- A1.1.2. Hardware accelerators (GPGPU, FPGA, etc.)
- A1.1.4. High performance computing
- A1.1.5. Exascale
- A1.1.9. Fault tolerant systems
- A1.1.10. Reconfigurable architectures
- A1.3. Distributed Systems
- A1.3.5. Cloud
- A1.4. Ubiquitous Systems
- A2.1.9. Synchronous languages
- A2.1.10. Domain-specific languages
- A2.2. Compilation
- A2.3.1. Embedded systems
- A2.5.1. Software Architecture & Design
- A2.5.2. Component-based Design
- A2.5.4. Software Maintenance & Evolution
- A2.6.2. Middleware
- A2.6.4. Ressource management
- A4.9.1. Intrusion detection
- A4.9.3. Reaction to attacks
- A6.4.2. Stochastic control
- B4.5. Energy consumption
- B5.1. Factory of the future
- B6.1. Software industry
- B6.1.1. Software engineering
- B6.1.2. Software evolution, maintenance
- B6.4. Internet of things
- B6.5. Information systems
- B6.6. Embedded systems
- B8.1. Smart building/home
1 Team members, visitors, external collaborators
- Eric Rutten [Team leader, Inria, Researcher, HDR]
- Raphaël Bleuse [Univ Grenoble Alpes, Associate Professor]
- Gwenaël Delaval [Univ Grenoble Alpes, Associate Professor]
- Stéphane Mocanu [Institut polytechnique de Grenoble, Associate Professor, HDR]
- Sophie Cerf [Inria, until Sep 2021]
- Karim Fellah [Inria, from Nov 2021]
- Mahyar Tourchi Moghaddam [Inria, from Feb 2021 until Sep 2021]
- Quentin Guilloteau [Univ Grenoble Alpes]
- Estelle Hotellier [Inria]
- Mahyar Tourchi Moghaddam [Inria, Engineer, Jan 2021]
Interns and Apprentices
- David Nyarko Donkor [Inria, from Feb 2021 until Jul 2021]
- Ismail Hawila [Inria, from Feb 2021 until Jul 2021]
- Hassan Hijazi [Inria, from Feb 2021 until Jul 2021]
- Nelson Nkawa [Univ Grenoble Alpes, from Oct 2021]
- Nicolas Vallet [Inria, from Feb 2021 until Jul 2021]
- Jolahn Vaudey [Inria, from May 2021 until Jul 2021]
- Maria Immaculada Presseguer [Inria]
- Bogdan Robu [Univ Grenoble Alpes]
2 Overall objectives
Objective: control support for autonomic computing
Ctrl-A is motivated by the observation that computing systems, large (data centers) or small (embedded), are more and more required to be adaptive to the dynamical fluctuations of their environments and workloads, evolutions of their computing infrastructures (mobile, shared, or subject to faults), or changes in application modes and functionalities. Their administration, traditionally managed by human system administrators, needs to be automated in order to be efficient, safe and responsive. Autonomic Computing 21 is the approach that emerged in the early 2000's in distributed systems to answer that challenge, in the form of feedback loops for self-administration control. These loops address objectives like self-configuration (e.g. in service-oriented systems), self-optimization (resource consumption management e.g., energy), self-healing (fault-tolerance, resilience), self-protection (security and privacy).
Therefore, there is a pressing and increasing demand for methods and tools to design controllers for self-adaptive computing systems, that ensure quality and safety of the behavior of the controlled system. The critical importance of the quality of control on performance and safety in automated systems, in computing as elsewhere, calls for a departure from traditional approaches relying on ad hoc techniques, often empirical, unsafe and application-specific solutions.
The main objective of the Ctrl-A project-team is to develop a novel framework for model-based design of controllers in Autonomic Computing, exploiting techniques from Control Theory 19, particularly Discrete Event Systems 23, but also other forms. We want to contribute generic Software Engineering methods and tools for developers to design appropriate controllers for their particular reconfigurable architectures, software or hardware, and integrate them at middleware level. We want to improve concrete usability of techniques from Control Theory by specialists of computing systems 5, and to provide tool support for our methods in the form of specification languages and compilers.
We address policies for self-configuration, self-optimization (resource management, low power), self-healing (fault tolerance) and self-protection (security).
3 Research program
Modeling and control techniques for autonomic computing
Our research activity is mainly targeted at models and architectures, with also a notable part devoted to applications and case studies, in co-operations with specialists of the application domains, either academic researchers (e.g. in HPC) or industrial partners (e.g., CEA, Orange labs, in IoT). We adopt a strategy of parallel investigation of, on the one hand, generic models and tools for the design support for control in Autonomic Computing, and, on the other hand, experimental identification of needs and validation of proposals. Therefore we have activities related to several application domains, like middleware platforms for Cloud systems 2, HPC architectures (e.g., multi-core 9), Dynamic Partial Reconfiguration in FPGA-based hardware 1 and the IoT and smart environments 6.
The main objective of Ctrl-A translates into a number of scientific axes :
- (i) Design support for Control in Autonomic Computing : under the angle of Models and control (especially Discrete Event Systems), or at the level of Software Components and Architectures;
- (ii) Self-adaptive distributed and HPC systems : e.g., trade-off between parallelization and synchronization, Control-Theory based approach to minimization of cluster underuse, or to energy management through RAPL ;
- (iii) Self-adaptation in the IoT and Cyber-Physical Systems : e.g., middleware support for adaptive reliable design and deployment applied to smart building, autonomic Device Management for the IoT, coordinated application / infrastructure self-adaptations applied to smart Grid ;
- (iv) CyberSecurity & Self-protection in Industrial Control Systems : intrusion detection, automated risk analysis, embedded program emulation, Resilience and reaction, experimental lab.
