Is Europe in the Driver's Seat? The Competitiveness of the European Automotive Embedded Systems Industry

This report is one of a series resulting from a project entitled ¿Competitiveness by Leveraging Emerging Technologies Economically¿ (COMPLETE), carried out by JRC-IPTS. Each of the COMPLETE studies illustrates in its own right that European companies are active on many fronts of emerging and disruptive ICT technologies and are supplying the market with relevant products and services. Nevertheless, the studies also show that the creation and growth of high tech companies is still very complex and difficult in Europe, and too many economic opportunities seem to escape European initiatives and ownership. COMPLETE helps to illustrate some of the difficulties experienced in different segments of the ICT industry and by growing potential global players. This report reflects the findings of a study conducted by Egil Juliussen and Richard Robinson, two senior experts from iSuppli Corporation on the Competitiveness of the European Automotive Embedded Software industry. The report starts by introducing the market, its trends, the technologies, their characteristics and their potential economic impact, before moving to an analysis of the competitiveness of the corresponding European industry. It concludes by suggesting policy options. The research, initially based on internal expertise and literature reviews, was complemented with further desk research, expert interviews, expert workshops and company visits. The results were ultimately reviewed by experts and also in a dedicated workshop. The report concludes that currently ICT innovation in the automotive industry is a key competence in Europe, with very little ICT innovation from outside the EU finding its way into EU automotive companies. A major benefit of a strong automotive ICT industry is the resulting large and valuable employment base. But future maintenance of automotive ICT jobs within the EU will only be possible if the EU continues to have high levels of product innovation.JRC.DDG.J.4-Information Societ

Context-aware Security for Vehicles and Fleets: A Survey

Vehicles are becoming increasingly intelligent and connected. Interfaces for communication with the vehicle, such as WiFi and 5G, enable seamless integration into the user’s life, but also cyber attacks on the vehicle. Therefore, research is working on in-vehicle countermeasures such as authentication, access controls, or intrusion detection. Recently, legal regulations have also become effective that require automobile manufacturers to set up a monitoring system for fleet-wide security analysis. The growing amount of software, networking, and the automation of driving create new challenges for security. Context-awareness, situational understanding, adaptive security, and threat intelligence are necessary to cope with these ever-increasing risks. In-vehicle security should be adaptive to secure the car in an infinite number of (driving) situations. For fleet-wide analysis and alert triage, knowledge and understanding of the circumstances are required. Context-awareness, nonetheless, has been sparsely considered in the field of vehicle security. This work aims to be a precursor to context-aware, adaptive and intelligent security for vehicles and fleets. To this end, we provide a comprehensive literature review that analyzes the vehicular as well as related domains. Our survey is mainly characterized by the detailed analysis of the context information that is relevant for vehicle security in the future

Applying Hypervisor-Based Fault Tolerance Techniques to Safety-Critical Embedded Systems

This document details the work conducted through the development of this thesis, and it is structured as follows: • Chapter 1, Introduction, has briefly presented the motivation, objectives, and contributions of this thesis. • Chapter 2, Fundamentals, exposes a series of concepts that are necessary to correctly understand the information presented in the rest of the thesis, such as the concepts of virtualization, hypervisors, or software-based fault tolerance. In addition, this chapter includes an exhaustive review and comparison between the different hypervisors used in scientific studies dealing with safety-critical systems, and a brief review of some works that try to improve fault tolerance in the hypervisor itself, an area of research that is outside the scope of this work, but that complements the mechanism presented and could be established as a line of future work. • Chapter 3, Problem Statement and Related Work, explains the main reasons why the concept of Hypervisor-Based Fault Tolerance was born and reviews the main articles and research papers on the subject. This review includes both papers related to safety-critical embedded systems (such as the research carried out in this thesis) and papers related to cloud servers and cluster computing that, although not directly applicable to embedded systems, may raise useful concepts that make our solution more complete or allow us to establish future lines of work. • Chapter 4, Proposed Solution, begins with a brief comparison of the work presented in Chapter 3 to establish the requirements that our solution must meet in order to be as complete and innovative as possible. It then sets out the architecture of the proposed solution and explains in detail the two main elements of the solution: the Voter and the Health Monitoring partition. • Chapter 5, Prototype, explains in detail the prototyping of the proposed solution, including the choice of the hypervisor, the processing board, and the critical functionality to be redundant. With respect to the voter, it includes prototypes for both the software version (the voter is implemented in a virtual machine) and the hardware version (the voter is implemented as IP cores on the FPGA). • Chapter 6, Evaluation, includes the evaluation of the prototype developed in Chapter 5. As a preliminary step and given that there is no evidence in this regard, an exercise is carried out to measure the overhead involved in using the XtratuM hypervisor versus not using it. Subsequently, qualitative tests are carried out to check that Health Monitoring is working as expected and a fault injection campaign is carried out to check the error detection and correction rate of our solution. Finally, a comparison is made between the performance of the hardware and software versions of Voter. • Chapter 7, Conclusions and Future Work, is dedicated to collect the conclusions obtained and the contributions made during the research (in the form of articles in journals, conferences and contributions to projects and proposals in the industry). In addition, it establishes some lines of future work that could complete and extend the research carried out during this doctoral thesis.Programa de Doctorado en Ciencia y Tecnología Informática por la Universidad Carlos III de MadridPresidente: Katzalin Olcoz Herrero.- Secretario: Félix García Carballeira.- Vocal: Santiago Rodríguez de la Fuent

