Software for Analysis of Automotive Ethernet Communication

Cílem této práce je implementovat systém, který interpretuje pakety z 100/1000BASE-T1 Automotive Ethernetu za pomocí běžného osobního počítače připojenému k převodníku médií z Automotive Ethernetu na běžný Ethernet. Především byly navrženy metody pro zachytávání paketů Automotive ethernetu, filtrování příchozí komunikace, interpretaci dat za pomocí Automotive Open System Architecture Extensible Markup Language a logování zachycených dat do různých formátů. Navržený systém je modulární a může být využit pro zpracování dat z grafického rozhraní, příkazového řádku Windows, Tcl konzole, nebo z jiného programu. Funkčnost systému byla testována v několika simulacích za použití simulátoru vestavěné řídicí jednotky.The aim of this work is to implement 100/1000BASE-T1 Automotive Ethernet packet interpreting system for a common personal computer connected to media converter from Automotive Ethernet device to conventional Ethernet. Especially, methods for Automotive packet capturing, filtering incoming communication, interpreting data with Automotive Open System Architecture Extensible Markup Language (AUTOSAR XML or ARXML), and logging of captured data to various formats are proposed. The designed system is modular, and it can be used from Graphical User Interface (GUI), Windows Command Prompt interface, Tcl console, or another program. The functionality of the system has been tested in several simulations using captured data from the Electronic Control Unit (ECU)

Time synchronization for an emulated CAN device on a Multi-Processor System on Chip

The increasing number of applications implemented on modern vehicles leads to the use of multi-core platforms in the automotive field. As the number of I/O interfaces offered by these platforms is typically lower than the number of integrated applications, a solution is needed to provide access to the peripherals, such as the Controller Area Network (CAN), to all applications. Emulation and virtualization can be used to implement and share a CAN bus among multiple applications. Furthermore, cyber-physical automotive applications often require time synchronization. A time synchronization protocol on CAN has been recently introduced by AUTOSAR. In this article we present how multiple applications can share a CAN port, which can be on the local processor tile or on a remote tile. Each application can access a local time base, synchronized over CAN, using the AUTOSAR Application Programming Interface (API). We evaluate our approach with four emulation and virtualization examples, trading the number of applications per core with the speed of the software emulated CAN bus.</p

Leveraging virtualization technologies for resource partitioning in mixed criticality systems

Multi- and many-core processors are becoming increasingly popular in embedded systems. Many of these processors now feature hardware virtualization capabilities, such as the ARM Cortex A15, and x86 processors with Intel VT-x or AMD-V support. Hardware virtualization offers opportunities to partition physical resources, including processor cores, memory and I/O devices amongst guest virtual machines. Mixed criticality systems and services can then co-exist on the same platform in separate virtual machines. However, traditional virtual machine systems are too expensive because of the costs of trapping into hypervisors to multiplex and manage machine physical resources on behalf of separate guests. For example, hypervisors are needed to schedule separate VMs on physical processor cores. Additionally, traditional hypervisors have memory footprints that are often too large for many embedded computing systems. This dissertation presents the design of the Quest-V separation kernel, which partitions services of different criticality levels across separate virtual machines, or sandboxes. Each sandbox encapsulates a subset of machine physical resources that it manages without requiring intervention of a hypervisor. In Quest-V, a hypervisor is not needed for normal operation, except to bootstrap the system and establish communication channels between sandboxes. This approach not only reduces the memory footprint of the most privileged protection domain, it removes it from the control path during normal system operation, thereby heightening security

