Skip to main content

Yasser Shoukry

University of California, Los Angeles, Electrical Engineering, Graduate Student

Followers

118

Following

108

Co-author

1

Public Views

University of Tunis El Manar

Kansas State University

Armando Marques-Guedes

UNL - New University of Lisbon

Oxford Brookes University

Visvesvaraya Technological University

Fusun Balik Sanli

Yildiz Technical University

Sajadin Sembiring

Universitas Sumatera Utara

Lebanese University

Tribeni Prasad Banerjee

West Bengal University Of Technology

Rajendra Guguloth

Kakatiya University

InterestsView All (6)

Uploads

Papers by Yasser Shoukry

Secure State Estimation against Sensor Attacks in the Presence of Noise

IEEE Transactions on Control of Network Systems, 2016

SMT-Based Observer Design for Cyber-Physical Systems under Sensor Attacks

2016 ACM/IEEE 7th International Conference on Cyber-Physical Systems (ICCPS), 2016

Secure state reconstruction in differentially flat systems under sensor attacks using satisfiability modulo theory solving

2015 54th IEEE Conference on Decision and Control (CDC), 2015

Proceedings of the 22nd ACM SIGSAC Conference on Computer and Communications Security - CCS '15, 2015

Secure state estimation: Optimal guarantees against sensor attacks in the presence of noise

2015 IEEE International Symposium on Information Theory (ISIT), 2015

Motivated by the need to secure cyber-physical systems against attacks, we consider the problem o... more Motivated by the need to secure cyber-physical systems against attacks, we consider the problem of estimating the state of a noisy linear dynamical system when a subset of sensors is arbitrarily corrupted by an adversary. We propose a secure state estimation algorithm and derive (optimal) bounds on the achievable state estimation error. In addition, as a result of independent interest, we give a coding theoretic interpretation for prior work on secure state estimation against sensor attacks in a noiseless dynamical system. arXiv:1504.05566v2 [math.OC]

Bio-inspired underwater electrolocation through adaptive system identification

2015 American Control Conference (ACC), 2015

Sound and complete state estimation for linear dynamical systems under sensor attacks using Satisfiability Modulo Theory solving

by Alberto Puggelli and Yasser Shoukry

2015 American Control Conference (ACC), 2015

Proceedings of the 1st ACM Conference on Embedded Systems for Energy-Efficient Buildings - BuildSys '14, 2014

An embedded hardware architecture for GPC-on-Chip applied to automotive active suspension systems

2011 Saudi International Electronics, Communications and Photonics Conference (SIECPC), 2011

This paper presents a hardware architecture for an embedded real-time generalized predictive cont... more This paper presents a hardware architecture for an embedded real-time generalized predictive control (GPC) algorithm based on the state-of-the-art Customizable Advanced Processor (CAP9) technology from Atmel; targeting automotive active suspension systems. The GPC algorithm relies on the solution of an optimization problem at every sampling period. Profiling shows that matrix operations consume the largest portion of the computation requirements of the algorithm. The proposed embedded system utilizes a systolic-array based matrix co-processor in order to accelerate matrix operations. The proposed embedded system is designed to fit within the proposed platform while meeting tight real-time constraints imposed by the automotive active suspension systems.

Secure State Estimation For Cyber Physical Systems Under Sensor Attacks: A Satisfiability Modulo Theory Approach

Secure state estimation is the problem of estimating the state of a dynamical system from a set o... more Secure state estimation is the problem of estimating the state of a dynamical system from a set of noisy and adversarially
corrupted measurements. The secure state estimation is a combinatorial problem, which has been addressed either by brute force
search, suffering from scalability issues, or via convex relaxations using algorithms that can terminate in polynomial time but are
not necessarily sound. In this paper, we present a novel algorithm that uses a Satisfiability-Modulo-Theory approach to lessen
the intrinsic combinatorial complexity of the problem. By leveraging results from formal methods over real numbers, we provide
guarantees on the soundness and completeness of our algorithm. Moreover, we provide upper bounds on the runtime performance
of the proposed algorithm in order to proclaim the scalability of the proposed algorithm. The scalability argument is then supported
by numerical simulations showing an order of magnitude decrease in the runtime performance with alternative techniques. Finally,
we demonstrate its application to the problem of controlling an unmanned ground vehicle.

