Application of SOA in Safety-Critical Embedded Systems

G. Lee, D. Howard, and D. l zak (Eds.): ICHIT 2011, CCIS 206, pp. 345–354, 2011. © Springer-Verlag Berlin Heidelberg 2011

Application of SOA in Safety-Critical Embedded Systems

Douglas Rodrigues1, Rayner de Melo Pires1, Júlio Cézar Estrella1, Marco Vieira2, Mário Corrêa3, João Batista Camargo Júnior3,

Kalinka Regina Lucas Jaquie Castelo Branco1, and Onofre Trindade Júnior1

1 Institute of Mathematics and Computer Science - University of São Paulo, São Carlos - SP, Brazil

{douglasr,rayner,jcezar,kalinka,otjunior}@icmc.usp.br 2 University of Coimbra, Coimbra, Portugal

[email protected] 3 University of São Paulo, São Paulo - SP, Brazil

{mario.correa,joao.camargo}@poli.usp.br

Abstract. Service-Oriented Architecture (SOA) are having a widespread use in enterprise computing applications, being Web services the most common implementation. The use of SOA has also been proposed for embedded systems, although very little could be found in the literature on the use of SOA for Safety-Critical Embedded Systems. This paper discusses the use of SOA for the development of this class of systems. Safety-critical embedded systems have specific requirements such as high reliability and real time response, making the use of SOA more challenging than for standard applications. To make concepts clear, a case study on Avionics for Unmanned Aerial Vehicles (UAVs) is presented. This is a complex application based on a reference model proposed by the authors. SOA shows to be a promising approach to implement parts of this reference model, especially in what concerns the missions played by the aircraft.

Keywords: Safety-Critical Embedded Systems, Unmanned Aerial Vehicles, Service-Oriented Architecture.

1 Introduction

Embedded systems are computing systems that are part of a larger system. They provide a predefined set of tasks, normally dedicated to a particular real time application, and present special requirements. In fact, they typically provide real-time monitoring and control for an entire system. These systems are considered to be safety-critical when failure events can lead to human live losses or high valued asset losses. In some applications, such as in aviation, safety-critical embedded systems must present failure rates as low as a serious fault every 105 to 109 hours of operation.

Embedded systems have becoming increasingly more complex in hardware and software. On the other hand, they are becoming more and more usual in domestic and professional environments for control or information management. Multicore and

346 D. Rodrigues et al.

multiprocessor systems are becoming common, further increasing the complexity of the software [7].

The key concepts of Service-Oriented Architectures (SOA) have received significant attention from the community of software development, although there are some conflicting understanding on SOA concepts and usage. Various types of service-oriented architectures have emerged and Web services are the most common implementation [3].

The advantage of using the SOA paradigm is the interoperability achieved by the use of XML, which allows not only conventional communication in the Web, but also communication between devices ranging from a small sensor to sophisticate domestic, commercial or industrial equipment. Self-describing open components that support quick and seamless integration are characteristics of this kind of paradigm.

In this paper we discuss whether Web services are suitable or not for embedded systems. While the use of SOA in the business application domain is well established, several aspects must be considered in the embedded systems domain, mainly the availability of enough resources (processing Power and memory size). Embedded systems are attached to the fast growth of the Internet, communication technologies, pervasive computing and portable consumer electronics. System sizes range from the tiny to the big, complex multicore systems. In many of them there are not enough resources to make possible the use of Web services.

This paper encourages the use of SOA in the normally bigger non-critical sections of complex safety-critical embedded systems. This provides a simple approach to the problem, allowing the use of different paradigms to solve different parts of a complex system, avoiding the disadvantages already mentioned.

As a case study, an UAS (Unmanned Aerial System) reference model is proposed. The system was modeled (a layered reference model), showing its critical and non-critical sections. Services and protocols between layers are under development and should be presented in a future paper. The advantages of the use of SOA are discussed, easing the implementation of many high-level functions.

