Evaluation of an Adaptive AUTOSAR System in Context of Functional Safety Environments

Massoud, Mostafa

08 November 2017

The rapidly evolving technologies in the automotive industry have been defining new challenges, setting new goals and consenting to more complex systems. This steered the AUTOSAR community toward the independent development of the AUTOSAR Adaptive Platform with the intention of addressing and serving the demands defined by the new technology drivers. The use of an already existing software based on an open-source development - specifically GNU/Linux - was recognized as a matching candidate fulfilling the requirements defined by AUTOSAR Adaptive Platform as its operating system. However, this raises new challenges in addressing the safety aspect and the suitability of its implementation in safety-critical environments. As safety standards do not explicitly handle the use of open-source software development, this thesis proposes a tailoring procedure that aims to match the requirements defined by ISO 26262 for a possible qualification of GNU/Linux. And while very little is known about the behavior specification of GNU/Linux to appropriate its use in safety-critical environments, the outlined methodology seeks to verify the specification requirements of GNU/Linux leveraging its claimed compliance to the POSIX standard. In order to further use GNU/Linux with high pedigree of certainty in safety-critical applications, a software partitioning mechanism is implemented to provide control over the resource consumption of the operating system –specifically computation time and memory usage- between different criticality applications in order to achieve Freedom from Interference. The implementation demonstrates the ability to avoid interference concerning required resources of safety-critical applications.

Adaptives AUTOSAR

Open Source Entwicklungsumgebungen

Eingebettetes Linux

AUTOSAR Adaptive Platform

Open Source Development Environments

Embedded Linux

Functional Safety (ISO 26262)

ddc:004

Informatik

AUTOSAR

Open Source

LINUX

AUTOSARLang: Threat Modeling and Attack Simulation for Vehicle Cybersecurity

Girmay Mesele, Asmelash

January 2018

The rapid growth and development of the Information and Communications Technology attract many industries including the automotive industry. Since the last four decades, the automotive engineering has been impacted by the Information Technology. Nowadays, modern vehicles are being designed with up to hundreds of electronic control units (ECUs) and be able to communicate with other vehicles, infrastructure, and other things via wireless networks and sensors. For such in-vehicle networks, serial bus systems like CAN bus, LIN bus, FlexRay, and MOST are standardized. Parallel to this, the automotive industry vendors designed and standardized automotive open systems architecture (AUTOSAR) software platform. AUTOSAR has two main standards - the classical platform and adaptive platform. The classical platform (CP) is designed for the current embedded ECUs, whereas the adaptive platform (AP) is being designed for the future intelligent ECUs. The intelligent AP ECU constitute many multi-processing processors and Ethernet to realize the future autonomous vehicles.On the other hand, automotive industries shall ensure “safety first” in their design and regard it as part of their market feature. Directly or indirectly, the safety of the modern connected vehicles is related to their cybersecurity. Today, cybersecurity professionals are conducting researches to bring remarkable solutions to the sophisticated cyberattacks. One approach of cybersecurity solution is to make a cyber threat modeling and attack simulations. Example, meta-attack-language (MAL) is a threat modeling and attack simulation language, which is designed to make domain-specific threat analysis.In this study, potential assets of an automotive vehicle with AP ECUs are identified. Then, threats of each identified asset are collected from different literature. With both inputs, a cyber threat model is written using MAL. Finally, validation of the model is made with a simulation language. Consequently, modern vehicle with AP ECUs is modeled and simulated.This study contributes four important things - list of potential assets that AP running vehicle constitutes, collected list of threats of the identified assets, validated cyber threat model, and simulation test cases for each potential attack paths in the model. / Den snabba tillväxten och utvecklingen av informations- och kommunikationstekniken lockar många‌ branscher, däribland bilindustrin. Sedan de senaste fyra decennierna har automotive engineering påverkats av informationstekniken. Numera är moderna fordon utformade med upp till hundratals elektroniska styrenheter (ECU) och kan kommunicera med andra fordon, infrastruktur och andra saker via trådlösa nätverk och sensorer. För sådana inbyggda nätverk är seriella bussystem som CAN-buss, LIN-buss, FlexRay och MOST standardiserade. Parallellt med detta har automotive-leverantörerna utformat och standardiserat automatsystem för öppna systemarkitekturer (AUTOSAR). AUTOSAR har två huvudstandarder - den klassiska plattformen och den adaptiva plattformen. Den klassiska plattformen (CP) är utformad för nuvarande inbyggda ECU, medan den adaptiva plattformen (AP) är utformad för framtida intelligenta ECU. Den intelligenta AP-enheten utgör många processorer och Ethernet för att förverkliga de framtida autonoma fordonen. Bilindustrin ska å andra sidan säkerställa "säkerhet först" i sin design och betrakta den som en del av deras marknadsfunktion. Direkt eller indirekt är säkerheten hos moderna anslutna fordon relaterad till sin cybersäkerhet. Idag genomför cybersecurity-proffs för att få anmärkningsvärda lösningar på de sofistikerade cyberattackarna. Ett tillvägagångssätt för cybersecurity-lösningen är att göra en modellering av cyberhot och attack simuleringar. Exempel, meta-attack-language (MAL) är ett hot modellerings-och attack simuleringsspråk, som är utformat för att göra domänspecifik hotanalys. I denna studie identifieras potentiella tillgångar i ett fordonsbil med AP-ECU. Därefter samlas hot av varje identifierad tillgång från olika litteratur. Med båda ingångarna skrivs en cyber-hotmodell med MAL. Slutligen görs validering av modellen med ett simuleringsspråk. Följaktligen modelleras och simuleras moderna fordon med AP-ECU. Denna studie bidrar till fyra viktiga saker - en lista över potentiella tillgångar som AP-körfordon utgör, samlad lista över hot av identifierade tillgångar, validerad cyberhot-modell och simuleringsprovfall för varje potentiell attackvägar i modellen.

vehicular cybersecurity

threat model

attack simulation

AUTOSAR Adaptive Platform

vehicular cybersecurity

hot modell

attack simulering

AUTOSAR Adaptiv plattform

Engineering and Technology

Teknik och teknologier

Evaluation of an Adaptive AUTOSAR System in Context of Functional Safety Environments

Massoud, Mostafa

21 September 2017

The rapidly evolving technologies in the automotive industry have been defining new challenges, setting new goals and consenting to more complex systems. This steered the AUTOSAR community toward the independent development of the AUTOSAR Adaptive Platform with the intention of addressing and serving the demands defined by the new technology drivers. The use of an already existing software based on an open-source development - specifically GNU/Linux - was recognized as a matching candidate fulfilling the requirements defined by AUTOSAR Adaptive Platform as its operating system. However, this raises new challenges in addressing the safety aspect and the suitability of its implementation in safety-critical environments. As safety standards do not explicitly handle the use of open-source software development, this thesis proposes a tailoring procedure that aims to match the requirements defined by ISO 26262 for a possible qualification of GNU/Linux. And while very little is known about the behavior specification of GNU/Linux to appropriate its use in safety-critical environments, the outlined methodology seeks to verify the specification requirements of GNU/Linux leveraging its claimed compliance to the POSIX standard. In order to further use GNU/Linux with high pedigree of certainty in safety-critical applications, a software partitioning mechanism is implemented to provide control over the resource consumption of the operating system –specifically computation time and memory usage- between different criticality applications in order to achieve Freedom from Interference. The implementation demonstrates the ability to avoid interference concerning required resources of safety-critical applications.

info:eu-repo/classification/ddc/004

ddc:004

Informatik; AUTOSAR; Open Source; LINUX