Ingo Stierand

Verified

Ingo verified their affiliation via an institutional email.

Learn more

Verified

Ingo verified their affiliation via an institutional email.

Learn more

• PhD
• Researcher at German Aerospace Center (DLR)

The development of cyber-physical systems such as automated driving systems calls for proper engineering methods to ensure that the risk of causing harm to people is minimized. The increasing complexity of environment in which CPS have to function and the complexity of their interaction is becoming a potential source of risk. This becomes evident i...

Current surveys indicate limited public and individual trust in autonomous vehicles despite a long tradition to ensure their (technical) trustworthiness in informatics and systems engineering. To address this trust gap, this article explores the underlying reasons. The article elaborates on the gap between trust understood as a social phenomenon an...

The design of safety-critical systems calls for rigorous application of specification and verification methods. In this context, a comprehensive consideration of safety aspects, which inevitably include timing properties, requires explicit addressing of operating modes and their transitions in the system model as well as in the respective specifica...

In many application domains, the development of safety-critical systems must follow standards that define process steps and artifacts to establish a comprehensive safety argumentation. Commonly, this involves the identification of hazards and risks as well as the formulation of a safety concept to mitigate these risks. The concept is decomposed int...

The homologation of automated driving systems for public roads requires a rigorous safety case. Regulations of the United Nations demand to demonstrate the compliance of the developed system with local traffic rules. Hence, evidences for this have to be delivered by means of formal proofs, online monitoring, and other verification techniques in the...

Safety-critical systems face an increase in critical software functions that require high-performance hardware platforms. This situation fosters - also in the automotive domain - an ongoing trend away from many small towards few but powerful processing elements. It inevitably comes with a concentration of the deployed functionality, which imposes c...

The design of safety-critical systems calls for rigorous application of specification and verification methods. In this context, a comprehensive consideration of safety aspects, which inevitably include timing properties, requires explicit addressing of operating modes and their transitions in the system model as well as in the respective specifica...

The performance of factory-internal logistic systems plays a central role for the overall productivity of the factory of the future. A key element is the optimization of logistic systems based on predictive analytics of transport tasks in order to anticipate and to adapt to changes of the production flows in the factory. Although this information m...

The MobSTr dataset contains a number of artifacts for an autonomous driver assistance system, ranging from textual requirements to models for system design and models relevant to safety assurance. The artifacts provided are connected with traceability links created and managed with Eclipse Capra, an open source traceability management tool. The dat...

The design of safety-critical systems calls for rigorous application of specification and verification methods. In this context, a comprehensive consideration of safety aspects, which inevitably include timing properties, requires explicit addressing of operating modes and their transitions in the system model as well as in the respective specifica...

In embedded software systems, safety mechanisms protect safety-critical functions from the effect of random hardware faults, such as data corruption during bus transfers. For effectively avoiding risks, not only functional behavior but also timing of safety mechanisms is important. Classical static response time analyses are insufficient for verify...

Embedded systems are being increasingly used in changing environments where they no longer fulfill their associated stakeholder goals on their own, but rather in interaction with other embedded systems. This transition to networked, collaborative embedded systems is creating new application opportunities that impose numerous challenges for develope...

When collaborative embedded systems (CESs) connect to form a group, this collaborative system group (CSG) can achieve goals that are beyond the reach of individual systems. The goals such a group can achieve depend on the constituent collaborative embedded systems. Consequently, the ability of a collaborative system group to adapt itself is driven...

Dynamically coupled collaborative embedded systems operate in groups that form, change, and dissolve—often frequently—during their lifetime. Furthermore, the context in which collaborative systems operate is a dynamic one: systems in the context may appear, change their visible behavior, and disappear again. Ensuring safe operation of such collabor...

Software updates are indispensable for the con- tinuous development of Cyber Physical Systems (CPS): They allow for low-cost bug-fixing, fast adaptation to new or changing environments, or adding new functionality throughout the CPS’s life-cycle. Due to the urgent need for some safety-critical updates, their verification and validation may need to...

