EN 
DE MicroConsult offers services related to the topics that are discussed at ESE Kongress: Training, seminars, and coaching. to.
Benefit from the experience of our embedded software engineering specialists and get in touch with us. We'd be happy to advise you.
MicroConsult training & coaching topics
ESE Congress 2018 Contributions, Part 2 – Topics:
- Multicore
- Open Source
- Requirements
- Safety and Security
- Software engineering management
- Testing and quality
- Contributions to ESE 2018, Part 1
- Homepage ESE Contributions
Lecture series: Multicore
Software development for multicore systems
What's new, and where is the journey headed?
André Schmitz, Green Hills Software (ESE Congress 2018)
Many embedded systems already use multicore processors, and this proportion is steadily increasing. Developing and migrating software to these architectures is becoming increasingly easier, and highly mature technologies for developing software for multicore systems already exist. This article examines the technologies in the areas of code generation, real-time operating systems, and debugging that facilitate the development of multicore software. It also looks to the future and explores how these technologies will scale with the expected increase in the number of cores.
Intercore communication for multicore microcontrollers
Minimize the consequences through efficient storage management
Philipp Jungklaß, Ingenieurgesellschaft Auto und Verkehr GmbH, Prof. Dr.-Ing. Mladen Berekovic, University of Lübeck, Institute for Technical Informatics (ESE Congress 2018)
The use of embedded multicore microcontrollers in modern control units with strict real-time requirements presents developers with ongoing challenges, as software separation is often not possible to the extent dictated by the number of processor cores. This necessitates data exchange between the processor cores. Currently, this intercore communication occurs via shared memory, which the processor cores access concurrently. These parallel accesses result in wait cycles that are difficult to calculate for a system with strict real-time requirements. Therefore, this article presents a priority-based method for intercore communication that minimizes wait cycles through effective utilization of the existing memory hierarchy. To demonstrate its functionality, the method is ported to two embedded multicore microcontrollers from the AURIX family and compared with the existing approach.
Strictly encapsulated for greater security
On the use of hypervisors in embedded systems
Jens Braunes, PLS Programmable Logic & Systems GmbH (ESE Congress 2018)
For the implementation of safety-critical applications, a strict separation of applications or operating systems that share a common computing platform is essential. Therefore, virtualization and hypervisors are becoming increasingly important in the embedded systems sector. This poses a significant challenge, especially for developers working in a very hardware-centric environment.
The FORMUS³IC research project in collaboration
From the state of the art to new developments
Lukas Osinski, Jürgen Mottok, Laboratory for Safe and Secure Systems (LaS³), Zentrum Digitalisierung.Bayern (ZD.B) (ESE Congress 2018)
The research project "Multi-Core Safe and Software-intensive Systems Improvement Community" addressed the challenges posed by heterogeneous multi-/many-core architectures in the automotive and avionics sectors through a holistic approach. The holistic solution concept developed reflects the consideration of the various levels of hardware-software co-design. In addition to providing solutions to current problems, the project primarily contributed to the efficient use of heterogeneous multi- and many-core systems.
Lecture series: Open Source
Automatic firmware update for embedded Linux
Step by step to a finished solution
Willi Flühmann, Noser Engineering AG (ESE Congress 2018)
Networking is becoming increasingly important for embedded systems to further enhance their usability and open up new application areas. This often means connecting to the cloud, which, in addition to increased complexity, necessitates support for common communication protocols. The simplest way to achieve this is by using a platform like Linux with its rich ecosystem of ready-made, standardized software components.
Leveraging Open Source in Embedded Software Projects
Google's „Protocol Buffers“ on a Medical Device
Morgan Kita, Zühlke Engineering (ESE Congress 2018)
As engineering tools and approaches continue to mature, customers require more and more facets to their product development projects. They need custom software and/or hardware delivered to their specifications on time and within budget, while also expecting appropriate measures regarding safety, security, testability, continuous integration, delivery, and any other number of domain specific aspects. It has rapidly become apparent that the integration of third-party specifications and solutions for any number of these aspects are key in achieving project success; regardless of whether they be middleware proprietary solutions, free/libre, or open source in nature. Device firmware has remained one element of systems that is often treated as tied to customer IP and therefore mainly bespoke or relegated to established middleware solutions. In this case study, the successful integration in a medical device project of the open source communication protocol “Protocol Buffers” from Google as well as “NanoPB”, a complementary third-party C-library implementation thereof, is presented. Along with a discussion of the technology space and the integration details, an analysis of the costs and benefits of such an approach will be examined.
