Assessment of static code generation for power control algorithms in smart inverters
| Thesis type | Master Thesis |
| Supervisor | Marius Biebel |
| Starting date | As soon as possible |
| Skills | LaTeX, Git, C, C++, optional Simulink Matlab, Static code analysis tools, AI supported code review tools |
| Language | English (preferred), German |
| Industry cooperation | not possible |
| Publish date |
Problem and context
Modern smart inverters use real time control MCUs / DSPs to implement power control algorithms like MPPT, grid synchronization, anti-islanding, phase locked loop through PWM etc. These algorithms are often implemented in C or C++ and run on embedded devices with limited resources. The development of these algorithms can be complex and time-consuming, especially when it comes to ensuring their correctness and performance as this code can not be developed in a try and error fashion as this would leed to expinsive and destructive hardware damage.
Therefore the development process for such devices is often model-based, where the control algorithms are designed and simulated in a high-level modeling environment like Simulink or Matlab. Once the design is finalized, the code is automatically generated from the model and deployed to the embedded device. This approach allows for rapid prototyping and testing of control algorithms, as well as easier maintenance and updates.
However, while this generated code deterministically implements the designed control algorithms, it may not be optimized for security constrains as C and C++ are not memory safe languages. This can lead to potential vulnerabilities in the generated code, such as buffer overflows or other memory-related issues, which could be exploited by attackers to compromise the security of the smart inverter.
Therefor this thesis focuses on assessing the security implications of using code generation for power control algorithms in smart inverters. The main challenges include analyzing the generated code for potential vulnerabilities, evaluating the security of the code generation process itself. Potential implementation approaches include analyzing the generated code for common vulnerabilities using static code analysis tools or ai supported code review tools, evaluating the security of the code generation process by reviewing the code generation templates and configurations, and proposing mitigation strategies such as implementing secure coding practices in the code generation process or using memory-safe programming languages for critical components of the generated code.
Goals
Goal of this thesis is to provide a comprehensive assessment of the security implications of using static code generation for power control algorithms in smart inverters, and to propose mitigation strategies to enhance the security of the generated code and the code generation process.
This thesis could also be piloted in a projectseminar format, where a reduced set of generated code from only one MCU supplier is analyzed. This would allow to pilot a potential methodology befor scaling it up to a full master thesis.
Literature
- 8Cage: Lightweight fault-based test generation for Simulink
- Large Language Models Versus Static Code Analysis Tools: A Systematic Benchmark for Vulnerability Detection
- 10.1109/IVMEM63006.2024.10659715
- Static Analysis Techniques for Embedded, Cyber-Physical, and Electronic Software Systems: A Comprehensive Survey
- Applying static code analysis on industrial controller code