Search Results

Future automotive systems will be connected with other vehicles and information systems for improved road safety, mobility and comfort. This new connectivity establishes data and command channels between the internal automotive system and arbitrary external entities. One significant issue of this paradigm shift is that formerly closed automotive systems now become open systems that can be maliciously influenced through their communication interfaces. This introduces a new class of security challenges for automotive design. It also indirectly impacts the safety mechanisms that rely on a closed-world assumption for the vehicle. We present a new security analysis approach that helps to identify and prioritize security issues in automotive architectures. The methodology incorporates a new threat classification for data flows in connected vehicle systems.

The automotive industry experiences a major change as vehicles are gradually becoming a part of the Internet. Security concepts based on the closed-world assumption cannot be deployed anymore due to a constantly changing adversary model. Automotive Ethernet as future in-vehicle network and a new E/E Architecture have different security requirements than Ethernet known from traditional IT and legacy systems. In order to achieve a high level of security, a new multi-layer approach in the vehicle which responds to special automotive requirements has to be introduced. One essential layer of this holistic security concept is to restrict non-authorized access by the deployment of embedded firewalls. This paper addresses the introduction of automotive firewalls into the next-generation domain architecture with a focus on partitioning of its features in hardware and software.

Advanced safety features and new services in connected cars depend on the security of the underlying vehicle functions. Due to the interconnection with the outside world and as a result of being an embedded system a modern vehicle is exposed to both, malicious activities as faced by traditional IT world systems as well as physical attacks. This introduces the need for utilizing hardware-assisted security measures to prevent both kinds of attacks. In this paper we present a survey of the different classes of hardware security devices and depict their different functional range and application. We demonstrate the feasibility of our approach by conducting a case study on an exemplary implementation of a function-on-demand use case. In particular, our example outlines how to apply the different hardware security approaches in practice to address real-world security topics. We conclude with an assessment of today’s hardware security devices.

Integration scenarios for ECU software become more complicated, as more constraints with regards to timing, safety and security need to be considered. Multi-core microcontrollers offer even more hardware potential for integration scenarios. To tackle the complexity, more and more model based approaches are used. Understanding the interaction between the different software components, not only from a functional but also from a timing view, is a key success factor for high integration scenarios. In particular for multi-core systems, an amazing amount of timing data can be generated. Usually a multi-core system handles more software functionality than a single-core system. Furthermore, there may be timing interference on the multicore systems, due to the shared usage of buses, memory banks or other hardware resources.

The infrastructure in modern cars is a heterogeneous and historically grown network of different field buses coupling different electronic control units (ECUs) from different sources. In the past years, the amount of ECUs in the network has rapidly grown due to the mushrooming of new functions which historically were mostly implemented on a one-ECU-per-function basis resulting in up to a hundred ECUs in fully equipped luxury cars. Additionally, new functions like parking assist systems or advanced chassis control functions are getting increasingly complex and require more computing power. These two facts add up to a complex challenge in development. The current trend to host several functions in single ECUs as integration platforms is one attempt to address this challenge. This trend is supported by the increased computing power of current and upcoming multi-core microcontrollers.

More electronic vehicle functions lead to an exponentially growing degree of software integration in automotive ECUs. We are seeing an increasing number of ECUs with mixed criticality software. ISO26262 describes different safety requirements, including freedom from interference and absence from error propagation for the software. These requirements mandate particular attention for mixed-criticality ECUs. In this paper we investigate the ability to guarantee that these safety requirements will be fulfilled by using established (deadline monitoring) and new error detection mechanisms (execution time monitoring). We also show how these methods can be used to build up safe and efficient schedules for today's and future automotive embedded real time systems with mixed criticality software.

The increasing complexity of automotive functions which are necessary for improved driving assistance systems and automated driving require a change of common vehicle architectures. This includes new concepts for E/E architectures such as a domain-oriented vehicle network based on powerful Domain Control Units (DCUs). These highly integrated controllers consolidate several applications on different safety levels on the same ECU. Hence, the functions depend on a strictly separated and isolated implementation to guarantee a correct behavior. This requires middleware layers which guarantee task isolation and Quality of Service (QoS) communication have to provide several new features, depending on the domain the corresponding control unit is used for. In a first step we identify requirements for a middleware in automotive DCUs. Our goal is to reuse legacy AUTOSAR based code in a multicore domain controller.

New technologies such as multi-core and Ethernet provide vastly improved computing and communications capabilities. This sets the foundation for the implementation of new digital megatrends in almost all areas: driver assistance, vehicle dynamics, electrification, safety, connectivity, autonomous driving. The new challenge: We must share these computing and communication capacities among all vehicle functions and their software. For this step, we need a good resource planning to minimize the probability of late resource bottlenecks (e.g. overload, lack of real-time capability, quality loss). In this article, we summarize the status quo in the field of resource management and provide an outlook on the challenges ahead.