Social Spring: Encounter-based Path Refinement for Indoor Tracking Systems

The 1st ACM International Conference on Embedded Systems for Energy-Efficient Buildings (BuildSys 2014), Nov 2014

Indoor localization is poised to catalyze the development of smarter buildings and the creation o... more Indoor localization is poised to catalyze the development of smarter buildings and the creation of reactive indoor spaces, allowing for user-optimized energy expenditure and a more intimate user ex- perience. This paper presents Social Spring, an architecture and corresponding software suite for refining indoor path estimation algorithms. Given an underlying indoor localization scheme, So- cial Spring attempts to reduce path estimation errors by leverag- ing encounters between users in real time. The driving concept behind Social Spring is that paths are treated as strings of nodes connected edgewise in a graph, while encounters are treated as ad- ditional edges in that graph. Each node attempts to minimize a local potential function dictated by a network of springs, the minimum of which is designed such that nodes converge to a lower energy (equivalently lower error) state. We further provide simulations and preliminary tests on real indoor localization datasets in order to lend credence to Social Spring’s effectiveness over a range of environmental factors, demonstrating between 10% and 30% error reduction.

Event-Triggered Projected Luenberger Observer for Linear Systems Under Sensor Attacks

The 53rd IEEE Conference on Decision and Control (CDC) 2014, Dec 2014

We consider the problem of designing a Luenberger-like observer for linear systems whose sensor m... more We consider the problem of designing a Luenberger-like observer for linear systems whose sensor mea- surements are corrupted by a malicious attacker. The attacker capabilities are limited in the sense that only a subset of all the sensors can be attacked although this subset is unknown. This leads to the problem of reconstructing the system state when the measurements are corrupted by sparse noise and we propose an observer that recursively updates the state estimate as new measurements become available. We show that by utilizing event-triggered techniques, we can enhance the computational performance compared to other methods which performs estimation of sparse signals.

ipShield: A Framework For Enforcing Context-Aware Privacy

11th USENIX Symposium on Networked Systems Design and Implementation (NSDI ’14)

Smart phones are used to collect and share personal data with untrustworthy third-party apps, of... more Smart phones are used to collect and share personal
data with untrustworthy third-party apps, often leading
to data misuse and privacy violations. Unfortunately,
state-of-the-art privacy mechanisms on Android provide
inadequate access control and do not address the vulnerabilities
that arise due to unmediated access to so-called
innocuous sensors on these phones. We present ipShield,
a framework that provides users with greater control over
their resources at runtime. ipShield performs monitoring
of every sensor accessed by an app and uses this information
to perform privacy risk assessment. The risks are
conveyed to the user as a list of possible inferences that
can be drawn using the shared sensor data. Based on
user-configured lists of allowed and private inferences, a
recommendation consisting of binary privacy actions on
individual sensors is generated. Finally, users are provided
with options to override the recommended actions
and manually configure context-aware fine-grained privacy
rules. We implemented ipShield by modifying the
AOSP on a Nexus 4 phone. Our evaluation indicates
that running ipShield incurs negligible CPU and memory
overhead and only a small reduction in battery life.

Event-Triggered State Observers for Sparse Sensor Noise/Attacks

This paper describes two algorithms for state reconstruction from sensor measurements that are co... more This paper describes two algorithms for state reconstruction from sensor measurements that are corrupted with sparse, but otherwise arbitrary, "noise". These results are motivated by the need to secure cyber-physical systems against a malicious adversary that can arbitrarily corrupt sensor measurements. The first algorithm reconstructs the state from a batch of sensor measurements while the second algorithm is able to incorporate new measurements as they become available, in the spirit of a Luenberger observer. A distinguishing point of these algorithms is the use of event-triggered techniques to circumvent some limitations that arise when performing state reconstruction with sparse signals.

Non-invasive Spoofing Attacks for Anti-lock Braking Systems

Cryptographic Hardware and Embedded Systems - CHES 2013 Lecture Notes in Computer Science Volume 8086, 2013, pp 55-72, Aug 2013

