Journal of Systems Architecture最新文献

SAMFL: Secure Aggregation Mechanism for Federated Learning with Byzantine-robustness by functional encryption SAMFL：通过功能加密实现拜占庭稳健性的联盟学习安全聚合机制

IF 3.7 2区计算机科学 Q1 COMPUTER SCIENCE, HARDWARE & ARCHITECTURE

Journal of Systems Architecture

Pub Date : 2024-11-13 DOI: 10.1016/j.sysarc.2024.103304

Menghong Guan , Haiyong Bao , Zhiqiang Li , Hao Pan , Cheng Huang , Hong-Ning Dai

Federated learning (FL) enables collaborative model training without sharing private data, thereby potentially meeting the growing demand for data privacy protection. Despite its potentials, FL also poses challenges in achieving privacy-preservation and Byzantine-robustness when handling sensitive data. To address these challenges, we present a novel Secure Aggregation Mechanism for Federated Learning with Byzantine-Robustness by Functional Encryption (SAMFL). Our approach designs a novel dual-decryption multi-input functional encryption (DD-MIFE) scheme, which enables efficient computation of cosine similarities and aggregation of encrypted gradients through a single ciphertext. This innovative scheme allows for dual decryption, producing distinct results based on different keys, while maintaining high efficiency. We further propose TF-Init, integrating DD-MIFE with Truth Discovery (TD) to eliminate the reliance on a root dataset. Additionally, we devise a secure cosine similarity calculation aggregation protocol (SC2AP) using DD-MIFE, ensuring privacy-preserving and Byzantine-robust FL secure aggregation. To enhance FL efficiency, we employ single instruction multiple data (SIMD) to parallelize encryption and decryption processes. Concurrently, to preserve accuracy, we incorporate differential privacy (DP) with selective clipping of model layers within the FL framework. Finally, we integrate TF-Init, SC2AP, SIMD, and DP to construct SAMFL. Extensive experiments demonstrate that SAMFL successfully defends against both inference attacks and poisoning attacks, while improving efficiency and accuracy compared to existing methods. SAMFL provides a comprehensive integrated solution for FL with efficiency, accuracy, privacy-preservation, and robustness.

联盟学习（FL）可以在不共享私人数据的情况下进行协作模型训练，从而有可能满足日益增长的数据隐私保护需求。尽管联合学习潜力巨大，但在处理敏感数据时，如何实现隐私保护和拜占庭稳健性也是一个挑战。为了应对这些挑战，我们提出了一种通过功能加密实现拜占庭稳健性的联邦学习安全聚合机制（SAMFL）。我们的方法设计了一种新颖的双解密多输入函数加密（DD-MIFE）方案，可通过单个密文高效计算余弦相似度和聚合加密梯度。这种创新方案允许双重解密，根据不同的密钥产生不同的结果，同时保持高效率。我们进一步提出了 TF-Init，将 DD-MIFE 与真相发现 (TD) 相结合，消除了对根数据集的依赖。此外，我们还设计了一种使用 DD-MIFE 的安全余弦相似性计算聚合协议（SC2AP），以确保隐私保护和拜占庭式的 FL 安全聚合。为了提高 FL 效率，我们采用了单指令多数据（SIMD）来并行处理加密和解密过程。同时，为了保持准确性，我们在 FL 框架内采用了选择性剪切模型层的差分隐私（DP）技术。最后，我们整合了 TF-Init、SC2AP、SIMD 和 DP，构建了 SAMFL。广泛的实验证明，与现有方法相比，SAMFL 成功抵御了推理攻击和中毒攻击，同时提高了效率和准确性。SAMFL 为 FL 提供了一个全面的综合解决方案，它兼具效率、准确性、隐私保护和鲁棒性。

{"title":"SAMFL: Secure Aggregation Mechanism for Federated Learning with Byzantine-robustness by functional encryption","authors":"Menghong Guan , Haiyong Bao , Zhiqiang Li , Hao Pan , Cheng Huang , Hong-Ning Dai","doi":"10.1016/j.sysarc.2024.103304","DOIUrl":"10.1016/j.sysarc.2024.103304","url":null,"abstract":"<div><div>Federated learning (FL) enables collaborative model training without sharing private data, thereby potentially meeting the growing demand for data privacy protection. Despite its potentials, FL also poses challenges in achieving privacy-preservation and Byzantine-robustness when handling sensitive data. To address these challenges, we present a novel <strong>S</strong>ecure <strong>A</strong>ggregation <strong>M</strong>echanism for <strong>F</strong>ederated <strong>L</strong>earning with Byzantine-Robustness by Functional Encryption (SAMFL). Our approach designs a novel dual-decryption multi-input functional encryption (DD-MIFE) scheme, which enables efficient computation of cosine similarities and aggregation of encrypted gradients through a single ciphertext. This innovative scheme allows for dual decryption, producing distinct results based on different keys, while maintaining high efficiency. We further propose TF-Init, integrating DD-MIFE with Truth Discovery (TD) to eliminate the reliance on a root dataset. Additionally, we devise a secure cosine similarity calculation aggregation protocol (SC2AP) using DD-MIFE, ensuring privacy-preserving and Byzantine-robust FL secure aggregation. To enhance FL efficiency, we employ single instruction multiple data (SIMD) to parallelize encryption and decryption processes. Concurrently, to preserve accuracy, we incorporate differential privacy (DP) with selective clipping of model layers within the FL framework. Finally, we integrate TF-Init, SC2AP, SIMD, and DP to construct SAMFL. Extensive experiments demonstrate that SAMFL successfully defends against both inference attacks and poisoning attacks, while improving efficiency and accuracy compared to existing methods. SAMFL provides a comprehensive integrated solution for FL with efficiency, accuracy, privacy-preservation, and robustness.</div></div>","PeriodicalId":50027,"journal":{"name":"Journal of Systems Architecture","volume":"157 ","pages":"Article 103304"},"PeriodicalIF":3.7,"publicationDate":"2024-11-13","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"142651997","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