Classic vehicle production had limitations in bringing the driving commands to the actuators for vehicle motion (engine, steering and braking). Steering columns, hydraulic tubes or steel cables needed to be placed between the driver and actuator. Change began with the introduction of e-gas systems. Mechanical cables were replaced by thin, electric signal wires. The technical solutions and legal standardizations for addressing the steering and braking systems, were not defined at this time. Today, OEMs are starting E/E-Architecture transformations for manifold reasons and now have the chance to remove the long hydraulic tubes for braking and the solid metal columns used for steering. X-by-wire is the way forward and allows for higher Autonomous Driving (AD) levels for automated driving vehicles. This offers new opportunities to design the vehicle in-cabin space. This paper will start with the introduction of x-by-wire technologies.

Autonomous driving systems and connected mobility are the next big developments for the car manufacturers and their suppliers during the next decade. To achieve the high computing power needs and fulfill new upcoming requirements due to functional safety and security, heterogeneous processor architectures with a mixture of different core architectures and hardware accelerators are necessary. To tackle this new type of hardware complexity and nevertheless stay within monetary constraints, high performance computers, inspired by state of the art data center hardware, could be adapted in order to fulfill automotive quality requirements. The European Processor Initiative (EPI) research project tries to come along with that challenge for next generation semiconductors. To be as close as possible to series development needs for the next upcoming car generations, we present a hybrid semiconductor system-on-chip architecture for automotive.

Introduction The introduction of Ethernet and Gigabit Ethernet [2] as the main invehicle network infrastructure is the technical foundation for different new functionalities such as piloted driving, minimizing the CO2- footprint and others. The high data rate of such systems influences also the used microcontrollers due the fact that a big amount of data has to be transferred, encrypted, etc. Figure 1 Motivation - Vehicles will become connected to uncontrolled networks The usage of Ethernet as the in-vehicle-network enables the possibility that future road vehicles are going to be connected with other vehicles and information systems to improve system functionality. These previously closed automotive systems will be opened up for external access (see Figure 1). This can be Car2X connectivity or connection to personal devices. Allowing vehicle systems to communicate with other systems that are not within their physical boundaries impose a previously non-existing security problem.

With the increasing complexity of electronic vehicle systems, one particular “gap” between function development and ECU integration becomes more and more apparent, and critical; albeit not new. The core of the problem is: as more functions are integrated and share the same E/E resources, they increasingly mutually influence and disturb each other in terms of memory, peripherals, and also timing and performance. This has two consequences: The amount of timing-related errors increases (because of the disturbance) and it becomes more difficult to find root causes of timing errors (because of the mutual influences). This calls for more systematic methods to deal with timing requirements in general and their transformation from function timing requirements to software architecture timing requirements in particular.

This paper explains why software for efficient model-based development is needed to improve the efficiency of automakers and suppliers when implementing solutions with next generation automotive embedded systems. The resulting synergies are an important contribution for the automotive industry to develop safer, smarter, and more eco-friendly cars. To achieve this, it requires implementations of algorithms for machine learning, deep learning and model predictive control within embedded environments. The algorithms’ performance requirements often exceed the capabilities of traditional embedded systems with a homogeneous multicore architecture and, therefore, additional computing resources are introduced. The resulting embedded systems with heterogeneous computing architectures enable a next level of safe and secure real-time performance for innovative use cases in automotive applications such as domain controllers, e-mobility, and advanced driver assistance systems (ADAS).

The current automotive electronic and electrical (EE) architecture has reached a scalability limit and in order to adapt to the new and upcoming requirements, novel automotive EE architectures are currently being investigated to support: a) an Ethernet backbone, b) consolidation of hardware capabilities leading to a centralized architecture from an existing distributed architecture, c) optimization of wiring to reduce cost, and d) adaptation of service-oriented software architectures. These requirements lead to the development of Zonal EE architectures as a possible solution that require appropriate adaptation of used security mechanisms and the corresponding utilized hardware trust anchors. 1 The current architecture approaches (ECU internal and in-vehicle networking) are being pushed to their limits, simultaneously, the current embedded security solutions also seem to reveal their limitations due to an increase in connectivity.

The trend towards even more sophisticated driver assistance systems and growing automation of driving sets new requirements for the robustness and availability of the involved automotive systems. In case of an error, today it is still sufficient that safety related systems just fail safe or silent to prevent safety related influence of the driving stability resulting in a functional deactivation. But the reliance on passive mechanical fallbacks in which the human driver taking over control, being inevitable in such a scenario, is expected to get more and more insufficient along with a rising degree of driving automation as the driver will be given longer reaction time. The advantage of highly or even fully automated driving is that the driver can focus on other tasks than controlling the car and monitoring it’s behavior and environment.

The development of highly automated driving functions (AD) recently rises the demand for so called Fail-Operational systems for native driving functions like steering and braking of vehicles. Fail-Operational systems shall guarantee the availability of driving functions even in presence of failures. This can also mean a degradation of system performance or limiting a system’s remaining operating period. In either case, the goal is independency from a human driver as a permanently situation-aware safety fallback solution to provide a certain level of autonomy. In parallel, the connectivity of modern vehicles is increasing rapidly and especially in vehicles with highly automated functions, there is a high demand for connected functions, Infotainment (web conference, Internet, Shopping) and Entertainment (Streaming, Gaming) to entertain the passengers, who should no longer occupied with driving tasks.