we show that real time control software can be dependably upgrade online via the use of analytically redundant controllers.
@article{Sha1998440, author = {Sha, Lui}, title = {Dependable system upgrade}, journal = {Proceedings - Real-Time Systems Symposium}, year = {1998}, pages = {440-448}, url = {https://www.scopus.com/inward/record.uri?eid=2-s2.0-0032293138&partnerID=40&md5=1d78385063295a3d8f2c7612d5fe1eb7}, keywords = {Computer architecture; Control system analysis; Fault tolerant computer systems; Online systems; Redundancy, System upgrade, Real time systems}, document_type = {Conference Paper}, source = {Scopus}, } - The simplex architecture for safe on-line control system upgradesD. Seto, B. Krogh, L. Sha, and A. ChutinanAmerican Control Conference, 1998
In this paper, we describe the Simplex architecture, a real-time software technology which supports the safe, reliable introduction of control system upgrades while the system is running. We introduce its basic structure in control systems, discuss its fault-tolerance feature, and investigate the control issues when the technology is employed. Application of the Simplex architecture is demonstrated for a plasma-enhanced chemical vapor deposition (PECVD) system, a standard process in semiconductor manufacturing. We conclude the paper with a discussion of the potential impact that the Simplex architecture can make on future control applications. © 1998 AACC.
@article{Seto19983504, author = {Seto, D. and Krogh, B. and Sha, L. and Chutinan, A.}, title = {The simplex architecture for safe on-line control system upgrades}, journal = {American Control Conference}, year = {1998}, volume = {6}, pages = {3504-3508}, doi = {10.1109/ACC.1998.703255}, art_number = {703255}, url = {https://www.scopus.com/inward/record.uri?eid=2-s2.0-0002573820&doi=10.1109%2fACC.1998.703255&partnerID=40&md5=44e2145995d08e10ee346c5969132f30}, keywords = {Basic structure; Control applications; Control issues; On-line controls; Potential impacts; Real-time software technologies; Semiconductor manufacturing; System upgrade, Fault tolerance; Plasma enhanced chemical vapor deposition; Semiconductor device manufacture; Software engineering, Control systems}, document_type = {Conference Paper}, source = {Scopus}, } - Composite objects: Real-time programming with CORBAA. Polze, and L. ShaProceedings - 24th EUROMICRO Conference, EURMIC 1998, 1998
The Common Object Request Broker Architecture is a successful, standardized system integration framework based on distributed object technologies. An ongoing effort concerns extensions to CORBA to incorporate realtime computing needs. Although the use of objects in real-time computing is straightforward, the technical challenge lies in the replacement of static real-time computing infrastructures with a jexible real-time computing infrastructure, in which distributed real-time client and :sewer objects can be created and connected as needed during runtime. We propose the concept of "Composite Objects" for the integration of real-time and non-real-time computing into a single object-based framework. Within the papel; we present a methodology for creating objects which interface to CORBA without violating real-time assumptions. We present a example scenario which integrates a real-time computing architecture and CORBA components via "Composite Objects ". Finally, we discuss implementation-related issues based on our experiences with "Composite Objects". © 1998 IEEE.
@article{Polze1998997, author = {Polze, A. and Sha, L.}, title = {Composite objects: Real-time programming with CORBA}, journal = {Proceedings - 24th EUROMICRO Conference, EURMIC 1998}, year = {1998}, volume = {2}, pages = {997-1004}, doi = {10.1109/EURMIC.1998.708133}, url = {https://www.scopus.com/inward/record.uri?eid=2-s2.0-77954791804&doi=10.1109%2fEURMIC.1998.708133&partnerID=40&md5=1d33413dfc8124fbfcaa7251a1c25aea}, author_keywords = {Composite Objects; CORBA; Interoperability; Non-interference; Object-based Real-Time Computing}, keywords = {Computer architecture; Computer programming; Interoperability; Middleware, Composite objects; CORBA components; Distributed object technology; Non interference; Real time computing; Real time programming; System integration; Technical challenges, Common object request broker architecture (CORBA)}, document_type = {Conference Paper}, source = {Scopus}, } - Dynamic Control System Upgrade Using the Simplex ArchitectureD. Seto, B.H. Krogh, L. Sha, and A. ChutinanIEEE Control Systems, 1998
@article{Seto199872, author = {Seto, D. and Krogh, B.H. and Sha, L. and Chutinan, A.}, title = {Dynamic Control System Upgrade Using the Simplex Architecture}, journal = {IEEE Control Systems}, year = {1998}, volume = {18}, number = {4}, pages = {72-80}, doi = {10.1109/37.710880}, url = {https://www.scopus.com/inward/record.uri?eid=2-s2.0-0032136375&doi=10.1109%2f37.710880&partnerID=40&md5=f11af104b06e64d17311260be093cd40}, keywords = {Algorithms; Chemical vapor deposition; Control system analysis; Control system synthesis; Error detection; Fault tolerant computer systems; Input output programs; Multiprocessing systems; Nonlinear control systems; Optimization, Plasma enhanced chemical vapor deposition (PECVD); Simplex architecture, Computer control}, document_type = {Article}, source = {Scopus}, }
1997
- Analysis of dual-link networks for real-time applicationsL. Sha, S.S. Sathaye, and J.K. StrosniderIEEE Transactions on Computers, 1997
Next-generation networks are expected to support a wide variety of services. Some services such as video, voice, and plant control traffic have explicit timing requirements on a per-message basis rather than on the average. In this paper, we develop a general model of dual-link networks to support real-time communication. We examine the desirable properties of this network and the difficulties in achieving these properties. We then introduce the concept of coherence and develop a theory of coherent dual-link networks. We show that a coherent dual-link network can be analyzed as though it is a centralized system. We then discuss practical considerations in implementing a dual-link network, and implications of this work to address problems observed in the IEEE 802.6 metropolitan area network standard. ©1997 IEEE.
@article{Sha19971, author = {Sha, L. and Sathaye, S.S. and Strosnider, J.K.}, title = {Analysis of dual-link networks for real-time applications}, journal = {IEEE Transactions on Computers}, year = {1997}, volume = {46}, number = {1}, pages = {1-13}, doi = {10.1109/12.559798}, url = {https://www.scopus.com/inward/record.uri?eid=2-s2.0-0031369637&doi=10.1109%2f12.559798&partnerID=40&md5=01ddd1cf55beeed40058417d747e1364}, author_keywords = {Coherence; DQDB; Dual-link networks; Flow control; IEEE 802.6; Preemption; Priority; Real-time scheduling; Schedulability; T-schedulability}, keywords = {Mathematical models; Metropolitan area networks; Real time systems; Standards; Telecommunication links; Telecommunication services; Telecommunication traffic, Dual link networks, Telecommunication networks}, document_type = {Article}, source = {Scopus}, }
1996
- On task schedulability in real-time control systemsDanbing Seto, John P. Lehoczky, Lui Sha, and Kang G. ShinProceedings - Real-Time Systems Symposium, 1996
Most real-time computer-controlled systems are built in two separate steps, each in isolation: controller design and its digital implementation. Computational tasks that realize the control algorithms are usually scheduled by treating their execution times and periods as unchangeable parameters. Task scheduling therefore depends only on the limited computing resources available. On the other hand, controller design is primarily based on the continuous-time dynamics of the physical system being controlled. The set of tasks resulting from this controller design may not be schedulable with the limited computing resources available. Even if the given set of tasks is schedulable, the overall control performance may not be optimal in the sense that they do not make a full use of the computing resource. In this paper, we propose an integrated approach to controller design and task scheduling. Specifically, task frequencies (or periods) are allowed to vary within a certain range as long as such a change doesn’t affect critical control functions such as maintenance of system stability. We present an algorithm that optimizes task frequencies and then schedules the resulting tasks with the limited computing resources available. The proposed approach is also applicable to failure recovery and reconfiguration in real-time control systems.
