Upload
damian-lee
View
214
Download
0
Embed Size (px)
Citation preview
© DEEDS – OS Course WS11/12Lecture 13 – OS Dependability and Fault Tolerance 1
Administrative issues
Lab 5
Friday, Feb. 10th 13:00-15:00 (and 15:00-17:00)
Registration (mandatory!):[email protected]
Assessing AUTOSAR:Inside future automotive
software
Part of the lecture“OS Dependability and Fault Tolerance”
© DEEDS – OS Course WS11/12Lecture 13 – OS Dependability and Fault Tolerance 3
AUTOSAR Architecture
AUTOSAR is
Standardized software architecture
Layered
Component- / composition-based
© DEEDS – OS Course WS11/12Lecture 13 – OS Dependability and Fault Tolerance 4
AUTOSAR Architecture
AUTOSAR is
Standardized software architecture
Layered
Component- / composition-based
© DEEDS – OS Course WS11/12Lecture 13 – OS Dependability and Fault Tolerance 5
Areas of Research
Motivation: AUTOSAR / automotive systems are Safety-relevant Security-relevant
Robustness Evaluation Fault injection Error propagation analysis
Security TestingRobustness and Security Enhancers
Run-time monitoring
Flexible instrumentation with injectors and detectors required
© DEEDS – OS Course WS11/12Lecture 13 – OS Dependability and Fault Tolerance 6
Instrumentation of AUTOSAR Components
Interface wrappersClone original interfaceHide original interfaceImplement added functionality in cloneCall original interface from clone
Data flow
Interface ABSW-C
ASW-C
B
Composition Example
ExampleAUTOSAR
model
© DEEDS – OS Course WS11/12Lecture 13 – OS Dependability and Fault Tolerance 7
Instrumentation of AUTOSAR Components
AUTOSAR model
SW-C
ASW-C
B
Runtime Environment (RTE)
Basic Software (BSW)
ECU 1 ECU 2Network (CAN)
Data flow
Interface ABSW-C
ASW-C
B
Composition Example
AUTOSAR implementation:•Varied data flow paths•Mixed black-box and white-box components
© DEEDS – OS Course WS11/12Lecture 13 – OS Dependability and Fault Tolerance 8
Challenges
FlexibilityDifferent locations in SW stackVariety of applications (FI, monitoring, etc.)
Grey-box system, mixesBlack-box componentsWhite-box components
Systematic and automatic
Tool-independent
Vendor-independent
© DEEDS – OS Course WS11/12Lecture 13 – OS Dependability and Fault Tolerance 9
Student Projects
Instrumentation Framework (Paul Manns) AUTOSAR model (ARXML) as input Configuration on the model level (vs. implementation level) Supports Application and RTE layers Instrumentation of .c-files, .h-files, .o-files (black-box, grey-
box, white-box)
Instrumenting BSW components (Manuel Pütz) BSW description not part of ARXML Different granularity Monitor and inject (sub-)system-wide
© DEEDS – OS Course WS11/12Lecture 13 – OS Dependability and Fault Tolerance 10
Student Projects
Fault Injection Framework (Michael Tretter) Development of a generic, adaptive FI framework High degree of abstraction Wide variety of fault-models Proof-of-concept for AUTOSAR
Security Testing (Jannik Kappes) Vulnerability analysis and classification Current approaches (Koscher’10, Checkoway’11) target
external attack surfaces complex, undirected Testing at component level allows for finer granularity
© DEEDS – OS Course WS11/12Lecture 13 – OS Dependability and Fault Tolerance 11
Outlook
Assessment of AUTOSAR 4 safety features:
Mixed criticality systemsMemory partitioning / protectionUser- / supervisor-modes
Deterministic timing of SW componentsDetect and control timing violationsPrevent their propagation
Control-flow monitoringBased on Watchdog and checkpoints
We offer seminar and thesis works in these areas