引用次数: 0

ZNS-Cleaner: Enhancing lifespan by reducing empty erase in ZNS SSDs ZNS-Cleaner：通过减少 ZNS SSD 中的空擦除来延长使用寿命

IF 3.7 2区计算机科学 Q1 COMPUTER SCIENCE, HARDWARE & ARCHITECTURE

Journal of Systems Architecture

Pub Date : 2024-11-09 DOI: 10.1016/j.sysarc.2024.103303

Renping Liu , Xiao Xiao , Yang Zou , Peng Chen , Linbo Long , Anping Xiong , Duo Liu

The Zoned Namespace (ZNS) interface shifts data management responsibility to upper-level applications, which reclaims space by sending the zone-reset command to ZNS SSD devices. Due to a semantic barrier between upper-level applications and ZNS SSD devices, these applications struggle to understand the state of the flash blocks within the devices and arbitrarily send zone-reset commands to the devices. This results in significant empty pages being erased (empty erase), accelerating flash block aging and shortening the lifespan of ZNS SSDs.

To solve this problem, we decouple the zone-reset command at the upper-level applications from the erase operation at the devices, and propose ZNS-Cleaner to erase the flash blocks in ZNS SSDs. ZNS-Cleaner autonomously determines the timing of erasing, rather than relying on the zone-reset command. To fully use the empty pages, ZNS-Cleaner divides the storage space into page-level strips, and adopts these strips to reconstruct a new zone at runtime. Comprehensive evaluations show that ZNS-Cleaner reduces the empty erase by 87.2%, lowers the total erase count by 51.0%, decreases the max erase count of flash blocks up to

10 \times

and prolongs the lifespan

5.2 \times

averagely in ZNS SSDs.

分区命名空间（ZNS）接口将数据管理责任转移到上层应用，上层应用通过向 ZNS SSD 设备发送分区复位命令来收回空间。由于上层应用和 ZNS SSD 设备之间存在语义障碍，这些应用很难理解设备内闪存块的状态，并随意向设备发送区域重置命令。为了解决这个问题，我们将上层应用程序的区域复位命令与设备的擦除操作分离开来，并提出了 ZNS-Cleaner 来擦除 ZNS SSD 中的闪存块。ZNS-Cleaner 可自主决定擦除时间，而不是依赖于区域复位命令。为了充分利用空页面，ZNS-Cleaner 将存储空间划分为页面级条带，并在运行时采用这些条带重建新区域。综合评估结果表明，ZNS-Cleaner 减少了 87.2% 的空擦除，降低了 51.0% 的总擦除次数，使闪存块的最大擦除次数减少了 10 倍，并使 ZNS SSD 的平均使用寿命延长了 5.2 倍。

{"title":"ZNS-Cleaner: Enhancing lifespan by reducing empty erase in ZNS SSDs","authors":"Renping Liu , Xiao Xiao , Yang Zou , Peng Chen , Linbo Long , Anping Xiong , Duo Liu","doi":"10.1016/j.sysarc.2024.103303","DOIUrl":"10.1016/j.sysarc.2024.103303","url":null,"abstract":"<div><div>The Zoned Namespace (ZNS) interface shifts data management responsibility to upper-level applications, which reclaims space by sending the zone-reset command to ZNS SSD devices. Due to a semantic barrier between upper-level applications and ZNS SSD devices, these applications struggle to understand the state of the flash blocks within the devices and arbitrarily send zone-reset commands to the devices. This results in significant empty pages being erased (empty erase), accelerating flash block aging and shortening the lifespan of ZNS SSDs.</div><div>To solve this problem, we decouple the zone-reset command at the upper-level applications from the erase operation at the devices, and propose ZNS-Cleaner to erase the flash blocks in ZNS SSDs. ZNS-Cleaner autonomously determines the timing of erasing, rather than relying on the zone-reset command. To fully use the empty pages, ZNS-Cleaner divides the storage space into page-level strips, and adopts these strips to reconstruct a new zone at runtime. Comprehensive evaluations show that ZNS-Cleaner reduces the empty erase by 87.2%, lowers the total erase count by 51.0%, decreases the max erase count of flash blocks up to <span><math><mrow><mn>10</mn><mo>×</mo></mrow></math></span> and prolongs the lifespan <span><math><mrow><mn>5</mn><mo>.</mo><mn>2</mn><mo>×</mo></mrow></math></span> averagely in ZNS SSDs.</div></div>","PeriodicalId":50027,"journal":{"name":"Journal of Systems Architecture","volume":"157 ","pages":"Article 103303"},"PeriodicalIF":3.7,"publicationDate":"2024-11-09","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"142651996","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