Achieving the goals of Ctrl-A requires multidisciplinarity and expertise from several domains. The expertise in Autonomic Computing and programming languages is covered internally by members of the Ctrl-A team. On the side of theoretical aspects of control, we have active external collaborations with researchers specialized in Control Theory, in the domain of Discrete Event Systems as well as in classical, continuous control. Additionally, an important requirement for our research to have impact is to have access to concrete, real-world computing systems requiring reconfiguration control. We target autonomic computing at different scales, in embedded systems or in cloud infrastructures, which are traditionally different domains. This is addressed by external collaborations, with experts in either hardware or software platforms, who are generally missing our competences on model-based control of reconfigurations.
4 Application domains
Self-adaptive and reconfigurable computing systems in HPC and the IoT
We are attacking the problem of designing well-regulated and efficient self-adaptive computing systems by the development of novel strategies for systems management.
The kind of systems we typically target involve relatively coarse grained computation tasks (e.g. image processing or HPC tasks, components or services), assembled in workflows, application dependency graphs, or composites. At that level, there can be parallel and conditional branches, as well as choices that can be made between alternative branches, corresponding to different ways to perform that part of the application. Such tasks can be achieved following a choice of implementations or versions, such as in service oriented approaches. Each implementation has its own characteristics and requirements, e.g., w.r.t. resources consumed and QoS offered. The systems execution infrastructures present heterogeneity, with different computing processors, a variety of peripheral devices (e.g., I/O, video port, accelerators), and different means of communications. This hardware or middleware level also presents adaptation potential e.g., in varying quantities of resources or sleep and stand-by modes.
The kinds of control problems encountered in these adaptive systems concern the navigation in the configurations space defined by choice points at the levels of applications, tasks, and architecture. Upon events or conditions triggering reconfiguration and adaptation, the controller has to choose a next configuration where, on the one hand, all consistency constraints are satisfied w.r.t. dependencies and resources requirements. On the other hand, it has to apply a policy or strategy deciding between correct configurations which one to chose e.g. by optimizing one or more criteria, or by insuring reachability of some later configuration (goal or fallback). This targeted class of computing systems we consider is mid-sized, in the sense that the combinatorial complexity is large enough for manual solving to be impossible, while remaining within the range where supervisory control techniques are tractable. The pace of control is more sporadic, and slower than the instruction-level computation performance within the coarse-grained tasks.
The objectives of Ctrl-A will be achieved and evaluated in both of our main application domains, thereby exhibiting their similarities from the point of view of reconfiguration control. A first application domain is High Performance Computing. In this area, we currently focus especially on the management of Dynamic Partial Reconfiguration in FPGA based hardware, at the level of middleware . Here the particular application we consider is, as in our ANR project HPeC starting end of 2015, video image flow processing for smart cameras implemented on DPR FPGASs themselves embedded in drones .
A second general application domain to confront our models is the Internet of Things (IoT), more specifically self-adaptive middleware platforms for Smart Environments, or Industry 4.0 related topics, like SCADA. We focus on providing coordination components and controllers of software components and services, or rule-based middleware platforms. The adaptation problems concern both the functional aspects of the applications in a smart building, and the middleware support deployment and reconfiguration issues. We are considering perspectives concerning self-protection and security.
5 Social and environmental responsibility
5.1 Footprint of research activities
In the year 2021, again, the travels of the team has been drastically reduced, obviously due to sanitary restrictions.
Our activities involve running experiments on large computing infrastructures e.g., using Grid 5000, where we spend approx. 30 k hours of computing.
5.2 Impact of research results
We have research activities w.r.t. energy efficiency in computing systems, at the levels of nodes (RAPL) as well as at the higher level of grids (CiGri), which are contributing to a better mastered energy consumption in computing.
On the different aspect of sobriety concerning data and privacy, we also are interested in topics of locality of data in Fog/Edge architectures,in order to avoid, useless spreading of confidential data.
On a longer term, we are having reflexions on how to orient our research towards topics explicitely targeting environmental as well social impacts. In relation with our topic of autonomic management, for example, we consider control objectives involving trade-offs between performance or QoS and economy of resources and impact, so that users can choose a level of sobriety.
6 Highlights of the year
We are co-chairing, with the TIMA laboratory and CEA in Grenoble, the organization committee of the FETCH’22 summer school (École d’hiver Francophone sur les Technologies de Conception des Systèmes Embarqués Hétérogènes), which should have taken place in 2021 but had to be postponed to 2022 due to sanitary restrictions. (FETCH'22)
7 New software and platforms
7.1 New software
Compilers, Synchronous Language, Controller synthesis
Heptagon is an experimental language for the implementation of embedded real-time reactive systems. It is developed inside the Synchronics large-scale initiative, in collaboration with Inria Rhones-Alpes. It is essentially a subset of Lucid Synchrone, without type inference, type polymorphism and higher-order. It is thus a Lustre-like language extended with hierchical automata in a form very close to SCADE 6. The intention for making this new language and compiler is to develop new aggressive optimization techniques for sequential C code and compilation methods for generating parallel code for different platforms. This explains much of the simplifications we have made in order to ease the development of compilation techniques.
The current version of the compiler includes the following features: - Inclusion of discrete controller synthesis within the compilation: the language is equipped with a behavioral contract mechanisms, where assumptions can be described, as well as an "enforce" property part. The semantics of this latter is that the property should be enforced by controlling the behaviour of the node equipped with the contract. This property will be enforced by an automatically built controller, which will act on free controllable variables given by the programmer. This extension has been named BZR in previous works. - Expression and compilation of array values with modular memory optimization. The language allows the expression and operations on arrays (access, modification, iterators). With the use of location annotations, the programmer can avoid unnecessary array copies.