Securing Safety Critical Automotive Systems

In recent years, several attacks were successfully demonstrated against automotive safety systems. The advancement towards driver assistance, autonomous driving, and rich connectivity make it impossible for automakers to ignore security. However, automotive systems face several unique challenges that make security adoption a rather slow and painful process. Challenges with safety and security co-engineering, the inertia of legacy software, real-time processing, and memory constraints, along with resistance to costly security countermeasures, are all factors that must be considered when proposing security solutions for automotive systems. In this work, we aim to address those challenges by answering the next questions. What is the right safety security co-engineering approach that would be suitable for automotive safety systems? Does AUTOSAR, the most popular automotive software platform, contain security gaps and how can they be addressed? Can an embedded HSM be leveraged as a security monitor to stop common attacks and maintain system safety? When an attack is detected, what is the proper response that harmonizes the security reaction with the safety constraints? And finally, can trust be established in a safety-critical system without violating its strict startup timing requirements? We start with a qualitative analysis of the safety and security co-engineering problem to derive the safety-driven approach to security. We then apply the approach to the AUTOSAR classic platform to uncover security gaps. Using a real automotive hardware environment, we construct security attacks against AUTOSAR and evaluate countermeasures. We then propose an HSM based security monitoring system and apply it against the popular CAN masquerading attack. Finally, we turn to the trust establishment problem in constrained devices and offer an accelerated secure boot method to improve the availability time by several factors. Overall, the security techniques and countermeasures presented in this work improve the security resilience of safety-critical automotive systems to enable future technologies that require strong security foundations. Our methods and proposed solutions can be adopted by other types of Cyber-Physical Systems that are concerned with securing safety.Ph.D.College of Engineering & Computer ScienceUniversity of Michigan-Dearbornhttps://deepblue.lib.umich.edu/bitstream/2027.42/152321/1/Ahmad Nasser Final Thesis (1).pdfDescription of Ahmad Nasser Final Thesis (1).pdf : Dissertatio

Visualization of Crash Channel Assignments in a Tabular Form

Passive safety systems try to lessen the effects of an accident. Airbags are a passive safety feature. They are designed to protect occupants of a vehicle during a crash. These systems have to be configured correctly in order to deploy airbags at the right time in case of a collision. Airbag application tools are used to simulate and interpret crashes. Some factors influence when an airbag should deploy. Based on different parameters, the logic for firing airbags is also different. Under every circumstance, an airbag has to be deployed at the right time in order to prevent injuries and fatalities. During the process of simulation, the data which is simulated is written to a database. During interpretation, this data is extracted from the database. Then, the required information can be analyzed and interpreted for further use. This data contains crash related information. For example, the type of crash, crash code and crash channel assignments. For every crash present in the airbag project, crash channels are assigned to the sensors. Each sensor present has a crash channel assigned to it. This is called the crash channel assignment. An airbag application tool is developed to show the crash channel assignments. This tool should handle the information extraction, and visualization of crash channel assignments. The final output should be in a tabular format, which includes user specific customizations

CACO3 synthesis from residual exhaust CO2 embedded control system

El objetivo y la hipótesis de este documento versan sobre una solución de costo moderado, de sencillo mantenimiento y de demanda de pocos recursos del vehículo para sintetizar CaCO3 a partir de una reacción química del CO2, H2O condensada del aire ambiental y un elemento reactivo base de CaO2. El subproducto CaCO3 es reciclable o desechable. En la sección de diseño de arquitectura, se ha propuesto el empleo de un sistema de Desarrollo de Microchip Inc., basado en el MCU PIC18F46K22 (DM164134), de 8 bits. En el subsistema de hardware se definen los componentes principales que corresponden a una plataforma embebida con un número definido de I/Os digitales y la posibilidad de interconectar a un sensor de temperatura y humedad relativa de 4 hilos, asimismo una etapa de salida de potencia para poder accionar un arreglo de celdas Peltier para producir condensación de humedad por algoritmo de error con el punto de rocío, una cámara de reacción donde se encontrará la muestra del material reactivo ( CaO2) y se combinará con H2O y CO2. El subsistema de software propone el diseño basado en capas (modelo OSI), donde en la capa de HAL de desarrollan drivers para el bus SPI de 4 hilos para el sensor de temperatura (SHT11), un segundo bus SPI para el control de la pantalla OLED integrada. En la capa de aplicación se propone módulo de manejo de gráficos en la pantalla OLED, módulo de manejo del sensor de temperatura con funciones de cálculo de traducción de protocolo, cálculo de punto de rocío y control discreto de actuadores de arreglo Peltier y un posible actuador de ingreso/purga de humedad. Se elige como plataforma de Desarrollo el IDE MPLAB V8.90, el compilador CCS V4.75 que tiene como ventaja la implementación rápida de un RTOS nativo, configurable a pre-emptive o colaborativo, y las herramientas ICD3 y PICkit3 que permiten programación y depuración en tiempo real y en circuito.Consejo Nacional de Ciencia y Tecnologí