引用次数: 0

Using MAST for modeling and response-time analysis of real-time applications with GPUs 利用 MAST 对使用 GPU 的实时应用程序进行建模和响应时间分析

IF 3.7 2区计算机科学 Q1 COMPUTER SCIENCE, HARDWARE & ARCHITECTURE

Journal of Systems Architecture

Pub Date : 2024-11-08 DOI: 10.1016/j.sysarc.2024.103300

Iosu Gomez , Unai Díaz de Cerio , Jorge Parra , Juan M. Rivas , J. Javier Gutiérrez , Michael González Harbour

The ever increasing computing demands in embedded systems is driving the adoption of hardware accelerators such as GPUs, which offer powerful platforms that can compute parallel workloads efficiently. Relevant critical applications that benefit from such platforms, for instance autonomous driving, usually impose additional real-time requirements that must be met to guarantee the correctness of the systems. In this paper, we propose exploiting readily available and extensively validated techniques to model and analyze real-time systems with GPUs. Specifically, we propose a methodology to employ the MAST model to characterize such systems, and different variants of the Offset-Based Response-Time Analysis techniques to validate the real-time requirements. We verify our approach with a real industrial application sourced from the railway industry. Through a comprehensive evaluation involving synthetic and real task-sets, we characterize the applicability of the approach, and we also show how estimated worst-case response times are aligned with real measurements up to 87.2%.

嵌入式系统日益增长的计算需求推动了 GPU 等硬件加速器的应用，它们提供了能够高效计算并行工作负载的强大平台。受益于此类平台的相关关键应用（如自动驾驶）通常会提出额外的实时要求，必须满足这些要求才能保证系统的正确性。在本文中，我们建议利用现成的、经过广泛验证的技术，对使用 GPU 的实时系统进行建模和分析。具体来说，我们提出了一种采用 MAST 模型来描述此类系统的方法，以及基于偏移的响应时间分析技术的不同变体来验证实时性要求。我们通过铁路行业的实际工业应用来验证我们的方法。通过涉及合成任务集和实际任务集的综合评估，我们确定了该方法的适用性，并展示了估计的最坏情况响应时间与实际测量值的吻合度高达 87.2%。

{"title":"Using MAST for modeling and response-time analysis of real-time applications with GPUs","authors":"Iosu Gomez , Unai Díaz de Cerio , Jorge Parra , Juan M. Rivas , J. Javier Gutiérrez , Michael González Harbour","doi":"10.1016/j.sysarc.2024.103300","DOIUrl":"10.1016/j.sysarc.2024.103300","url":null,"abstract":"<div><div>The ever increasing computing demands in embedded systems is driving the adoption of hardware accelerators such as GPUs, which offer powerful platforms that can compute parallel workloads efficiently. Relevant critical applications that benefit from such platforms, for instance autonomous driving, usually impose additional real-time requirements that must be met to guarantee the correctness of the systems. In this paper, we propose exploiting readily available and extensively validated techniques to model and analyze real-time systems with GPUs. Specifically, we propose a methodology to employ the MAST model to characterize such systems, and different variants of the Offset-Based Response-Time Analysis techniques to validate the real-time requirements. We verify our approach with a real industrial application sourced from the railway industry. Through a comprehensive evaluation involving synthetic and real task-sets, we characterize the applicability of the approach, and we also show how estimated worst-case response times are aligned with real measurements up to 87.2%.</div></div>","PeriodicalId":50027,"journal":{"name":"Journal of Systems Architecture","volume":"157 ","pages":"Article 103300"},"PeriodicalIF":3.7,"publicationDate":"2024-11-08","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"142651995","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"OA","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

引用次数: 0

Shift-and-Safe: Addressing permanent faults in aggressively undervolted CNN accelerators 移位与安全：解决严重欠压 CNN 加速器中的永久性故障

IF 3.7 2区计算机科学 Q1 COMPUTER SCIENCE, HARDWARE & ARCHITECTURE

Journal of Systems Architecture

Pub Date : 2024-11-05 DOI: 10.1016/j.sysarc.2024.103292

Yamilka Toca-Díaz, Rubén Gran Tejero, Alejandro Valero

Underscaling the supply voltage (

V_{d d}

) to ultra-low levels below the safe-operation threshold voltage (

V_{m i n}

) holds promise for substantial power savings in digital CMOS circuits. However, these benefits come with pronounced challenges due to the heightened risk of bitcell permanent faults stemming from process variations in current technology node sizes.

This work delves into the repercussions of such faults on the accuracy of a 16-bit fixed-point Convolutional Neural Network (CNN) inference accelerator powering on-chip activation memories at ultra-low

V_{d d}

voltages. Through an in-depth examination of fault patterns, memory usage, and statistical analysis of activation values, this paper introduces Shift-and-Safe: two novel and cost-effective microarchitectural techniques exploiting the presence of outlier activation values and the underutilization of activation memories. Particularly, activation outliers enable a shift-based data representation that reduces the impact of faults on the activation values, whereas the memory underutilization is exploited to maintain a safe replica of affected activations in idle memory regions. Remarkably, these mechanisms do not add any burden to the programmer and are independent of application characteristics, rendering them easily deployable across real-world CNN accelerators.

