Connected cars call for safety islands
If there is one place where connectivity is driving major changes in embedded-systems it is in automotive.
Though the electronic control units (ECUs) in automobiles have made use of fieldbus-class networks to reduce the amount of cabling needed inside each vehicle for many years, the rapidly increasing functionality of automated driver-assistance systems (ADAS) introduces new classes of risk that result from that connectivity. The challenge that vehicle design teams now face is not just that of ensuring the software and hardware they create meet safety standards such as ISO 26262 but that they are protected from malicious changes that may compromise those hard-won safety features.
A white paper from Siemens Digital Industries Software describes an approach that can deal with the issue of automotive systems being hacked remotely through wireless connections or by more intrusive schemes that rely on physical access: the safety island.
Conventionally, safety mechanisms built into an automotive systems are distributed and to a large extent passive: they do not take direct action over the system’s function at a high level but just feed test and analytics data to other controllers or perform corrections that for the most part are invisible. Examples are built-in self test (BIST) modules or the lock-step controllers used to monitor redundant processor cores.
Using the Tessent MissionMode controller together with an embedded processor, these disparate and distributed safety functions can be brought under one umbrella, to form a safety island. This safety island can ensure tests are carried out at appropriate times. For example, non-destructive memory BIST can be performed in short bursts at times when it will not affect system performance, providing greater assurance compared to performing BIST only at startup. Other tests can be similarly scheduled to check system integrity and take corrective action if tampering is detected. This functionality can be augmented with the Tessent Embedded Analytics IP. This provides for the ability to insert real-time monitors into the SoC that can check for a variety of problems, ranging from parametric issues such as temperature extremes to the signatures of potential attacks coming from an I/O port or wireless subsystem.
The white paper argues: “The on-chip monitoring and analysis processes must be software controlled. A safety Island is a future-proof way of enabling this, as being software-driven, there is the ability to update how the safety is managed over the device’s life.”
Leave a Comment
You must be logged in to post a comment.