METrICS is a measurement environment for embedded critical systems that is able to capture the behaviour of the software on the hardware both in terms of timing and hardware resource usage. In the past METrICS has been used for hardware and software characterization exploiting hardware performance counters and relying on statistical analysis techniques while focusing on having a negligible impact on timing behaviour.
Such a characterization is especially necessary for the introduction of multi-core architecture within time-critical systems, to capture the timing interference phenomenon of different applications accessing concurrently shared hardware resources, while not being allowed to delay co-running applications to fulfil the time isolation property required by the safety standards.
The TEACHING project is an opportunity to replace the post-processing statistical analysis we used to perform for the characterization with artificial intelligence to detect safety or security issues, allowing METrICS to be part of HUMS, HIDS or SIEM systems, and extending its initial safety scope to security aspects.
Monitoring is also an important part of both the safety process and the security process, where it can detect and correct errors on the fly, detect failures and start safety-related procedures to fail back to a nominal state as quickly as possible, or detect intrusion and cyber-attacks. This monitoring activity would benefit from an introduction of AI-based algorithms using the hardware events traces as input, while not impacting the ability to certify autonomous piloting which cost needs to be controlled.
In the TEACHING project this technology is demonstrated on an avionic use-case as a cyber-blackbox, whose role is to ensure the correct behaviour of the software on the hardware, the traces of events acting as signature of this particular behaviour.
Innovation capacity: Coupling monitoring and AI in HIDS/SIEM systems is a trending research topic, but most signature-based techniques rely on identifying well-known cyber-threat signatures at hardware level, similarly to what anti-virus are performing at software level. Our specificity in TEACHING is to learn the nominal signature of the embedded critical applications, and to detect cyber-attacks as deviation from these signatures, detecting the impact of these attacks on the regular critical applications, therefore not restricting ourselves to a subset of well-known attacks.