The remainder of this paper is organized as follows. Section 2 presents the related work especially on the use of SOA in Embedded System and Safety-Critical Embedded Systems. Section 3 proposes and discusses a Reference Model for UASs. Section 4 presents a Framework on how to use SOA in the target applications. And finally, in Section 5, the conclusions of the work are presented.

2 Related Work

This section presents a review on the use of SOA in Embedded Systems and in Safety-Critical Embedded Systems.

Service-oriented computing is a paradigm that uses services as basic blocks for application development. This paradigm allows applications to be built on a cooperative network that crosses the boundaries of universities and organizations. These blocks must comply with some standards and patterns. Web services are the SOA implementation that has achieved the highest market penetration. This paradigm

Application of SOA in Safety-Critical Embedded Systems 347

enables interoperability of applications due to a series of standards that are based on XML (eXtensible Markup Language). However, Web services do not have predefined clients and therefore must be adapted to different contexts and are, somehow, a type of client/server system especially structured to make the best use of Web standards. Services are offered by providers and used by service consumers (clients). The main architectural units in service-oriented computing are service description, service discovery and service consumption.

Many complex embedded systems are coupled with a high-level information system. SOA can provide the integration of low-level embedded system services and high-level information system services. This integration is still an incomplete work, in spite of the many related works found in the literature [7] [5] [4] [6] [13] [8] [9] [12] [2] [1]. In practice, the use of SOA in Embedded Systems can provide a lot of benefits, such as: decoupling configuration from environment; improvement of reusability and maintainability; higher level of abstraction and interoperability; more interactive interface between devices and information systems; and easy use of resource-hungry services provided by more powerful internet servers.

Safety-critical embedded systems are computational modules integrated to physical devices and equipment, which have a predefined set of tasks, usually with special requirements. These systems must present very low failure rates. Furthermore, real time performance is almost mandatory and must be guaranteed in any circumstances. Several mechanisms of SOA, for example service discovery, have potential for non-deterministic behavior, not compatible with the basic requirements of safety-critical embedded systems. Complex safety-critical embedded systems can be almost always split into critical and non-critical sections. Despite being algorithmically more complex, the critical sections are normally much smaller than the critical sections of the code.

The use of Web services architectures for embedded systems in distributed automation applications is presented in [5]. Kakanakov shows some results of using the TCP Client/Server model in networks of embedded systems. The author establishes that the performance of the protocol is totally dependent on the operational system and on the kind of device.

A related work [6] extends the work presented in [5]. The authors discuss the possibility of adaptation of the Service-Oriented Architecture in a distributed embedded system. They provide a description of the architecture and a tool for creating services in Java and C/C++. They test two systems (java-enabled and SOAP-enabled) and both present the same results: they allow the system to be much more than an application, to be a service.

Thramboulidis et al. (2007) [13] propose in their work an approach to use service-oriented architectures in embedded systems. The paper proposes a framework that allows easier development of embedded systems using features available as services. They provide an easy way to integrate components, plug-and-playing the desirable features that should be provided by the service-oriented architectures.

Moritz et al. (2008) [9] presents an approach to add Web services to low cost microcontrollers, without losing real-time capabilities. The work described had just

348 D. Rodrigues et al.

started and they did not present important results. The measurements necessary for convincing conclusions were missing.

Lee at al. (2008) [8] discuss and present an implementation of mobile applications using a service-oriented paradigm. In their work, services have optimized implementations for mobile devices having scarce resources (mainly memory size and processing power).

Other projects related to the development of SOA platforms that enable the implementation of embedded systems are eSOA [12], SODA [2] and the SIRENA project [1].

This work has a different focus than the works reviewed. Most of them do not address safety-critical systems. For this class of systems, the references on the use of SOA are poor and almost inexistent. This is due to the specific requirements that standard SOA does not address.

A typical application of a complex safety-critical embedded system is an UAS (Unmanned Aerial System). The term UAS (Unmanned Aircraft System) was adopted by both the FAA (Federal Aviation Administration) and the international academic community to designate systems that comprise not only the aircraft but all associated elements such as the payload, the ground control station and communications links [4]. An UAS can operate for a longer period of time without human pilot intervention.

