Chris Berg (SYSGO) Ingo Nickles (Vector), Winfried, Schroeder (Vector)
How to Develop a Mixed-critical AUTOSAR Adaptive ECU with Safety and Security by Design
The next evolutionary steps in the automobile are: Automatic driving, Car-2-X and dynamic deployment of apps. This means strong performance, high reliability and availability, secure over-the-air update and security by design. AUTOSAR Adaptive targets to provide such a required flexibility. This flexibility however raises the bar for the integration approaches on both sides: safety and security. We present a mixed-critical AUTOSAR adaptive system, both at application and OS level. We present a safe and secure architecture with built in spatial and temporal separation between AUTOSAR adaptive applications to enable safe and secure deployment. We show usage of mechanism enabling by AUTOSAR Adaptive required dynamics, e.g. separating startup phase and runtime, scheduling with fixed time windows (as opposed to purely priority-based approaches), pinning of processes on CPU cores, pre-defined access to files and service discovery, execution of only authenticated code and certain APIs. In this presentation we will present how mixed-critical AUTOSAR adaptive systems is implemented in practice and how the resilience of these systems can be demonstrated, e.g. with attack path and threat analyses. We demonstrate an approach how to integrate existing and legacy automotive software within AUTOSAR adaptive context, e.g. automotive applications, Linux, complex device drivers, communication management, SOME/IP, managers for complex hardware/co-processors, health monitoring, crypto servers.