@inproceedings {INPROC-2020-36, author = {Milan Tepic\&\#769; and Mohamed Abdelaal and Marc Weber and Kurt Rothermel}, title = {{AutoSec: Multidimensional Timing-Based Anomaly Detection for Automotive Cybersecurity}}, booktitle = {Proceedings of the 26th IEEE International Conference on Embedded and Real-Time Computing Systems and Applications (RTCSA’20), August 2020}, publisher = {IEEE}, institution = {University of Stuttgart, Faculty of Computer Science, Electrical Engineering, and Information Technology, Germany}, pages = {1--10}, type = {Conference Paper}, month = {August}, year = {2020}, language = {English}, cr-category = {C.2.4 Distributed Systems}, ee = {ftp://ftp.informatik.uni-stuttgart.de/pub/library/ncstrl.ustuttgart_fi/INPROC-2020-36/INPROC-2020-36.pdf}, department = {University of Stuttgart, Institute of Parallel and Distributed Systems, Distributed Systems}, abstract = {Nowadays, autonomous driving and driver assistance applications are being developed at an accelerated pace. This rapid growth is primarily driven by the potential of such smart applications to significantly improve safety on public roads and offer new possibilities for modern transportation concepts. Such indispensable applications typically require wireless connectivity between the vehicles and their surroundings, i.e. roadside infrastructure and cloud services. Nevertheless, such connectivity to external networks exposes the internal systems of individual vehicles to threats from remotely-launched attacks. In this realm, it is highly crucial to identify any misbehavior of the software components which might occur owing to either these threats or even software/hardware malfunctioning. In this paper, we introduce $\backslash$PaperAcronym, a host-based anomaly detection algorithm which relies on observing four timing parameters of the executed software components to accurately detect malicious behavior on the operating system level. To this end, $\backslash$PaperAcronym formulates the task of detecting anomalistic executions as a clustering problem. Specifically, $\backslash$PaperAcronym devises a hybrid clustering algorithm for grouping a set of collected timing traces resulted from executing the legitimate code. During the runtime, $\backslash$PaperAcronym simply classifies a certain execution as an anomaly, if its timing parameters are distant enough from the boundaries of the predefined clusters. To show the effectiveness of $\backslash$PaperAcronym, we collected timing traces from a testbed composed of a set of real and virtual control units communicating over a CAN bus. We show that using our proposed $\backslash$PaperAcronym, compared to baseline methods, we can identify up to 21$\backslash$\% less false positives and 18$\backslash$\% less false negatives.}, url = {http://www2.informatik.uni-stuttgart.de/cgi-bin/NCSTRL/NCSTRL_view.pl?id=INPROC-2020-36&engl=1} } @inproceedings {INPROC-2020-29, author = {Ahmad Slo and Sukanya Bhowmik and Kurt Rothermel}, title = {{hSPICE: State-Aware Event Shedding in Complex Event Processing}}, booktitle = {Proceedings of the 14th ACM International Conference on Distributed and Event-based Systems (DEBS '20), July 13--17, 2020, Virtual Event, QC, Canada.}, publisher = {ACM}, institution = {University of Stuttgart, Faculty of Computer Science, Electrical Engineering, and Information Technology, Germany}, pages = {1--12}, type = {Conference Paper}, month = {July}, year = {2020}, language = {English}, cr-category = {C.2.4 Distributed Systems}, ee = {ftp://ftp.informatik.uni-stuttgart.de/pub/library/ncstrl.ustuttgart_fi/INPROC-2020-29/INPROC-2020-29.pdf}, department = {University of Stuttgart, Institute of Parallel and Distributed Systems, Distributed Systems}, abstract = {In complex event processing (CEP), load shedding is performed to maintain a given latency bound during overload situations when there is a limitation on resources. However, shedding load implies degradation in the quality of results (QoR). Therefore, it is crucial to perform load shedding in a way that has the lowest impact on QoR. Researchers, in the CEP domain, propose to drop either events or partial matches (PMs) in overload cases. They assign utilities to events or PMs by considering either the importance of events or the importance of PMs but not both together. In this paper, we propose a load shedding approach for CEP systems that combines these approaches by assigning a utility to an event by considering both the event importance and the importance of PMs. We adopt a probabilistic model that uses the type and position of an event in a window and the state of a PM to assign a utility to an event corresponding to each PM. We, also, propose an approach to predict a utility threshold that is used to drop the required amount of events to maintain a given latency bound. By extensive evaluations on two real-world datasets and several representative queries, we show that, in the majority of cases, our load shedding approach outperforms state-of-the-art load shedding approaches, w.r.t. QoR.