Experimental results show that Shift-and-Safe maintains the CNN accuracy even in the presence of almost a quarter of the total activations with faults. In addition, average energy savings are by 5% and 11% compared to the state-of-the-art approach and a conventional accelerator supplied at

V_{m i n}

, respectively.

将电源电压（Vdd）降至低于安全操作阈值电压（Vmin）的超低水平，有望为数字 CMOS 电路节省大量功耗。然而，这些优势也带来了明显的挑战，因为在当前的技术节点尺寸下，工艺变化导致位元组永久故障的风险增加。这项研究深入探讨了这些故障对在超低 Vdd 电压下为片上激活存储器供电的 16 位定点卷积神经网络 (CNN) 推理加速器精度的影响。通过对故障模式、内存使用和激活值统计分析的深入研究，本文介绍了 Shift 和 Safe：两种新颖且经济高效的微体系结构技术，它们利用了异常激活值的存在和激活内存利用不足的问题。特别是，激活异常值使得基于移位的数据表示成为可能，从而减少故障对激活值的影响，而内存利用不足则被用来在空闲内存区域中维护受影响激活值的安全副本。值得注意的是，这些机制不会给程序员增加任何负担，而且与应用特性无关，因此很容易部署到现实世界的 CNN 加速器中。实验结果表明，即使存在故障的激活值几乎占总数的四分之一，Shift-and-Safe 也能保持 CNN 的准确性。此外，与最先进的方法和以 Vmin 提供的传统加速器相比，平均节能率分别为 5%和 11%。

{"title":"Shift-and-Safe: Addressing permanent faults in aggressively undervolted CNN accelerators","authors":"Yamilka Toca-Díaz, Rubén Gran Tejero, Alejandro Valero","doi":"10.1016/j.sysarc.2024.103292","DOIUrl":"10.1016/j.sysarc.2024.103292","url":null,"abstract":"<div><div>Underscaling the supply voltage (<span><math><msub><mrow><mi>V</mi></mrow><mrow><mi>d</mi><mi>d</mi></mrow></msub></math></span>) to ultra-low levels below the safe-operation threshold voltage (<span><math><msub><mrow><mi>V</mi></mrow><mrow><mi>m</mi><mi>i</mi><mi>n</mi></mrow></msub></math></span>) holds promise for substantial power savings in digital CMOS circuits. However, these benefits come with pronounced challenges due to the heightened risk of bitcell permanent faults stemming from process variations in current technology node sizes.</div><div>This work delves into the repercussions of such faults on the accuracy of a 16-bit fixed-point Convolutional Neural Network (CNN) inference accelerator powering on-chip activation memories at ultra-low <span><math><msub><mrow><mi>V</mi></mrow><mrow><mi>d</mi><mi>d</mi></mrow></msub></math></span> voltages. Through an in-depth examination of fault patterns, memory usage, and statistical analysis of activation values, this paper introduces Shift-and-Safe: two novel and cost-effective microarchitectural techniques exploiting the presence of outlier activation values and the underutilization of activation memories. Particularly, activation outliers enable a shift-based data representation that reduces the impact of faults on the activation values, whereas the memory underutilization is exploited to maintain a safe replica of affected activations in idle memory regions. Remarkably, these mechanisms do not add any burden to the programmer and are independent of application characteristics, rendering them easily deployable across real-world CNN accelerators.</div><div>Experimental results show that Shift-and-Safe maintains the CNN accuracy even in the presence of almost a quarter of the total activations with faults. In addition, average energy savings are by 5% and 11% compared to the state-of-the-art approach and a conventional accelerator supplied at <span><math><msub><mrow><mi>V</mi></mrow><mrow><mi>m</mi><mi>i</mi><mi>n</mi></mrow></msub></math></span>, respectively.</div></div>","PeriodicalId":50027,"journal":{"name":"Journal of Systems Architecture","volume":"157 ","pages":"Article 103292"},"PeriodicalIF":3.7,"publicationDate":"2024-11-05","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"142651434","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"OA","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

引用次数: 0

Function Placement Approaches in Serverless Computing: A Survey 无服务器计算中的函数放置方法：调查

IF 3.7 2区计算机科学 Q1 COMPUTER SCIENCE, HARDWARE & ARCHITECTURE

Journal of Systems Architecture

Pub Date : 2024-11-03 DOI: 10.1016/j.sysarc.2024.103291

Mohsen Ghorbian, Mostafa Ghobaei-Arani, Rohollah Asadolahpour-Karimi

Serverless computing is a new paradigm computing in cloud computing that allows developers to focus on code development without the need to manage infrastructure and enjoy the benefits of automatic scaling and low costs. The function placement mechanism is a critical concept in serverless computing that refers to choosing the optimal place for executing functions to improve the efficiency of resources and reduce the delay in executing functions. However, this process faces challenges such as the complexity of dynamic environments, heterogeneous resources, variable execution costs, and changes in the timing of requests, which make it challenging to choose the appropriate location for functions. This article provides a comprehensive overview of function placement mechanisms in serverless computing. It aims to introduce a comprehensive and systematic classification of critical approaches such as machine learning (ML)-based, heuristic-based, and model-based that are used in implementing function placement. Also, by examining each approach's strengths and weaknesses, this review article helps researchers and developers find a better perspective on the existing solutions and approaches and avoid repeated efforts by comprehensively reviewing previous research. In addition, by identifying research gaps and introducing new paths, this research provides the basis for improving future research.

