IRF: Institutional Repository FHNW
Welcome to the publication and research database of the FHNW University of Applied Sciences and Arts Northwestern Switzerland.
The institutional repository contains publications, projects and student theses.
Further information can be found in the IRF manual (available in German).
Communities in IRF
Select a community to browse its collections.
- APS FHNW
- HABG FHNW
- HGK Basel FHNW
- HSI FHNW
- HLS FHNW
- HSM Basel FHNW
- HSA FHNW
- HTU FHNW
- HSW FHNW
- PH FHNW
Recently added
Symbolic verification for the identification of critical failure-chain scenarios in flight control systems
(Deutsche Gesellschaft für Luft-und Raumfahrt, 2025) Scherb, Christopher; Trapp, Alexander; Hutter, Ruben; Bachmann, Nico; Heitz, Luc
Flight control systems now integrate more digital electronics and networked subsystems than ever before, creating unprecedented opportunities for cascading failures triggered by cyber attacks. Traditional safety analysis methods fail to capture the complex interdependencies that enable attackers to orchestrate multi-component failures, particularly in safety-critical domains such as aviation. This paper presents two complementary tools for analyzing security vulnerabilities in flight control systems and other cyber-physical systems: TraceGuard, which performs taint-guided symbolic execution for efficient vulnerability discovery in individual components, and MCS Analyser, which models inter-component communication to identify system-level failure chains. TraceGuard extends the angr symbolic execution framework with intelligent path prioritization based on taint tracking, focusing computational resources on security-relevant execution paths. MCS Analyser employs a three-phase approach to discover communication patterns, analyze message flows, and construct comprehensive system models. Our evaluation demonstrates significant improvements over existing approaches. TraceGuard achieved up to 5× improvement in vulnerability discovery (finding 5 vulnerabilities versus 1 in complex test cases) while exploring only 36.8% to 75% of basic blocks. The taint-guided prioritization successfully maintains 100% vulnerability detection while dramatically reducing computational overhead. MCS Analyser analyzed a 12-component UAV simulation, discovering 42 unique message flows and identifying 15 tainted propagation paths that could enable cascading failures. The integration of these tools enables identification of edge-case attack scenarios requiring precise coordination of multiple component states—situations with negligible natural probability but achievable through deliberate attacks. Expert validation from aerospace industry confirms the practical value of automated communication path discovery and edge-case identification. The framework provides engineers with concrete evidence for security design decisions, supporting rigorous security-by-design practices in cyber-physical systems development.
04B - Conference paper
EoD designer. A computation tool for energy optimization of data centers
(IEEE, 25.06.2012) Grüter, Cyrill; Gysel, Peter; Krebs, Matthias Christian; Meier, Christoph
Total energy consumption in a data center is the sum of various components. We consider six main subsystems: Voltage transformer, uninterruptable power supply, IT equipment, computer room air handler, chiller and cooling tower. In this project a mathematical model for all six components was derived. Based on this model, a software tool was developed. It allows to simulate different variants of a data center and to minimize the total energy consumption by optimizing equipment and operating parameters. Thus potential energy savings can be evaluated. Finally the resulting reduction of operation expenses can directly be derived from the energy savings.
04B - Conference paper
Interactive application deployment planning for heterogeneous computing continuums
(Springer, 2021) Hass, Daniel; Spillner, Josef; Barolli, Leonard; Woungang, Isaac; Enokido, Tomoya
Distributed applications in industry are modular compositions involving containers, functions and other executable units. To make them deployable and executable in production, they need to be assigned to heterogeneous resources in computing continuum’s, consisting of multiple clouds, devices and other runtime platforms. Existing assignment processes are neither transparent nor interactive. To overcome this limitation, we introduce the Continuum Deployer, a tool capable of reading application descriptions (e.g. Helm charts for Kubernetes), interactively performing and comparing assignment algorithms (e.g. to multiple K8s and K3s cloud/edge/fog/device resources), and exporting deployment files (e.g. Kubernetes manifests). We evaluate the tool with empirical package analysis, exemplary deployments and a synthetic experiment to appropriately address scalability concerns.
04B - Conference paper
Workload deployment and configuration reconciliation at scale in kubernetes-based edge-cloud continuums
(IEEE, 07.2022) Hass, Daniel; Spillner, Josef
Continuum computing promises the abstraction of physical node location and node platform stack in order to create a seamless application deployment and execution across edges and cloud data centres. For industrial IoT applications, the demand to generate data insights in conjunction with an installed base of increasingly capable edge devices is calling for appropriate continuum computing interfaces. Derived from a case study in industrial water flow monitoring and based on the industry’s de-facto standard Kubernetes to deploy complex containerised workloads, we present an appropriate continuum deployment mechanism based on custom Kubernetes controllers and CI/CD, called Kontinuum Controller. Through synthetic experiments and a holistic cross-provider deployment, we investigate its scalability with emphasis on reconciling adjusted configuration per application and per node, a critical requirement by industrial customers. Our findings convey that Kubernetes by default would enter undesirable oscillation already for modestly sized deployments. Thus, we also discuss possible solutions.
04B - Conference paper
Smart execution strategy selection for multi tier execution in Named Function Networking
(IEEE, 2018) Scherb, Christopher; Tschudin, Christian
Named Function Networking was designed to perform computations inside Information Centric Networks, whereas the network decides where to execute a computation depending on the input data. However, this decision is based on fixed forwarding strategies. Initially, the forwarding strategies aimed to execute computations deep inside the network satisfying the requirements of data centers and cloud computing facing large input data and computational intensive operations. Data are produced by content providers, later processed and delivered from the cloud towards the clients. Recently, this characteristic changed as Internet of Things (IoT) devices entered the game. Sensors for home automation, autonomous cars, etc generate new data, at the edge of the network. To respond to those developments, forwarding strategy can be modified to perform computations at the edge of the network to provide low latency and to reduce the traffic to the core of the network. However, this reduces the capabilities of the network to choose the execution location and a computation may require input data from the edge as well as from data centers. For those cases, neither computing at the edge nor in the cloud is sufficient. By enabling NFN nodes to decompose computations and to choose a forwarding strategy per subcomputation, edge computing nodes can offload parts of the computation into the network for execution inside data centers.
04B - Conference paper