Ein mehrschichtiges sicheres Framework für Fahrzeugsysteme

In recent years, significant developments were introduced within the vehicular domain, evolving the vehicles to become a network of many embedded systems distributed throughout the car, known as Electronic Control Units (ECUs). Each one of these ECUs runs a number of software components that collaborate with each other to perform various vehicle functions. Modern vehicles are also equipped with wireless communication technologies, such as WiFi, Bluetooth, and so on, giving them the capability to interact with other vehicles and roadside infrastructure. While these improvements have increased the safety of the automotive system, they have vastly expanded the attack surface of the vehicle and opened the door for new potential security risks. The situation is made worse by a lack of security mechanisms in the vehicular system which allows the escalation of a compromise in one of the non-critical sub-systems to threaten the safety of the entire vehicle and its passengers. This dissertation focuses on providing a comprehensive framework that ensures the security of the vehicular system during its whole life-cycle. This framework aims to prevent the cyber-attacks against different components by ensuring secure communications among them. Furthermore, it aims to detect attacks which were not prevented successfully, and finally, to respond to these attacks properly to ensure a high degree of safety and stability of the system.In den letzten Jahren wurden bedeutende Entwicklungen im Bereich der Fahrzeuge vorgestellt, die die Fahrzeuge zu einem Netzwerk mit vielen im gesamten Fahrzeug verteile integrierte Systeme weiterentwickelten, den sogenannten Steuergeräten (ECU, englisch = Electronic Control Units). Jedes dieser Steuergeräte betreibt eine Reihe von Softwarekomponenten, die bei der Ausführung verschiedener Fahrzeugfunktionen zusammenarbeiten. Moderne Fahrzeuge sind auch mit drahtlosen Kommunikationstechnologien wie WiFi, Bluetooth usw. ausgestattet, die ihnen die Möglichkeit geben, mit anderen Fahrzeugen und der straßenseitigen Infrastruktur zu interagieren. Während diese Verbesserungen die Sicherheit des Fahrzeugsystems erhöht haben, haben sie die Angriffsfläche des Fahrzeugs erheblich vergrößert und die Tür für neue potenzielle Sicherheitsrisiken geöffnet. Die Situation wird durch einen Mangel an Sicherheitsmechanismen im Fahrzeugsystem verschärft, die es ermöglichen, dass ein Kompromiss in einem der unkritischen Subsysteme die Sicherheit des gesamten Fahrzeugs und seiner Insassen gefährdet kann. Diese Dissertation konzentriert sich auf die Entwicklung eines umfassenden Rahmens, der die Sicherheit des Fahrzeugsystems während seines gesamten Lebenszyklus gewährleistet. Dieser Rahmen zielt darauf ab, die Cyber-Angriffe gegen verschiedene Komponenten zu verhindern, indem eine sichere Kommunikation zwischen ihnen gewährleistet wird. Darüber hinaus zielt es darauf ab, Angriffe zu erkennen, die nicht erfolgreich verhindert wurden, und schließlich auf diese Angriffe angemessen zu reagieren, um ein hohes Maß an Sicherheit und Stabilität des Systems zu gewährleisten

Towards a Common Software/Hardware Methodology for Future Advanced Driver Assistance Systems

The European research project DESERVE (DEvelopment platform for Safe and Efficient dRiVE, 2012-2015) had the aim of designing and developing a platform tool to cope with the continuously increasing complexity and the simultaneous need to reduce cost for future embedded Advanced Driver Assistance Systems (ADAS). For this purpose, the DESERVE platform profits from cross-domain software reuse, standardization of automotive software component interfaces, and easy but safety-compliant integration of heterogeneous modules. This enables the development of a new generation of ADAS applications, which challengingly combine different functions, sensors, actuators, hardware platforms, and Human Machine Interfaces (HMI). This book presents the different results of the DESERVE project concerning the ADAS development platform, test case functions, and validation and evaluation of different approaches. The reader is invited to substantiate the content of this book with the deliverables published during the DESERVE project. Technical topics discussed in this book include:Modern ADAS development platforms;Design space exploration;Driving modelling;Video-based and Radar-based ADAS functions;HMI for ADAS;Vehicle-hardware-in-the-loop validation system