@article{Seto199613, author = {Seto, Danbing and Lehoczky, John P. and Sha, Lui and Shin, Kang G.}, title = {On task schedulability in real-time control systems}, journal = {Proceedings - Real-Time Systems Symposium}, year = {1996}, pages = {13-21}, url = {https://www.scopus.com/inward/record.uri?eid=2-s2.0-0030410148&partnerID=40&md5=b9f8809451da72da6ef31a0fe6aeaf56}, keywords = {Algorithms; Computer control; Control system synthesis; Optimization; Real time systems; Response time (computer systems), Task scheduling, Control systems}, document_type = {Conference Paper}, source = {Scopus}, } - Designing for evolvability: Building blocks for evolvable real-time systemsM. Gagliardi, R. Rajkumar, and L. ShaReal-Time Technology and Applications - Proceedings, 1996
Fielded real-time systems including many defense systems, manufacturing plants and commercial aircraft avionics typically have long lifetimes ranging from a few years to even a few decades. Available technologies, system needs and customer goals change over this lifetime, and changes to a deployed system become very desirable. We argue that such evolution must and can be supported with new system abstractions, and that real-time systems designed with these abstractions can be evolved and incrementally tested. We present two possible run-time abstractions which can act as basic building blocks to construct «evolvable real-time systems». These building blocks can be used to evolve deployed systems in general and real-time systems in particular. First, the replaceable unit abstraction alloys an existing software module to be replaced online by another module with similar or enhanced functionality. Such replacement is transparent to the rest of the system. Secondly, the «cell» abstraction represents a protected module which cannot be harmed by other modules. Based on this notion is an «extensible cell», which allows a deployed module to be extended functionally without the fear of hurting its (fully certified) functionality even when the extensions can fail in unexpected ways. These two abstractions have been implemented in a real-time POSIX testbed used in the Simplex architecture and our findings are reported. Both abstractions are built on the Real-Time Publisher/Subscriber communication model with modifications necessitated by safe evolutionary requirements. We conclude that guaranteed enforcement of the semantics of these two building blocks can only be provided using operating system enforced resource reservation and communication rights. © 1996 IEEE.
@article{Gagliardi1996100, author = {Gagliardi, M. and Rajkumar, R. and Sha, L.}, title = {Designing for evolvability: Building blocks for evolvable real-time systems}, journal = {Real-Time Technology and Applications - Proceedings}, year = {1996}, pages = {100-109}, doi = {10.1109/RTTAS.1996.509527}, art_number = {509527}, url = {https://www.scopus.com/inward/record.uri?eid=2-s2.0-0029698627&doi=10.1109%2fRTTAS.1996.509527&partnerID=40&md5=49355d3702540b947584f823f9674c4a}, document_type = {Conference Paper}, source = {Scopus}, } - Evolving dependable real-time systemsLui Sha, Ragunathan Rajkumar, and Michael GagliardiIEEE Aerospace Applications Conference Proceedings, 1996
The use of commercial off the shelf (COTS) components in the development of dependable real-time systems, while effective in keeping systems affordable, also introduces vendor-driven upgrade problem. The dependable real-time computing community therefore needs to develop approaches that can introduce new hardware and software components into deployed systems safely, reliably and easily, in spite of the inevitable bugs in some of the new COTS components. This paper gives an informal review of the Simplex Architecture, which has been developed to support safe and reliable online upgrade of dependable computing systems.
@article{Sha1996335, author = {Sha, Lui and Rajkumar, Ragunathan and Gagliardi, Michael}, title = {Evolving dependable real-time systems}, journal = {IEEE Aerospace Applications Conference Proceedings}, year = {1996}, volume = {1}, pages = {335-346}, url = {https://www.scopus.com/inward/record.uri?eid=2-s2.0-0029763659&partnerID=40&md5=c1315086c431a86d3435f4951eb8c555}, keywords = {Availability; Computer architecture; Computer hardware; Computer software; Online systems; Performance; Software engineering; Technology, Commercial off the shelf components; Simplex architecture, Real time systems}, document_type = {Conference Paper}, source = {Scopus}, }
1995
- The Deferrable Server Algorithm for Enhanced Aperiodic Responsiveness in Hard Real-Time EnvironmentsJ.K. Strosnider, J.P. Lehoczky, and L. ShaIEEE Transactions on Computers, 1995
Most existing scheduling algorithms for hard realtime systems apply either to periodic tasks or aperiodic tasks but not to both. In practice, real-time systems require an integrated, consistent approach to scheduling that is able to simultaneously meet the timing requirements of hard deadline periodic tasks, hard deadline aperiodic (alert-class) tasks, and soft deadline aperiodic tasks. This paper introduces the Deferrable Server (DS) algorithm which will be shown to provide improved aperiodic response time performance over traditional background and polling approaches. Taking advantage of the fact that, typically, there is no benefit in early completion of the periodic tasks, the Deferrable Server (DS) algorithm assigns higher priority to the aperiodic tasks up until the point where the periodic tasks would start to miss their deadlines. Guaranteed alert-class aperiodic service and greatly reduced response times for soft deadline aperiodic tasks are important features of the DS algorithm, and both are obtained with the hard deadlines of the periodic tasks still being guaranteed. The results of a simulation study performed to evaluate the response time performance of the new algorithm against traditional background and polling approaches are presented. In all cases, the response times of aperiodic tasks are significantly reduced (often by an order of magnitude) while still maintaining guaranteed periodic task deadlines. © 1995 IEEE
@article{Strosnider199573, author = {Strosnider, J.K. and Lehoczky, J.P. and Sha, L.}, title = {The Deferrable Server Algorithm for Enhanced Aperiodic Responsiveness in Hard Real-Time Environments}, journal = {IEEE Transactions on Computers}, year = {1995}, volume = {44}, number = {1}, pages = {73-91}, doi = {10.1109/12.368008}, url = {https://www.scopus.com/inward/record.uri?eid=2-s2.0-0029230309&doi=10.1109%2f12.368008&partnerID=40&md5=0c6612bfd85e47a61042714a1a22ef19}, keywords = {Computer simulation; Optimization; Performance; Real time systems; Response time (computer systems); Scheduling; Time division multiplexing, Aperiodics; Aperiodiodic responsiveness; Deferrable server algorithm; Hard deadlines; Periodics; Schedulability, Algorithms}, document_type = {Article}, source = {Scopus}, } - Real-time publisher/subscriber inter-process communication model for distributed real-time systems: design and implementationRagunathan Rajkumar, Mike Gagliardi, and Lui ShaReal-Time Technology and Applications - Proceedings, 1995
Distributed real-time systems are becoming more pervasive in many domains including process control, discrete manufacturing, defense systems, air traffic control, and on-line monitoring systems in medicine. The construction of such systems, however, is impeded by the lack of simple yet powerful programming models and the lack of efficient, scalable, dependable and analyzable interfaces and their implementations. We argue that these issues need to be resolved with powerful application-level toolkits similar to that provided by ISIS [2]. In this paper, we consider the inter-process communication requirements which form a fundamental block in the construction of distributed real-time systems. We propose the real-time publisher/subscriber model, a variation of group-based programming and anonymous communication techniques, as a model for distributed real-time inter-process communication which can address issues of programming ease, portability, scalability and analyzability. The model has been used successfully in building a software architecture for building upgradable real-time systems. We provide the programming interface, a detailed design and implementation details of this model along with some preliminary performance benchmarks. The results are encouraging in that the goals we seek look achievable.