Adrien Guatto, Brice Gelineau, Cédric Pasteur, Eric Rutten, Gwenaël Delaval, Léonard Gérard, Marc Pouzet
UGA, ENS Paris, Inria, LIG
7.2 New platforms
Participants: Stéphane Mocanu.
Hardware-in-the-loop simulation software
Web site: G-ICS. Self-assessment:
- Software Family
- utility: Utility, (see Sae, Section 3.4).
- universe: wide-audience software (aims to be usable by a wide public, to become the reference software in its area, etc.).
- Evolution and maintenance:
- lts: long term support.
- Duration of the Development (Duration): years
Description : The embedded software on the electronic boards of the G-ICS HIL systems. The electronic board schematics as well as the PCB, embedded software, communication protocol specification and software interfaces with various simulators are provided in open source.
- Software Family
8 New results
8.1 Design support for Control in Autonomic Computing
8.1.1 Models and control
Participants: Sophie Cerf, Eric Rutten.
We work on the general notion of Software Engineering for designing controllers for Self-Adaptive Systems, and particularly the potential contribution of Control Theory to provide for Assurances in Self-Adaptive Software Systems (book chapter 5). We propose to consider feedback control as a behavioural model-based instanciation of the MAPE-K loop in Autonomic Computing (book chapter 8).
We are considering that complex systems can require multiple loops, motivated by the fact that different sub-problems can require combinations of different decision and control techniques.
One particularly interesting topic is the combination of Control and Machine Learning . In the framework of our cooperation with Nokia Bell-labs (See Section 9.1), and the Dyonisos team at Inria Rennes, we are considering the management of Software Defined Networks (SDN). The main approach, considering AI / Machine Learning, is developed at Inria Rennes. An ongoing topic is to consider that these reinforcement learning based approaches involve questions of trust and explanability. In our team we propose to address them by considering their composition (particularly Reinforcement and Neural Networks) with controllers based on Control Theory (particularly deterministic), in order to maintain guarantees on the behaviors of the managed system.
As a result we performed a survey of the state of the art in interactions between RL and control, some of them classic, ohers less explored. We also contributed to the identification of use-cases from our partners in the Inria/Nokia porject, and proposal of a control-based approach enabling the faster convergence of RL.
8.1.2 Discrete Control and reactive languages
Participants: Gwenaël Delaval, Jolahn Vaudey, Eric Rutten.
Our work in reactive programming for autonomic computing systems is focused on the specification and compilation of declarative control objectives, under the form of contracts, enforced upon classical mode automata as defined in synchronous languages. The compilation involves a phase of Discrete Controller Synthesis, integrating the tool ReaX, in order to obtain an imperative executable code. The programming language Heptagon / BZR (see Section 7.1.1 ) integrates our research results 3. The treatment of modularity in the compiler has been the object of the M1 internship of JolahnVaudey.
Ongoing topics are on :
- abstraction methods for compilation using discrete controller synthesis (needed for example, in order to program the controllers for systems where the useful data for control can be of arbitrary types (integer, real, ...), or also for systems which are naturally distributed, and require a decentralized controller).
- compilation and diagnosis for discrete controller synthesis. The compilation involving a phase of controller synthesis can fail to find a solution, if the problem is overconstrained. The compiler does notify so to the programmer, but the latter would need a diagnosis in order to understand where and how to debug the program. Such diagnosis is made especially difficult by the declarative nature of the synthesis.
Recent work concerns a methodology for the evaluation of controllers. We are considering that Discrete Controller Synthesis produces results that are correct by construction w.r.t. the formal specification, but in practice there remains to evaluate the obtained controller quantitatively, to check e.g., whether it is not overconstrained, and effectively producing the expected impact on the overall system behavior. We consider our work on self-protection (see Section 8.4.2) as a use case, evaluating the improvement of resilience of a system in the presence of attacks.
We used Heptagon/BZR as a simulation tool, to compare a program embedding a synthesized controller, with a similar program either without controller, or with a simple controller programmed manually, without use of discrete controller synthesis. The environment (alarms from an intrusion detection system) has been modeled also in Heptagon/BZR as a Markov chain, that can be simulated with an ad hoc Heptagon library. We then measure several values for each program version: average number of steps before the system get to a “safe” state (state where one remote processing unit do not work anymore because of the attacks), evolution in time of the average number of “programs” in “safe” mode. This evaluation by simulation confirm that the program with the synthesized controller is more efficient w.r.t. these measurements. In some specific cases, we are also able to compare the values obtained by simulation, with theoretical optimal values computed from the Markov chain of the environment.
8.1.3 Software Architectures for multiple loops
Participants: Mahyar Tourchi Moghaddam, Eric Rutten.
Complex Autonomic Computing Systems, as found typically in distributed systems, must involve multiple management loops, addressing different subproblems of the general management, and can be using different modeling, decision and control approaches (discrete 2, continuous, stochastic, machine-learning based, ...) They are generally addressing deployment and allocation of computations on resources w.r.t. QoS, load, faults, ... but following different, complementary approaches. Their execution needs to be distributed w.r.t. different characteristics such as latency (as in Fog and Edge Computing) or load. We are studying Software Architectures to address the design of such complex systems, generalizing from the similarities and recurring patterns appeaing in use-cases.
