Service-oriented architectures (SOAs) are already commonplace in many areas (such as web services). The conditions needed for use in safety-critical cognitive systems, however, are very different. Take service orchestration in the cloud as an example: Service orchestration, the process of combining individual software functions from the cloud into a single application, can only be implemented flexibly on the basis of currently available resources. There may sometimes be too few resources or there may be delays in making them available. While this is acceptable for non-safety-critical applications, safety-critical systems need to have guarantees that the availability of services will be reliable and that critical requirements will be met at all times.
This naturally affects the development of those systems. For software functions to be used flexibly in the form of services, new architectural concepts need to be investigated. Above all, this affects the development and safety of these flexible services, because the complexity of the systems that are based on them is increasing: Where conventional embedded systems only required one fixed configuration to be designed and validated, service-oriented systems have a large number of possible configurations, which can change dynamically during the system’s service life and/or runtime. It is not easy to validate such a large number of possible configurations in advance.
Resilient service-oriented architectures
To ensure that autonomous and cognitive systems are both flexible and resilient in the future, Fraunhofer IKS is researching new architectural concepts. Vehicles and machines can thus consist of service-oriented architectures instead of many distributed control units. This enables, for example, add-on functions and new business models. Learn more about our research in the area of Resilient SOA:
New architectural concepts are needed
Handling this large number of configurations and making them safe therefore requires new solutions. As part of the project to develop Fraunhofer IKS, funded by the Bavarian Ministry of Economic Affairs, development methods for embedded systems are being expanded or researched from scratch. The aim is to consider flexible architectures of cognitive systems that work with artificial intelligence (AI). The main priority is the operational safety of the systems as well as ensuring that they behave reliably. Ultimately, software architectures need to be able to supply adaptive, service-oriented functions themselves while they are running.
resilientsoa: The framework
The answer provided by the Fraunhofer Institute for Cognitive Systems IKS is called resilientsoa. This is the name of a framework, developed within the institute, that is being used to research and demonstrate service-oriented orchestration in safety-critical adaptive real-time systems. The purpose of the software toolkit is to make sure service orchestration is as safe as necessary while performing as well as possible.
For example, there may be situations during operation in which individual functions of the system cannot be carried out safely, for example due to ongoing environmental factors, weather conditions etc. The framework developed by Fraunhofer IKS can be used to establish additional safety through resilience by allowing affected functions to continue to be used with restrictions. This allows currently applicable safety objectives to be met while the system’s performance increases.
The main component of the framework is the service manager, which manages current service instances, i.e., the software services that are currently active. The current version contains a catalog of all possible service instances that could potentially be running. It can select any instances from this catalog to guarantee the highest-performing safe system state possible.
Each service belongs to a particular category or type. This service type describes the interface that can be used to access instances of that type. A service instance implements the interface for its type and can define dependences on any other service types, e.g., the dependence of a lane departure warning system on object recognition. The service manager manages, monitors and optimizes these dependences during runtime. This ensures that the dependences meet the minimum requirements set out in the safety agreements for the services at all times.
Recognizing obstacles safely — an example scenario
The first use case is the scenario of a simple autonomous vehicle with two types of obstacle recognition: camera-based recognition using an artificial convolutional neural network (CNN) and LIDAR-based detection that uses lasers to take measurements. In the example scenario, the vehicle moves along a road and brakes as soon as it detects an obstacle in its way.
This assumes that the range of the optical obstacle detection is greater than that of the built-in LIDAR as long as certain conditions (particularly confidence criteria) are met. Depending on the current conditions for the CNN, the vehicle uses data from the CNN or the LIDAR. This use case is intended as a basis for investigating and optimizing safe switching between different configurations (CNN/LIDAR) to ensure that the system as a whole is safe at all times while performing as well as possible.
The implementation of the use case makes use of the resilientsoa framework that has been developed to orchestrate the services. It registers the specific service types and services for the use case. In addition, safety and performance targets are being configured, both for the system as a whole and for individual services. The framework deals with the safe orchestration of the services.
Next stop: Industry scenario
After using this very simple first use case as a proof of concept, the team of researchers set itself the goal of testing the framework in another scenario with more complex surroundings. The selected use case was taken from the field of industry with automated guided vehicles (AGVs), using ROS2 as a platform and Webots as a simulator. This larger-scale scenario uses mobile robots that support the production process across multiple industrial areas.
In the future, we intend to work with industrial partners to test and expand resilientsoa further, both in simulations and in practice. Among other things, we aim to address the flexibility of our approach in different use cases.
Do you have an exciting use case in which you are investigating the use of more flexible, safer service-oriented architectures? Feel free to contact me to find solutions to your challenges using our resilientsoa approach.
This project was funded by the Bavarian State Ministry of Economic Affairs, Regional Development and Energy as part of the project thematic support for the Development of the Institute for Cognitive Systems.