@article{Rajkumar199566, author = {Rajkumar, Ragunathan and Gagliardi, Mike and Sha, Lui}, title = {Real-time publisher/subscriber inter-process communication model for distributed real-time systems: design and implementation}, journal = {Real-Time Technology and Applications - Proceedings}, year = {1995}, pages = {66-75}, url = {https://www.scopus.com/inward/record.uri?eid=2-s2.0-0029211731&partnerID=40&md5=355d3d092c01ed90b0414b52ba045fc3}, keywords = {Computer debugging; Computer hardware; Computer programming; Computer software; Computer testing; Distributed computer systems; Mathematical models; Network protocols; Online systems; Benchmarking; Communication; Real time systems; Scalability, Defense systems; Distributed real time systems; Online monitoring systems; Real time publisher subscriber model; Uniprocessor system, Real time systems; Structural design, Anonymous communication; Design and implementations; Discrete manufacturing; Distributed real time system; Interprocess communication; On-line monitoring system; Programming interface; Publisher/subscriber}, document_type = {Conference Paper}, source = {Scopus}, }
1994
- Industrial Computing A Grand ChallengeComputer, 1994
@article{Sha199412, author = {Sha, L.}, title = {Industrial Computing A Grand Challenge}, journal = {Computer}, year = {1994}, volume = {27}, number = {1}, pages = {12-13}, doi = {10.1109/2.248872}, url = {https://www.scopus.com/inward/record.uri?eid=2-s2.0-0028268805&doi=10.1109%2f2.248872&partnerID=40&md5=0e42fd57d911b34c41b9099f7f4a714f}, keywords = {Computer applications; Operations research; Production engineering, High-speed transportation; Industrial computing, Industrial management}, document_type = {Article}, source = {Scopus}, } - Generalized Rate-Monotonic Scheduling Theory: A Framework for Developing Real Time SystemsL. Sha, R. Rajkumar, and S.S. SathayeIEEE, 1994
Real-time computing systems are used to control telecommunication systems, defense systems, avionics, and modern factories. Generalized rate-monotonic scheduling theory is a recent development that has had large impact on the development of real time systems and open standards. In this paper we provide an up-to-date and self-contained review of generalized rate-monotonic scheduling theory. We show how this theory can be applied in practical system development, where special attention must be given to facilitate concurrent development by geographically distributed programming teams and the reuse of existing hardware and software components. © 1994 IEEE
@article{Sha199468, author = {Sha, L. and Rajkumar, R. and Sathaye, S.S.}, title = {Generalized Rate-Monotonic Scheduling Theory: A Framework for Developing Real Time Systems}, journal = {IEEE}, year = {1994}, volume = {82}, number = {1}, pages = {68-82}, doi = {10.1109/5.259427}, url = {https://www.scopus.com/inward/record.uri?eid=2-s2.0-0028207780&doi=10.1109%2f5.259427&partnerID=40&md5=bd87690a14497f3cc3eeab9be211bdec}, keywords = {Algorithms; Computer applications; Computer hardware; Computer software; Computer systems programming; Maintenance; Response time (computer systems); Scheduling; Software engineering; System stability; Systems analysis, Concurrent engineering; Decoupling; Generalized rate monotonic scheduling theory; Schedulability; System concurrency; Timing constaints, Real time systems}, document_type = {Article}, source = {Scopus}, }
1993
- Control reconfiguration in the presence of software failuresM. Bodson, J. Lehoczky, R. Rajkumar, L. Sha, D. Soh, M. Smith, and J. StephanIEEE Conference on Decision and Control, 1993
In this paper, we discuss a special approach for software fault tolerance in control applications. A full-function, high-performance, but complex control system is complemented by an error-free implementation of a highly reliable control system of lower functionality. When the correctness of the high-performance controller is in doubt, the reliable control system takes over the execution of the task. An innovative feature of the approach is the disparity between the two control systems, which is used to exploit the relative advantages of the simple/reliable vs. complex/ high-performance systems. Another innovative feature is the fault detection mechanism, which is based on measures of performance and of safety of the control system. The example of a ball and beam system is used to illustrate the concepts, and experimental results obtained on a laboratory set-up are presented.
@article{Bodson19932284, author = {Bodson, M. and Lehoczky, J. and Rajkumar, R. and Sha, L. and Soh, D. and Smith, M. and Stephan, J.}, title = {Control reconfiguration in the presence of software failures}, journal = {IEEE Conference on Decision and Control}, year = {1993}, volume = {3}, pages = {2284-2289}, url = {https://www.scopus.com/inward/record.uri?eid=2-s2.0-0027747990&partnerID=40&md5=f46897ad25d7bc581a2de005f46f269a}, keywords = {Computer software; Control system synthesis; Control systems; Fault tolerant computer systems, Control reconfiguration; Error free; Software failures, Control system analysis}, document_type = {Conference Paper}, source = {Scopus}, } - Real-time issues in the design of the Data Management System for the Space Station FreedomS. Davari, Jr. Leibfried, S. Natarajan, D. Pruett, L. Sha, and W. ZhaoProceedings - IEEE Workshop on Real-Time Applications, RTA 1993, 1993
Space Station Freedom (SSF) faces several challenges which are unique in the NASA history of manned and unmanned spacecraft systems. The challenges include a 30 year life, and evolution in capability of the station as a science platform and potentially a transportation node for manned missions to the solar system. The Data Management System (DMS) is a key element of SSF. DMS is the computational infrastructure of SSF, responsible for integrating information onboard into a cooperative whole. Its primary role is to provide integrated data processing and communication services for both the core function and the payloads. The authors focus on some real-time issues in the design of DMS. © 1993 IEEE.