Collision warning design in automotive head-up displays

Abstract. In the last few years, the automotive industry has experienced a large growth in the hardware and the underlying electronics. The industry benefits from both Human Machine Interface (HMI) research and modern technology. There are many applications of the Advanced Driver Assistant System (ADAS) and their positive impact on drivers is even more. Forward Collision Warning (FCW) is one of many applications of ADAS. In the last decades, different approaches and tools are used to implement FCW systems. Current Augmented Reality (AR) applications are feasible to integrate in modern cars. In this thesis work, we introduce three different FCW designs: static, animated and 3D animated warnings. We test the proposed designs in three different environments: day, night and rain. The designs static and animated achieve a minimum response time 0.486 s whereas the 3D animated warning achieves 1.153 s

Safety Kernel for cooperative sensor-based systems

Tese de mestrado em Segurança Informática, apresentada à Universidade de Lisboa, através da Faculdade de Ciências, 2013Os sistemas críticos, usados em indústrias como a aeroespacial, aeronáutica ou automóvel, requerem novas soluções tecnológicas para responder à constante procura por novas funcionalidades que respondam aos novos desafios do futuro, tornando-se cada vez mais complexos. Estes sistemas necessitam, contudo, de respeitar elevados e rígidos requisitos, não só em termos de segurança na operação e fiabilidade, mas também em termos de requisitos de tamanho, peso e consumo energético. Arquiteturas tradicionais usadas no desenho deste tipo de sistemas críticos baseiam a segurança na operação possibilidade de provar, em tempo de desenvolvimento, que o sistema garante a previsibilidade necessária. Contudo, o aparecimento de novas tecnologias acarreta um aumento na complexidade das aplicações usadas, o que torna o objetivo de provar a sua fiabilidade uma tarefa árdua ou mesmo impossível, limitando as funcionalidades passíveis de serem integradas nestes sistemas. Por exemplo, o aparecimento de comunicações sem fios abriu um novo mundo de oportunidades: a mesma poderia permitir um conjunto de veículos comunicar e cooperar mutuamente para atingir um objetivo comum. Contudo, a incerteza que caracteriza este tipo de comunicações tem travado o desenvolvimento de aplicações passiveis de ser usados por sistemas críticos. Nesta tese, propomos uma arquitetura híbrida, constituída por componentes simples e previsíveis que coexistem com componentes complexos e imprevisíveis sem que isso, sem que essa coexistência ponha em causa as garantias de segurança na operação. A possibilidade de incluir novas aplicações, que façam uso de novas tecnologias, abre portas à introdução de novas funcionalidades em sistemas críticos, permitindo melhorar a performance e serviço prestado pelos sistemas atualmente existentes. A nossa arquitetura assenta num componente chamado Núcleo de Segurança (Safety Kernel), que tem como tarefa a monitorização dos requisitos de segurança e a gestão da configuração do sistema, assegurando-se que este se adapta às limitações observadas e que podem por em causa a segurança do sistema, evitando assim possíveis acidentes. Este documento descreve a arquitetura deste componente bem como a integração e interação do mesmo na arquitetura do sistema, apresentando a implementação de um protótipo do mesmo na arquitetura AIR - uma arquitetura baseada no conceito de compartimentação no espaço e tempo (CET) desenvolvida para sistemas aeroespaciais.Future safety-critical systems, used in, for example, the aerospacial, aeronautic and automotive industries, call for innovative computing architectures, with increased complexity. These systems must still cope with strict requirements, not only in terms of safety and reliability, but also in terms of size, weight and power consumption (SWaP). Traditional approaches used in the design of such critical systems, rely on proving and guaranteeing, at design time, the safety and predictability of their applications. However, with the emergence of new technological solutions and the increase of the complexity of applications, it gets harder or even infeasible to prove their safety by design, limiting the scope and possible features to include in such systems. For instance, the use of wireless communications opens a new world of possibilities: it may be used to develop smart vehicles that cooperate with each other to achieve some common goal. However, due to its uncertainty, the development of such applications for safety-critical systems turns out to be a challenging task. In this thesis, we propose a hybrid architecture, in which simple and predictable components coexist with complex and unpredictable ones, without compromising safety, despite the unavoidable uncertainty. The inclusion of complex components into safetycritical systems allows the emergence of new applications that provide new features or that improve the existing ones. Furthermore, we want to deal with the uncertainty that characterizes wireless communications and provide mechanisms which allow systems to cooperate with each other in a safe way. We rely on a component called Safety Kernel, in charge of monitoring and managing the runtime configuration of the system, forcing it to adapt to faults and runtime constraints in order to avoid hazardous situations. We describe the architecture and role of such Safety Kernel, and how they interact with other components in the system architecture, including the functional components of the control system. Finally we present a prototype implementation of such Safety Kernel over AIR, an architecture based on the concept of Time- and Space Partitioning (TSP) developed for aerospace systems

