European Space Agency
Dependable communications on board unmanned European spacecraft: Needs and R&D lines for the 2015-2025 period
The aim of this presentation is to provide an introduction to the communication needs on board unmanned spacecraft and to their current evolution.
By nature, spacecraft are beyond any improvement or repair capability by means of physical/mechanical intervention as soon as they are launched into space. This leads to requirements for on-board communication being dominated by reliability. However, the level of autonomy required from any modern spacecraft in nominal operation mode leads to timeliness requirements as well. The combination of both properties, Reliability and Timeliness, is a common frame for communications on board unmanned spacecraft and is abbreviated in the acronym "RT" which, in this context, does not mean "real-time".
Although both reliability and timeliness are the main requirements on communications on board unmanned spacecraft, this presentation, done in the context of the 25th Euromicro Conference on Real-Time Systems (ECRTS13), focuses mainly on the timeliness issues.
We first describe the need for non-real-time and real-time communications on-board any unmanned spacecraft and then the scope of real-time communications on-board past and current spacecraft. Current and future trends are also presented for which no solution is clearly established yet. This presentation briefly describes the challenges to be addressed with respect to these trends. It then exposes short-terms solutions that have been academically investigated and are now available to spacecraft designers.
Finally, the presentation provides perspectives on possible investigation lines. There are many other parameters (mostly related to reliability) to be taken into account for the design of real-time communication protocols for spacecraft data handling, like Failure Detection, Isolation and Recovery (FDIR) issues, redundancy (cold, warm, hot, cross-strapping), Single Point of Failure (SPF), Single Fault hypothesis, availability, maintainability, determinism, babbling idiot, fails-safe, fail-operational, bus guardian, safety, security, etc. These concepts are only briefly presented in this presentation, to show that they should be taken on board any academic research on communications on board unmanned spacecraft.
David Jameux graduated in 1995, both from the French “Grande Ecole” Ecole Centrale (MsC in Software and Telecommunications) and from University of Valenciennes (MsC in Electronics and Signal Processing). He joined the European Space Agency in 1998 where he has been doing a balanced mixture of technology research, technology development procurement, and data systems engineering for spacecraft.
Over the years, David has specialised in on-board data handling and communication technologies. He applied his expertise of SpaceWire (the
international workhorse for spacecraft data links and networks) to robotics at the Canadian Space Agency from 2005 to 2006. Since 2010, he is the
technology lead at ESA for SpaceWire and his main line of research and technology development is to bring reliability and real-time properties to SpaceWire in order to support the next generation data handling systems on board advanced autonomous spacecraft.
Infineon Technologies UK Ltd
Virtualisation for Safe and Secure Domain Control Units
The talk draws on a collaboration of stakeholders in the entire stack of development of Electronic Control Units (ECUs) for the automotive sector from the chip, up to the system integrator level.
The number of ECUs is cars has grown to the level where the complexity of the electrical and electronic system is difficult to manage. This is a problem not just for software engineers but is also a hardware problem with multiple independent platforms and a large number of ECU types. Therefore the idea of Domain Control Units (DCUs) is being proposed that allows a number of "virtual ECUs" to occupy the same physical ECU.
In order to make DCUs safe and secure, and to reduce the cost of refactoring and re-engineering legacy software, a hypervisor-based approach is described. The hypervisor provides spatial and temporal separation between virtual ECUs, as well as virtualising devices (such as CAN controllers) that need to shared between virtual ECUs.
In this talk we will discuss many use cases for such a hypervisor that are adapted to the specific needs of the automotive industry and we will investigat the extent to which they are already supported by multi-core chips such as the AURIX family. We also outline a multi-core hypervisor suitable for deeply embedded automotive applications, such as domain control units and describe the architecture of the system and provide overheads (time and space) for the implementation of this hypervisor.
Glenn Farrall is a Senior Principal for the MicroController group in Infineon Technologies. He has worked on SoCs targetting the automotive and industrial arena for over 15 years. Most recently he has focussed on the safety and availability aspects for the resulting systems, both in house and in European ARTEMIS funded projects including RECOMP. Previously he has worked on embedded multimedia processors with STMicroelectronics and Hitachi, and earlier on desktop PowerPC processors at the joint Apple, IBM and Motorola design centre in Austin, Texas.