@article{Davari1993161, author = {Davari, S. and Leibfried, T.F., Jr. and Natarajan, S. and Pruett, D. and Sha, L. and Zhao, W.}, title = {Real-time issues in the design of the Data Management System for the Space Station Freedom}, journal = {Proceedings - IEEE Workshop on Real-Time Applications, RTA 1993}, year = {1993}, pages = {161-165}, doi = {10.1109/RTA.1993.263095}, art_number = {263095}, url = {https://www.scopus.com/inward/record.uri?eid=2-s2.0-84887337624&doi=10.1109%2fRTA.1993.263095&partnerID=40&md5=339ff8b7f7f3113a2205744b26faf96a}, keywords = {Data handling; NASA; Space stations, Communication service; Computational infrastructure; Core functions; Data management system; Integrated data; Integrating information; Manned missions; Unmanned spacecraft, Information management}, document_type = {Conference Paper}, source = {Scopus}, } - A Systematic Approach to Designing Distributed Real-Time SystemsL. Sha, and S.S. SathayeComputer, 1993
Real-time computing systems are critical to the technological infrastructure ture of an industrialized nation. Modern telecommunication systems, factories, defense systems, aircraft and airports, spacecraft, and high-energy physics experiments cannot operate without them. Indeed, real-time computing systems control the very systems that keep us productive, safeguard our liberty, and enable us to explore new frontiers of science and engineering. In real-time applications, a computation’s correctness depends not only on its results but also on when its outputs are generated. The measures of merit in a real-time system include. © 1993 IEEE
@article{Sha199368, author = {Sha, L. and Sathaye, S.S.}, title = {A Systematic Approach to Designing Distributed Real-Time Systems}, journal = {Computer}, year = {1993}, volume = {26}, number = {9}, pages = {68-78}, doi = {10.1109/2.231276}, url = {https://www.scopus.com/inward/record.uri?eid=2-s2.0-0003093702&doi=10.1109%2f2.231276&partnerID=40&md5=f0149c726d59cf39d3e9efc66d2ff2c8}, document_type = {Article}, source = {Scopus}, }
1992
- Scheduling real-time communication on dual-link networksL. Sha, S.S. Sathaye, and J.K. StrosniderProceedings - Real-Time Systems Symposium, 1992
Next-generation networks are expected to support a wide variety of services. Some services such as video, voice, and plant control traffic have explicit timing requirements on a per-message basis rather than on the average. In this paper we develop a general model of reservation-based dual-link networks to support realtime communication. We examine the desirable properties of this network and the difficulties in achieving these properties. We then introduce the concept of coherence and develop a theory of coherent dual-link networks. Finally, we show that a coherent dual-link network can be analyzed as though it is a centralized system. © 1992 IEEE.
@article{Sha1992188, author = {Sha, L. and Sathaye, S.S. and Strosnider, J.K.}, title = {Scheduling real-time communication on dual-link networks}, journal = {Proceedings - Real-Time Systems Symposium}, year = {1992}, pages = {188-197}, doi = {10.1109/REAL.1992.242664}, art_number = {242664}, url = {https://www.scopus.com/inward/record.uri?eid=2-s2.0-84880871900&doi=10.1109%2fREAL.1992.242664&partnerID=40&md5=db3573b114da8d1425067519f8d49fb4}, keywords = {Centralized systems; Dual links; General model; Next-generation networks; Plant control; Real-time communication; Timing requirements, Computer networks; Electrical engineering, Real time systems}, document_type = {Conference Paper}, source = {Scopus}, }
1991
- Real-time scheduling support in FuturebusLui Sha, Ragunathan Rajkumar, and John LehoczkyProceedings - Real-Time Systems Symposium, 1991
A simple but efficient architecture for building multiprocessors is to connect several processors to a common backplane bus. The backplane acts as a shared resource in this architecture and contention for its use by different bus modules must be resolved. In a real-time system, this backplane must also provide scheduling support such that the timing behavior of the resulting system is analyzable. In addition, the support primitives for real-time scheduling on a backplane bus must also be constrained by the economic considerations associated with a bus standard that is intended to support both time sharing and real-time applications. The authors review the design considerations to support real-time systems in the IEEE Futurebus+ backplane specification and describe how this backplane can be used to satisfy timing constraints in priority-driven real-time systems.
@article{Sha1991331, author = {Sha, Lui and Rajkumar, Ragunathan and Lehoczky, John}, journal = {Proceedings - Real-Time Systems Symposium}, year = {1991}, pages = {331-340}, url = {https://www.scopus.com/inward/record.uri?eid=2-s2.0-0026239407&partnerID=40&md5=073e1173c1f0be2603574dfb8e5e32b6}, keywords = {Computer Interfaces--Standards; Computers, Digital--Data Communication Systems; Scheduling--Applications, Futurebus; Real-Time Scheduling, Computer Systems, Digital}, document_type = {Conference Paper}, source = {Scopus}, } - Maintaining global time in futurebus+R.A. Volz, L. Sha, and D. WilcoxReal-Time Systems, 1991
IEEE 896 Futurebus+ is a major open standard that is supported by the VME International Trade Association, the MultiBus Manufacturer’s Group and the US Navy. Futurebus+ supports, among other things, the notion that each processor can have its own clock. In this paper, we present design considerations of the Futurebus+ clocks and their synchronization. © 1991 Kluwer Academic Publishers.
@article{Volz19915, author = {Volz, R.A. and Sha, L. and Wilcox, D.}, title = {Maintaining global time in futurebus+}, journal = {Real-Time Systems}, year = {1991}, volume = {3}, number = {1}, pages = {5-17}, doi = {10.1007/BF00365390}, url = {https://www.scopus.com/inward/record.uri?eid=2-s2.0-0026124526&doi=10.1007%2fBF00365390&partnerID=40&md5=1b7530859280141590345417e0a49524}, keywords = {Clocks, Electric - Research; Computer Systems, Digital - Real Time Operation, Accurate Timing Resolution; Clock Synchronization; IEEE 896 Futurebus-Plus Open Standard; Multiple Processors Running At Different Speeds, Electronic Circuits, Timing}, document_type = {Article}, source = {Scopus}, } - A Real-Time Locking ProtocolL. Sha, R. Rajkumar, S.H. Son, and C.-H. ChangIEEE Transactions on Computers, 1991
When a database system is used in a real-time application, the concurrency control protocol must not only satisfy the consistency of shared data but also observe the priorities of the transactions. This is because priority scheduling is a commonly used method. In this paper, we examine a prioritydriven two-phase lock protocol called the read/write priority ceiling protocol. We show that this protocol leads to freedom from mutual deadlock. In addition, a high-priority transaction can be blocked by lower priority transactions for at most the duration of a single embedded transaction. These properties can be used by schedulability analysis to guarantee that a set of periodic transactions using this protocol can always meet their deadlines. Finally, we examine the performance of this protocol for randomly arriving transactions using simulation studies. © 1991 IEEE
@article{Sha1991793, author = {Sha, L. and Rajkumar, R. and Son, S.H. and Chang, C.-H.}, title = {A Real-Time Locking Protocol}, journal = {IEEE Transactions on Computers}, year = {1991}, volume = {40}, number = {7}, pages = {793-800}, doi = {10.1109/12.83617}, url = {https://www.scopus.com/inward/record.uri?eid=2-s2.0-0026188275&doi=10.1109%2f12.83617&partnerID=40&md5=e876c4186050e05f41377e497583465b}, keywords = {Computer Simulation; Scheduling, Concurrency Control; Deadlock Freedom; Locking Protocols; Real Time Databases; Schedulability, Database Systems}, document_type = {Article}, source = {Scopus}, }
1990
- Real-time scheduling support in Futurebus+L. Sha, R. Rajkumar, and J. LehoczkyProceedings - Real-Time Systems Symposium, 1990
As real-time applications become more demanding, multiprocessors are being called upon to meet their increasingly stringent requirements. A simple but efficient architecture for building multiprocessors is to connect several processors to a common backplane bus. The backplane acts as a shared resource in this architecture and contention for its use by different bus modules must be resolved. In a real-time system, this backplane must also provide scheduling support such that the timing behavior of the resulting system is analyzable. In addition, the support primitives for real-time scheduling on a backplane bus must also be constrained by the economic considerations associated with a bus standard that is intended to support both time sharing and real-time applications. In this paper, we review the design considerations to support realtime systems in the IEEE Futurebus+ backplane specification and describe how this backplane can be used to satisfy timing constraints in priority-driven realtime systems. © 1990 IEEE.
