© DEEDS – OS Course WS11/12Lecture 13 – OS Dependability and Fault Tolerance 1

Administrative issues

Lab 5

Friday, Feb. 10th 13:00-15:00 (and 15:00-17:00)

Registration (mandatory!):os-lab@deeds.informatik.tu-darmstadt.de

Assessing AUTOSAR:Inside future automotive

software

Part of the lecture“OS Dependability and Fault Tolerance”

© DEEDS – OS Course WS11/12Lecture 13 – OS Dependability and Fault Tolerance 3

AUTOSAR Architecture

AUTOSAR is

Standardized software architecture

Layered

Component- / composition-based

© DEEDS – OS Course WS11/12Lecture 13 – OS Dependability and Fault Tolerance 4

AUTOSAR Architecture

AUTOSAR is

Standardized software architecture

Layered

Component- / composition-based

© DEEDS – OS Course WS11/12Lecture 13 – OS Dependability and Fault Tolerance 5

Areas of Research

Motivation: AUTOSAR / automotive systems are Safety-relevant Security-relevant

Robustness Evaluation Fault injection Error propagation analysis

Security TestingRobustness and Security Enhancers

Run-time monitoring

Flexible instrumentation with injectors and detectors required

© DEEDS – OS Course WS11/12Lecture 13 – OS Dependability and Fault Tolerance 6

Instrumentation of AUTOSAR Components

Interface wrappersClone original interfaceHide original interfaceImplement added functionality in cloneCall original interface from clone

Data flow

Interface ABSW-C

ASW-C

B

Composition Example

ExampleAUTOSAR

model

© DEEDS – OS Course WS11/12Lecture 13 – OS Dependability and Fault Tolerance 7

Instrumentation of AUTOSAR Components

AUTOSAR model

SW-C

ASW-C

B

Runtime Environment (RTE)

Basic Software (BSW)

ECU 1 ECU 2Network (CAN)

Data flow

Interface ABSW-C

ASW-C

B

Composition Example

AUTOSAR implementation:•Varied data flow paths•Mixed black-box and white-box components

© DEEDS – OS Course WS11/12Lecture 13 – OS Dependability and Fault Tolerance 8

Challenges

FlexibilityDifferent locations in SW stackVariety of applications (FI, monitoring, etc.)

Grey-box system, mixesBlack-box componentsWhite-box components

Systematic and automatic

Tool-independent

Vendor-independent

© DEEDS – OS Course WS11/12Lecture 13 – OS Dependability and Fault Tolerance 9

Student Projects

Instrumentation Framework (Paul Manns) AUTOSAR model (ARXML) as input Configuration on the model level (vs. implementation level) Supports Application and RTE layers Instrumentation of .c-files, .h-files, .o-files (black-box, grey-

box, white-box)

Instrumenting BSW components (Manuel Pütz) BSW description not part of ARXML Different granularity Monitor and inject (sub-)system-wide

© DEEDS – OS Course WS11/12Lecture 13 – OS Dependability and Fault Tolerance 10

Student Projects

Fault Injection Framework (Michael Tretter) Development of a generic, adaptive FI framework High degree of abstraction Wide variety of fault-models Proof-of-concept for AUTOSAR

Security Testing (Jannik Kappes) Vulnerability analysis and classification Current approaches (Koscher’10, Checkoway’11) target

external attack surfaces complex, undirected Testing at component level allows for finer granularity

© DEEDS – OS Course WS11/12Lecture 13 – OS Dependability and Fault Tolerance 11

Outlook

Assessment of AUTOSAR 4 safety features:

Mixed criticality systemsMemory partitioning / protectionUser- / supervisor-modes

Deterministic timing of SW componentsDetect and control timing violationsPrevent their propagation

Control-flow monitoringBased on Watchdog and checkpoints

We offer seminar and thesis works in these areas