In past work (ICCAC17 25), we proposed a design framework for reliable multiple Autonomic Loops, motivated by the management of different functionalities, at different levels of the system, and/or with different decision models. Part of the ideas emerging from that work was followed upon in the different context of Cyber-Physical Systems and the CPS4EU project, where we explore software architectures for self-adaptative middleware support for IoT and CPS (22. We propose the separation of concerns between the description of the self-adaptation and configurations space at the different levels of applications or functionality on the one side, and infrastructure and resources on the other side. Each dimension can have its own dynamics, independently of the other, and can be designed separately, while both have to be coordinated.
We have instanciated this idea using models like queing networks (ECSA20 7), or constraint solving (HICSS22 14), with application to a use case in smart grids provided by a cooperation with RTE (see Section 8.3.2).
8.2 Self-adaptative distributed and HPC systems
Cloud and HPC (High-Performance Computing) systems have increasingly become more varying in their behavior, in particular in aspects such as performance and power consumption, and the fact that they are becoming less predictable demands more runtime management 9.
8.2.1 Sustaining performance while reducing energy consumption with a Control Theory Approach
Participants: Raphaël Bleuse, Sophie Cerf, Ismail Hawila, Eric Rutten.
We explore another form of trade-off between performance and resource and energy consumption, with the aim to sustain performance while reducing energy consumption with a Control Theory approach. The infrastructure is considered at a level close to the hardware, in that we use the RAPL (Running Average Power Limit) mechanism available in Intel processors. We exploit heterogeneity as an opportunity: as applications dynamically undergo variations in workload, due to phases or data/compute movement between devices, one can dynamically adjust power across compute elements to save energy without impacting performance. With an aim toward an au- tonomous and dynamic power management strategy for current and future HPC architectures, we explore the use of control theory for the design of a dynamic power regulation method, periodically monitoring application progress and choosing at runtime a suitable power cap for processors. Thanks to a preliminary offline identification process, we derive a model of the dynamics of the system and a proportional-integral (PI) controller. We evaluate our approach on top of an existing resource management framework, the Argo Node Resource Manager, deployed on several clusters of Grid’5000, using a standard memory-bound HPC benchmark (EuroPar21 11).
This work is done in cooperation with Swann Perarnau (Argonne National Lab., Chicago, IL) in the framework of the JLESC : Joint Laboratory on Extreme Scale Computing (see Section 10.1.1).
It has been the topic of the Master's thesis in Control Theory of Ismail Hawila 17.
8.2.2 A Control-Theory based approach to minimize cluster underuse
Participants: David Nyarko Donkor, Quentin Guilloteau, Bogdan Robu, Eric Rutten.
This resource harvesting problem is found in the context of CiGri, a simple, lightweight, scalable and fault tolerant grid system which exploits the unused resources of a set of computing clusters. In this work, we consider autonomic administration in HPC systems for scientific workflows management through a control theoretical approach. We propose a model described by parameters related to the key aspects of the infrastructure thus achieving a deterministic dynamical representation that covers the diverse and time-varying behaviors of the real computing system. We propose a model-predictive control loop to achieve two different objectives: maximize cluster utilization by best-effort jobs and control the file server’s load in the presence of external disturbances. The accuracy of the prediction relies on a parameter estimation scheme based on the EKF (Extended Kalman Filter) to adjust the predictive-model to the real system, making the approach adaptive to parametric variations in the infrastructure. The closed loop strategy shows performance improvement and consequently a reduction in the total computation time. The problem is addressed in a general way, to allow the implementation on similar HPC platforms, as well as scalability to different infrastructures.
We work in the context of CiGri, a lightweight grid system which harvests and exploits the unused resources of a set of computing clusters, by injecting best-effort jobs on top of the prioritary applications. We consider autonomic administration for scientific workflows management through a control theoretical ap- proach for maximizing usage while avoiding overload. We studied simple forms of control, as well as adaptive and an exten- sion with model free control. We first considered essentially the performance of harvesting itself, then integrated the problem of Distributed File Server load, that can heavily disturb prioritary ap- plications. We put an emphasis on reproducibility of experiments. (COMPAS21 15, ; ICSTCC21 12).
This work is done in cooperation with the Datamove team of Inria/LIG (O. Richard), and Gipsa-lab (B. Robu).
It has been the topic of the Master's theses in Control Theory of David Donkor 16, and it is the topic of the PhD thesis in Computer Science of Quentin Guilloteau.
8.2.3 Combining Scheduling and Autonomic Computing for Parallel Computing Resource Management
Participants: Raphaël Bleuse, Sophie Cerf, Quentin Guilloteau, Eric Rutten.
This research topic aims at studying the relationships between scheduling and autonomic computing techniques to manage resources for parallel computing platforms. The performance of such platforms has greatly improved (149 petaflops as of November 2019 24) at the cost of a greater complexity: the platforms now contain several millions of computing units. While these computation units are diverse, one has to consider other constraints such as the amount of free memory, the available bandwidth, or the energetic envelope. The variety of resources to manage builds complexity up on its own. For example, the performance of the platforms depends on the sequencing of the operations, the structure (or lack thereof) of the processed data, or the combination of application running simultaneously.
Scheduling techniques offer great tools to study/guaranty performances of the platforms, but they often rely on complex modeling of the platforms. They furthermore face scaling difficulties to match the complexity of new platforms. Autonomic computing manages the platform during runtime (on-line) in order to respond to the variability. This approach is structured around the concept of feedback loops. The scheduling community has studied techniques relying on autonomic notions, but it has failed to link the notions up.