@article{Sha1990331, author = {Sha, L. and Rajkumar, R. and Lehoczky, J.}, journal = {Proceedings - Real-Time Systems Symposium}, year = {1990}, pages = {331-340}, doi = {10.1109/REAL.1990.128765}, art_number = {128765}, url = {https://www.scopus.com/inward/record.uri?eid=2-s2.0-84880863600&doi=10.1109%2fREAL.1990.128765&partnerID=40&md5=67cb6e8716249d0487bca482103cc8ba}, keywords = {Design considerations; Economic considerations; Efficient architecture; Real time scheduling; Real-time application; Shared resources; Stringent requirement; Timing constraints, Buses; Computer architecture; Multiprocessing systems; Scheduling, Real time systems}, document_type = {Conference Paper}, source = {Scopus}, } - Real-Time Scheduling Theory and AdaL. Sha, and J.B. GoodenoughComputer, 1990
@article{Sha199053, author = {Sha, L. and Goodenough, J.B.}, title = {Real-Time Scheduling Theory and Ada}, journal = {Computer}, year = {1990}, volume = {23}, number = {4}, pages = {53-62}, doi = {10.1109/2.55469}, url = {https://www.scopus.com/inward/record.uri?eid=2-s2.0-0038849540&doi=10.1109%2f2.55469&partnerID=40&md5=e5e2da712228bffde3f725eb008363ba}, document_type = {Article}, source = {Scopus}, } - Priority Inheritance Protocols: An Approach to Real-Time SynchronizationL. Sha, R. Rajkumar, and J.P. LehoczkyIEEE Transactions on Computers, 1990
A direct application of commonly used synchronization primitives such as semaphores, monitors, or the Ada rendezvous can lead to uncontrolled priority inversion, a situation in which a higher priority job is blocked by lower priority jobs for an indefinite period of time. In this paper, we investigate two protocols belonging to the class of priority inheritance protocols, called the basic priority inheritance protocol and the priority ceiling protocol. We show that both protocols solve this uncontrolled priority inversion problem. In particular, the priority ceiling protocol reduces the worst case task blocking time to at most the duration of execution of a single critical section of a lower priority task. In addition, this protocol prevents the formation of deadlocks. We also derive a set of sufficient conditions under which a set of periodic tasks using this protocol is schedulable. © 1990 IEEE
@article{Sha19901175, author = {Sha, L. and Rajkumar, R. and Lehoczky, J.P.}, title = {Priority Inheritance Protocols: An Approach to Real-Time Synchronization}, journal = {IEEE Transactions on Computers}, year = {1990}, volume = {39}, number = {9}, pages = {1175-1185}, doi = {10.1109/12.57058}, url = {https://www.scopus.com/inward/record.uri?eid=2-s2.0-0025488794&doi=10.1109%2f12.57058&partnerID=40&md5=2bd374a5b97172776cd2b203fb142b86}, author_keywords = {Priority inheritance; priority inversion; realtime systems; scheduling; synchronization}, keywords = {Computer Operating Systems - Design, Protocols; Real Time Systems; Synchronization, Computer Systems, Digital}, document_type = {Article}, source = {Scopus}, }
1989
- Mode change protocols for priority-driven preemptive schedulingL. Sha, R. Rajkumar, J. Lehoczky, and K. RamamrithamReal-Time Systems, 1989
In many real-time applications, the set of tasks in the system, as well as the characteristics of the tasks, change during system execution. Specifically, the system moves from one mode of execution to another as its mission progresses. A mode change is characterized by the deletion of some tasks, addition of new tasks, or changes in the parameters of certain tasks, for example, increasing the sampling rate to obtain a more accurate result. This paper discusses how mode changes can be accommodated within a given framework of priority driven real-time scheduling. © 1989 Kluwer Academic Publishers.
@article{Sha1989243, author = {Sha, L. and Rajkumar, R. and Lehoczky, J. and Ramamritham, K.}, title = {Mode change protocols for priority-driven preemptive scheduling}, journal = {Real-Time Systems}, year = {1989}, volume = {1}, number = {3}, pages = {243-264}, doi = {10.1007/BF00365439}, url = {https://www.scopus.com/inward/record.uri?eid=2-s2.0-0042650593&doi=10.1007%2fBF00365439&partnerID=40&md5=76aa1e23000d632f4b435671523596e3}, document_type = {Article}, source = {Scopus}, } - Rate monotonic scheduling algorithm: Exact characterization and average case behaviorJohn Lehoczky, Lui Sha, and Ye DingProceedings - Real-Time Systems Symposium, 1989
An exact characterization of the ability of the rate monotonic scheduling algorithm to meet the deadlines of a periodic task set is represented. In addition, a stochastic analysis which gives the probability distribution of the breakdown utilization of randomly generated task sets is presented. It is shown that as the task set size increases, the task computation times become of little importance, and the breakdown utilization converges to a constant determined by the task periods. For uniformly distributed tasks, a breakdown utilization of 88% is a reasonable characterization. A case is shown in which the average-case breakdown utilization reaches the worst-case lower bound of C. L. Liu and J. W. Layland (1973).
@article{Lehoczky1989166, author = {Lehoczky, John and Sha, Lui and Ding, Ye}, title = {Rate monotonic scheduling algorithm: Exact characterization and average case behavior}, journal = {Proceedings - Real-Time Systems Symposium}, year = {1989}, pages = {166-171}, url = {https://www.scopus.com/inward/record.uri?eid=2-s2.0-0024915921&partnerID=40&md5=756dc0fe3e25215eb898b889851e7975}, keywords = {Computer Programming--Algorithms; Probability--Random Processes, Rate Monotonic Scheduling; Real Time Systems; Scheduling Algorithms, Computer Systems, Digital}, document_type = {Conference Paper}, source = {Scopus}, } - Aperiodic task scheduling for Hard-Real-Time systemsB. Sprunt, L. Sha, and J. LehoczkyReal-Time Systems: The International Journal of Time-Critical Computing Systems, 1989
A real-time system consists of both aperiodic and periodic tasks. Periodic tasks have regular arrival times and hard deadlines. Aperiodic tasks have irregular arrival times and either soft or hard deadlines. In this article, we present a new algorithm, the Sporadic Server algorithm, which greatly improves response times for soft deadline aperiodic tasks and can guarantee hard deadlines for both periodic and aperiodic tasks. The operation of the Sporadic Server algorithm, its performance, and schedulability analysis are discussed and compared with previously published aperiodic service algorithms. © 1989, Kluwer Academic Publishers. All rights reserved.