Reservation-based mechanisms for Mixed-Criticality Two-Wheeler Instrumentation Clusters

Electronics completely transformed the automotive industry as early vehicles were purely composed by mechanical components but the current reality is quite different. The growing acceptance for embedded electronics devices led to a significant increase in the number of microcontroller-based functions embedded in vehicles. With this increase, customer’s safety concerns raised. To ensure customers safety from the use of Electrical and Electronic (E/E) automotive equipment and systematic failures, Original Equipment Manufacturers (OEMs) and their suppliers must comply with standards such as ISO 26262, the road vehicles functional safety standard. ISO 26262 provides regulations and recommendations for the product development process. When the critical road functionalities are regarded as hard real-time, that shall complete within the defined time boundaries, coexist in an environment with soft and non real-time tasks (e.g., multimedia and connectivity activities) the system designer must use an approach to ensure that no critical activity is jeopardized in order to avoid hazardous events. To cope with the coexistence of activities with different time boundaries and criticality within the same system, this work proposes the implementation of uniprocessor reservation-based mechanisms, namely the Constant Bandwidth Server (CBS) and the Capacity Sharing and Stealing (CSS), in a real-time operating system for scheduling non-critical activities without jeopardizing the apriori guarantee of critical activities. Both schedulers use the concept of server, a task holder where a fraction of the processor bandwidth is reserved for tasks, thus relaxing the need for knowing certain properties of the tasks such as the WCET. Both implementations are detailed and compared through the implementation of task sets where both types of tasks coexist.A eletrónica transformou por completo a indústria automotiva, os primeiros veículos eram puramente compostos por componentes mecânicos, mas atualmente a realidade é significativamente diferente. O aumento da aceitação de dispositivos eletrónicos levou a um crescimento exponencial do número de funções baseadas em microcontroladores embutidos em veículos. E com este aumento, as preocupações relativas à segurança por parte dos clientes aumentaram. Para garantir a segurança de falhas sistemáticas e de falhas provenientes do uso excessivo de componentes Elétricos e Eletrónicos (E/E) de um veículo, tanto os Original Equipment Manufacturers (OEMs) como os seus fornecedores tem que cumprir com standards como por exemplo o ISO 26262, standard referente à segurança funcional de veículos rodoviários. O ISO 26262 apresenta os regulamentos e recomendações presentes em todo o processo de desenvolvimento do produto. Quando as funcionalidades críticas tambem são consideradas como hard real-time, que tem que dar resposta a estimulos externos dentro dos limites temporaris definidos, coexistem no mesmo ambiente com tarefas soft e non real-time (por exemplo, atividades de multimídia e conectividade), o system designer tem que usar abordagens especificas para continuar a garantir que nenhuma atividade hard seja comprometida, evitando assim possiveis consequencias catastróficas. Para fazer face à coexistência de atividades com difrentes niveis de criticalidade e limitações temporais dentro do mesmo sistema, este trabalho propõe a implementação de mecanismos baseados em reservas de partes de utilização do processador, nomeadamente o Constant Bandwidth Server (CBS) e o Capacity Sharing and Stealing (CSS), num sistema operativo de tempo-real para escalonar atividades não críticas sem comprometer a garantia apriori de tarefas criticas. Ambos os escalonadores usam o conceito de servidores dedicados, onde uma fração da largura de banda do processador é reservada para tarefas, relaxando assim a necessidade de conhecer certas propriedades das tarefas, como o WCET. Ambas as implementações são detalhadas e comparadas através da implementação de um conjunto de testes onde os dois tipos de tarefas coexistem

A REFERENCE ARCHITECTURE OF HUMAN CYBER PHYSICAL SYSTEMS PART I: CONCEPTUAL STRUCTURE

We propose a reference architecture of safety-critical or industry-critical human cyber-physical systems (CPSs) capable of expressing essential classes of system-level interactions between CPS and humans relevant for the societal acceptance of such systems. To reach this quality gate, the expressivity of the model must go beyond classical viewpoints such as operational, functional, architectural views and views used for safety and security analysis. The model does so by incorporating elements of such systems for mutual introspections in situational awareness, capabilities, and intentions in order to enable a synergetic, trusted relation in the interaction of humans and CPSs, which we see as a prerequisite for their societal acceptance. The reference architecture is represented as a metamodel incorporating conceptual and behavioral semantic aspects. We illustrate the key concepts of the metamodel with examples from smart grids, cooperative autonomous driving, and crisis manage