Logistics are essential regarding the efficiency of factories, and therefore their optimization increases productivity. This paper presents an approach and an initial implementation for optimizing a fleet of automated transport vehicles, which transports products between machines in the factory of the future. The approach exploits a digital twin de...

The application of digital control in the automotive domain clearly follows an evolution with increasing complexity of both covered functions and their interaction. Advanced Driver Assistance Systems (ADAS) and Automated Driving (AD) functions comprise modular interacting software components that typically build upon a layered architecture. As thes...

The application of digital control in the automotive domain clearly follows an evolution with increasing complexity of both covered functions and their interaction. Advanced Driver Assistance Systems (ADAS) and Automated Driving Functions (AD) comprise modular interacting software components that typically build upon a layered architecture. As thes...

Real-time scheduling analysis is an important step in safety relevant embedded system design for many application domains, such as avionics, automotive and automation. Increasing system complexity, not least due to raising automated mobility, requires constant evolution of the analysis approaches, resulting in a vital research domain. We like to c...

In this paper we propose a framework of Assume / Guarantee contracts for schedulability analysis. Unlike previous work addressing compositional scheduling analysis, our objective is to provide support for the OEM/ supplier subcontracting relation. The adaptation of Assume / Guarantee contracts to schedulability analysis requires some care, due to t...

Conventionally, the process of design space exploration (DSE) in embedded system design considers performance, energy and cost as important objectives for optimization. However, in many domains such as in modern day cars the security aspect is becoming more and more significant. On the other hand, the inclusion of security aspect adds a new dimensi...

Embedded safety-critical systems must not only be functionally correct but must also provide timely service. It is thus important to have rigorous analysis techniques for determining timing properties of such systems. We consider a layered design process, where timing analysis applies when the system is integrated on a target platform. More precise...

The analysis of real-time properties is crucial in safety critical areas, and is particularly difficult for distributed systems as complex interferences between tasks of different priorities can occur. In previous works we have introduced a state-based analysis approach to validate end-to-end deadlines for distributed systems, where the state space...

The analysis of real-time properties is crucial in safety critical areas. Systems have to work in a timely manner to offer correct services. The analysis of timing properties is particularly difficult for distributed systems when complex interferences between individual tasks can occur. Considering only critical instances, as analytic approaches do...

Conventionally, automotive embedded systems are assessed for evaluating various different aspects such as safety, functionality, and real-time. However, the inclusion of security aspect, which indeed is becoming increasingly important in modern day cars, has a significant impact on the above aspects, especially on functionality and real-time. This...

The objective of this work is the analysis and verification of distributed real-time systems. Such systems have to work in a timely manner in order to deliver the desired services. We consider a system architecture with multiple computation resources. The aim is to work out a compositional state-based analysis technique to determine exact response...

With a rise in the deployment of electronics in today's systems especially in automobiles, the task of securing them against various attacks has become a major challenge. In particular, the most vulnerable points are: (i) communication paths between the Electronic Control Units (ECUs) and between sensors & actuators and the ECU, (ii) remote softwar...

For most embedded safety-critical systems not only the functional correctness is of importance, but they must provide their services also in a timely manner. Therefore, it is important to have rigorous analysis techniques for determining timing properties of such systems. The ever increasing complexity of such real-time systems calls for compositio...

A notion of interfaces based on regular languages for modelling and verification of real-time scheduling constraints was proposed in [Bhaduri, Stierand 2010: A proposal for real-time interfaces in SPEEDS]. This initial notion considers task sets running on single resources, and simple deadline requirements. We extend the approach to enable support...

We introduce a framework that aims at automating significant parts of the design flow in a typical scenario for embedded application development in the automotive domain. Given a specification model of a new automotive feature captured in Matlab-Simulink, the framework allocates new functions onto the devices of the hardware architecture such as EC...

The amount of system functions realized by software drastically increased in recent years. Software tasks of safety-critical systems like those in the automotive domain have to work in a timely manner. In such systems not only ordering of events but also timing properties like end-to-end deadlines are relevant for correctness and performance. Unfor...