There are different types of UAS presenting different capabilities. Some aircraft can fly autonomously following a pre-programmed flight path (grid or waypoint based) [15], while others fly receiving commands from pilot-operated ground stations. The aircraft size can range from the micro to the big, and the ground control station can be implemented in smartphones, tablets, notebooks and a network of workstations. Aircraft can vary not only in size, but also in shape, type of propulsion and performance. The human-computer interface can vary from a smartphone touchscreen up to a tangible user interface. The performance of the communication links and the type of payload are also very important to accomplish the intended mission for the system.

All the papers and roadmaps on UASs found in the literature typically presents UASs implemented using traditional approaches [11] [17] [18] [19] [20] [14]. There are roadmaps showing the expected advances in UASs that are periodically published by military organizations, such as the US Air Force [16].

3 Structure of an UAS - A Reference Model

3.1 Reference Model Architecture for Unmanned Aerial Systems

Architecture is a structure that identifies, defines and organizes components. The relationship and principles of design of the components, functions and the interface established between subsystems can also be defined by architecture.

The reference model architecture is an architecture where the entities, relationships and information units involved in interactions between and within subsystems and components are defined and modeled. In summary, it is a model of something that

Application of SOA in Safety-Critical Embedded Systems 349

embodies the basic goal or idea and can be considered as a reference for various purposes.

UASs have been extensively used for precision agriculture, national security (military missions) and environmental monitoring. In this kind of systems it is necessary to make clear the complex structure of the system making easier the tasks of the system designers.

The NIST (National Institute of Standards and Technologies) provides a reference model for UAS [10]. In this specific standard, the reference model was proposed to specify the military rules, uses and commands in an understandable and intuitive way for a human commander.

Figure 1 presents a Reference Model Architecture for UASs proposed by the authors of this paper showing entities and theirs relationships, a different approach of that presented by NIST [10]. The components of an UAS can be split into an aerial segment and a ground segment. The aerial segment is hierarchically composed of the physical layer, the distributed RTOS layer, the system abstraction layer, monitoring & control layer, navigation & services layer and mission layer. The ground segment is divided into a physical layer and a ground control station layer.

3.2 Protecting the Critical Parts

The separation in layers allows the system to be divided into subsystems that can be implemented in different ways. This division helps to protect the critical parts that compose the entire safety-critical embedded system providing the best of the both worlds: protect and perform the critical parts complying with all the necessary requirements and take full advantage of the facilities offered by the Service-Oriented Architecture. The shaded parts in Figure 1 indicate the non-critical parts that can be easily implemented using SOA.

3.3 The Smart Sensor Interface and Protocol and In-flight Awareness

This reference model and the use of SOA support the development of the SSI (Smart Sensor Interface). The SSI is a concept that makes easier the payload integration to an UAS. In fact, the mission is isolated from the aircraft, being part of the sensor (smart sensor, normally a MOSA - Mission Oriented Sensor Array). The aircraft provides the capability of motion to the sensor. The sensor is in charge of the mission, directing the aircraft for its accomplishment. The SOA service discovery can to be used to allow the sensor to choose or compose the best service to perform the proposed mission.

Not always the aircraft can fulfill all the requirements necessary to accomplish a specific mission. When connected, the aircraft and sensor communicate using the SSP (Smart Sensor Protocol) for exchanging information in order to agree on the requirements for the mission feasibility. As a result, the mission can be completely feasible, partially feasible or not feasible. This step is made whenever a new sensor is connected. Missions can be adaptative and some configuration can change during the execution of a mission.

350 D. Rodrigues et al.

Fig. 1. A Reference Model Architecture for UASs

In the near future (10+ years), UAVs should dominate the skies over manned aircraft. In fact, the only manned aircraft that will make sense will be the ones that carry passengers. In this sense, all aircraft must coordinate the use of the airspace without human intervention.

Another important issue is the replacement of some functionality provided today by the human pilot. The authors call this replacement In-flight Awareness (IFA). The human pilot can smell alarming odors; evaluate cloud formations; listen to usual and to unusual noises; feel usual and unusual vibrations; stay aware of political boundaries and the ground being own over. All this knowledge can be used to avoid dangerous situations and select the best procedure in emergencies. SOA has great potential to support the implementation of IFA due to its naturally dynamic behavior.