Open Source Security: Time Bombs in My Software
How to properly manage open source (and other) software
Dr. Ralf Huuck, Synopsys (ESE Congress 2018)
Recent studies have shown that well over 90% of all new software projects use open source [6]. This is only natural, given the widespread use of open-source standard packages and tools. The question that arises is: How can one ensure that these open-source components meet one's own quality, licensing, and security requirements? This article highlights some of the risks associated with embedding third-party components and presents the results of a global study on security vulnerabilities in open-source components. Based on this, it explains how automated software scanning solutions can be used to automatically detect these vulnerabilities and risks during the development process and prevent their release in the final product.
Open-source solutions for augmented reality
Methods and implementations
Lubosz Sarnecki, Collabora Ltd. (ESE Congress 2018)
Although the field of virtual and augmented reality has existed since the 1990s, we have witnessed rapid, market-driven development in this interdisciplinary area in recent years. While historically dominated by proprietary software, it enjoys an enthusiastic community of open-source hackers and companies developing free drivers and middleware. Open standardization efforts are currently being undertaken by the Khronos group.
Lecture series: Requirements
Managing Complex Requirements in the Real World
Applying the Theories of Requirements Management
Istvan Demes, Emenda (ESE Congress 2018)
What is Requirements Management? Requirements management, requirements analysis, or even plain old requirements by themselves, should be simple. In theory. However, we know that in real life it is anything but simple. This talk tried to explore why this is, how common practices are diverging from the theory that tries to keep requirements under control, and how modern methods and tools can assist in making our life easier and making requirements management possible.
Clean out the requirement stable
Principles of Simplicity in Requirements Engineering
Matthias Moll, Helbling Technik GmbH (ESE Congress 2018)
Many prominent figures have recognized simplicity as a key to success, and the topic remains popular today. Especially in the complex field of requirements development, with its numerous stakeholders, influencing factors, and intricate system properties, simplicity offers significant potential for efficiency gains in system development. However, simplicity is not easy to achieve. Nevertheless, fundamental principles can be identified in the context of requirements development that can help develop qualified requirements or simplify existing sets of requirements.
Quality requirements for embedded software
The art of watertight quality requirements
Thomas Batt, MicroConsult GmbH (ESE Congress 2018)
Capturing and managing requirements is a key to project success. Describing embedded software functionality in requirements is simpler than defining quality attributes. Nevertheless, quality attributes must be captured because they cannot be tested to achieve the desired functionality. The more abstract the quality attributes, the more complex and time-consuming their capture becomes. This article addresses precisely this challenge.
Requirements + AI = Cognitive Requirements Engineering
Can't the computer write the requirements itself?
Peter Schedl, IBM Germany GmbH (ESE Congress 2018)
Data drives the world today. Algorithms, artificial intelligence (AI), and machine learning are crucial in the transformation to a digital society. System and software development also involve a vast amount of data. Products can consist of thousands or even millions of requirements. How can these larger datasets be better utilized to combine the core elements of successful development with adherence to high quality standards and rapid responses to market developments?
Lecture series: Safety and Security
Functional safety in agile software projects
How STPA and BDD can help
Prof. Dr. Stefan Wagner, Institute for Software Technology, University of Stuttgart (ESE Congress 2018)
While agile software engineering has significantly changed how software is developed in practice, it still plays a subordinate role in safety-critical systems. However, integrating security analyses into a Scrum-based approach is possible without sacrificing agility. Below, we examine an example of this and link security analyses with Behavior-Driven Development for improved quality assurance.
