Mixed-Criticality Systems

Project overview

An increasingly important trend in the design of real-time and embedded systems is the integration of applications with different levels of criticality onto a common platform. At the same time, these platforms are migrating from single processors to multi/manycores as well as wirelessly-distributed systems. Criticality is a designation of the level of assurance against failure needed for a system component. A mixed criticality system (MCS) is one that has two or more distinct levels. A number of application domains, such as automotive and avionics, and EU initiatives (for example Horizon2020) have identified Mixed Criticality as a key issue in future systems.

The fundamental research question underlying these initiatives is: how, in a disciplined way, to reconcile the conflicting requirements of 'partitioning' for (safety) assurance and 'sharing' for efficient resource usage. This question gives rise to theoretical problems in modelling and verification, and systems problems relating to the design and implementation of the necessary hardware and software run-time controls. This project addresses both the theoretical and related systems questions.

Read more

MCC - Mixed Criticality Embedded Systems on Many-Core Platforms

A many-core platform with a scheduled communications medium is the designated platform on which multiple applications (perhaps composed of what are often called 'system of systems') are to be hosted. The isolation of components with different criticality levels is crucial, but the processor interconnects must be shared and be able to transmit messages with different criticality levels. Moreover, applications with different criticality levels must be able to exchange data in a demonstrably safe way.

A defining property of MCS is that the different means of assurance (for each criticality level) give rise to different values for the component's key parameters such as worst-case execution times and worst-case transmission times. In general, the higher the criticality level, the more conservative are the assumptions made about these values. Hence the context (system criticality level) will determine the parameters that must be used to verify (via scheduling analysis) that each core and each inter-connect will perform as required by the temporal constraints of each application. The development of criticality-aware analysis is needed for these systems.

Although total isolation with rigid time-triggered global scheduling is a possible architectural structure, significantly greater resource utilisation and hence reduced power consumption is possible if trade-offs are made between the overall system criticality level and assumptions about each component's run-time behaviour. For example, we require that: in a dual-criticality systems all applications will meet their timing constraints if all components are constrained by (rely on) their low criticality assumptions, but all high-criticality applications must also meet their deadlines if any component exhibits high-criticality behaviour (i.e. the low criticality assumptions can no longer be relied upon).


MCCps - Mixed Criticality Cyber Physical Systems

The concept of Cyber-Physical Systems, CPS, arose just over ten years ago and is a generalisation of the issues found in building embedded control systems. A CPS consists of a collection of computing devices communicating with one another (perhaps using wireless media) and interacting with the physical world via sensors and actuators. Such systems are everywhere, from smart buildings to medical devices to aerospace and to all kinds of automobiles. They increasing control crucial aspects of our lives. Research in CPS, and the related topics of System-of-Systems (SoS) and the Internet of Things (IoT), involves an understanding of system complexity, communication, environmental uncertainty, and the requirements of the associated software to behave in a timely fashion and to cater for faults and failures within the distributed hardware platform.

Many, indeed most, CPS can also be characterised as being Mixed-Criticalty Systems (MCS). Criticality is a designation of the level of assurance against failure needed for a system component. A MCS is one that integrates applications and/or components/systems with different levels of criticality onto the same hardware platform. This platform will, in the future, include many-core processing units, and communication media of various kinds, including wireless. It will also include smart sensors and actuators.

The Mixed Criticality Cyber Physical Systems (MCCps) project will consider how resource efficient, and hence potentially commercially successful, CPS can be specified, designed and analysed. Issues to be considered include, assumptions about the environment that cannot be held with complete certainty, failures that require reconfiguration (in a criticality-aware way), security protocols that require over-specified resource usage (to hide actual behaviour), and the allocation of software to the processing platform that balances the need for separation for safety/security and integration for efficiency. Such efficiency will lead to reduced size, weight and power consumption.

Previous work at York, including that supported by EPSRC, has explored the trade-off between separation and integration for single processor and many-core systems. In this project we expand this focus to include complete CPS platforms where resilience (e.g. fault tolerance and adaptive control), time-critical communications (including wireless), certification, tolerance of specification error (i.e. false assumptions about how the environment will behave and human users interact) and power consumption are all crucially important. The research will deliver models, forms of analysis, protocols, verification techniques including model-checking and cycle-accurate, protocol-accurate and scenario-based simulators, and industrial case-studies.

People involved

Industrial advisors


MCC - Mixed Criticality Embedded Systems on Many-Core Platforms
Funded by EPSRC (ref: EP/K011626/1), 01.04.2013-30.09.2016 

MCCps - Mixed Criticality Cyber Physical Systems
Funded by EPSRC (ref: EP/P003664/1), 01.10.2016-30.09.2019

More information



This research has been supported by the EPSRC through two funded projects: MCC (ref:EP/K011626/1) and MCCps (ref:EP/P003664/1).

Website: MCS@York  

Principal Investigator:
Professor Alan Burns