We are starting to address this topic at the general level of a state of the art of relations between the two domains, and also at the more concrete and specific level of a real-world use-case, in the context of CiGri as above. Indeed this context features a RJMS (Resources and Jobs Management System) involving the OAR scheduler. Therefore we are identifying coordination with the previously described controller and OAR, ìn particular in such way that OAR is able to notify the controller of upcoming rises or falls of activity in prioritary tasks, and we are exploring how this information can be exploited by the controller, by adopting for example a feed Forward approach.
8.3 Self-Adaptation in the IoT and Cyber-Physical Systems
8.3.1 Device management
Participants: Ghada Moualla, Eric Rutten.
The Internet of Things and its massively de- ployed, dynamic, and heterogeneous devices appear to be all the more ubiquitous every day. In this context, Device Management (DM), i.e., the remote administration of IoT devices, becomes essential to keep them connected, up-to-date and secure, thus increasing their lifespan. Through firmware and configuration updates, troubleshooting, and monitoring, DM ensures the quality of service and user experience, deploying new features, and distributing security patches. Legacy DM solutions are adequate when dealing with home devices (such as routers and TV set-top boxes) but they need to be extended to adapt to the new requirements of IoT context. Indeed, these legacy solutions require advanced knowledge and skills, since they are operated manually by system administrators. Further, the static DM platform— a component above IoT platforms that offers advanced features such as campaign updates/ massive operation management— is unable to scale and adapt to the IoT dynamicity feature. To cope with such challenges raised by the IoT, a self- adaptive management architecture for IoT devices with run- time horizontal scaling capability of DM servers is proposed in this work. We build an autonomic manager, named Auto- Scaling Manager (ASM), that is capable of managing the DM system within the IoT context. This manager relies on constraint programming for decision-making that is integrated in an autonomic self-adaptation loop. We validate our solution with a scenario considered meaningful from a business perspective.
This work is in the framework of the Inria/Orange labs joint laboratory (see Section 9.1), and supported by the post-doctoral research of Ghada Moualla at Orange labs.
8.3.2 Self-adaptive support for Cyber-physical Systems
Participants: Karim Fellah, Stéphane Mocanu, Mahyar Tourchi Moghaddam, Eric Rutten.
In this work we consider self-adaptation at the level of Software Architectures, targeted at the domain of Cyber-Physical Systems. This activity takes place in the framework of the H2020 project CPS4EU In a preliminary phase, a litterature survey was undertaken, on the topic of Self-adaptive middleware support for Cyber-physical Systems, which is currently being finalized 22.
We develop a generic approach to model control loops and their interaction within the Internet of Things (IoT) environments. We take advantage of MAPE-K loops to enable architectural self-adaptation. The system’s architectural setting is aligned with the adaptation goals and the components run-time situation and constraints. First results were published in the ECSA2020 conference 7
A hierarchical architecture with a control mechanism formalized with constraint programming (CP) is modeled. The control system assesses the reconfigurations that enhance the quality of service (QoS) while considering the internal and external limitations. The CP considers the desired application level control modes and assesses their feasibility by computing the response time and availability using a Netflow algorithm. As an applicative use-case, we consider Smart Grid management, in cooperation with RTE (HICSS'22 14).
At a different level, we consider another use-case from RTE, focused on the substation level, under the angle of questions of resilience, seen under the approach of self-adaptation, and more particularly as self-protection in response to attacks of the network. We currently work on analysing the problem and modelling it in terms of its constraints.
Another application domain on which contacts are taken with ACOEM concern monitoring in Smart Cities. These industrial use-cases are a part of CPS4EU European industrial innovation project. It has been the topic of the Master's thesis of Hassan Hijazi 20
8.4 Cyber-Security & Self-protection
8.4.1 Intrusion detection in industrial control systems
Participants: Estelle Hotellier, Stéphane Mocanu.
First results on process oriented sequential attacks detection were obtained during Oualid Koucham’s PhD (, ). A complete intrusion detection and alert correlation framework was proposed and process oriented IDS and correla- tor where synthesised, implemented and available in open-source on-line (G-ICS). Smart-grid applications on intrusion detection and impact on dependability were presented in 10 .
We further develop the results for distributed and hierarchical systems in the PhD thesis of Estelle Hotellier. Some first results on the attacks on industrial speed driver controlled via CanOpen were presented in August 2021 in the local Barbhack Hacking conference. We recently extended Zeek IDS detection capabilities to CAN networks and the code will soon be freely available.
8.4.2 Resilience and reaction in Industrial Control Systems
Participants: Gwenaël Delaval, Stéphane Mocanu, Eric Rutten, Nicolas Vallet.
As consequences of attacks on Industrial Control Systems may be dramatic, an important topic in ICS cybersecurity is the improvement of cyber-resilience. Reaction in case of attacks is also a crucial and sensitive topic. Our approach for both resilience and reaction problems is based on the notion of self-protection, where self-adaptation takes the form of self-reconfiguration of the architecture. Based on a first approach developed in the PhD of Kabir-Querrec, and experience on modelling reconfiguration with DES, we formalized recently the self-protection problems as a DES control problems. A model and a formulation of the reconfiguration problem was specified in Heptagon/BZR (IFAC World 2020 conference 18). We are currently working on a method to evaluate the effectiveness of the obtained controllers related to section 8.1.2.
On the user-program verification side we started a study in 2021 on the modelling, correctness check and security properties enforcement of SFC-based PLC program. A modelling methodology of SFC programs in Heptagon/BZR was proposed together with a loop-checking algorithm. Using a model of safety properties as BZR contracts we proposed an automatic code generation that will enforce the security of the program. It was the topic of the Master's thesis of Nicolas Vallet 26
8.4.3 Automated risk analysis, and Embedded program verification
Participants: Nelson Nkawa, Mike Da Silva, Stéphane Mocanu.
