Safe and Secure UDS-Based Flash Programming Via CAN Bus

The bootloader is a firmware that helps update the application program of a microcontroller unit. In the automotive industry, a safe and secure bootloader must be implemented considering the standards that ensure the quality control of the system. In this paper, the development of a UDS bootloader via CAN bus was described according to the automotive standard ISO 26262 and automotive SPICE by using an adaptation of the V-model development cycle and considering the following sections: requirements, architecture, design and implementation, testing, and integration. For the system validation, software and system tests were executed in a controlled environment. The next step involves the execution of tests using an automotive environment.ITESO, A. C

Automatically Learning Formal Models from Autonomous Driving Software

The correctness of autonomous driving software is of utmost importance, as incorrect behavior may have catastrophic consequences. Formal model-based engineering techniques can help guarantee correctness and thereby allow the safe deployment of autonomous vehicles. However, challenges exist for widespread industrial adoption of formal methods. One of these challenges is the model construction problem. Manual construction of formal models is time-consuming, error-prone, and intractable for large systems. Automating model construction would be a big step towards widespread industrial adoption of formal methods for system development, re-engineering, and reverse engineering. This article applies active learning techniques to obtain formal models of an existing (under development) autonomous driving software module implemented in MATLAB. This demonstrates the feasibility of automated learning for automotive industrial use. Additionally, practical challenges in applying automata learning, and possible directions for integrating automata learning into the automotive software development workflow, are discussed

A Comprehensive Safety Engineering Approach for Software-Intensive Systems Based on STPA

Formal verification and testing are complementary approaches which are used in the development process to verify the functional correctness of software. However, the correctness of software cannot ensure the safe operation of safety-critical software systems. The software must be verified against its safety requirements which are identified by safety analysis, to ensure that potential hazardous causes cannot occur. The complexity of software makes defining appropriate software safety requirements with traditional safety analysis techniques difficult. STPA (Systems-Theoretic Processes Analysis) is a unique safety analysis approach that has been developed to identify system hazards, including the software-related hazards. This paper presents a comprehensive safety engineering approach based on STPA, including software testing and model checking approaches for the purpose of developing safe software. The proposed approach can be embedded within a defined software engineering process or applied to existing software systems, allow software and safety engineers integrate the analysis of software risks with their verification. The application of the proposed approach is illustrated with an automotive software controller

ROS2 versus AUTOSAR: automated PARKING system case-study

Vehicles are complex systems as they combine several engineering disciplines, such as mechanical, electric, electronic, software and telecommunication. In the last decades, most innovations in the automotive domain have been achieved as a combination of electronics and software. Consequently, the software development and deployment has resulted a highly sophisticated engineering process to manage and to integrate. With the introduction of artificial intelligence, automated driving has become a reality. However it has additionally increased the requirements on the system design. One widely accepted approach to manage complexity is to divide the system into subsystems through a well-defined architecture. The architecture of an autonomous system must be suitable to guarantee that the self-driving functionality remains safe in a broad range of operational domains. The challenge is how to design the architecture of the system to be reliable and resilient to changing context. The automotive industry has well established standards and development practices, but it is open to explore and integrate solutions from other domains like Internet of Things and Robotics. In the area of autonomous systems, the capabilities of the robotics middleware ROS2 have been used for prototyping purposes. It is an open question whether ROS2 is suitable for automotive safety relevant applications. This master thesis addresses this challenge through evaluating the possible application of ROS2 in the automotive domain. The development consists of implementing an architecture for an autonomous driving function case-study, an Automated Parking System, which adapts to its context by switching between different operational modes. The Automated Parking System has been implemented and validated in a simulation environment. The experiment results show which benefits bring ROS2 compared with the automotive standardised architecture AUTOSAR

Requirements to Models of Automotive Software: Application to the Automatic Park Assist function

International audienceIn the software development lifecycle, errors and flaws can be introduced in the different phases and lead to failures. Establishing a set of functional requirements helps producing safe software. However, ensuring that the (being) developed software is compliant with those requirements is a challenging task due to the lack of automatic and formal means to lead this verification. In this paper, we present our approach that aims at analysing a collection of automotive requirements by using formal methods. The proposed approach for formal verification is evaluated by the application to the Automatic Park Assist (APA) function

Safety-related challenges and opportunities for GPUs in the automotive domain

GPUs have been shown to cover the computing performance needs of autonomous driving (AD) systems. However, since the GPUs used for AD build on designs for the mainstream market, they may lack fundamental properties for correct operation under automotive's safety regulations. In this paper, we analyze some of the main challenges in hardware and software design to embrace GPUs as the reference computing solution for AD, with the emphasis in ISO 26262 functional safety requirements.Authors would like to thank Guillem Bernat from Rapita Systems for his technical feedback on this work. The research leading to this work has received funding from the European Re-search Council (ERC) under the European Union's Horizon 2020 research and innovation programme (grant agreement No. 772773). This work has also been partially supported by the Spanish Ministry of Science and Innovation under grant TIN2015-65316-P and the HiPEAC Network of Excellence. Jaume Abella has been partially supported by the Ministry of Economy and Competitiveness under Ramon y Cajal postdoctoral fellowship number RYC-2013-14717. Carles Hernández is jointly funded by the Spanish Ministry of Economy and Competitiveness and FEDER funds through grant TIN2014-60404-JIN.Peer ReviewedPostprint (author's final draft

Combined automotive safety and security pattern engineering approach

Automotive systems will exhibit increased levels of automation as well as ever tighter integration with other vehicles, traffic infrastructure, and cloud services. From safety perspective, this can be perceived as boon or bane - it greatly increases complexity and uncertainty, but at the same time opens up new opportunities for realizing innovative safety functions. Moreover, cybersecurity becomes important as additional concern because attacks are now much more likely and severe. However, there is a lack of experience with security concerns in context of safety engineering in general and in automotive safety departments in particular. To address this problem, we propose a systematic pattern-based approach that interlinks safety and security patterns and provides guidance with respect to selection and combination of both types of patterns in context of system engineering. A combined safety and security pattern engineering workflow is proposed to provide systematic guidance to support non-expert engineers based on best practices. The application of the approach is shown and demonstrated by an automotive case study and different use case scenarios.EC/H2020/692474/EU/Architecture-driven, Multi-concern and Seamless Assurance and Certification of Cyber-Physical Systems/AMASSEC/H2020/737422/EU/Secure COnnected Trustable Things/SCOTTEC/H2020/732242/EU/Dependability Engineering Innovation for CPS - DEIS/DEISBMBF, 01IS16043, Collaborative Embedded Systems (CrESt