无服务器计算是云计算中的一种新计算模式，它允许开发人员专注于代码开发，而无需管理基础设施，并享受自动扩展和低成本的好处。功能放置机制是无服务器计算中的一个重要概念，它指的是选择执行功能的最佳位置，以提高资源效率并减少执行功能的延迟。然而，这一过程面临着动态环境的复杂性、资源的异构性、执行成本的可变性以及请求时序的变化等挑战，这使得为函数选择合适的位置充满了挑战。本文全面概述了无服务器计算中的函数放置机制。它旨在全面系统地介绍用于实现函数放置的关键方法，如基于机器学习（ML）的方法、基于启发式的方法和基于模型的方法。同时，通过研究每种方法的优缺点，这篇综述文章有助于研究人员和开发人员从更好的角度看待现有的解决方案和方法，并通过全面回顾之前的研究避免重复劳动。此外，通过找出研究空白和引入新的研究路径，本研究还为改进未来研究提供了基础。

{"title":"Function Placement Approaches in Serverless Computing: A Survey","authors":"Mohsen Ghorbian, Mostafa Ghobaei-Arani, Rohollah Asadolahpour-Karimi","doi":"10.1016/j.sysarc.2024.103291","DOIUrl":"10.1016/j.sysarc.2024.103291","url":null,"abstract":"<div><div>Serverless computing is a new paradigm computing in cloud computing that allows developers to focus on code development without the need to manage infrastructure and enjoy the benefits of automatic scaling and low costs. The function placement mechanism is a critical concept in serverless computing that refers to choosing the optimal place for executing functions to improve the efficiency of resources and reduce the delay in executing functions. However, this process faces challenges such as the complexity of dynamic environments, heterogeneous resources, variable execution costs, and changes in the timing of requests, which make it challenging to choose the appropriate location for functions. This article provides a comprehensive overview of function placement mechanisms in serverless computing. It aims to introduce a comprehensive and systematic classification of critical approaches such as machine learning (ML)-based, heuristic-based, and model-based that are used in implementing function placement. Also, by examining each approach's strengths and weaknesses, this review article helps researchers and developers find a better perspective on the existing solutions and approaches and avoid repeated efforts by comprehensively reviewing previous research. In addition, by identifying research gaps and introducing new paths, this research provides the basis for improving future research.</div></div>","PeriodicalId":50027,"journal":{"name":"Journal of Systems Architecture","volume":"157 ","pages":"Article 103291"},"PeriodicalIF":3.7,"publicationDate":"2024-11-03","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"142651998","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

引用次数: 0

Implications of architecture and implementation choices on timing analysis of automotive CAN networks 架构和实施选择对汽车 CAN 网络时序分析的影响

IF 3.7 2区计算机科学 Q1 COMPUTER SCIENCE, HARDWARE & ARCHITECTURE

Journal of Systems Architecture

Pub Date : 2024-10-26 DOI: 10.1016/j.sysarc.2024.103290

Dongwen Yang , Marco Di Natale , Haibo Zeng

The Controller Area Network (CAN) protocol is widely adopted in industry such as automotive. It has been analyzed in a number of studies in the real-time systems community to compute the worst case response time of messages, based on an ideal model on the behavior of the message queuing and CAN controller. Recently, more results are being added to study systems that are not constructed according to the ideal model.

In this paper, we further investigate the architecture choices that may affect the timing analysis. Specifically, we provide an assessment on the practical relevance of several analysis results. We also present theory and empirical studies on the relative importance of architecture implementation issues that are quite common in real systems but further deviate from the ideal behavior. We also experimentally evaluate the response time while using TxObjects without preemption. We propose a heuristic for the design of multiple software queues when TxObjects are not preemptable. Finally, we derive an upper bound on the worst case response time when message output at the CAN driver is polling based.

控制器局域网（CAN）协议被汽车等行业广泛采用。实时系统领域的许多研究都对其进行了分析，根据报文队列和 CAN 控制器行为的理想模型，计算出报文的最坏响应时间。在本文中，我们将进一步研究可能影响时序分析的架构选择。具体而言，我们对几项分析结果的实用性进行了评估。我们还介绍了有关架构实现问题相对重要性的理论和实证研究，这些问题在实际系统中非常常见，但却进一步偏离了理想行为。我们还通过实验评估了在不抢占的情况下使用 TxObjects 的响应时间。我们提出了在 TxObjects 不可抢占时设计多个软件队列的启发式方法。最后，我们得出了 CAN 驱动程序基于轮询的报文输出时最坏情况下的响应时间上限。