Application of SOA in Safety-Critical Embedded Systems 351

4 A Knowledge Based Framework for Dynamically Changing Applications

4.1 The Framework

All communication in SOA is performed through the SOAP protocol in XML. The exchange of messages is done via plain text in the raw mode, without any concern for security.

The SOA basic operation is shown in Figure 2. The provider publishes the service. The client searches the UDDI repository to find the service and finally a message passing communication is established between the service provider and the client. A problem is that the chosen service could not be the best service for each moment in time during the operation of the system. To overcome this problem, this paper proposes the Knowledge Based Framework for Dynamically Changing Applications (KBF), presented in Figure 3.

Fig. 2. SOA basic operation.

KBF extends the broker service discovery capability adding knowledge about the application domain. In this way, the application designer, or even the application itself, can choose or compose the best service based on a set of usage rules and some selection criteria such as: dependability, security, performance and real time response.

4.2 Reconfigurable Matrices

KFB maintains a Knowledge Database to store all the information and selection criteria established by the user and the application. Another key issue is the assembling of reconfiguration matrices. These data structures correlate available services, its functionalities and other selection criteria with the application procedures. They can be: static - defined off the system, manually or with the help of a supporting tool; semi-static - defined at system startup; and dynamic - defined during system operation, when a service status changes (availability, selection criteria).

Static configuration matrices never change. Semi-static configuration matrices change during the startup of the system and cannot be changed during normal system operation. Dynamic matrices can be changed or composed during the system

352 D. Rodrigues et al.

operation. These matrices have potential for non-deterministic behavior and despite its flexibility, should be avoided in the critical parts of the system.

Using all information available in the configuration matrices, the KFB can choose or compose the best service to perform a mission defined by the user.

Fig. 3. Knowledge Based Framework on SOA

4.3 Reasons to Use SOA and the KBF in an UAS

UASs are complex systems that perform complex missions. Big UASs are distributed systems, with tens of different processor boards. In these later systems, processor and memory costs are not an issue. Therefore, performance is normally not an issue. The use of SOA can provide a more easy and quick development of the non-critical parts of such systems as discussed before. A variability of services with different functionalities and levels of performance (including security, reliability, safety and real time) can be developed and composed.

Different missions, defined by different MOSA subsystems and different UASs, can be integrated by the KFB that can choose the best service to fit in the scenario. This is the basis of implementation of the SSI and SSP. The mission can be adaptative. During a mission, based on a configuration matrix, the UAS can dynamically adapt the characteristics of the mission choosing services that fits better depending on the situation. In critical fault situations the use of the SOA paradigm can also help. Different strategies, based on configuration matrices, map default and the best procedures for its handling can be selected.

Application of SOA in Safety-Critical Embedded Systems 353

5 Conclusions

Web services, the cornerstone of the current SOA technology, are widely used for linking service providers and clients in different areas such as banking and financial services, transportation, manufacturing, to name a few. They are designed for interoperable machine-to-machine communication, allowing different systems to invoke remote methods or to exchange documents without mutual knowledge of internal implementation details.

Several studies show the application of Web services in embedded systems. Most of them focus an optimized version of Web services to avoid the lack of resources normally presented by such systems. Web services and safety-critical embedded systems often are seen as non-related areas.

This paper introduces the use of SOA in critical embedded systems, providing dynamic behavior and flexibility to this class of systems. However, the problem of choosing the parts of the system that can be implemented with this technology, without compromising its safety-critical nature, is not a trivial task. In this paper a reference model on UAS is presented to show how this technology can be used in a complex safety-critical embedded system. Complex systems of this kind normally have non-critical parts that can take advantage of all facilities that SOA, and in particular Web services, can provide.

A framework was proposed to allow the use of SOA in the non-critical parts of Safety-Critical Embedded Systems, helping the implementation of the SSI and SSP, as they are good first candidates for application of the ideas presented in this paper.