This work exposes a largely unexplored vector of physical-layer attacks with demonstrated consequ... more This work exposes a largely unexplored vector of physical-layer attacks with demonstrated consequences in automobiles. By modifying the physical environment around analog sensors such as Antilock Braking Systems (ABS), we exploit weaknesses in wheel speed sensors so that a malicious attacker can inject arbitrary measurements to the ABS computer which in turn can cause life-threatening situations. In this paper, we describe the development of a prototype ABS spoofer to enable such attacks and the potential consequences of remaining vulnerable to these attacks. The class of sensors sensitive to these attacks depends on the physics of the sensors themselves. ABS relies on magnetic–based wheel speed sensors which are exposed to an external attacker from underneath the body of a vehicle. By placing a thin electromagnetic actuator near the ABS wheel speed sensors, we demonstrate one way in which an attacker can inject magnetic fields to both cancel the true measured signal and inject a malicious signal, thus spoofing the measured wheel speeds. The mounted attack is of a non-invasive nature, requiring no tampering with ABS hardware and making it harder for failure and/or intrusion detection mechanisms to detect the existence of such an attack. This development explores two types of attacks: a disruptive, naive attack aimed to corrupt the measured wheel speed by overwhelming the original signal and a more advanced spoofing attack, designed to inject a counter-signal such that the braking system mistakenly reports a specific velocity. We evaluate the proposed ABS spoofer module using industrial ABS sensors and wheel speed decoders, concluding by outlining the implementation and lifetime considerations of an ABS spoofer with real hardware.

Minimax Control For Cyber-Physical Systems under Network Packet Scheduling Attacks

Proceedings of the 2nd ACM international conference on High confidence networked systems, Apr 2013

The control of physical systems is increasingly being done by resorting to networks to transmit i... more The control of physical systems is increasingly being done by resorting to networks to transmit information from sensors to controllers and from controllers to actuators. Unfortunately, this reliance on networks also brings new security vulnerabilities for control systems. We study the extent to which an adversary can attack a physical system by tampering with the temporal characteristics of the network, leading to time-varying delays and more importantly by changing the order in which packets are delivered. We show that such attack can destabilize a system if the controller was not designed to be robust with respect to an adversarial scheduling of messages. Although one can always store delayed messages in a buffer so as to present them to the control algorithm in the order they were sent and with a constant delay, such design is overly conservative. Instead, we design a controller that makes the best possible use of the received packets in a minimax sense. The proposed design has the same worst case performance as a controller based on a buffer but has better performance whenever there is no attack or the attacker does not play the optimal attack strategy.

Input-output robustness for discrete systems

Graph-based Approach for Software Allocation in Automotive Networked Embedded Systems: A Partition-and-Map Algorithm

Forum on specification & Design Languages, Sep 2013

Complex automotive networked embedded systems require novel algorithms for exploring different d... more Complex automotive networked embedded systems
require novel algorithms for exploring different design decisions
at early stages of the design flow. The problem of allocating the
software components on electronic control units lies at the core
of these design decisions. This paper formalizes this allocation
problem using graph theory. The proposed formalism allows the
designer to use a wide variety of graph-theoretic optimization
algorithms, which are capable of minimizing more than one
criterion simultaneously. The proposed algorithm is then shown,
by means of numerical examples, to give the same answer as
mathematical optimization but is 15 times faster in computation
time.

MPC-on-Chip in Application of Automotive Active Suspension System

Book, LAP LAMBERT Academic Publishing , Jul 2011

Applying a computationally intensive control algorithm inside an embedded time-safety-critical ap... more Applying a computationally intensive control algorithm inside an embedded time-safety-critical application represents a Cyber-Physical challenge. This book applies Generalized Predictive Control on automotive active suspension system. The main objective of any automotive active suspension system is to achieve an acceptable behavior, i.e., ride comfort, over a range of working frequencies while minimizing the exerted energy. Book's objective is to proof the ability of using time-consuming advanced control algorithms on time-safety-critical embedded applications while satisfying tight real-time constraints.Matrix operations consume a large portion of the overall execution time of the online computation of the controller. A hardware co-processor based on a set of systolic arrays is proposed to meet real-time constraints. The proposed computing system is then integrated inside an ARM-based embedded platform using the state-of-the-art CAP9 technology. The proposed computation system is verified to meet real-time constraints over wide range of tuning parameters.

Distributed Dynamic Scheduling of Controller Area Network Messages for Networked Embedded Control Systems

International Federation of Automatic Control (IFAC) World Congress, Jul 2011

This paper presents an online, dynamic, and distributed message scheduling of communication pack... more This paper presents an online, dynamic, and distributed message scheduling of
communication packets over the controller area network (CAN) bus. Using online, dynamic, and
distributed scheduling of messages, one can obtain better temporal characteristics for networked
embedded control systems. The scheduling algorithm is implemented as a hardware unit which
is augmented to the communication controller on all of the communicating nodes in the system.
This insures minimum change in the current platforms used in CAN-based control applications
like those found heavily in automotive and aerospace applications. We provide a number of
experiments held over a physical CAN bus for controlling an automotive active suspension
system and showing the effect of the proposed scheduling implementation on the quality of the
control loop.

