Auflistung nach:
Auflistung Automotive - Safety & Security nach Erscheinungsdatum
1 - 10 von 40
Treffer pro Seite
Sortieroptionen
- KonferenzbeitragModellbasierte Sicherheitsanalysen im BMBF-Förderprojekt e performance(Automotive - Safety & Security 2012, 2012) Adler, Rasmus; Kemmann, Sören; Schurius, Markus; Allmann, ChristianDer Artikel behandelt aktuelle Herausforderungen, die in dem Spannungsfeld von Funktionaler Sicherheit und der Integration von softwareintensiven Fahrfunktionen bei verteilter Entwicklung entstehen. Er stellt Safety Engineering Methoden aus der Wissenschaft vor und beschreibt, wie diese Methoden erfolgreich in dem BMBF-Förderprojekt e performance angewendet wurden. In diesem Projekt entwickelt Audi mit mehreren Partnern aus Industrie und Forschung ein Elektrofahrzeug. Der Artikel schildert die zugrundeliegende Motivation, beschreibt das allgemeine Vorgehen und stellt erzielte Ergebnisse am Beispiel des elektrifizierten Antriebsstrangs vor.
- KonferenzbeitragRisk-based testing of Bluetooth functionality in an automotive environment(Automotive - Safety & Security 2012, 2012) Jakob, Felix; Kremer, Wolfgang; Schulze, Andreas; Großmann, Jürgen; Menz, Nadja; Schneider, Martin; Feudjio, Alain-Georges VouffoThis paper describes an approach for risk-based testing of Bluetooth functionality in an automotive environment, recently studied as part of the ITEA-2 research project DIAMONDS. In the past two decades the functionality of infotainment systems of a modern car increased in complexity. Based on the worldwide evolution towards an information age the driver requests permanently increasing number of functionalities for infotainment systems where the vehicle becomes a connected vehicle which is always on. For instance next generation infotainment systems will provide internet to the cabin and will have integrated of applications like Twitter and Facebook. These additional online services can be realized by integrating the driver's smartphone with the vehicle infotainment system whereby the phone becomes a logical part of the infotainment head unit. This intense integration of consumer mobile devices with the vehicle electronics and network can also have a negative impact on the security of the vehicle electronics. Even the safety level of the entire automotive system can be affected, which recent studies have shown [Ko10, Ko11]. With respect to these increasing security risks for connected vehicles and future telematics applications, efficient and structured methods are required to verify such systems concerning their robustness against security attacks. One important approach is a risk oriented model-based testing concept as developed in the research project DIAMONDS1. Within this project a case study has been defined by Dornier Consulting for the automotive domain focused on connected car applications such as the integration of mobile consumer devices with the in-vehicle network and electronics. Based on risk analysis a security related prioritization of messages is achieved, which enables a smart and efficient generation of the most relevant test scenarios. Using adapted security test generation methods based on known concepts, such as fuzzing of these pre-defined test scenarios, will then be used to generate the final set of test cases. This paper discusses the generation process for risk based security test cases using this model-based testing approach, which pays attention to the analysed security flaws. An approach that refers to the generation of test cases that will cover possible unknown flaws by integrating fuzzing methodologies will also be described. The practical implementation of this generation process will be demonstrated by Dornier Consulting's extended Model-Based Testing (MBT) framework do.ATOMS for industrial and commercial application.
- KonferenzbeitragIncreasing the reliability of single and multi core systems with software rejuvenation and coded processing(Automotive - Safety & Security 2012, 2012) Braun, Jürgen; Mottok, Jürgen; Miedl, Christian; Geyer, Dirk; Minas, MarkThe safety of electric vehicles has the highest priority because it helps contribute to customer confidence and thereby ensures further growth of the electromobility market. Therefore in series production redundant hardware concepts like dual core microcontrollers running in lock-step-mode are used to reach ASIL D safety requirements given from the ISO 26262. Coded processing is capable of reducing redundancy in hardware by adding diverse redundancy in software, e.g. by specific coding of data and instructions. A system with two coded processing channels is considered. One channel is active and one is in cold standby. When the active channel fails, the service is switched from the active channel to the standby channel. It is imaginable that the two channels with implemented coded processing are running with time redundancy on a single core or on a multi core system where for example different ASIL levels are partitioned on different cores. In this paper a redundant concept based on coded processing and software rejuvenation will be taken into account.