{"title":"Implications of architecture and implementation choices on timing analysis of automotive CAN networks","authors":"Dongwen Yang , Marco Di Natale , Haibo Zeng","doi":"10.1016/j.sysarc.2024.103290","DOIUrl":"10.1016/j.sysarc.2024.103290","url":null,"abstract":"<div><div>The Controller Area Network (CAN) protocol is widely adopted in industry such as automotive. It has been analyzed in a number of studies in the real-time systems community to compute the worst case response time of messages, based on an ideal model on the behavior of the message queuing and CAN controller. Recently, more results are being added to study systems that are not constructed according to the ideal model.</div><div>In this paper, we further investigate the architecture choices that may affect the timing analysis. Specifically, we provide an assessment on the practical relevance of several analysis results. We also present theory and empirical studies on the relative importance of architecture implementation issues that are quite common in real systems but further deviate from the ideal behavior. We also experimentally evaluate the response time while using TxObjects without preemption. We propose a heuristic for the design of multiple software queues when TxObjects are not preemptable. Finally, we derive an upper bound on the worst case response time when message output at the CAN driver is polling based.</div></div>","PeriodicalId":50027,"journal":{"name":"Journal of Systems Architecture","volume":"157 ","pages":"Article 103290"},"PeriodicalIF":3.7,"publicationDate":"2024-10-26","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"142571478","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

引用次数: 0

TaPaFuzz: Hardware-accelerated RISC-V bare-metal firmware fuzzing using rapid job launches TaPaFuzz：利用快速作业启动进行硬件加速的 RISC-V 裸机固件模糊测试

IF 3.7 2区计算机科学 Q1 COMPUTER SCIENCE, HARDWARE & ARCHITECTURE

Journal of Systems Architecture

Pub Date : 2024-10-19 DOI: 10.1016/j.sysarc.2024.103288

Florian Meisel, Christoph Spang, David Volz, Andreas Koch

Fuzz testing serves as a key technique in software security aimed at identifying unexpected program behaviors by repeatedly executing the target program with auto-generated random inputs. Testing is integral to IoT device security but is hampered by the minimal observability features of typical in-market IoT devices. Moreover, the slow nature of a RISC-V software emulation on x86 host CPUs and the inaccuracies introduced by compiling IoT applications to a different ISA for execution on host systems pose significant challenges. Our software-hardware co-design surmounts these hurdles. Fuzzing jobs are prepared and evaluated on a host computer, while the actual execution with high-throughput tracing is performed on an FPGA. Advances in the host-to-FPGA interface together with an accelerated reset procedure between Fuzzer jobs effectively hide the costly host-FPGA communication, increasing the single-thread fuzzing performance by up to factor 11.7x that of the leading QEMU-based fuzzer AFL++ running on a very fast x86 CPU. We demonstrate practical usability by evaluating our framework on a collection of applications in a bare-metal environment.

模糊测试是软件安全领域的一项关键技术，旨在通过使用自动生成的随机输入重复执行目标程序来识别意外的程序行为。测试是物联网设备安全不可或缺的一部分，但由于市场上典型物联网设备的可观测性极差，测试工作受到阻碍。此外，RISC-V 软件在 x86 主机 CPU 上的仿真速度慢，以及将物联网应用程序编译成不同的 ISA 在主机系统上执行所带来的不准确性，都构成了巨大的挑战。我们的软硬件协同设计克服了这些障碍。模糊作业在主机上准备和评估，而具有高吞吐量跟踪功能的实际执行则在 FPGA 上进行。主机到 FPGA 接口的进步以及 Fuzzer 作业之间的加速重置程序，有效地隐藏了昂贵的主机-FPGA 通信，将单线程模糊性能提高了 11.7 倍，是在高速 x86 CPU 上运行的基于 QEMU 的领先模糊器 AFL++ 的 11.7 倍。我们在裸机环境下的一系列应用程序上评估了我们的框架，证明了它的实际可用性。

{"title":"TaPaFuzz: Hardware-accelerated RISC-V bare-metal firmware fuzzing using rapid job launches","authors":"Florian Meisel, Christoph Spang, David Volz, Andreas Koch","doi":"10.1016/j.sysarc.2024.103288","DOIUrl":"10.1016/j.sysarc.2024.103288","url":null,"abstract":"<div><div>Fuzz testing serves as a key technique in software security aimed at identifying unexpected program behaviors by repeatedly executing the target program with auto-generated random inputs. Testing is integral to IoT device security but is hampered by the minimal observability features of typical in-market IoT devices. Moreover, the slow nature of a RISC-V software emulation on x86 host CPUs and the inaccuracies introduced by compiling IoT applications to a different ISA for execution on host systems pose significant challenges. Our software-hardware co-design surmounts these hurdles. Fuzzing jobs are prepared and evaluated on a host computer, while the actual execution with high-throughput tracing is performed on an FPGA. Advances in the host-to-FPGA interface together with an accelerated reset procedure between Fuzzer jobs effectively hide the costly host-FPGA communication, increasing the single-thread fuzzing performance by up to factor 11.7x that of the leading QEMU-based fuzzer AFL++ running on a very fast x86 CPU. We demonstrate practical usability by evaluating our framework on a collection of applications in a bare-metal environment.</div></div>","PeriodicalId":50027,"journal":{"name":"Journal of Systems Architecture","volume":"156 ","pages":"Article 103288"},"PeriodicalIF":3.7,"publicationDate":"2024-10-19","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"142533508","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"OA","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

引用次数: 0

Verifiable privacy-preserving semantic retrieval scheme in the edge computing 边缘计算中可验证的隐私保护语义检索方案