Secure State Estimation against Sensor Attacks in the Presence of Noise

IEEE Transactions on Control of Network Systems, 2016

SMT-Based Observer Design for Cyber-Physical Systems under Sensor Attacks

2016 ACM/IEEE 7th International Conference on Cyber-Physical Systems (ICCPS), 2016

Secure state reconstruction in differentially flat systems under sensor attacks using satisfiability modulo theory solving

2015 54th IEEE Conference on Decision and Control (CDC), 2015

Proceedings of the 22nd ACM SIGSAC Conference on Computer and Communications Security - CCS '15, 2015

Secure state estimation: Optimal guarantees against sensor attacks in the presence of noise

2015 IEEE International Symposium on Information Theory (ISIT), 2015

Motivated by the need to secure cyber-physical systems against attacks, we consider the problem o... more Motivated by the need to secure cyber-physical systems against attacks, we consider the problem of estimating the state of a noisy linear dynamical system when a subset of sensors is arbitrarily corrupted by an adversary. We propose a secure state estimation algorithm and derive (optimal) bounds on the achievable state estimation error. In addition, as a result of independent interest, we give a coding theoretic interpretation for prior work on secure state estimation against sensor attacks in a noiseless dynamical system. arXiv:1504.05566v2 [math.OC]

Bio-inspired underwater electrolocation through adaptive system identification

2015 American Control Conference (ACC), 2015

Sound and complete state estimation for linear dynamical systems under sensor attacks using Satisfiability Modulo Theory solving

by Alberto Puggelli and Yasser Shoukry

2015 American Control Conference (ACC), 2015

Proceedings of the 1st ACM Conference on Embedded Systems for Energy-Efficient Buildings - BuildSys '14, 2014

An embedded hardware architecture for GPC-on-Chip applied to automotive active suspension systems

2011 Saudi International Electronics, Communications and Photonics Conference (SIECPC), 2011

This paper presents a hardware architecture for an embedded real-time generalized predictive cont... more This paper presents a hardware architecture for an embedded real-time generalized predictive control (GPC) algorithm based on the state-of-the-art Customizable Advanced Processor (CAP9) technology from Atmel; targeting automotive active suspension systems. The GPC algorithm relies on the solution of an optimization problem at every sampling period. Profiling shows that matrix operations consume the largest portion of the computation requirements of the algorithm. The proposed embedded system utilizes a systolic-array based matrix co-processor in order to accelerate matrix operations. The proposed embedded system is designed to fit within the proposed platform while meeting tight real-time constraints imposed by the automotive active suspension systems.

Secure State Estimation For Cyber Physical Systems Under Sensor Attacks: A Satisfiability Modulo Theory Approach

Secure state estimation is the problem of estimating the state of a dynamical system from a set o... more Secure state estimation is the problem of estimating the state of a dynamical system from a set of noisy and adversarially
corrupted measurements. The secure state estimation is a combinatorial problem, which has been addressed either by brute force
search, suffering from scalability issues, or via convex relaxations using algorithms that can terminate in polynomial time but are
not necessarily sound. In this paper, we present a novel algorithm that uses a Satisfiability-Modulo-Theory approach to lessen
the intrinsic combinatorial complexity of the problem. By leveraging results from formal methods over real numbers, we provide
guarantees on the soundness and completeness of our algorithm. Moreover, we provide upper bounds on the runtime performance
of the proposed algorithm in order to proclaim the scalability of the proposed algorithm. The scalability argument is then supported
by numerical simulations showing an order of magnitude decrease in the runtime performance with alternative techniques. Finally,
we demonstrate its application to the problem of controlling an unmanned ground vehicle.

