Cetratus: A framework for zero downtime secure software updates in safety‐critical systems

Mugarza, Imanol; Parra, Jorge; Jacob, Eduardo

doi:10.1002/spe.2820

Cited by 10 publications

(15 citation statements)

References 34 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Secondly, the current PN state is updated. This process is also known as state transformation [6], [7]. For this purpose, the old PN marking is wrapped and transferred to the secondary container.…”

Section: Designmentioning

confidence: 99%

“…In this paper, a live updates concept for industrial Programmable Logic Controllers (PLCs) is proposed, which enables zero downtime reconfiguration capabilities and therefore, reduces the manufacturing system reconfiguration times and costs. The presented approach is based on the Cetratus framework [6], [7], originally devised for safe and secure industrial control systems, for example railway [7] or smart energy [8] systems. Even though the proposed framework was focused on the incorporation of leading-edge security mechanisms, any other types of software components could be updated.…”

Section: Introductionmentioning

confidence: 99%

See 1 more Smart Citation

Cetratus: Live Updates in Programmable Logic Controllers

Mugarza

2021

2021 IEEE International Workshop of Electronics, Control, Measurement, Signals and Their Application to Mechatronics (ECMSM)

Self Cite

View full text Add to dashboard Cite

Manufacturing companies are facing new market demands, mostly driven by global competition and digitalization. In this context, more efficient, flexible, adaptable and evolvable mechatronic and manufacturing systems are required, which enable quick adjustments to the production in order to address (all these) market changes. However, production idle times due to such re-configurations and adaptations might be costly. In this paper, a live updates concept for Programmable Logic Controllers (PLCs) is presented. The proposed design employs a Petri net runtime engine, in which the executed functional program (the Petri net model with its interpretation) is updated while running, without system shutdown and restart being needed. To this end, a quarantine-mode execution and monitoring approach is used for the new PLC program functional validation. A reconfigurable Vernadat machine case study is also presented.

show abstract

Section: Designmentioning

confidence: 99%

Section: Introductionmentioning

confidence: 99%

Cetratus: Live Updates in Programmable Logic Controllers

Mugarza

2021

2021 IEEE International Workshop of Electronics, Control, Measurement, Signals and Their Application to Mechatronics (ECMSM)

Self Cite

View full text Add to dashboard Cite

show abstract

“…Similarly, Hicks and Nettles (2005) have described an approach where they used the C-like language Popcorn, compiling code patches into Typed Assembly Language that can be dynamically linked and integrated. There are other works on a language level like (Mugarza et al, 2020), which are implemented on the Ada programming language. Alternatively, Bagherzadeh et al (2020) present a language-independent approach based on model execution systems (Hojaji et al, 2019).…”

Section: Runtime Updatingmentioning

confidence: 99%

Adaptive On-the-Fly Changes in Distributed Processing Pipelines

et al. 2021

View full text Add to dashboard Cite

Distributed data processing systems have become the standard means for big data analytics. These systems are based on processing pipelines where operations on data are performed in a chain of consecutive steps. Normally, the operations performed by these pipelines are set at design time, and any changes to their functionality require the applications to be restarted. This is not always acceptable, for example, when we cannot afford downtime or when a long-running calculation would lose significant progress. The introduction of variation points to distributed processing pipelines allows for on-the-fly updating of individual analysis steps. In this paper, we extend such basic variation point functionality to provide fully automated reconfiguration of the processing steps within a running pipeline through an automated planner. We have enabled pipeline modeling through constraints. Based on these constraints, we not only ensure that configurations are compatible with type but also verify that expected pipeline functionality is achieved. Furthermore, automating the reconfiguration process simplifies its use, in turn allowing users with less development experience to make changes. The system can automatically generate and validate pipeline configurations that achieve a specified goal, selecting from operation definitions available at planning time. It then automatically integrates these configurations into the running pipeline. We verify the system through the testing of a proof-of-concept implementation. The proof of concept also shows promising results when reconfiguration is performed frequently.

show abstract

“…For this purpose, state information transferring procedures are executed. The update manager just swaps the old image by the new one, once the quarantine period of the verification ends [21,22].…”

Section: Step 8: Activationmentioning

confidence: 99%

Safe and secure software updates on high-performance mixed-criticality systems: The UP2DATE approach

Agirre

Yarza

Mugarza

et al. 2021

Microprocessors and Microsystems

Self Cite

View full text Add to dashboard Cite

Over-The-Air Software Updates (OTASU) are gaining popularity on the safety-critical domain. The motivation behind this trend is twofold. On the one hand, the ability of adding new functionality and services to the system without a complete redesign makes product makers more competitive and improves user experience. On the other hand, the increasing connectivity of emerging embedded devices makes OTASU a crucial cyber-security demand to keep the system up-to-date with latest security patches. However, the application of OTASU in the safety-critical domain is not straightforward, as they are not contemplated by current functional safety standards. The UP2DATE European H2020 project, seeks to provide solutions to cope with the challenging requirements of safety and security standards with respect to software updates. This paper gives an overview of UP2DATE, its foundations and the initial description of its safe and secure architecture that builds around composability and modularity on heterogeneous high-performance platforms.

show abstract

Cetratus: A framework for zero downtime secure software updates in safety‐critical systems

Cited by 10 publications

References 34 publications

Cetratus: Live Updates in Programmable Logic Controllers

Cetratus: Live Updates in Programmable Logic Controllers

Adaptive On-the-Fly Changes in Distributed Processing Pipelines

Safe and secure software updates on high-performance mixed-criticality systems: The UP2DATE approach

Contact Info

Product

Resources

About