Security and safety fieldbuses
The how and why of security measures
Max Perner, infoteam Software AG (ESE Congress 2018)
Security on fieldbuses is necessary, possible, and sensible. The theoretical approach of "security by design" and the concept of "defense in depth" are often neglected in practice, even though attack protection is currently a major focus, especially for embedded systems in the field of industrial control. This is due to both new security standards and long-established functional safety norms.
Software Safety Concept – this is how it could work
Which analyses are useful? A case study
Dr. Thomas Liedtke, Kugler Maag CIE GmbH, Christian Bayer, Elektrobit Automotive GmbH (ESE Congress 2018)
In this paper, we present the experiences gained in defining and creating a Software Safety Concept. Safety analyses in software development are (with a few exceptions) primarily performed at the software architecture level. Remaining residual risks can be deemed sufficiently small by applying the recommended measures of ISO 26262 [1] Volume 6: Product development at software level during the further course of development. Our Software Safety Concept focuses on the Software Requirements Specification level and the Architectural Design level. We present the four different safety analyses carried out in a real customer project, describing their purpose, the experiences gained, and typical findings.
Improving safety verification through induction
Can a concept from the 16th century be useful?
Chris Hobbs, QNX Software Systems (ESE Congress 2018)
Various safety standards (ISO 26262, IEC 61508, etc.) require the creation of a safety verification. Numerous studies have shown that such a task often leads to confirmation bias. This paper describes a practical application of eliminative induction to leverage the phenomenon of confirmation bias. During a recent ISO 26262/IEC 61508 certification, this approach uncovered several previously undetected security vulnerabilities.
No more lengthy approval processes
Efficiency potential in safety and security
Dr. Dominik Holling, ITK Engineering GmbH (ESE Congress 2018)
Vehicle computers enable timely and flexible software updates. This allows new networked functions to reach the market faster than before. To achieve this, not only development but also support processes must be accelerated. Potential for improvement exists particularly in safety and security release processes, as these are usually associated with manual effort and lengthy cycles. By considering release aspects early in the development process and automating the toolchain for validation, this effort can be significantly reduced. Furthermore, ensuring safety and security offers potential synergies (e.g., in quality assurance, review and test results) that can be leveraged through effective process design to manage complexity.
Deep Learning and Functional Safety
Architecture optimization supports functional safety
Dr. Ulrich Bodenhausen, Ulrich Bodenhausen AI Coaching; Vector Consulting Services GmbH (ESE Congress 2018)
This paper describes the challenges in arguing safety of systems using Deep Learning Neural Networks. The market potential of safety critical products using AI is very attractive and Deep Learning Neural networks have proven strengths to provide important functionality. Challenges remain in the understanding and further optimization of generalization capability and in the improvement of verification/validation methodology. Algorithmic optimization of the architecture of Deep Learning Neural Network can be used beneficially to reduce residual risk of functional insufficiencies. Additionally, it can also be used to improve analyzability by construction of architectures with required observation points.
You can't get in here! (Or can you?)
Measuring code coverage during penetration tests
Dr. Sabine Poehler, Verifysoft Technology GmbH (ESE Congress 2018)
In the field of safety-critical software development, measuring code coverage has long been a standard tool during testing. It is required by common safety standards. A more recent application for coverage analysis is its use during penetration testing. In this bachelor's thesis, we are investigating how measuring code coverage can simplify the evaluation of penetration tests. This parallel analysis also serves to monitor the quality of the penetration test itself.
TPM 2.0 Policies in Practice
Easy and secure rights management for embedded systems
Markus Wamser, Mixed Mode GmbH (ESE Congress 2018)
Trusted Platform Modules (TPMs) have been firmly established in the market for many years. Modules based on the current version 2.0 of the standard have largely replaced older modules. Nevertheless, many of the new features and functions of these modules remain unused. A prominent example is the concept of Extended Authorization Policies. These not only enable secure and trustworthy boot and update concepts, but also allow for the implementation of a rights and license management concept, for example, in a vehicle, with minimal effort.