Acknowledgments. The authors acknowledge the support granted by CNPq and FAPESP to the INCT-SEC (National Institute of Science and Technology - Critical Embedded Systems - Brazil), processes 573963/2008-9 and 08/57870-9.

References

1. Bohn, H., Bobek, A., Golatowski, F.: SIRENA - Service Infrastructure for Real-time Embedded Networked Devices: A Service Oriented Framework for Different Domains (2005)

2. Deugd, S., Carroll, R., Kelly, K.E., Millett, B., Ricker, J.: SODA: Service-Oriented Device Architecture (2006)

3. Erl, T.: Service-Oriented Architecture: Concepts, Technology, and Design. Prentice-Hall, Upper Saddle River (2005)

4. GAO: Unmanned Aircraft Systems - Federal Actions Needed to Ensure Safety and Expand their Potential uses within the National Airspace System, GAO-08-511 (2008)

5. Kakanakov, N.R.: Experimental Analysis of Client/Server Application in Embedded Systems. In: Electronics, Sozopol, Bulgary (2005)

6. Kakanakov, N.R., Spasov, G.: Adaptation of Web Service Architecture in Distributed Embedded Systems. In: International Conference on Computer Systems and Technologies, CompSysTech 2005, pp. IIIB.10-1 – IIIB.10-6 (2005)

7. Kouloheris, J.: Future of System Level Design. In: Panel Discussion of First IEEE/ ACM/ IFIP International Conference on Hardware/Software Codesign and System Synthesis (2003)

354 D. Rodrigues et al.

8. Lee, M., Yoo, C., Jang, O.: Embedded System Software Testing Based on SOA for Mobile Service. International Journal of Advanced Science and Technology 1, 55–63 (2008)

9. Moritz, G., Pruter, S., Timmermann, D., Golatowski, F.: Web Services on Deeply Embedded Devices with Real-Time Processing. In: The Proceedings of the IEEE International Conference on Emerging Technologies and Factory Automation, ETFA 2008, pp. 432–435 (2008)

10. National Institute of Standards and Technologies: 4D/RCS: Reference Model Architecture for Unmanned Vehicle Systems Version 2.0 (2002)

11. OSD UAV Roadmap 2002-2027: Office of the Secretary of Defense, (Acquisition, Technology, and Logistics) Air Warfare (December 2002)

12. Scholz, A., Buckl, C., Sommer, S., Kemper, A., Knoll, A., Heuer, J., Schmitt, A.: eSOA – SOA Fuer Eingebettete Netze (2009)

13. Thramboulidis, K.C., Doukas, G., Koumoutsos, G.: A SOA-Based Embedded Systems Development Environment for Industrial Automation. EURASIP Journal on Embedded Systems 2008, 1–15 (2007)

14. Trindade Jr, O., Barbosa, L.C.P., Neris, L.O., Jorge, L.A.C.: A Mission Planner and Navigation System for the ARARA Project. In: ICAS - 23rd International Congress of Aeronautical Sciences, Toronto (2002)

15. Trindade Jr, O., Neris, L.O., Barbosa, L., Branco, K.R.L.J.C.: A Layered Approach to Design Autopilots. In: IEEE-ICIT 2010 International Conference on Industrial Technology, vol. 1, pp. 1395–1400. IEEE Press, Chile (2010)

16. United States Air Force: Unmanned Aircraft Systems Flight Plan 2009-2047, Headquarters, United States Air Force, Washington DC (2009)

17. Unmanned Aircraft Systems Roadmap 2005-2030: Office of the Secretary of Defense (August 2005)

18. Unmanned Systems Roadmap 2007-2032: Office of the Secretary of Defense (January 2009)

19. Unmanned Systems Integrated Roadmap FY2009-2034: Office of the Secretary of Defense (April 2009)

20. Valavanis, K.P.: Advance. In: Unmanned Aerial Vehicles: State of the Art and the Road to Autonomy. International Series on Intelligent Systems, Control, and Automation: Science and Engineering, vol. 33 (2007)