One topic is in automated risk analysis, with the specification of a DSML dedicated to the automated analysis of the security of industrial control systems based on their safety properties. The idea is to extract the devices characteristic and the flow cartography from the configuration files and enrich the model with the description of the network infrastructure and available security measures. Based on public vulnerability databases a STRIDE threat model will be automatically constructed and a list of suggested measures proposed. An incipient proof of concept of automatic flow cartography based on configuration files was proposed in the PhD of Maëlle Kabir-Querrec.
Another topic concerns tools for the validation of embedded software (OS and controller user program) of industrial devices and in particular patch validation in conformity to the requirements of the IEC 62443 standard, symbolic execution of embedded software on an external emulator. Two PhD grants are starting on this topic : one is concerned with the synthesis of run-time monitoring tools for testing and validation of industrial devices software ; the other, is the PhD of Mike da Silva, supervised by Stéphane Mocanu, concerns symbolic execution of embedded software on an external emulator 13
9 Bilateral contracts and grants with industry
9.1 Bilateral grants with industry
Participants: Eric Rutten.
We have a cooperation with Orange labs, around the Orange postdoctoral grant of Ghada Moualla, on the topic of autonomic device management (see Section 8.3.1). This activity is part of the Inria/Orange joint laboratory.
Nokia / Bell labs
Participants: Sophie Cerf, Eric Rutten.
We have a research action with Nokia / Bell labs, in cooperation with project-team Dyonisos at Inria Rennes, on the topic of the Autonomic management in Software Defined Networks, as described in Section 8.1.1. This activity is part of the Inria/ Nokia / Bell labs joint laboratory.
Participants: Estelle Hotellier, Stéphane Mocanu.
We have a cooperation with Naval Group, around the PhD grant of Estelle Hotellier, on the topic of intrusion detection in complex Industrial Control Systems (ICSs), as described in Section 8.4.1. We are interested in Process-Aware attacks i.e. attacks that target the physical integrity of systems. We consider the hybrid nature of ICSs and our methodology applies for event-driven and continuous dynamical systems. We aim at developing a behavioral network traffic Intrusion Detection System (IDS) based on the ICS characterization through security properties. To do so, we extract system safety properties from standards, devices programs or system specifications and synthesize them into security patterns. These patterns are then monitored by our IDS which is in charge of raising alerts.
Participants: Mike da Silva, Stéphane Mocanu.
We have a cooperation with CEA, around the PhD grant of Mike da Silva, as described in Section 8.4.3. This PhD topic objective is to provide an automatic vulnerability extraction from a security oriented ICS architecture model. Existing modeling languages (SCL for substation and AutomationML for industrial automation) provide support for controller hardware and network accessible data description but not for complete data flow and network infrastructure description nor for vulnerabilities and their effects. We extend existing languages with support for network infrastructure modeling including security controls and data flow description together with a vulnerability data-base support. We will rely on public CVE data bases and an extensive study of industrial protocols formal verification including support for high-availability networks. The results of the automatic architecture model processing is used for threat modeling, attack scenario construction, attack impact assessment and eventually security controls choice assistance.
10 Partnerships and cooperations
10.1 International initiatives
10.1.1 Participation in other International Programs
Participants: Raphaël Bleuse, Sophie Cerf, Ismail Hawila, Eric Rutten.
We participate in the jLESC, Joint Laboratory for Extreme Scale Computing, with partners INRIA, the University of Illinois, Argonne National Laboratory, Barcelona Supercomputing Center, Jülich Supercom- puting Centre and RIKEN AICS. We started a cooperation with Argonne National Labs, on Improving the performance and energy efficiency of HPC applications using autonomic computing techniques (see Section 8.2.1). JLESC Autonomic
10.2 European initiatives
10.2.1 FP7 & H2020 projects
Participants: Karim Fellah, Mahyar Moghaddam, Stéphane Mocanu, Eric Rutten.
Cyber Physical Systems for Europe
- ABENGOA INNOVACION SOCIEDAD ANONIMA(Spain)
- ANSYS FRANCE SAS(France)
- BUDAPESTI MUSZAKI ES GAZDASAGTUDOMANYI EGYETEM(Hungary)
- CENTRE NATIONAL DE LA RECHERCHE SCIENTIFIQUE CNRS(France)
- COMMISSARIAT A L ENERGIE ATOMIQUE ET AUX ENERGIES ALTERNATIVES(France)
- EMMTRIX TECHNOLOGIES GMBH(Germany)
- ETH LAB SRL(Italy)
- EUROTECH SPA(Italy)
- FUNDACION CENTRO DE TECNOLOGIAS DE INTERACCION VISUAL Y COMUNICACIONES VICOMTECH (Spain)
- GREENWAVES TECHNOLOGIES (France)
- INSTITUTO TECNOLOGICO DE INFORMATICA (Spain)
- KALRAY SA(France)
- LEONARDO - SOCIETA PER AZIONI(Italy)
- M3 SYSTEMS SAS (France)
- PROVE & RUN (France)
- SCHNEIDER ELECTRIC FRANCE SAS(France)
- SEQUANS COMMUNICATIONS SA(France)
- SHERPA ENGINEERING SA (France)
- SPINSPLIT MUSZAKI KUTATO FEJLESZTOKFT (Hungary)
- TECHNISCHE UNIVERSITAT CLAUSTHAL(Germany)
- ECNOLOGIAS SERVICIOS TELEMATICOS Y SISTEMASSA (Spain)
- THALES (France)
- UNIVERSITAET AUGSBURG (Germany)
- UNIVERSITED E LORRAINE (France)
- UNIVERSITE GRENOBLE ALPES (France)
- VALEO COMFORT AND DRIVING ASSISTANCE (France)
- VALEO VISION SAS (France)
CPS4EUproposestoaddresstechnicalissuesandorganizationalissuesinanintegratedway. Hence, CPS4EU promotes a high level of sharing, so that an operational ecosystem, with adequate skills and expertise all along the value chain can enable, at the end of the project, the European industry to lead strategic markets based on CPS technologies.
