A method includes: detecting a potential security breach associated with at least one component of a network environment; in response to detecting the potential security breach, determining a restorable state of the at least one component, wherein the restorable state is a state prior to the potential security breach; restoring the at least one component to the restorable state; and resuming operation of the at least one component of the network. Corresponding systems and computer program products are also disclosed.

A control apparatus includes a first controller configured to generate control signals for controlling an engine or other machine, a second controller configured to generate the control signals for controlling the machine, a transfer circuit, and an arbiter circuit. The transfer circuit is coupled between the machine and the controllers, and is configured to switch from a first state, where the transfer circuit passes the control signals from the first controller to the machine, to a second state, where the transfer circuit passes the control signals from the second controller to the machine, responsive to receiving a first failure signal from the first controller. The arbiter circuit includes three (or more) arbiters, and is configured to control the transfer circuit from the first state to the second state responsive to any two of the three arbiters generating second signals indicative of failure of the first controller.

Disclosed embodiments relate to perform operations for receiving and integrating a delta file in a vehicle. Operations may include receiving, at an Electronic Control Unit (ECU) in the vehicle, a delta file, the delta file comprising a plurality of deltas corresponding to a software update for software on the ECU and startup code for executing the delta file in the ECU; executing the delta file, based on the startup code, in the ECU; and updating memory addresses in the ECU to correspond to the plurality of deltas from the delta file.

A monitoring device is mounted in each of a plurality of operational systems constituting a fault-tolerant system. The plurality of operational systems have an identical configuration including a processor system. The monitoring device includes a processor. The processor executes instruction to read data from a predetermined storage area in a memory of an accessory device to be monitored, connected to the processor system. The processor further executes instruction to compare the read data with reference data held in advance. The processor further executes instruction to separate the processor system connected to the accessory device to be monitored from the fault-tolerant system when the read data is different from the reference data.

A method and an apparatus for controlling packet transmission and a network functions virtualization (NFV) system, where the method includes determining, by a control device, at least two target service processing units and at least one associated service processing unit, where packets of a target service need to be transmitted to the at least two target service processing units through the at least one associated service processing unit, a first target service processing unit in the at least two target service processing units is configured to perform, on packets of the target service, service processing corresponding to a first software version, and a second target service processing unit in the at least two target service processing units is configured to perform, on packets of the target service, service processing corresponding to a second software version; and sending first control information according to a preset first threshold.

A subsea production system for producing fluids from a subsea well in a subsea field. The production system includes a production facility and a production umbilical connecting the subsea well with the production facility. The production system also includes a control system for controlling production from the subsea well. The control system includes a first redundant master control station system (redundant MCS) at a first location, the redundant MCS capable of controlling production from the subsea well. The control system also includes a second redundant MCS at a second location, the second redundant MCS capable of controlling production from the subsea well. The redundant MCSs are synchronized to keep the same electronic data at both locations and to prevent conflicts in control signals from the redundant MCSs.

Disclosed embodiments relate to performing updates to Electronic Control Unit (ECU) software while an ECU of a vehicle is operating. Operations may include receiving, at the vehicle while the ECU of the vehicle is operating, a software update file for the ECU software; writing, while the ECU is operating, the software update file into a first memory location in a memory of the ECU while simultaneously executing a code segment of existing code in a second memory location in the memory of the ECU; and updating a plurality of memory addresses associated with the memory of the ECU based on the software update file and without interrupting the execution of the code segment currently being executed in the second memory location in the memory of the ECU.

A system and method for monitoring processors operating in lockstep to detect mismatches in pending pipelined instructions being executed by the processors. A lockstep monitor implemented in hardware is provided to detect the mismatches in the pending pipelined instructions executing on the lockstep processors and to initiate an auto-recovery operation at the processors if a mismatch is detected.

A redundant processing system with profile-based monitoring is disclosed. In embodiments, the redundant system includes two or more redundant lanes, each lane having equivalent processing components. In a testing state, template processors and hardware monitoring sensors are connected to a selected trusted lane and input vectors submitted thereto; the hardware sensors characterize the response of the selected lane and the resulting testing data compiled into system templates. In an operational environment, the template processors send challenges based on the input vectors to each of the redundant lanes in real time, collecting response data from each lane via identical sets of monitoring sensors. The template processors correlate the response data with the corresponding system templates, identifying anomalous lanes and system anomalies based on discorrelations between the response data and the system templates.

A method tests a plurality of devices, each device including a test chain having a plurality of positions storing test data. The testing includes comparing test data in a last position of the test chain of each of the devices. The test data in the test chains of the devices is shifted forward by one position. The shifting includes writing test data in the last position of a test chain to a first position in the test chain. The comparing and the shifting are repeated until the test data in the last position of each test chain when the testing is started is shifted back into the last position of the respective test chain. The plurality of devices may have a same structure and a same functionality.