Social Spring: Encounter-based Path Refinement for Indoor Tracking Systems

The 1st ACM International Conference on Embedded Systems for Energy-Efficient Buildings (BuildSys 2014), Nov 2014

Indoor localization is poised to catalyze the development of smarter buildings and the creation o... more Indoor localization is poised to catalyze the development of smarter buildings and the creation of reactive indoor spaces, allowing for user-optimized energy expenditure and a more intimate user ex- perience. This paper presents Social Spring, an architecture and corresponding software suite for refining indoor path estimation algorithms. Given an underlying indoor localization scheme, So- cial Spring attempts to reduce path estimation errors by leverag- ing encounters between users in real time. The driving concept behind Social Spring is that paths are treated as strings of nodes connected edgewise in a graph, while encounters are treated as ad- ditional edges in that graph. Each node attempts to minimize a local potential function dictated by a network of springs, the minimum of which is designed such that nodes converge to a lower energy (equivalently lower error) state. We further provide simulations and preliminary tests on real indoor localization datasets in order to lend credence to Social Spring’s effectiveness over a range of environmental factors, demonstrating between 10% and 30% error reduction.

Event-Triggered Projected Luenberger Observer for Linear Systems Under Sensor Attacks

The 53rd IEEE Conference on Decision and Control (CDC) 2014, Dec 2014

We consider the problem of designing a Luenberger-like observer for linear systems whose sensor m... more We consider the problem of designing a Luenberger-like observer for linear systems whose sensor mea- surements are corrupted by a malicious attacker. The attacker capabilities are limited in the sense that only a subset of all the sensors can be attacked although this subset is unknown. This leads to the problem of reconstructing the system state when the measurements are corrupted by sparse noise and we propose an observer that recursively updates the state estimate as new measurements become available. We show that by utilizing event-triggered techniques, we can enhance the computational performance compared to other methods which performs estimation of sparse signals.

ipShield: A Framework For Enforcing Context-Aware Privacy

11th USENIX Symposium on Networked Systems Design and Implementation (NSDI ’14)

Smart phones are used to collect and share personal data with untrustworthy third-party apps, of... more Smart phones are used to collect and share personal
data with untrustworthy third-party apps, often leading
to data misuse and privacy violations. Unfortunately,
state-of-the-art privacy mechanisms on Android provide
inadequate access control and do not address the vulnerabilities
that arise due to unmediated access to so-called
innocuous sensors on these phones. We present ipShield,
a framework that provides users with greater control over
their resources at runtime. ipShield performs monitoring
of every sensor accessed by an app and uses this information
to perform privacy risk assessment. The risks are
conveyed to the user as a list of possible inferences that
can be drawn using the shared sensor data. Based on
user-configured lists of allowed and private inferences, a
recommendation consisting of binary privacy actions on
individual sensors is generated. Finally, users are provided
with options to override the recommended actions
and manually configure context-aware fine-grained privacy
rules. We implemented ipShield by modifying the
AOSP on a Nexus 4 phone. Our evaluation indicates
that running ipShield incurs negligible CPU and memory
overhead and only a small reduction in battery life.

Event-Triggered State Observers for Sparse Sensor Noise/Attacks

This paper describes two algorithms for state reconstruction from sensor measurements that are co... more This paper describes two algorithms for state reconstruction from sensor measurements that are corrupted with sparse, but otherwise arbitrary, "noise". These results are motivated by the need to secure cyber-physical systems against a malicious adversary that can arbitrarily corrupt sensor measurements. The first algorithm reconstructs the state from a batch of sensor measurements while the second algorithm is able to incorporate new measurements as they become available, in the spirit of a Luenberger observer. A distinguishing point of these algorithms is the use of event-triggered techniques to circumvent some limitations that arise when performing state reconstruction with sparse signals.

Non-invasive Spoofing Attacks for Anti-lock Braking Systems

Cryptographic Hardware and Embedded Systems - CHES 2013 Lecture Notes in Computer Science Volume 8086, 2013, pp 55-72, Aug 2013

This work exposes a largely unexplored vector of physical-layer attacks with demonstrated consequ... more This work exposes a largely unexplored vector of physical-layer attacks with demonstrated consequences in automobiles. By modifying the physical environment around analog sensors such as Antilock Braking Systems (ABS), we exploit weaknesses in wheel speed sensors so that a malicious attacker can inject arbitrary measurements to the ABS computer which in turn can cause life-threatening situations. In this paper, we describe the development of a prototype ABS spoofer to enable such attacks and the potential consequences of remaining vulnerable to these attacks. The class of sensors sensitive to these attacks depends on the physics of the sensors themselves. ABS relies on magnetic–based wheel speed sensors which are exposed to an external attacker from underneath the body of a vehicle. By placing a thin electromagnetic actuator near the ABS wheel speed sensors, we demonstrate one way in which an attacker can inject magnetic fields to both cancel the true measured signal and inject a malicious signal, thus spoofing the measured wheel speeds. The mounted attack is of a non-invasive nature, requiring no tampering with ABS hardware and making it harder for failure and/or intrusion detection mechanisms to detect the existence of such an attack. This development explores two types of attacks: a disruptive, naive attack aimed to corrupt the measured wheel speed by overwhelming the original signal and a more advanced spoofing attack, designed to inject a counter-signal such that the braking system mistakenly reports a specific velocity. We evaluate the proposed ABS spoofer module using industrial ABS sensors and wheel speed decoders, concluding by outlining the implementation and lifetime considerations of an ABS spoofer with real hardware.