Nowadays, most embedded safety critical systems have to work in a timely manner in order to deliver desired services. In such timed systems not only ordering of events but timing properties are relevant for correctness and performance. In order to be safe and reliable, it is important to have rigorous analysis techniques of timing-dependent (state)...

The technical viewpoint is mostly concerned with the question of how to get from the platform-independent models.

In this paper we motivate, mathematically formulate, and evaluate a novel approach for finding good pre-allocations for software tasks together with their communication messages onto a hardware system. The hardware system is composed of subsystems connected via a global communication bus. Each subsystem contains one or more processors whose type ca...

The approach proposed in this paper forms the front-end of a framework for the complete design flow from specification models of new automotive functions captured in Matlab Simulink to their distributed execution on hierarchical bus-based electronic architectures hosting the release of already deployed automotive functions. The process starts by de...

We address the complete design flow from specification models of new automotive functions captured in Matlab-Simulink to their distributed execution on hierarchical bus-based electronic architectures hosting the release of already deployed automotive functions. We propose an automated design space exploration process resulting in a cost-optimized e...

We elaborate on the theoretical foundation and practical application of the contract-based specification method originally developed in the Integrated Project SPEEDS, for two key use cases in embedded systems design. We demonstrate how formal contract-based component specifications for functional, safety, and real-time aspects of components can be...

For checking the temporal behaviour of embedded systems, real-time scheduling analysis based on abstract, formal models is a well-established method. To alleviate large over-approximation resulting from abstraction of the functional behaviour, task networks with functional extensions have been proposed. These extended task networks can be analysed...

In this paper a new methodology to support the development process of safety-critical systems with contracts is described. The meta-model of Heterogeneous Rich Component (HRC) is extended to a Common System Meta-Model (CSM) that benefits from the semantic foundation of HRC and provides analysis techniques such as compatibility checks or refinement...

This paper addresses the problem of assigning tasks to embedded control units. The units are considered to be connected via a bus, and tasks may already be deployed onto the units. To save costs, the objective is to insert as many new tasks onto the system as possible. In this setting, to support early design decisions, we present an approximative...

Abstract—The SPEEDS project is aimed,at making,rich com- ponents,models,(RCM) into a mature,framework,in all phases,of the design of complex,distributed embedded,systems. The RCM model,is required,to be expressive,enough,to cover the entire development process from requirements to code through design, and,also capture,both functional and,non-functi...

For checking the temporal behaviour of embedded systems, real-time scheduling analysis based on abstract, formal models is a well-established method. A major difficulty for such analytical models in practical use-cases is the non-trivial representation of a real implementation model. To overcome this limitation we propose a formal mapping of a conc...

Analysis and verification of safety critical systems is inevitable to assure functional and temporal correctness. For checking temporal system behaviour, real-time scheduling analysis has been proved to be an efficient method. As an analytical method, real-time scheduling relies on rather simple task network models mostly ignoring functional behavi...

We present a SAT-based approach to the task and mes- sage allocation problem of distributed real-time systems with hierarchical architectures. In contrast to the heuris- tic approaches usually applied to this problem, our ap- proach is guaranteed to find an optimal allocation for real- istic task systems running on complex target architectures. Our...

We present a SAT-based approach to the task and message allocation problem of distributed real-time systems. In contrast to the heuristic approaches usually applied to this problem, our approach is guaranteed to find an optimal allocation for realistic task systems running on complex target architectures. Our method is based on the transformation o...

In the future, messages, e.g. speech, text or pictures, will be transmitted digitally since this is cheaper, more perfect and more flexible. It is possible to hide messages, which are of necessity much shorter, nearly unrecognizable for outsiders in such digitized messages. In this article we describe how computer based steganography works and give...

In the design process of real-time systems, formal verification establishes global properties of high-level specifications while real-time scheduling analysis ensures that concrete realisations meet essential timing properties with respect to a given target platform. But a formal link between these phases is missing. It is unclear (1) whether timin...

In today's distributed embedded hard real-time systems there is an ongoing trend to move from traditional event triggered systems to time triggered systems, mainly driven by the unpredictability of communication media like CAN. However, many systems do not fit into this strict periodic framework due to sporadic triggering of tasks. Therefore, on ta...