In this project, the Ctrl-A team is involved in WP4 and WP9 mainly, on topics of Software Architec- tures for Self-Adaptive systems in CPS, and our main industrial collaboration is with RTE (see Section 8.3.2).
10.3 National initiatives
10.3.1 IRT Nanoelec Pulse program
Participants: Nelson Nkawa, Stéphane Mocanu.
The Pulse program aims the development for SCADA cybersecurity demonstrators. It has funded a Master grant in 2019, two master grants in 2020, one master grant in 2021 (see Section 8.4).
Participants: Raphaël Bleuse, Gwenaël Delaval, Stéphane Mocanu, Eric Rutten.
11.1 Promoting scientific activities
11.1.1 Scientific events: organisation
General chair, scientific chair
Eric Rutten is co-chairing, with Liliana Andrade (Université Grenoble Alpes, TIMA) and Pascal Vivet (CEA List), FETCH 2022 (École d’hiver Francophone sur les Technologies de Conception des Systèmes Embarqués Hétérogènes) the 15th Winter School on Heterogeneous Embedded Systems Design Technologies, postponed to 2022 due to sanitary restrictions. FETCH'22
11.1.2 Scientific events: selection
Chair of conference program committees
Mahyar Tourchi Moghaddam and Eric Rutten are co-chairing, with G. Giraud (RTE), SE4ICPS, the Workshop on Software Engineering for Industrial Cyber-Physical Systems, at COMPSAC 2021
Member of the conference program committees
Eric Rutten is PC member for :
- international conferences :
- CPS& IoT’2021- the 9th International Conference on Cyber-Physical Systems and Internet-of-Things CPS& IoT’2021
CCTA 2021, 5th IEEE Conference on,Control Technology and Applications, aug. 2021, San Diego, CA (CCTA21)
CCTA 2022, 6th IEEE Conference on,Control Technology and Applications, aug. 2022, Trieste Italy (CCTA22)
PECS, the 1st Workshop on the Performance and Energy-efficiency of Concurrent Systems (PECS21), which will be co-located with the ACM/SPEC International Conference on Performance Engineering (ICPE) in April 2021 (ICPE21).
PECS, the 2nd Workshop on the Performance and Energy-efficiency of Concurrent Systems (PECS22), which will be co-located with the ACM/SPEC International Conference on Performance Engineering (ICPE) in April 2022 (ICPE22).
- 8th International Conference on Control, Decision and Information Technologies (CoDIT'22), May 17-20, 2022, Istanbul, Turkey.
- Wodes 2022 : Workshop on Discrete Event Systems WODES'22 will be held in Prague, Czech Republic, September 7-8, 2022. (WODES'22)
- other conferences :
- 13ème Colloque sur la Modélisation des Systèmes Réactifs (MSR'21) qui aura lieu au Cnam Paris du 8 au 10 novembre 2021 MSR21
Reviewer - reviewing activities
Eric Rutten is reviewer for :
- ACM Transactions on Autonomous and Adaptive Systems (TAAS)
- journal of Discrete Event Dynamic System (jDEDS)
11.1.4 Invited talks
Sophie Cerf and E. Rutten were invited to give a talk on work with R. Bleuse at the 3rd meeting of the "trustworthY and Optimal Dynamic Adaptation" (Yoda) working group of the GDR GPL, 29 November, 2021.
11.1.5 Leadership within the scientific community
Eric Rutten is co-chair of the Technical Committee on Discrete Event Systems (DESTC), a part of the IEEE Control Systems Society (CSS) Technical Activities Board (IEEE TC DES) ; and member of the IFAC Technical Committee 1.3 on Discrete Event and Hybrid Systems, for the 2017-2020 triennum (IFAC TC DES).
The (co-)chairs (Anne-Kathrin Schmuck, Eric Rutten, Xiang Yin, and Kai Cai) organize the IEEE CSS TC DES Lighening Tutorial Series 2021, a virtual lecture series throughout 2021 (LTS)
11.1.6 Scientific expertise
Eric Rutten was reviewer for the ANRT, evaluating a Cifre PhD proposal.
11.1.7 Research administration
Gwenaël Delaval is elected member at the Academic Council (Conseil Académique) of University Grenoble Alpes (UGA) for the Confédération Générale du Travail trade union.
Eric Rutten has a mission as Correspondent for Scientific Relations between Inria Grenoble and CEA.