}, url = {http://www2.informatik.uni-stuttgart.de/cgi-bin/NCSTRL/NCSTRL_view.pl?id=INPROC-2020-29&engl=1} } @inproceedings {INPROC-2020-28, author = {Jonathan Falk and Frank D{\"u}rr and Kurt Rothermel}, title = {{Time-Triggered Traffic Planning for Data Networks with Conflict Graphs}}, booktitle = {26th IEEE Real-Time and Embedded Technology and Applications Symposium (RTAS 2020)}, address = {Sydney, Australia}, publisher = {IEEE}, institution = {University of Stuttgart, Faculty of Computer Science, Electrical Engineering, and Information Technology, Germany}, type = {Conference Paper}, month = {April}, year = {2020}, keywords = {Real-Time; Traffic-Planning; Time-Triggered}, language = {English}, cr-category = {C.2.4 Distributed Systems}, ee = {ftp://ftp.informatik.uni-stuttgart.de/pub/library/ncstrl.ustuttgart_fi/INPROC-2020-28/INPROC-2020-28.pdf}, department = {University of Stuttgart, Institute of Parallel and Distributed Systems, Distributed Systems}, abstract = {Traffic planning is the key enabler of time-triggered real-time communication in distributed systems, and it is known to be notoriously hard. Current approaches predominantly tackle the problem in the domain of the traffic planning problem, e.g., by formulating constraints on the transmission schedules for individual data streams, or the links used by the data streams. This results in a high degree of coupling of the configuration of an individual data stream and the global (network-wide) traffic configuration with detrimental effects on the scalability and runtime of the planning phase. In contrast, we present a configuration-conflict graph based approach, which solves the original traffic planning problem by searching an independent vertex set in the conflict graph. We show how to derive the configuration-conflict graph, and discuss the conceptual advantages of this approach. To show the practical advantages of the conflict-graph based traffic planning approach we additionally present a proof-of-concept implementation and evaluate it against a reference ILP-based implementation. In our evaluations, our proof-of-concept implementation of the conflict-graph based approach outperforms the reference ILP and is more memory efficient, making it a promising alternative to current constraint-based traffic planning approaches.}, url = {http://www2.informatik.uni-stuttgart.de/cgi-bin/NCSTRL/NCSTRL_view.pl?id=INPROC-2020-28&engl=1} } @inproceedings {INPROC-2020-05, author = {Ben William Carabelli and Frank D{\"u}rr and Kurt Rothermel}, title = {{SCRaM -- State-Consistent Replication Management for Networked Control Systems}}, booktitle = {11th IEEE/ACM International Conference on Cyber-Physical Systems (ICCPS)}, address = {Sydney, NSW, Australia}, publisher = {IEEE}, institution = {University of Stuttgart, Faculty of Computer Science, Electrical Engineering, and Information Technology, Germany}, type = {Conference Paper}, month = {April}, year = {2020}, language = {English}, cr-category = {C.2.4 Distributed Systems, C.4 Performance of Systems}, ee = {ftp://ftp.informatik.uni-stuttgart.de/pub/library/ncstrl.ustuttgart_fi/INPROC-2020-05/INPROC-2020-05.pdf}, contact = {Ben Carabelli ben.carabelli@ipvs.uni-stuttgart.de}, department = {University of Stuttgart, Institute of Parallel and Distributed Systems, Distributed Systems}, abstract = {Networked control systems (NCS) consist of sensors and actuators that are connected to a controller through a packet-switched network in a feedback loop to control physical systems in diverse application areas such as industry, automotive, or power infrastructure. The control of critical real-time systems places strong requirements on the latency and reliability of both the communication network and the controller. In this paper, we consider the problem of increasing the reliability of an NCS subject to crash failures and message loss by replicating the controller component. Previous replication schemes for real-time systems have focused on ensuring that no conflicting values are sent to the actuators by different replicas. Since this property, which we call output consistency, only refers to the values within one time step, it is insufficient for reasoning about the formal conditions under which a group of replicated controllers behaves equivalent to a non-replicated controller. Therefore, we propose the stronger state consistency property, which ensures that the sequence of values produced by the replicated controller exhibits the same dynamical behaviour as a non-replicated controller. Moreover, we present SCRaM, a protocol for replicating generic periodically sampled controllers that satisfies both of these consistency requirements. To demonstrate the effectiveness of our approach, we evaluated it experimentally for the control of a cart-driven inverted pendulum.