Isolation of redundant and mixed-critical automotive applications: effects on the system architecture

Future automotive systems, with Advanced Driving Assistance Systems and Autonomous Driving functionalities, will require fail-operational electronic systems. To achieve that, redundancy is a necessary technique, like in many other fields such as aviation. Moreover the applications have different safety requirements, from safety-critical related applications, for example for the driver replacement domain, to QoS-oriented applications, for example for the infotainment domain. Redundancy in mixed-criticality systems can be solved by physically separating system resources or by using isolated virtualized environments with e.g. hypervisors. There are costs associated to both solutions. In this work we describe a novel model we use to characterize a mixed-criticality automotive system and the analysis steps to obtain quantified metrics. The quantified metrics include cost, failure probability, total functional and communication loads, and total cable length, to compare the different solutions from a system-level perspective. We analyse the same set of mixed-criticality applications that represent a simplified automotive system in four scenarios. The architecture topology is either domain-based or zone-based, and we use either physical separation or virtualization to provide isolation. The obtained results show how the model and the analysis allows us to understand the trade-offs between the different solutions in specific applications scenarios, and how to vary the metrics used in the analysis to adapt to a different applications scenario.

[1]  Lars Reger The EE architecture for autonomous driving a domain-based approach , 2017 .

[2]  Alexandr Murashkin,et al.  Automated Decomposition and Allocation of Automotive Safety Integrity Levels Using Exact Solvers , 2015 .

[3]  Kai Lampka,et al.  Using Hypervisor Technology for Safe and Secure Deployment of High-Performance Multicore Platforms in Future Vehicles , 2019, 2019 26th IEEE International Conference on Electronics, Circuits and Systems (ICECS).

[4]  Kees G. W. Goossens,et al.  A Generic Method for a Bottom-Up ASIL Decomposition , 2018, SAFECOMP.

[5]  Selma Saidi,et al.  Future automotive systems design: research challenges and opportunities: special session , 2018, CODES+ISSS.

[6]  Pierre Lucas,et al.  VOSYSmonitor, a TrustZone-based Hypervisor for ISO 26262 Mixed-critical System , 2018, 2018 23rd Conference of Open Innovations Association (FRUCT).

[7]  Tino Sommer,et al.  Domain Control Units - the Solution for Future E/E Architectures? , 2010 .

[8]  Dominik Reinhardt,et al.  An embedded hypervisor for safety-relevant automotive E/E-systems , 2014, Proceedings of the 9th IEEE International Symposium on Industrial Embedded Systems (SIES 2014).

[9]  Kees Goossens,et al.  Component-Level ASIL Decomposition for Automotive Architectures , 2019, 2019 49th Annual IEEE/IFIP International Conference on Dependable Systems and Networks Workshops (DSN-W).

[10]  M. Nirmala Devi,et al.  Hypervisor for consolidating real-time automotive control units: Its procedure, implications and hidden pitfalls , 2018, J. Syst. Archit..