- KonferenzbeitragAutomotive safety and security from a supplier's perspective(Automotive - Safety & Security 2012, 2012) Klauda, MatthiasSichere (im Sinne von „safe“) Systeme im Automobil zu entwickeln und zu produzieren, ist seit Jahrzehnten etablierter Stand der Technik. In jüngster Vergangenheit wurde zur Umsetzung eines konsolidierten Ansatzes zur funktionalen Sicherheit in Straßenfahrzeugen eine neue Norm - die ISO 26262 - erarbeitet. Diese Norm trägt insbesondere den wachsenden Herausforderungen immer komplexerer Systeme und neuer Technologien Rechnung. Allerdings sind Teile der ISO26262 bewusst offen oder visionär formuliert, so dass für eine sinnvolle Um- setzung in vielen Fällen eine einheitliche Interpretation innerhalb der Automobilindustrie unabdingbar ist. Mit steigender Vernetzung der Fahrzeuge sowohl fahrzeugintern als auch mit der Umgebung (Car-2-X-Kommunikation) bietet das Automobil immer mehr An- griffspunkte für externe Attacken, so dass das Thema Automotive Security wachsende Bedeutung gewinnt. Einerseits gibt es sowohl bei den Entwicklungsprozessen als auch in der technischen Implementierung Synergien, andererseits aber auch konkurrierende Aspekte zwischen Safety und Security. Dies macht eine enge Zusammenarbeit zwischen diesen beiden Domänen notwendig, um mögliche Synergien zu heben sowie die konkurrierenden Aspekte beherrschen zu können. Zum anderen erscheint es sinnvoll, ein gemeinsames Branchenverständnis im Bereich der Security zu schaffen und hierdurch im Sinne der Sicherheit des Kunden erprobte Methoden und Konzepte branchenweit einheitlich zu etablieren.
- KonferenzbeitragIntegration von Formaler Verifikation und Test(Automotive - Safety & Security 2012, 2012) Comar, Cyrille; Kanig, Johannes; Moy, YannickÜblicherweise nehmen die Verifizierungsaufgaben, die von den branchenspezifischen Standards gefordert werden, einen großen Teil der Entwicklungskosten von kritischen Systemen ein. Diese Tendenz wird noch verstärkt, da die Entwicklung und Pflege einer großen Menge von funktionalen und Robustheitstests, für immer komplexer werdende Anwendungen, nötig ist. Die formale Verifikation ist ein Weg, diese Kosten zu reduzieren, und bietet dabei gleichzeitig mehr Garantien. Neuere Standards, wie der Avionik-Standard DO- 178C, erlauben die Verifizierung von Software durch formale Methoden. Im Hi-Lite Projekt streben wir die Integration von Test und formaler Verifikation für C- und Ada-Entwicklungen an. In diesem Artikel beschreiben wir die Bedingungen, unter welchen eine solche Integration die gleichen Garantien geben kann wie eine Verifikation ausschließlich durch Test. Wir beschreiben ebenfalls die Vorund Nachteile einer solchen Methode, mithilfe einer Datenbankapplikation als Fallstudie.
- KonferenzbeitragFreedom from interference for AUTOSAR-based ECUs: a partitioned AUTOSAR stack(Automotive - Safety & Security 2012, 2012) Haworth, David; Jordan, Tobias; Mattausch, Alexander; Much, AlexanderAUTOSAR1 is a standard for the development of software for embedded devices, primarily created for the automotive domain. It specifies a software architecture with more than 80 software modules that provide services to one or more software components. With the trend towards integrating safety-relevant systems into embedded devices, conformance with standards such as ISO 26262 [ISO11] or ISO/IEC 61508 [IEC10] becomes increasingly important. This article presents an approach to providing freedom from interference between software components by using the MPU2 available on many modern microcontrollers. Each software component gets its own dedicated memory area, a so-called memory partition. This concept is well known in other industries like the aerospace industry, where the IMA3 architecture is now well established. The memory partitioning mechanism is implemented by a microkernel, which integrates seamlessly into the architecture specified by AUTOSAR. The development has been performed as SEooC4 as described in ISO 26262, which is a new development approach. We describe the procedure for developing an SEooC.