Minimax Control For Cyber-Physical Systems under Network Packet Scheduling Attacks

Proceedings of the 2nd ACM international conference on High confidence networked systems, Apr 2013

The control of physical systems is increasingly being done by resorting to networks to transmit i... more The control of physical systems is increasingly being done by resorting to networks to transmit information from sensors to controllers and from controllers to actuators. Unfortunately, this reliance on networks also brings new security vulnerabilities for control systems. We study the extent to which an adversary can attack a physical system by tampering with the temporal characteristics of the network, leading to time-varying delays and more importantly by changing the order in which packets are delivered. We show that such attack can destabilize a system if the controller was not designed to be robust with respect to an adversarial scheduling of messages. Although one can always store delayed messages in a buffer so as to present them to the control algorithm in the order they were sent and with a constant delay, such design is overly conservative. Instead, we design a controller that makes the best possible use of the received packets in a minimax sense. The proposed design has the same worst case performance as a controller based on a buffer but has better performance whenever there is no attack or the attacker does not play the optimal attack strategy.

Input-output robustness for discrete systems

Graph-based Approach for Software Allocation in Automotive Networked Embedded Systems: A Partition-and-Map Algorithm

Forum on specification & Design Languages, Sep 2013

Complex automotive networked embedded systems require novel algorithms for exploring different d... more Complex automotive networked embedded systems
require novel algorithms for exploring different design decisions
at early stages of the design flow. The problem of allocating the
software components on electronic control units lies at the core
of these design decisions. This paper formalizes this allocation
problem using graph theory. The proposed formalism allows the
designer to use a wide variety of graph-theoretic optimization
algorithms, which are capable of minimizing more than one
criterion simultaneously. The proposed algorithm is then shown,
by means of numerical examples, to give the same answer as
mathematical optimization but is 15 times faster in computation
time.

MPC-on-Chip in Application of Automotive Active Suspension System

Book, LAP LAMBERT Academic Publishing , Jul 2011

Applying a computationally intensive control algorithm inside an embedded time-safety-critical ap... more Applying a computationally intensive control algorithm inside an embedded time-safety-critical application represents a Cyber-Physical challenge. This book applies Generalized Predictive Control on automotive active suspension system. The main objective of any automotive active suspension system is to achieve an acceptable behavior, i.e., ride comfort, over a range of working frequencies while minimizing the exerted energy. Book's objective is to proof the ability of using time-consuming advanced control algorithms on time-safety-critical embedded applications while satisfying tight real-time constraints.Matrix operations consume a large portion of the overall execution time of the online computation of the controller. A hardware co-processor based on a set of systolic arrays is proposed to meet real-time constraints. The proposed computing system is then integrated inside an ARM-based embedded platform using the state-of-the-art CAP9 technology. The proposed computation system is verified to meet real-time constraints over wide range of tuning parameters.

Distributed Dynamic Scheduling of Controller Area Network Messages for Networked Embedded Control Systems

International Federation of Automatic Control (IFAC) World Congress, Jul 2011

This paper presents an online, dynamic, and distributed message scheduling of communication pack... more This paper presents an online, dynamic, and distributed message scheduling of
communication packets over the controller area network (CAN) bus. Using online, dynamic, and
distributed scheduling of messages, one can obtain better temporal characteristics for networked
embedded control systems. The scheduling algorithm is implemented as a hardware unit which
is augmented to the communication controller on all of the communicating nodes in the system.
This insures minimum change in the current platforms used in CAN-based control applications
like those found heavily in automotive and aerospace applications. We provide a number of
experiments held over a physical CAN bus for controlling an automotive active suspension
system and showing the effect of the proposed scheduling implementation on the quality of the
control loop.