Immunization Techniques against the Side Channel Attack
Separation and Virtualization for Secure System Software
Arun Subbarao, Lynx Software Technologies, Inc (ESE Congress 2018)
Meltdown and Specter, two recent side channel attacks have demonstrated all too clearly how some multi-core processor-based software can be exploited, resulting in loss of confidentiality. Although it was a largely hardware design issue that forced software suppliers to provide workarounds, we contend that secure systems can be designed using separation and virtualization to isolate security components and minimize or even immunize the system from severe side channel attacks such as Meltdown and Specter. Modern multicore processor architecture has evolved to the point where analyzing complexities and emergent behavior is a significant problem for system architects. This paper will define technical approaches to addressing these challenges.
Lecture series Software Engineering Management
Posts will be available shortly.
Lecture series: Testing and Quality
Automation of requirements-based testing
From testable requirement to oracle
Ralf Gerlich, Rainer Gerlich, Dr. Rainer Gerlich BSSE System and Software Engineering (ESE Congress 2018)
Manual Requirements tests are complex: The input data must cover the requirements, and observed output data must be checked for compatibility with the requirements. Test cases can also be automatically generated from test models, but these must first be created manually. In contrast, the approach presented here uses simpler forms of requirements formalization to simplify the test data generated during automatic processes. Robustness tests with massive stimulation to generate, map to requirements, and check the results for correctness.
Behavior-driven testing and automatic unit test generation
Greater efficiency in testing
Johannes Bergsmann, Software Quality Lab (ESE Congress 2018)
In many development organizations, a gap exists between the business department and test automation. Business departments often specify tests functionally, lacking details about behavior. Conversely, business testers often don't understand the implementation of automated tests due to a lack of developer expertise. Very often, too few tests are specified and automated, and the resulting test coverage is sometimes negligently low. Behavior-Driven Testing (BDT) is a technique from agile development that closes precisely this gap between business testers and automation specialists. As a complement to a structured test automation approach (such as BDT), it is often also beneficial to automatically fill the test gaps with generated unit tests.
Combinatorial State Transition Tests for Embedded Systems
High test coverage achieved quickly
Thomas Schütz, PROTOS Software GmbH (ESE Congress 2018)
State-transition tests are recommended in many standards for safety-critical systems. However, they are an excellent method for all embedded systems to achieve high test coverage quickly and systematically.
Test-Driven Development Methodology for Complex Algorithms
Efficient development of computation intensive algorithms
Anto Michael, Llarina Lobo Palacios, Sebastian Zuther; Valeo Switches and Sensors GmbH (ESE Congress 2018)
Traditionally, embedded software written for the automotive industry typically used to get information from sensors and control the actuators in the vehicle. Since the beginning of this century, the focus has slowly switched towards various levels of assistance to the person at the steering of the vehicle. It starts with the introduction of obstacle warning systems at low speeds. Then vehicles came that could detect and park automatically into parking spots under the observation of the driver. Lane change assist and automatic cruise control systems are becoming more and more common in vehicles. The world is now advancing towards automated driving platforms. The most important part of the autonomous driving is to perceive the environment around the vehicle. The perception layer uses information from sensors like ultrasonic, camera, laser, radar etc. The information from these sensors has to be processed to make the vehicle aware of the environment around. The processing involves complex mathematical algorithms that have to be implemented in the embedded software. The embedded software runs on small micro-controllers that are constrained in terms of the resources available – memory and runtime.
System testing of eHealth service robots in a home environment
Systematically managing complexity
Prof. Dr. Martine Herpers, Fulda University of Applied Sciences, Robin Kirschner (BSc), Chemnitz University of Technology (ESE Congress 2018)
Research has been underway for some time on robots that can take over household tasks and offer support in caregiving. This paper presents a universal proposal for the systematic testing of the most important functional capabilities of eHealth service robots, based on practical experience gained in the residential laboratory at Fulda University of Applied Sciences and a modeling of the care robots and their living environment.
42 years of complexity metrics – what's stopping us?
Effectively using software complexity metrics
Thomas Grundler, Hendrik Post, Jochen Quante, Sadi Yigit, Robert Bosch GmbH (ESE Congress 2018)
The most well-known software complexity metric was introduced by Thomas J. McCabe in 1976 and has sparked discussions among generations of software developers about the significance of such metrics. The following article describes how software complexity metrics are used in the automotive division of Robert Bosch GmbH.
