Automotive

PikeOS for software-defined vehicle security

25th March 2024
Sheryl Miles
0

Cars, trucks, and most other vehicles are increasingly becoming computers on wheels. This applies to combustion engines as well as electric cars.

In this article, José Almeida, Director Business Line Automotive, SYSGO, discusses the escalating demand for secure software in expanding car electronic systems, and highlights the criticality of guarding against safety issues, as well as the application requirements and the advantages of real-time operating systems (RTOS) with hypervisors, specifically SYSGO's PikeOS, covering automotive RTOS/hypervisor integration, virtualisation, and Edge to Cloud connectivity.

The majority of innovations in the automotive sector are based on software and electronics. Autonomous driving, sensors on many components, infotainment and virtual cockpits, assistance systems, voice control, internet connectivity, powertrain control such as for the engine, clutch, and transmission, and the networking of vehicles require a lot of software in today's vehicles.

Even the steering and brakes are highly software-controlled and partially automated. Whereas software used to be just a nice extra, modern vehicles can hardly function without it. The IT in the car is now a high-performance computer. Experts therefore also refer to software-defined vehicles (SDV).

Safety and Security are of central importance in SDVs and should not be negotiable

In addition to stability and performance, security plays a particularly important role in IT. This also applies to vehicles in particular. If cyber criminals attack the vehicle software via interfaces, there is not only a risk of losing data or money, but also a risk to life. If attackers manipulate the software in a modern vehicle, this can lead to sensor malfunctions and thus to the failure of important functions such as steering, brakes, assistance systems, lighting, locking, and other components. As many modern vehicles also have a Wi-Fi interface and often a cloud connection, there are numerous gateways for attackers.

Added to this are the functions offered by vehicle manufacturers to update the software in the vehicle ‘over the air’ via the Cloud or to control functions. Back in 2017, Tesla increased the range of its vehicles during a hurricane via remote updates. This is just one example of the far-reaching possibilities that can be controlled via software in vehicles. Vehicles can be tracked via GPS and manufacturers and owners can access vehicle functions remotely. These are also gateways for attackers and malicious code, against which vehicles must be protected.

The software-defined vehicle is the next evolutionary step in vehicle development

SDVs represent the next evolutionary stage in vehicle development. Today's vehicles contain millions of lines of code, well over a hundred software-controlled devices, applications for driving safety and comfort, sensors as well as services and functions that must protect vehicles from cybercriminals. The applications in the vehicle and, of course, the vehicle functions must function flawlessly, efficiently, independently, and very securely at all times.

Of course, it is very important that the individual components of the SDV do not interfere with each other. If a sensor does not work properly or if the software of a control unit crashes or is faulty, the impairment must not spread to other components and software areas under any circumstances. This also applies to robustness against cyber attacks. For example, if a hacker succeeds in remotely penetrating the vehicle's multimedia system, it must not be possible for them to access other systems from there. If a vehicle has a WLAN hotspot, it must of course not be possible for unauthorised persons to manipulate the software in the vehicle. In order to meet these requirements, the vehicle's software and ‘operating system’ must be designed and optimised for maximum Safety and Security, performance and stability. There can be no compromises here.

RTOS and hypervisor as a reliable foundation for the SDV

RTOSes are often used as the operating system in vehicles. There are various reasons for this. A real-time operating system (RTOS) specialises in completing tasks in specially defined time periods.

In contrast to operating systems in computers, ‘hangs’ or slow responses are not acceptable in SDVs. What's more, an RTOS must be able to perform certain tasks in a previously known and defined time. Static analyses of the code can be used to determine so-called Worst-Case Execution Times (WCET), which define the minimum execution times. Only a deterministically functioning and hard real-time capable RTOS can reliably meet the requirements for performance, stability, and safety in vehicles.

Like other operating systems, RTOSes are capable of multitasking and can perform several tasks simultaneously. In contrast to conventional operating systems, so-called General Purpose Operating Systems (GPOS), however, the times for processing the tasks are firmly defined and guaranteed. An RTOS can prioritise tasks and manage the resources in the vehicle so that there is always enough power available for urgent tasks.

Virtualisation plays just as important a role in vehicles as it does in data centres

Efficient RTOSs can be based on hypervisors that are able to separate applications from one another without any loss of functionality. This gives functions in the vehicle their own processing areas (so-called partitions) from which they cannot ‘escape’. The task and the necessary hardware and software are virtualised, similar to virtual computers. The advantages are obvious: here too, software is used that is maximally secure, fast, and optimised for operation in the SDV.

There is also the challenge that existing software components in the vehicle have to communicate with new interfaces. There must be no compromises in terms of performance, stability, safety, and security. This is where virtualisation comes into its own, as it enables simple expansion with any number of guest operating systems. What has been standard in corporate IT for years is also interesting and valuable in the vehicle. Virtualisation brings unprecedented flexibility to the system and at the same time offers compatibility and security that can hardly be achieved with hardware, or at least not with reasonable effort.

As an RTOS with hypervisor functionality virtualises many services, i.e., runs them on a software basis, significantly less hardware is required in the vehicle. This reduces weight, complexity, susceptibility to errors, and costs. It is even easier to update the components wirelessly ‘over the air’. Appropriate security measures ensure that cybercriminals have no chance of taking over the services. The new, binding UNECE R155 and R156 regulations even explicitly require a security architecture for software in cars in general and for gateways in particular. The automotive industry and its suppliers are currently preparing for this.