11.2 Teaching - Supervision - Juries
- Licence: R. Bleuse, advanced algorithmics/C++ language; 16h practicals; L1–2; UGA
- Licence: R. Bleuse, basics of object-orientied programming; 34h lecture/tutorials/practicals; L1; UGA
- Licence: R. Bleuse, OOP/UI/UML project; 4h; L1; UGA
- Licence: R. Bleuse, installation d’un poste pour le développement; 3h practicals; L1; UGA
- Licence: R. Bleuse, C language; 8h lectures/12h practicals; L2; UGA
- Licence: R. Bleuse, methodology of software development; 30h; L2; UGA
- Licence : G. Delaval, Compétences numériques, 24h tutorials/lab, L2 (economics/management), Univ. Grenoble Alpes
- Licence : G. Delaval, Bases du développement logiciel, modularité et tests, 15h lecture/tutorials, 15h lab, L2, Univ. Grenoble Alpes
- Master : G. Delaval, Compilation project, 4 weeks software project tutoring, M1, Univ. Grenoble Alpes
- Master : G. Delaval, Programming languages and compiler design, 30h tutorials, M1, Univ. Grenoble Alpes
- Master : S. Mocanu, Computer Networks and Cybersecurity, 16h class, 34h lab, M1, Grenoble-INP/ENSE3
- Master : S. Mocanu, Industriel Computer Networks, 8h class, 8h lab, niveau (M1, M2), M2, Grenoble-INP/ENSE3
- Master : S. Mocanu, Reliability, 10h class, 8h lab, M2, Grenoble-INP/ENSE3
- Master : S. Mocanu, Intrusion Detection and Defense in Depth labs, niveau M2, Grenoble-ENSE3/ENSIMAG
- PhD in progress: Estelle Hotelier (CIFRE grant); Intrusion Detection in Complex Hybrid Industrial Systems, started April 2021; co-advised by Franck Sicard an Julien Francq (Naval Group).
- PhD in progress: Mike Da Silva (CEA grant); Automated Risk Analysis for Industrial Systems, started October 2021; co-advised by Maxime Puys and Pierre-Henri Thevenon (CEA-Leti).
- PhD in progress: Quentin Guilloteau ; Une approche autonomique de la gestion dynamique de ressources dans les clusters HPC ; oct. 20 ; co-advised by Eric Rutten with O. Richard, Datamove team Inria/LIG.
- Raphaël Bleuse and Quentin Guilloteau participate in a MathsC2 workshop in june 2021 ;
- Raphaël Bleuse participates in the group InfoSansOrdi ;
- Raphaël Bleuse elaborates a workshop on «Maths & Musique » for the fête de la Science 2021
12 Scientific production
12.1 Major publications
- 1 articleModel-based design of correct controllers for dynamically reconfigurable architectures.ACM Transactions on Embedded Computing Systems (TECS)153February 2016
- 2 articleDesigning Autonomic Management Systems by using Reactive Control Techniques.IEEE Transactions on Software Engineering427July 2016, 18
- 3 articleIntegrating Discrete Controller Synthesis in a Reactive Programming Language Compiler.journal of Discrete Event Dynamic System, jDEDS, special issue on Modeling of Reactive Systems2342013, 385-418URL: http://dx.doi.org/10.1007/s10626-013-0163-5
- 4 inproceedingsA Domain-specific Language for Autonomic Managers in FPGA Reconfigurable Architectures.ICAC 2018 - 15th IEEE International Conference on Autonomic ComputingTrento, ItalyIEEESeptember 2018, 1-10
- 5 incollection What Can Control Theory Teach Us About Assurances in Self-Adaptive Software Systems? Software Engineering for Self-Adaptive Systems 3: Assurances 9640 LNCS Springer May 2017
- 6 inproceedingsDevelopment Tools for Rule-Based Coordination Programming in LINC.19th International Conference on Coordination Languages and Models (COORDINATION)LNCS-10319Coordination Models and LanguagesPart 2: Languages and ToolsNeuchâtel, SwitzerlandSpringer International PublishingJune 2017, 78-96
- 7 inproceedingsIAS: an IoT Architectural Self-adaptation Framework.ECSA 2020 - 14th European Conference on Software ArchitectureL’Aquila, ItalySeptember 2020, 1-16
- 8 incollectionFeedback Control as MAPE-K loop in Autonomic Computing.Software Engineering for Self-Adaptive Systems III. Assurances.9640Lecture Notes in Computer ScienceSpringerJanuary 2018, 349-373
- 9 articleAn Autonomic-Computing Approach on Mapping Threads to Multi-cores for Software Transactional Memory.Concurrency and Computation: Practice and Experience3018September 2018, e4506
12.2 Publications of the year
International peer-reviewed conferences
Conferences without proceedings
Other scientific publications
12.3 Cited publications
- 18 inproceedingsDiscrete Control of Response for Cybersecurity in Industrial Control.IFAC 2020 - IFAC World Congress 2020Proc. of the 21st IFAC World CongressBerlin, GermanyJuly 2020, 1-8
- 19 bookFeedback Control of Computing Systems.Wiley-IEEE2004
mastersthesisLinking Agent-Based Simulation With Sensor Networks For Architectural Design Decisions.MA ThesisMasters Thesis, M2R MOSIG, Universit
Besançon Franch ComtéFrance2021
- 21 articleThe Vision of Autonomic Computing.IEEE Computer361January 2003, 41--50
- 22 unpublishedProtocol for a Systematic Literature Review on Adaptative Middleware Support for IoT and CPS.September 2020, working paper or preprint
- 23 articleOn the Supervisory Control of Discrete Event Systems.Proceedings of the IEEE771January 1989
- 24 miscTOP500 list.URL: https://www.top500.org/lists/
- 25 inproceedingsDesign Framework for Reliable Multiple Autonomic Loops in Smart Environments.2017 IEEE International Conference on Cloud and Autonomic Computing (ICCAC) Tucson, AZ, United StatesSeptember 2017
- 26 mastersthesisVérification et contrôle de programmes SFC vis-à-vis de propriétés de sécurité.MA ThesisM2Projet de Fin d’Etudes, Grenoble INP, ENSE3France2021