}, url = {http://www2.informatik.uni-stuttgart.de/cgi-bin/NCSTRL/NCSTRL_view.pl?id=INPROC-2020-05&engl=1} } @inproceedings {INPROC-2020-02, author = {David Hellmanns and Jonathan Falk and Alexander Glavackij and Ren{\'e} Hummen and Stephan Kehrer and Frank D{\"u}rr}, title = {{On the Performance of Stream-based, Class-based Time-aware Shaping and Frame Preemption in TSN}}, booktitle = {Proceedings of 2020 IEEE International Conference on Industrial Technology (ICIT), Buenos Aires, Argentinia, February 26–28, 2020}, address = {Buenos Aires}, publisher = {IEEE Xplore}, institution = {University of Stuttgart, Faculty of Computer Science, Germany}, pages = {1--6}, type = {Conference Paper}, month = {February}, year = {2020}, language = {English}, cr-category = {C.2.4 Distributed Systems}, ee = {ftp://ftp.informatik.uni-stuttgart.de/pub/library/ncstrl.ustuttgart_fi/INPROC-2020-02/INPROC-2020-02.pdf}, contact = {david.hellmanns@ipvs.uni-stuttgart.de}, department = {University of Stuttgart, Institute of Parallel and Distributed High-Performance Systems, Distributed Systems}, abstract = {Time-sensitive Networking (TSN) is an evolving group of IEEE standards for deterministic real-time communication making standard Ethernet technology applicable to safety-critical application domains such as manufacturing or automotive systems. TSN includes several mechanisms influencing the timely forwarding of traffic, in particular, a time-triggered scheduling mechanism called time-aware shaper (TAS) and frame preemption to reduce the blocking time of high-priority traffic by low-priority traffic. Although these mechanisms have been standardized and products implementing them begin to enter the market, it is still hard for practitioners to select and apply suitable mechanisms fitting the problem at hand. For instance, TAS schedules can be calculated for individual streams or classes of traffic, and frame preemption with strict priority scheduling (w/o TAS) might seem to be an option in networks with extremely high data rates. In this paper, we make a first step towards assisting practitioners in making an informed decision when choosing between stream-based TAS, class-based TAS, and frame preemption by comparing these mechanisms in selected scenarios using our TSN network simulation tool NeSTiNg. Moreover, to facilitate the application of class-based TAS, we derive a formula for calculating class-based TAS configuration.}, url = {http://www2.informatik.uni-stuttgart.de/cgi-bin/NCSTRL/NCSTRL_view.pl?id=INPROC-2020-02&engl=1} } @inproceedings {INPROC-2020-01, author = {Mohamed Abdelaal and Mustafa Karadeniz and Frank Duerr and Kurt Rothermel}, title = {{liteNDN: QoS-Aware Packet Forwarding and Caching for Named Data Networks}}, booktitle = {Proceedings of the IEEE Consumer Communications and Networking Conference (CCNC)}, address = {Las Vegas, USA}, publisher = {IEEE}, institution = {University of Stuttgart, Faculty of Computer Science, Electrical Engineering, and Information Technology, Germany}, pages = {1--9}, type = {Conference Paper}, month = {January}, year = {2020}, keywords = {Named Data Networking; Forwarding Strategy; Caching Policy; Quality of Service}, language = {English}, cr-category = {C.2.2 Network Protocols}, ee = {ftp://ftp.informatik.uni-stuttgart.de/pub/library/ncstrl.ustuttgart_fi/INPROC-2020-01/INPROC-2020-01.pdf}, department = {University of Stuttgart, Institute of Parallel and Distributed Systems, Distributed Systems}, abstract = {Recently, named data networking (NDN) has been introduced to connect the world of computing devices via naming data instead of their containers. Through this strategic change, NDN brings several new features to network communication, including in-network caching, multipath forwarding, built-in multicast, and data security. Despite these unique features of NDN networking, there exist plenty of opportunities for continuing developments, especially with packet forwarding and caching. In this context, we introduce liteNDN, a novel forwarding and caching strategy for NDN networks. liteNDN comprises a cooperative forwarding strategy through which NDN routers share their knowledge, i.e. data names and interfaces, to optimize their packet forwarding decisions. Subsequently, liteNDN leverages that knowledge to estimate the probability of each downstream path to swiftly retrieve the requested data. Additionally, liteNDN exploits heuristics, such as routing costs and data significance, to make proper decisions about caching normal as well as segmented packets. The proposed approach has been extensively evaluated in terms of the data retrieval latency, network utilization, and the cache hit rate. The results showed that liteNDN, compared to conventional NDN forwarding and caching strategies, achieves much less latency while reducing the unnecessary traffic and caching activities.