Another advantage of virtualised components is the fast start-up of vehicle components, bus systems, and other areas. Communication interfaces are available more quickly. The use of open source, such as Linux or Android, means that established technologies are used in which errors in the source code can be quickly identified and rectified. The lower license costs and the extensive security functions that are already available with Linux and Android are also advantageous.

Example of an RTOS: PikeOS offers maximum safety and security in SDV

PikeOS is a real-time operating system (RTOS) from SYSGO. The RTOS is based on a type 1 hypervisor that is capable of fully virtualising other operating systems, runtime environments, and applications on embedded hardware, including AUTOSAR Adaptive, Android, Linux, ROS, POSIX, and many more. In addition, PikeOS is ISO 26262 certified to the highest level ASIL-D. PikeOS is designed to enable companies to develop certifiable, intelligent devices with high quality and security standards. PikeOS can be used to implement lane departure warning systems, obstacle detection via LiDAR, reversing camera systems, digital cockpit/IVI, central gateways, and many other safety-critical applications.

One of the most important areas of PikeOS is the maximum cyber security that this solution offers, which is especially suitable for the automotive industry. This is why the operating system is often used for safety-critical systems in SDVs. The PikeOS Separation Kernel version 5.1.3 is certified according to Common Criteria (EAL5+). This in turn enables comparatively convenient and rapid certification in accordance with ISO 21434, which will be indispensable for cyber security in SDVs in the future.

Even the boot process is secured with this RTOS and communication runs via Transport Layer Security. In addition, important files are encrypted using the secure Certified File System (CFS). Important components include an integrated firewall, an intrusion detection system (IDS), and management of the entire software lifecycle. The IDS runs in a separate, secure partition of the system. This includes FIPS-certified communication with transport layer security and digitally signed updates. If an attacker nevertheless manages to penetrate the system, they remain isolated in the corresponding partition, with all other functions sealed off.

Secure automotive connectivity platform brings stability, performance, safety, and security to the SDV

PikeOS is optimised for secure data transmission in connected vehicles. The RTOS is part of the Secure Automotive Connectivity Platform (SACoP). This highly secure platform for communication between vehicles enables the use of various network technologies, including 4G/5G, Wi-Fi, Ethernet, and CAN. The platform supports various guest operating systems, including Linux or AGL and Android. The entire platform is increasingly geared towards providing maximum protection for critical in-vehicle communication and communication between vehicles.

In general, SACoP enables secure communication from vehicles to all possible systems. Performance is also not neglected thanks to multi-core support. As PikeOS is frequently used in avionics and is regularly certified at the highest level according to their standards, which sometimes have the strictest requirements for software-side security, automotive applications also benefit from these increased security requirements. PikeOS is also the first SIL-4 certified RTOS with multicore support.

As new functions are constantly being added in the automotive sector and model changes are imminent, the turnkey development platform offers a secure gateway. This is responsible for communication with the outside world, which must also be fast, stable, and very secure. The gateway has a robust routing system including the aforementioned firewall and intrusion detection. PikeOS shows what is currently possible with RTOS in SDV and how security in SDV is guaranteed with optimised components despite maximum performance and stability.

Edge2Cloud applications in software-defined vehicles

Edge2Cloud applications in software-defined vehicles enable the exchange of (safety-relevant) information between different vehicles. The advantage of data processing is used at the edge, i.e., exactly where the data is generated. In the case of SDVs, this is directly the respective vehicle or its sensors. The analysed data is then sent to the cloud, where it can also be used by other vehicles. These can also contribute to the information in the Cloud.

One example is pothole detection with LiDAR sensors. The vehicle sends information about potholes to a host, which can be used to create a map of the terrain. This map is used by other vehicles on the same route, which in turn also send information about potholes to the host. This creates a comprehensive map from which all road users can benefit. Edge2Cloud applications and the RTOS must guarantee the highest level of data security, data protection, and data quality. Existing regulations and compliance guidelines must be adhered to at all costs.

Edge2Cloud also makes it possible to monitor and control vehicles, distribute updates, and ensure that all devices, components, and sensors in the vehicle are functioning optimally. However, sensitive data must remain within the confines of the vehicle. International regulations for handling data are becoming increasingly complex. It is therefore important that the RTOS can provide Edge2Cloud flexibly while optimally complying with current data protection regulations. The system must be able to recognise important data and anonymise data records before they are sent to the cloud. PikeOS is ideal for Edge2Cloud use, as the RTOS is a cloud setup with enormous storage and computing potential. A device manager acts as a central orchestrator to ensure that every Edge device functions optimally and that communication flows run as smoothly as possible. The modular structure of the PikeOS Edge Platform also enables specialised partitions for different applications.

Conclusion

The requirements for a software-defined vehicle are diverse. However, one technical basis unites the requirements: a modern RTOS with an integrated hypervisor. This is where all relevant components can be mapped, safely and securely networked, and operated in a compatible manner.

If companies develop new features for the SDV, these components can be virtualised with the hypervisor in the RTOS and immediately linked with the necessary other components in the SDV. Without virtualisation, the integration of new functions would take much longer, the processes would be more complicated and also more expensive, as the hardware and software would first have to be adapted. A modern vehicle such as an SDV thrives on constant innovation and improvements. The operating system in these vehicles must be able to keep pace with this and at the same time ensure that occupants and other road users are protected in the best possible way.

Featured products

Product Spotlight

Upcoming Events

View all events
Newsletter
Latest global electronics news
© Copyright 2024 Electronic Specifier