@article{Sprunt198927, author = {Sprunt, B. and Sha, L. and Lehoczky, J.}, title = {Aperiodic task scheduling for Hard-Real-Time systems}, journal = {Real-Time Systems: The International Journal of Time-Critical Computing Systems}, year = {1989}, volume = {1}, number = {1}, pages = {27-60}, doi = {10.1007/BF02341920}, url = {https://www.scopus.com/inward/record.uri?eid=2-s2.0-0024684902&doi=10.1007%2fBF02341920&partnerID=40&md5=989aa73f41fad6a7108cd3f806676a07}, keywords = {Computer Operating Systems; Computer Programming--Algorithms, Sporadic Server Algorithm; Task Scheduling, Computer Systems, Digital}, document_type = {Article}, source = {Scopus}, }
1988
- Exploiting unused periodic time for aperiodic service using the extended priority exchange algorithmBrinkley Sprunt, John Lehoczky, and Lui Sha1988
Real-time scheduling algorithms that provide responsive aperiodic service in the presence of hard real-time periodic tasks require the creation of a high-priority periodic server task for servicing aperiodic requests. The authors describe the extended priority exchange algorithm, which can provide better aperiodic response than previous aperiodic service algorithms, particularly for cases where the worst-case periodic load is high and little or no utilization is left for a server task. The extended-priority-exchange (EPE) algorithm attains better aperiodic responsiveness by exploiting unused time allocated to periodic tasks for aperiodic service. The average aperiodic response times for the EPE algorithm and four other aperiodic service algorithms (background, polling, deferrable server, and priority exchange) are compared for a range of periodic and aperiodic loads. Simulation results show that for a difference between the average and worst-case periodic load of only 12.5%, the EPE algorithm provides significantly better response times for aperiodic tasks.
@article{Sprunt1988251, author = {Sprunt, Brinkley and Lehoczky, John and Sha, Lui}, title = {Exploiting unused periodic time for aperiodic service using the extended priority exchange algorithm}, year = {1988}, volume = {35 n 6}, pages = {251-258}, url = {https://www.scopus.com/inward/record.uri?eid=2-s2.0-0024173560&partnerID=40&md5=524ba7d47bdb9df279fd8979dca59b94}, keywords = {Computer Programming--Algorithms; Computer Simulation; Scheduling, Extended Priority Exchange; Server Tasks, Computer Systems, Digital}, document_type = {Conference Paper}, source = {Scopus}, } - Real-time synchronization protocols for multiprocessorsRagunathan Rajkumar, Lui Sha, and John P. Lehoczky1988
The authors investigate the synchronization problem in the context of priority-driven preemptive scheduling on shared-memory multiprocessors. Unfortunately, a direct application of synchronization mechanisms such as the Ada rendezvous, semaphores, or monitors can lead to uncontrolled priority inversion: a high priority job being blocked by a lower priority job for an indefinite period of time. A task allocation scheme based on the generalized protocol is outlined.
@article{Rajkumar1988259, author = {Rajkumar, Ragunathan and Sha, Lui and Lehoczky, John P.}, title = {Real-time synchronization protocols for multiprocessors}, year = {1988}, volume = {35 n 6}, pages = {259-269}, url = {https://www.scopus.com/inward/record.uri?eid=2-s2.0-0024173219&partnerID=40&md5=d3656629e31a400c4ebb635b2f5310fc}, keywords = {Computer Programming Languages; Scheduling, Synchronization Protocols; Task Allocation, Computer Systems, Digital}, document_type = {Conference Paper}, source = {Scopus}, } - A testbed for investigating real-time ada issuesM. Borger, M. Klein, N. Weiderman, and L. Sha2nd International Workshop on Real-Time Ada Issues, IRTAW 1988, 1988
@article{Borger19887, author = {Borger, M. and Klein, M. and Weiderman, N. and Sha, L.}, title = {A testbed for investigating real-time ada issues}, journal = {2nd International Workshop on Real-Time Ada Issues, IRTAW 1988}, year = {1988}, pages = {7-11}, doi = {10.1145/58612.59369}, url = {https://www.scopus.com/inward/record.uri?eid=2-s2.0-85034606674&doi=10.1145%2f58612.59369&partnerID=40&md5=503253e4c11750e89566a317facce49c}, document_type = {Conference Paper}, source = {Scopus}, } - Priority inversion and its control: An experimental investigationD. Locke, L. Sha, R. Rajkurnar, J. Lehoczky, and G. Burns2nd International Workshop on Real-Time Ada Issues, IRTAW 1988, 1988
To successfully engineer a large scale real-time system project, we need a disciplined approach to both the logical complexity and the timing complexity inherent in these systems. The logical complexity is managed by the software engineering methodology embodied in Ada while the timing complexity is supported by formal real-time scheduling algorithms [3,4,5,6]. From a software engineering point of view, formal scheduling algorithms translate the complex timing constraints into simple resource utilization constraints. As long as the utilization constraints of CPU, I/O channel and communication media are observed, the deadlines of periodic tasks and the response time requirements of aperiodic tasks will both be met. There is considerable freedom to modify software provided that the resource utilization remains within specified bounds. Furthermore, should there be a transient overload, the number of tasks missing their deadlines will be a function of the magnitude of the overload and the order in which the tasks miss deadlines is pre-defined [7]. From an implementation point of view, these algorithms belong to the class of static priority algorithms which can be implemented efficiently. Task priorities are functions of the timing constraints, computation requirements and relative importance of tasks. The priorities need not be computed at run-time unless task parameters are modified. © 1988 ACM.
@article{Locke198839, author = {Locke, D. and Sha, L. and Rajkurnar, R. and Lehoczky, J. and Burns, G.}, title = {Priority inversion and its control: An experimental investigation}, journal = {2nd International Workshop on Real-Time Ada Issues, IRTAW 1988}, year = {1988}, pages = {39-42}, doi = {10.1145/58612.59374}, url = {https://www.scopus.com/inward/record.uri?eid=2-s2.0-79956021016&doi=10.1145%2f58612.59374&partnerID=40&md5=78f36fa92e068d9452ca86041400035f}, keywords = {Interactive computer systems; Scheduling algorithms; Software engineering, Communication media; Experimental investigations; Logical complexity; Priority inversion; Real-time scheduling algorithms; Resource utilizations; Software engineering methodologies; Timing constraints, Real time systems}, document_type = {Conference Paper}, source = {Scopus}, } - The priority ceiling protocol: A method for minimizing the blocking of high priority ada tasksJ.B. Goodenough, and L. Sha2nd International Workshop on Real-Time Ada Issues, IRTAW 1988, 1988
@article{Goodenough198820, author = {Goodenough, J.B. and Sha, L.}, title = {The priority ceiling protocol: A method for minimizing the blocking of high priority ada tasks}, journal = {2nd International Workshop on Real-Time Ada Issues, IRTAW 1988}, year = {1988}, pages = {20-31}, doi = {10.1145/58612.59371}, url = {https://www.scopus.com/inward/record.uri?eid=2-s2.0-79956011614&doi=10.1145%2f58612.59371&partnerID=40&md5=5a6d7aa8eb1deea06457811598c7ffd1}, document_type = {Conference Paper}, source = {Scopus}, } - Concurrency Control for Distributed Real-Time DatabasesL. Sha, R. Rajkumar, and J.P. LehooczkyACM SIGMOD Record, 1988
The concurrency control of transactions in a real-time database must satisfy not only the consistency constraints of the database but also the timing constraints of individual transactions. In this paper, we present a real-time concurrency control protocol that can be used in a distributed and decomposable real-time database. The protocol is based on the integration of a modular concurrency control theory with a real-time scheduling protocol called the priority ceiling protocol. This protocol supports the replication of data objects and avoids the formation of deadlocks. Finally, an analysis of the performance of this protocol is presented. © 1988, ACM. All rights reserved.