}, url = {http://www2.informatik.uni-stuttgart.de/cgi-bin/NCSTRL/NCSTRL_view.pl?id=INPROC-2020-01&engl=1} } @article {ART-2020-21, author = {Ahmad Slo and Sukanya Bhowmik and Kurt Rothermel}, title = {{State-Aware Load Shedding from Input Event Streams in Complex Event Processing}}, journal = {IEEE Transactions on Big Data}, publisher = {IEEE}, pages = {1--18}, type = {Article in Journal}, month = {December}, year = {2020}, isbn = {10.1109/TBDATA.2020.3047438}, language = {English}, cr-category = {C.2.4 Distributed Systems}, ee = {ftp://ftp.informatik.uni-stuttgart.de/pub/library/ncstrl.ustuttgart_fi/ART-2020-21/ART-2020-21.pdf}, department = {University of Stuttgart, Institute of Parallel and Distributed Systems, Distributed Systems}, abstract = {In complex event processing (CEP), load shedding is performed to maintain a given latency bound during overload situations when there is a limitation on resources. However, shedding load implies degradation in the quality of results (QoR). Therefore, it is crucial to perform load shedding in a way that has the lowest impact on QoR. Researchers, in the CEP domain, propose to drop either events or partial matches (PMs) in overload cases. They assign utilities to events or PMs by considering either the importance of events or the importance of PMs but not both together. In this paper, we combine these approaches where we propose to assign a utility to an event by considering both the event importance and the importance of PMs. We propose two load shedding approaches for CEP systems. The first approach drops events from PMs, while the second approach drops events from windows. We adopt a probabilistic model that uses the type and position of an event in a window and the state of a PM to assign a utility to an event. We, also, propose an approach to predict a utility threshold that is used to drop the required amount of events to maintain a given latency bound. By extensive evaluations on two real-world datasets and several representative queries, we show that, in the majority of cases, our load shedding approach outperforms state-of-the-art load shedding approaches, w.r.t. QoR.}, url = {http://www2.informatik.uni-stuttgart.de/cgi-bin/NCSTRL/NCSTRL_view.pl?id=ART-2020-21&engl=1} } @article {ART-2020-03, author = {Mohamed Abdelaal and Suriya Sekar and Frank Duerr and Susanne Becker and Kurt Rothermel and Dieter Fritsch}, title = {{MapSense: Grammar-Supported Inference of Indoor Objects from Crowd-Sourced 3D Point Clouds}}, journal = {Transactions on Internet of Things (TIOT)}, publisher = {ACM (Online)}, pages = {1--28}, type = {Article in Journal}, month = {January}, year = {2020}, doi = {10.1145/3379342}, keywords = {Indoor Mapping; Crowd-sensing; Machine Learning; Formal Grammars; QoS-aware Sensing}, language = {English}, cr-category = {C.2.4 Distributed Systems}, ee = {ftp://ftp.informatik.uni-stuttgart.de/pub/library/ncstrl.ustuttgart_fi/ART-2020-03/ART-2020-03.pdf}, department = {University of Stuttgart, Institute of Parallel and Distributed Systems, Distributed Systems}, abstract = {Recently, indoor modeling has gained increased attention thanks to the immense need for realizing efficient indoor location-based services. Indoor environments de facto differ from outdoor spaces in two aspects: spaces are smaller and there are many structural objects such as walls, doors, and furniture. To model the indoor environments in a proper manner, novel data acquisition concepts and data modeling algorithms have been devised to meet the requirements of indoor spatial applications. In this realm, several research efforts have been exerted. Nevertheless, these efforts mostly suffer either from adopting impractical data acquisition methods or from being limited to 2D modeling. To overcome these limitations, we introduce the MapSense approach that automatically derives indoor models from 3D point clouds collected by individuals using mobile devices, such as Google Tango, Apple ARKit, and Microsoft HoloLens. To this end, MapSense leverages several computer vision and machine learning algorithms for precisely inferring the structural objects. In MapSense, we mainly focus on improving the modeling accuracy through adopting formal grammars which encode design-time knowledge, i.e. structural information about the building. In addition to modeling accuracy, MapSense considers the energy overhead on the mobile devices via developing a probabilistic quality model through which the mobile devices solely upload high-quality point clouds to the crowd-sensing servers. To demonstrate the performance of MapSense, we implemented a crowdsensing Android App to collect 3D point clouds from two different buildings by six volunteers. The results showed that MapSense can accurately infer the various structural objects together with drastically reducing the energy overhead on the mobile devices.}, url = {http://www2.informatik.uni-stuttgart.de/cgi-bin/NCSTRL/NCSTRL_view.pl?id=ART-2020-03&engl=1} }