IF 3.7 2区计算机科学 Q1 COMPUTER SCIENCE, HARDWARE & ARCHITECTURE

Journal of Systems Architecture

Pub Date : 2024-10-11 DOI: 10.1016/j.sysarc.2024.103289

Jiaqi Guo , Cong Tian , Qiang He , Liang Zhao , Zhenhua Duan

Edge computing, with its characteristics of low latency and low transmission costs, addresses the storage and computation challenges arising from the surge in network edge traffic. It enables users to leverage nearby edge servers for data outsourcing and retrieval. However, data outsourcing poses risks to data privacy. Although searchable encryption is proposed to secure search of outsourced data, existing schemes generally cannot meet the requirements of semantic search, and they also exhibit security risks and incur high search costs. In addition, edge servers may engage in malicious activities such as data tampering or forgery. Therefore, we propose a verifiable privacy-preserving semantic retrieval scheme named VPSR suitable for edge computing environments. We utilize the Doc2Vec method to extract text feature vectors and then convert them into matrix form to reduce storage space requirements for indexes, queries, and keys. We encrypt matrices using an improved secure k-nearest neighbor (kNN) algorithm based on learning with errors (LWE) and calculate text similarity by solving the Hadamard product between matrices. Additionally, we design an aggregable signature scheme and offload part of the result verification tasks to edge servers. Security and performance analysis results demonstrate that the VPSR scheme is suitable for edge computing environments with high encryption and search efficiency and low storage cost while ensuring security.

边缘计算具有低延迟和低传输成本的特点，可解决网络边缘流量激增带来的存储和计算挑战。它使用户能够利用附近的边缘服务器进行数据外包和检索。然而，数据外包给数据隐私带来了风险。虽然有人提出了可搜索加密技术来确保外包数据的搜索安全，但现有方案一般无法满足语义搜索的要求，而且还存在安全风险和高昂的搜索成本。此外，边缘服务器可能会从事篡改或伪造数据等恶意活动。因此，我们提出了一种适用于边缘计算环境的可验证隐私保护语义检索方案，名为 VPSR。我们利用 Doc2Vec 方法提取文本特征向量，然后将其转换为矩阵形式，以减少索引、查询和密钥的存储空间需求。我们使用基于误差学习（LWE）的改进型安全 k 近邻（kNN）算法对矩阵进行加密，并通过求解矩阵间的哈达玛乘积来计算文本相似性。此外，我们还设计了一种可聚合的签名方案，并将部分结果验证任务卸载到边缘服务器上。安全性和性能分析结果表明，VPSR 方案适用于边缘计算环境，在确保安全性的同时，还具有较高的加密和搜索效率以及较低的存储成本。

{"title":"Verifiable privacy-preserving semantic retrieval scheme in the edge computing","authors":"Jiaqi Guo , Cong Tian , Qiang He , Liang Zhao , Zhenhua Duan","doi":"10.1016/j.sysarc.2024.103289","DOIUrl":"10.1016/j.sysarc.2024.103289","url":null,"abstract":"<div><div>Edge computing, with its characteristics of low latency and low transmission costs, addresses the storage and computation challenges arising from the surge in network edge traffic. It enables users to leverage nearby edge servers for data outsourcing and retrieval. However, data outsourcing poses risks to data privacy. Although searchable encryption is proposed to secure search of outsourced data, existing schemes generally cannot meet the requirements of semantic search, and they also exhibit security risks and incur high search costs. In addition, edge servers may engage in malicious activities such as data tampering or forgery. Therefore, we propose a verifiable privacy-preserving semantic retrieval scheme named VPSR suitable for edge computing environments. We utilize the Doc2Vec method to extract text feature vectors and then convert them into matrix form to reduce storage space requirements for indexes, queries, and keys. We encrypt matrices using an improved secure k-nearest neighbor (kNN) algorithm based on learning with errors (LWE) and calculate text similarity by solving the Hadamard product between matrices. Additionally, we design an aggregable signature scheme and offload part of the result verification tasks to edge servers. Security and performance analysis results demonstrate that the VPSR scheme is suitable for edge computing environments with high encryption and search efficiency and low storage cost while ensuring security.</div></div>","PeriodicalId":50027,"journal":{"name":"Journal of Systems Architecture","volume":"156 ","pages":"Article 103289"},"PeriodicalIF":3.7,"publicationDate":"2024-10-11","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"142533507","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

引用次数: 0

The rCOS framework for multi-dimensional separation of concerns in model-driven engineering 模型驱动工程中多维关注点分离的 rCOS 框架

IF 3.7 2区计算机科学 Q1 COMPUTER SCIENCE, HARDWARE & ARCHITECTURE

Journal of Systems Architecture

Pub Date : 2024-10-06 DOI: 10.1016/j.sysarc.2024.103287

Bo Liu , Shmuel Tyszberowicz , Zhiming Liu

The software industry increasingly turns to Model-Driven Engineering (MDE) to mitigate complexity by automating model creation and transformation. Many organisations are pursuing Integrated Development Platforms (IDPs) to enhance automation in their software development processes within MDE. However, the adoption of MDE and engagement with IDPs remain limited due to concerns over their efficacy. We address these challenges in this review paper by introducing a framework for the formal refinement of component and object systems (rCOS). It provides: (1) a formal theory that consists of a modelling language (named OPL) with a calculus of refinement for object-oriented models and component models; (2) a suite of analysis and design techniques that facilitate abstractions and decompositions, leading to a multidimensional separation of concerns; and (3) an IDP (named rCOS Modeller) that supports modelling, design and verification from requirements elicitation through to coding. By advocating for an rCOS-enabled multidimensional approach to separating concerns, this paper offers a comprehensive solution to the challenges facing MDE and IDPs, paving the way for their successful implementation in practice. By delineating the emerging challenges and prospects associated with integrating formal methods for modelling and designing human-cyber–physical systems (HCPS), we show the potential of extending rCOS for MDE in HCPS.

