Euroforum 2015 final
-
Upload
visteon-corporation -
Category
Automotive
-
view
130 -
download
0
Transcript of Euroforum 2015 final
EUROFORUM Elektroniksysteme im Automobil - Copyright Visteon Corporation 2015
Dipl.-Ing. Harald SchöppVisteon Corporation
Integration vs. Separation:Improved Security through Integration
of Electrical Domains
EUROFORUM Elektroniksysteme im Automobil - Copyright Visteon Corporation 2015
Overview
• Integration vs. Separation – the ever lasting challenge
• Improved Security – based on state-of-the-art multicore architectures
• Implementation Example
EUROFORUM Elektroniksysteme im Automobil - Copyright Visteon Corporation 2015
The Connected Car – Forcing Challenges
• During the past decade, the focus has been on the development ofin-vehicle networking and integration inside dedicated domains
• No significant SW or HW architecture change in the last decade• The SW monolith continues to grow in size and has become hardly manageable• Connectivity has been added to the system but the architecture remains the same• The vehicle is connected to the Internet but is not part of the Cloud
• The current decade is focused on the development of the Connected Car and its varying aspects. All in-vehicle functions and features will interact with the Cloud
• Increasing integration and usability forces the abolishment of domain boundaries – at least at an ECU level
• New technological foundations are required
EUROFORUM Elektroniksysteme im Automobil - Copyright Visteon Corporation 2015
Infotainment Architecture Evolution
1 DIN
- Fully Integrated -
Networked via MOST
- Distributed -
2 DIN
- Highly Integrated -
EUROFORUM Elektroniksysteme im Automobil - Copyright Visteon Corporation 2015
E/E Architecture Evolution
?Classical Architecture
- Strongly Fragmented -
Domain Architecture
- Higher Integration Inside Domains
What is next?
EUROFORUM Elektroniksysteme im Automobil - Copyright Visteon Corporation 2015
Some Analogies …
Vision:Eye vs. Camera
Networking:
Nervous System vs. Vehicle Network
Processing:
Brain vs.Computing Unit
EUROFORUM Elektroniksysteme im Automobil - Copyright Visteon Corporation 2015
ALL Integrated Computing – The Solution ?
EUROFORUM Elektroniksysteme im Automobil - Copyright Visteon Corporation 2015
Critical Factors
Cross-domain Integration has to happen step by step:
• Consolidation of functions across domains reduce cost and redundancies
• Evolution and re-use: preserve what is proven mature
• Clear separation of safety critical and non-safety critical functions
• Manageability of complexity - parallelization
• Controlled updatability across domains
EUROFORUM Elektroniksysteme im Automobil - Copyright Visteon Corporation 2015
Instrument Cluster
Infotainment Head Unit
Connectivity Unit
Driver Assistance Systems
Domain Integration – Starting with Cockpit Controllers
EUROFORUM Elektroniksysteme im Automobil - Copyright Visteon Corporation 2015
Cockpit Evolution – Requirements
Driver Interaction Electronics
Cloud
HUD
Cluster
InfotainmentFusion
• Fuse driver information, infotainment, Cloud connectivity and driver assist into a single platform for higher integration and seamless HMI
• Reduce complexity with new system partitions across multiple domains, support parallel work streams
• Configure the system before SOP then maintain and enhance and control over lifecycle, preferablyvia the Cloud, safely and securely
• Prepare and adapt the vehicle infrastructure for assisted / highly autonomous driving
Fusion
EUROFORUM Elektroniksysteme im Automobil - Copyright Visteon Corporation 2015
• Mapping domains and application areas to individual cores of a multi-core Architecture
• Clear separation with controlled security
• Parallelizing of complexity
• Individual updateability
• One common HMI architecture,supporting a scalable number of displays
• Full system scalability from one to x cores
Driver Information
ASIL B
Infotain-ment
Unified Multi-User / Multi-Domain Capable HMI
Cloud
SensorFusion
ASIL B/C
ADAS
ASIL B
ADAS
ASIL B/C
HMIMultimedia
OEM AppsNavigation
ConsumerApps
RSEMgmt.