- KonferenzbeitragEvolution of functional safety & security in AUTOSAR(Automotive - Safety & Security 2012, 2012) Schmerler, StefanAUTOSAR (AUTomotive Open System Architecture) is an open, international standard for the software architecture of automotive ECUs, which is commonly developed in an international consortium of several OEMs, tier1s, and software tool providers. Today, numerous series vehicles with AUTOSAR technology inside are on the road. Within the AUTOSAR standard, several concepts and mechanisms to support safety & security were developed and included in the design of the AUTOSAR software architecture and in the corresponding functionality of the AUTOSAR basic software modules. Starting with its release 4.0 published in December 2009, AUTOSAR included enhancements with respect to safety-related applications in the automotive domain. The safety-related functionality of AUTOSAR and the functional safety standard ISO 26262 have been developed in parallel with mutual stimulation. In relation to the described activities, an overview of the available safety & security functionality is shown and a brief description of the following concepts and specified mechanisms is provided: Built-in self-test mechanisms for detecting hardware faults (testing and monitoring), Run-time mechanisms for detecting software execution faults, e.g. program flow monitoring, Run-time mechanisms for preventing interference between software elements, e.g. memory partitioning for software components and time partitioning for software applications, Run-time mechanisms for protecting communication, e.g. end-to-end (E2E) communication protection, Run-time mechanisms for error handling, Crypto service manager, Crypto abstraction library. Based on market needs, AUTOSAR plans to enhance the existing safety & security mechanisms and to support new methods and features in the future. An overview of the planned concepts and a brief description of the following extensions is provided: Integrated end to end protection, Hardware test manager for tests at runtime, Guide for the utilization of crypto services, In addition to the decribed concepts in the field of software architecture, AUTOSAR also plans to introduce several process and methodology improvements, which support the development processes with respect to safety & security aspects. The major ideas of the new conecpts are discussed and a brief description of the following improvements is provided: Tracability within the AUTOSAR specification documents, Safety related extensions for the AUTOSAR methodology and templates, Signal qualifier concept.
- KonferenzbeitragISO 26262 - Tool chain analysis reduces tool qualification costs(Automotive - Safety & Security 2012, 2012) Slotosch, Oscar; Wildmoser, Martin; Philipps, Jan; Jeschull, Reinhard; Zalman, RafaelSoftware tools in safety related projects are indispensable, but also introduce risks. A tool error may lead to the injection or non-detection of a fault in the product. For this reason the safety norm for road vehicles, ISO 26262, requires determination of a tool confidence level for each software tool. In this paper we present a model-based approach to represent a tool chain, its potential errors and the counter-measures for these. In this model tools are not only error sources, but can also act as error sinks for other tools by providing appropriate checks and restrictions. The tool work flow in a project can be rearranged or extended to make the integrated tool chain safer than its parts and to reduce tool qualification costs greatly. The tool chain model not only identifies the critical tools, but also exposes very specific qualification requirements for these. The paper illustrates and augments this approach with experiences and results from an application to a real industrial automotive tool chain consisting of 37 tools.
- Editiertes Buch
- KonferenzbeitragExtraktion von Interthread-Kommunikation in eingebetteten Systemen(Automotive - Safety & Security 2012, 2012) Wittiger, Martin; Keul, SteffenMit der zunehmenden Verbreitung von Multicore-Rechnern werden Multicore-Architekturen auch in eingebetteten Systemen mehr und mehr Einzug halten. Zusätzlich zu den Schwierigkeiten der Softwareentwicklung für Singlecore-Plattformen müssen Software-Ingenieure somit die Herausforderungen bewältigen, bestehende Systeme zuverlässig und fehlerfrei auf Multicores zu portieren und dabei dennoch das Parallelisierungspotential möglichst effektiv zu nutzen. Bislang existiert kaum Werkzeugunterstützung, um diese Portierung in der Praxis durchzuführen. Unsere Ar- beit verfolgt das Ziel, Algorithmen und Werkzeuge zu entwickeln, die existierende Steuersoftware im Automotive-Bereich semi-automatisiert auf Multicore-Plattformen portieren können. In diesem Beitrag wird eine statische Analysetechnik vorgestellt, mit der aus dem Quelltext eines eingebetteten Systems Kommunikationsgraphen extrahiert werden können. Diese können verwendet werden, um Modifikationsbedarf in bestehender Software zu identifizieren, und eignen sich als Grundlage für die spä- tere Partitionierung. Die vorgestellten Algorithmen wurden prototypisch in unserer Programmanalyse-Toolsuite Bauhaus implementiert und ihre prinzipielle Tauglichkeit wurde durch Anwendung auf bestehende industrielle Softwaresysteme bestätigt.