@article{Sha198882, author = {Sha, L. and Rajkumar, R. and Lehooczky, J.P.}, title = {Concurrency Control for Distributed Real-Time Databases}, journal = {ACM SIGMOD Record}, year = {1988}, volume = {17}, number = {1}, pages = {82-98}, doi = {10.1145/44203.44210}, url = {https://www.scopus.com/inward/record.uri?eid=2-s2.0-84898239120&doi=10.1145%2f44203.44210&partnerID=40&md5=e6081c36b6a85de4001451eaacd22d22}, document_type = {Article}, source = {Scopus}, } - Modular Concurrency Control and Failure RecoveryL. Sha, J.P. Lehoczky, and E.D. JensenIEEE Transactions on Computers, 1988
This paper presents an approach to concurrency control based on the decomposition of both the database and the individual transactions. This approach is a generalization of serializability theory in that the set of permissible transaction schedules contains all the serializable schedules. In addition to providing a higher degree of concurrency than that provided by serializability theory, this approach retains three important properties associated with serializability: the consistency of the database is preserved, the individual transactions are executed correctly, and the concurrency control approach is modular, a concept formalized in this paper. The associated failure recovery procedure is also presented as is the concept of failure safety. © 1988 IEEE
@article{Sha1988146, author = {Sha, L. and Lehoczky, J.P. and Jensen, E.D.}, title = {Modular Concurrency Control and Failure Recovery}, journal = {IEEE Transactions on Computers}, year = {1988}, volume = {37}, number = {2}, pages = {146-159}, doi = {10.1109/12.2144}, url = {https://www.scopus.com/inward/record.uri?eid=2-s2.0-0023961237&doi=10.1109%2f12.2144&partnerID=40&md5=15c56dc2ff332a617e67951567a2d768}, author_keywords = {Concurrency control; consistency; correctness; failure recovery; modularity}, keywords = {SCHEDULING, DATABASE CONSISTENCY; FAIL-SAFE OPERATION; FAILURE RECOVERY; MODULAR CONCURRENCY CONTROL; SERIALIZABILITY, DATABASE SYSTEMS}, document_type = {Article}, source = {Scopus}, } - PRIORITY-DRIVEN, PREEMPTIVE I/O CONTROLLERS FOR REAL-TIME SYSTEMS.Brinkley Sprunt, David Kirk, and Lui Sha1988
The effect of three I/O controller architectures on schedulable utilization, which is the highest attainable resource utilization at or below which all deadlines can be guaranteed, is examined. FIFO (first-in-first-out) request queuing, priority queuing, and priority queuing with preemptable service are simulated for a range of CPU computation to I/O traffic ratios. The results show that, for I/O-bound task sets and zero preemption costs, priority queuing with preemptable service can provide a level of schedulable utilization 35% higher than that attainable with FIFO queuing, and 20% higher than priority queuing and nonpreemptable service. Although the potential gain for priority queuing with preemptable service is large, further simulations that incorporate a time penalty for each preemption show that the gain is very sensitive to preemption cost. With preemption cost represented as a ratio of preemption time to the minimum-task period, the level of schedulable utilization for priority queuing with preemptable service degrades to that of priority queuing with nonpre-emptable service, for a preemption cost ratio of 0. 04. A high-level design of a preemptable I/O controller is described and the issues determining preemption cost are detailed, along with techniques for its minimization.
@article{Sprunt1988152, author = {Sprunt, Brinkley and Kirk, David and Sha, Lui}, title = {PRIORITY-DRIVEN, PREEMPTIVE I/O CONTROLLERS FOR REAL-TIME SYSTEMS.}, year = {1988}, pages = {152-159}, doi = {10.1145/633625.52418}, url = {https://www.scopus.com/inward/record.uri?eid=2-s2.0-0023728071&doi=10.1145%2f633625.52418&partnerID=40&md5=3a680f371b0745f2f19a2de570d7d3f9}, keywords = {Computer architecture; PROBABILITY - Queueing Theory, FIFO REQUEST QUEUE; PREEMPTIVE I/O CONTROLLERS; PRIORITY QUEUEING; PRIORITY QUEUEING WITH PREEMPTABLE SERVICE; REAL-TIME SYSTEMS, Computer systems, Digital}, document_type = {Conference Paper}, source = {Scopus}, }
1987
- TASK SCHEDULING IN DISTRIBUTED REAL-TIME SYSTEMS.Lui Sha, John P. Lehoczky, and Ragunathan Rajkumar1987
A review of some practical problems associated with the use of static priority scheduling is given. An approach to stabilize the rate-monotonic algorithm in the presence of transient processor overloads is presented. Also presented is a class of algorithms to handle aperiodic tasks which improve response times while guaranteeing the deadlines of periodic tasks. The problem of integrated processor and data I/O scheduling is studied as well as the problem of scheduling of messages over a bus with insufficient priority levels and multiple buffers.
@article{Sha1987909, author = {Sha, Lui and Lehoczky, John P. and Rajkumar, Ragunathan}, title = {TASK SCHEDULING IN DISTRIBUTED REAL-TIME SYSTEMS.}, year = {1987}, pages = {909-916}, url = {https://www.scopus.com/inward/record.uri?eid=2-s2.0-0023570285&partnerID=40&md5=f5e45184851623e4377c3a27ef41f869}, keywords = {COMPUTER SYSTEMS, DIGITAL - Distributed, BUS WITH INSUFFICIENT PRIORITY LEVELS; DISTRIBUTED REAL-TIME SYSTEMS; MULTIPLE BUFFERS; STATIC PRIORITY SCHEDULING; TASK SCHEDULING, DATA PROCESSING}, document_type = {Conference Paper}, source = {Scopus}, } - ON COUNTERING THE EFFECTS OF CYCLE-STEALING IN A HARD REAL-TIME ENVIRONMENT.Ragunathan Rajkumar, Lui Sha, and John P. Lehoczky1987
The authors investigate the problem of cycle-stealing and its impact on the scheduling of tasks in processors with data input/output. They identify the parameters and policies that govern cycle-stealing and analyze its effects on real-time systems with hard deadlines. They study different policies to resolve memory across conflicts between the processor and I/O devices and compare their effectiveness in improving task schedulability. They investigate various memory interleaving schemes and the level of interleaving required to adequately counter the effects of cycle-stealing.
@article{Rajkumar19872, author = {Rajkumar, Ragunathan and Sha, Lui and Lehoczky, John P.}, title = {ON COUNTERING THE EFFECTS OF CYCLE-STEALING IN A HARD REAL-TIME ENVIRONMENT.}, year = {1987}, pages = {2-11}, url = {https://www.scopus.com/inward/record.uri?eid=2-s2.0-0023561296&partnerID=40&md5=3bfc9434e479af689a6952dee1ce5c39}, keywords = {COMPUTER SYSTEMS PROGRAMMING - Input Output Programs; COMPUTER SYSTEMS, DIGITAL - Real Time Operation, CYCLE-STEALING EFFECT COUNTERING; DYNAMIC MEMORY ARBITRATION; MEMORY INTERLEAVING SCHEMES; TASK SCHEDULING, DATA PROCESSING}, document_type = {Conference Paper}, source = {Scopus}, } - ENHANCED APERIODIC RESPONSIVENESS IN HARD REAL-TIME ENVIRONMENTS.John P. Lehoczky, Lui Sha, and Jay K. Strosnider1987
Current systems either relegate aperiodic tasks to background status when aperiodic response time is not critical or use polling when it is. The authors develop a novel approach to this scheduling problem, which they characterize as bandwidth-preserving algorithms. The goal is to develop algorithms with superior performance that also have predictable behavior and can be used by a real-time-system developer in constructing and integrating systems. The authors develop a full analysis of the worst-case behavior and stability of this family of algorithms.