FirewallControl
GatewayCore
UpdateMmgt.
TrustedCore
Solution Proposal: Multi-Core Architecture – SmartCoreTM
EUROFORUM Elektroniksysteme im Automobil - Copyright Visteon Corporation 2015
Multiple Operation System with Graphics X-Tention: MOS.x
Multi Source/Multi Sink Audio/Video Compositor
Hardware Separation
DI
INTEGRITY
IVI
Linux
ADAS
QNX
Cloud
Android
MOSX HW
VMM
• Multiple OS running in its own HW space: “OS coexistence” with separation• Enable new system partitioning while creating parallel work streams• Multiple, independent video/graphics and audio stream management
System on Chip
EUROFORUM Elektroniksysteme im Automobil - Copyright Visteon Corporation 2015
Downscaling – Dual Core Solution
Multi Source/Multi Sink A/V Compositor
Hardware Separation
DI
QNX/INTEGRITY
IVI
Linux / QNX
MOSX HW
VMM
• Entry version: no modification required inside the segments
System on Chip
EUROFORUM Elektroniksysteme im Automobil - Copyright Visteon Corporation 2015
Multi-Level Security Concept - Mixed Criticality Smart Cores
Multi Source/Multi Sink Graphics Compositor
Hardware Separation
DI
INTEGRITY
IVI
Linux
System on Chip
ADAS
QNX
Cloud
Android
Non-Bypassable invocation of hardware virtualization capabilities enforces system separation.
Availability protected by fixed hardware resource assignment and signal routing.
MOSX
HW
VMM
Static defined information and data flow. Prevention of covert channels. Complete communication mediation.
Static Ownership of peripherals by one core with secured access
EUROFORUM Elektroniksysteme im Automobil - Copyright Visteon Corporation 2015
System Level Security - SmartCore
Hardware Separation
Application
OS
App Level
Kernel Level
VMM Level
SoC LevelSoC
Applications running in user mode
OS or it‘s core functions of the Kernel running in Supervisor mode
Configuration is done during boot time and protected byVMM mode.
Secure integration of hardware resources (SoC inherent)
EUROFORUM Elektroniksysteme im Automobil - Copyright Visteon Corporation 2015
System Level Security – Trusted Core
Hardware Separation
TEE/TPM
Over the air update
Secure Boot Secure StorageCrypto Key
Management
CryptoEngine
OEMBackend
INTEGRITY
DI
Linux
IVI
QNX
ADAS
Android
Cloud
ConsumerBackend
• TEE – Trusted Execution Environment
• TPM – Trusted Platform Module
• Compliance to trusted computing group and global platform specification
• Remote attestation for trusted connectivity
• Secure Boot establishes a chain of trust
• OEM has full control over vehicle
EUROFORUM Elektroniksysteme im Automobil - Copyright Visteon Corporation 2015
SmartCore™ - First Implementation
Cloud Connectivity Unit
ADAS ECU
Instrument Cluster
Four Separate Systems
The Past
Integrates driver information, ADAS, infotainment and Cloud connectivity with seamless HMI
Infotainment Head Unit
The Future
EUROFORUM Elektroniksysteme im Automobil - Copyright Visteon Corporation 2015
SmartCore™ – Entry Version
Integration of driver information and infotainment in the instrument cluster
Cluster Display
Steering Wheel Controls
EUROFORUM Elektroniksysteme im Automobil - Copyright Visteon Corporation 2015
Summary• Architectural evolution will dissolve
classical domain boundaries over time
• Multicore SoCs are an ideal architecture for a next integration level
• Clear separation on SoC level with managed security is a prerequisite
• Cloud connectivity presents another challenge with IT security
Driver Inform.
ASIL B
Integrity /
QNX
Infotain-ment
Linux/QNX
Cloud Services
Android/iOS
Security Gateway
&Firewall Control
Integrity / QNX
Intelligent Firewall Management
MOSX
VMM
Multi-Source Multi Sink A/V Compositor
Body Network
Overall security chain must be a joint effort of OEM, Tier1 and service provider