软件行业越来越多地采用模型驱动工程（MDE），通过自动创建和转换模型来降低复杂性。许多组织都在采用集成开发平台（IDP）来提高 MDE 中软件开发流程的自动化程度。然而，由于人们对集成开发平台的功效存在疑虑，因此 MDE 的采用率和参与度仍然有限。在这篇综述论文中，我们通过引入组件和对象系统（rCOS）的正式完善框架来应对这些挑战。该框架提供了：(1) 一种由建模语言（名为 OPL）和面向对象模型和组件模型的精炼微积分组成的形式理论；(2) 一套便于抽象和分解的分析和设计技术，从而实现多维度的关注点分离；(3) 一种 IDP（名为 rCOS Modeller），支持从需求激发到编码的建模、设计和验证。通过倡导采用 rCOS 支持的多维方法来分离关注点，本文为 MDE 和 IDP 所面临的挑战提供了全面的解决方案，为它们在实践中的成功实施铺平了道路。通过描述与集成形式化方法来建模和设计人-网络-物理系统（HCPS）相关的新出现的挑战和前景，我们展示了在 HCPS 中扩展 rCOS 进行 MDE 的潜力。

{"title":"The rCOS framework for multi-dimensional separation of concerns in model-driven engineering","authors":"Bo Liu , Shmuel Tyszberowicz , Zhiming Liu","doi":"10.1016/j.sysarc.2024.103287","DOIUrl":"10.1016/j.sysarc.2024.103287","url":null,"abstract":"<div><div>The software industry increasingly turns to Model-Driven Engineering (MDE) to mitigate complexity by automating model creation and transformation. Many organisations are pursuing Integrated Development Platforms (IDPs) to enhance automation in their software development processes within MDE. However, the adoption of MDE and engagement with IDPs remain limited due to concerns over their efficacy. We address these challenges in this review paper by introducing a framework for the formal refinement of component and object systems (rCOS). It provides: (1) a formal theory that consists of a modelling language (named <em>OPL</em>) with a calculus of refinement for object-oriented models and component models; (2) a suite of analysis and design techniques that facilitate abstractions and decompositions, leading to a multidimensional separation of concerns; and (3) an IDP (named <em>rCOS Modeller</em>) that supports modelling, design and verification from requirements elicitation through to coding. By advocating for an rCOS-enabled multidimensional approach to separating concerns, this paper offers a comprehensive solution to the challenges facing MDE and IDPs, paving the way for their successful implementation in practice. By delineating the emerging challenges and prospects associated with integrating formal methods for modelling and designing human-cyber–physical systems (HCPS), we show the potential of extending rCOS for MDE in HCPS.</div></div>","PeriodicalId":50027,"journal":{"name":"Journal of Systems Architecture","volume":"156 ","pages":"Article 103287"},"PeriodicalIF":3.7,"publicationDate":"2024-10-06","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"142418576","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

引用次数: 0

On the degree of parallelism for parallel real-time tasks 关于并行实时任务的并行程度

IF 3.7 2区计算机科学 Q1 COMPUTER SCIENCE, HARDWARE & ARCHITECTURE

Journal of Systems Architecture

Pub Date : 2024-10-05 DOI: 10.1016/j.sysarc.2024.103286

Qingqiang He , Nan Guan , Zhe Jiang , Mingsong Lv

The degree of parallelism, which measures how a task can execute concurrently, is an important characterization in scheduling. This paper studies the degree of parallelism in the domain of real-time scheduling of parallel tasks, including the DAG task model and the conditional DAG task model. The definition of the degree of parallelism for DAG tasks is clarified; the definition and computing algorithm of the degree of parallelism for conditional DAG tasks are proposed. By leveraging the degree of parallelism, new response time bounds are derived and simple but effective real-time scheduling approaches are presented. This research is the first work to study the degree of parallelism for conditional DAG tasks and explore its benefits in real-time scheduling. Experimental results demonstrate that the proposed scheduling approaches significantly outperform existing state-of-the-art methods.

并行度衡量任务如何并发执行，是调度中的一个重要特征。本文研究了并行任务实时调度领域的并行度，包括 DAG 任务模型和条件 DAG 任务模型。明确了 DAG 任务并行度的定义；提出了条件 DAG 任务并行度的定义和计算算法。通过利用并行度，得出了新的响应时间界限，并提出了简单而有效的实时调度方法。这项研究首次研究了条件 DAG 任务的并行度，并探索了其在实时调度中的优势。实验结果表明，所提出的调度方法明显优于现有的最先进方法。

引用次数: 0