@article{Lehoczky1987261, author = {Lehoczky, John P. and Sha, Lui and Strosnider, Jay K.}, title = {ENHANCED APERIODIC RESPONSIVENESS IN HARD REAL-TIME ENVIRONMENTS.}, year = {1987}, pages = {261-270}, url = {https://www.scopus.com/inward/record.uri?eid=2-s2.0-0023534382&partnerID=40&md5=b642e4b63c9fa9fb249b633ff3aaf407}, keywords = {COMPUTER PROGRAMMING - Algorithms; SCHEDULING - Mathematical Models, BANDWIDTH-PRESERVING ALGORITHMS; ENHANCED APERIODIC RESPONSIVENESS; WORST-CASE MODEL, COMPUTER SYSTEMS, DIGITAL}, document_type = {Conference Paper}, source = {Scopus}, } - Task Scheduling in Distributed Real-Time SystemsProceedings of SPIE - The International Society for Optical Engineering, 1987
In this paper, we give a comprehensive review of a number of practical problems associated with the use of static priority scheduling. We first present a new approach to stabilize the rate-monotonic algorithm in the presence of transient processor overloads. We also present a new class of algorithms to handle aperiodic tasks which improve the response times to aperiodic tasks while guaranteeing the deadlines of periodic tasks. We then study the problem of integrated processor and data I/O scheduling. Finally we review the problem of scheduling of messages over a bus with insufficient priority levels but with multiple buffers. © 1987 SPIE.
@article{Sha1987910, author = {Sha, L.}, title = {Task Scheduling in Distributed Real-Time Systems}, journal = {Proceedings of SPIE - The International Society for Optical Engineering}, year = {1987}, volume = {857}, pages = {909-916}, doi = {10.1117/12.943278}, url = {https://www.scopus.com/inward/record.uri?eid=2-s2.0-84957530300&doi=10.1117%2f12.943278&partnerID=40&md5=f6f473fd82e3edeef7ab4aeab0b9db8a}, document_type = {Conference Paper}, source = {Scopus}, } - Limitations of Ada® for real-time schedulingD. Cornhill, L. Sha, J.P. Lehoczky, R. Rajkumar, and H. Tokuda1st International Workshop on Real-Time Ada Issues, IRTAW 1987, 1987
The goal in real-time scheduling is to satisfy the timing requirements of application jobs which often have hard deadlines. There are two aspects to Ada’s scheduling policies which are detrimental to achieving this goal. First, Ada’s constraints on the language’s implementation limit the definition of priority and the task scheduling algorithm to preclude the use of the best algorithms for scheduling jobs with hard deadlines. Second, information about task priority is not used when selecting a task from an entry queue or when choosing among branches of a selective wait statement. Instead, FIFO and arbitrary disciplines are used, respectively, which can unnecessarily lead to missed deadlines, even for very low levels of processor utilization. We suggest some areas for change to make the language more suitable for building real-time systems. © 1987 ACM.
@article{Cornhill198733, author = {Cornhill, D. and Sha, L. and Lehoczky, J.P. and Rajkumar, R. and Tokuda, H.}, title = {Limitations of Ada® for real-time scheduling}, journal = {1st International Workshop on Real-Time Ada Issues, IRTAW 1987}, year = {1987}, volume = {1987-January}, pages = {33-39}, doi = {10.1145/36821.36798}, url = {https://www.scopus.com/inward/record.uri?eid=2-s2.0-38349019160&doi=10.1145%2f36821.36798&partnerID=40&md5=ecebafe75ce8a208a99a4f63b52cb14e}, keywords = {Ada (programming language); Interactive computer systems; Scheduling; Scheduling algorithms, Processor utilization; Real - time scheduling; Scheduling jobs; Scheduling policies; Task priorities; Task-scheduling algorithms; Timing requirements, Real time systems}, document_type = {Conference Paper}, source = {Scopus}, }
1986
- SOLUTIONS FOR SOME PRACTICAL PROBLEMS IN PRIORITIZED PREEMPTIVE SCHEDULING.Lui Sha, John P. Lehoczky, and Ragunathan Rajkumar1986
A comprehensive treatment of a number of practical problems associated with the use of the rate monotonic algorithm is presented. These include the scheduling of messages over a bus with insufficient priority levels but with multiple buffers. Methods to handle aperiodic tasks are reviewed and a new approach to stabilize the rate monotonic algorithm in the presence of transit processor overloads is presented. The problem of integrated processor and data I/O scheduling is addressed. The results clearly establish the importance of using an integrated approach to schedule both the processor and data I/O activities.
@article{Sha1986181, author = {Sha, Lui and Lehoczky, John P. and Rajkumar, Ragunathan}, title = {SOLUTIONS FOR SOME PRACTICAL PROBLEMS IN PRIORITIZED PREEMPTIVE SCHEDULING.}, year = {1986}, pages = {181-191}, url = {https://www.scopus.com/inward/record.uri?eid=2-s2.0-0022917819&partnerID=40&md5=05a4b3ab380b6b45a2ef230f4cfa6bea}, keywords = {COMPUTER PROGRAMMING - Algorithms; SCHEDULING, PREEMPTIVE SCHEDULING, COMPUTER SYSTEMS, DIGITAL}, document_type = {Conference Paper}, source = {Scopus}, }
1983
- Distributed co-operating processes and transactionsL. Sha, E.D. Jensen, R.F. Rashid, and J.D. NorthcultSymposium on Communications Architectures and Protocols, SIGCOMM 1983, 1983
As part of our research in the Archons [Jensen 82] project on decentralized computers, we have developed a relational model of data consistency to replace the conventional serialization model for reasoning about the relationships among distributed system data objects in general and state variables in particular, We not only permit but encourage such relationships to be probabilistic, in the interest of efficiency. This model leads to a new formulation of co-operating processes, and thence to the notion ol cooperating transactions: co-operating processes whose actions are made atomic for the sake of reliability. We believe that cooperating processes are valuable in a computer network, but essential in a decentralized computer [Jensen 82] where the conceptually singular but physically dispersed global operating system requires a transaction facility in the kernel [Jensen 80], These ideas are illustrated by examples from our initial experience in applying the model to the Accent network operating system and other system software of the Spice personal computing network. This document is intended to be an overview of the synchronization effort in the Archons project, and future publications will elaborate on many of the individual points touched on here. © 1983 ACM.
@article{Sha1983188, author = {Sha, L. and Jensen, E.D. and Rashid, R.F. and Northcult, J.D.}, title = {Distributed co-operating processes and transactions}, journal = {Symposium on Communications Architectures and Protocols, SIGCOMM 1983}, year = {1983}, pages = {188-196}, doi = {10.1145/1035237.1035275}, url = {https://www.scopus.com/inward/record.uri?eid=2-s2.0-84976741850&doi=10.1145%2f1035237.1035275&partnerID=40&md5=d930471ece84b0c07015e9a41da984f9}, keywords = {Internet protocols; Network architecture; Personal computing, Data objects; Distributed systems; Network operating system; Operating process; Relational model of datum; State variables; System softwares, Computer operating systems}, document_type = {Conference Paper}, source = {Scopus}, }