Top 5 System Software Considerations for Next-Generation ADAS: Page 4 of 6

May 14, 2015 //By Peter Hoogenboom, Green Hills Software
Top 5 System Software Considerations for Next-Generation ADAS
Next generation ADAS (with autonomous driving perhaps its ultimate manifestation) presents automotive application and system designers with a seemingly irreconcilable mix of safety certification, connected security, and cutting edge signal processing and graphics visualization requirements.  This article presents the top 5 system software considerations for OEMs, Tier-1s, and their suppliers looking to create successful ADAS software organizations, infrastructures, and products.
carefully consider systems software architecture to ensure it can scale to potentially any mix of safety-critical and high-end multimedia and signal processing workloads.

Going back for a moment to the ISO 26262 requirements: while ASIL D is the highest ISO 26262 defined safety level, not every component or subsystem in the car or even within a single component/SoC must meet this level.  ISO 26262 introduces the concept of ASIL decomposition via software partitioning. For example, an ASIL C subsystem can be composed of an ASIL B partition and an ASIL A partition, as long as the partitioning/freedom of interference can be adequately verified and the overall safety function of the subsystem can be validated and verified to ASIL C. Thus, a high assurance partitioning operating system or hypervisor (itself certified to ASIL D) can reduce overall system cost by reducing the ASIL level requirements of constituent components and permitting the (careful) use of complex software packages that are impractical to assure at higher levels.

Fig. 2: An example of ISO 26262 ASIL decomposition via software partitioning


2. Zero Trust

One of the most dominant threads of 2014, and continuing now in 2015, is the connected car and the inherent security risks associated with bringing wireless communications (especially WANs) into the car.  Ideally, safety-critical subsystems in the car are physically isolated (air gap) from multimedia or telematics subsystems that may take advantage of such connectivity. System designers, however, are increasingly replacing air gap with logical gap, enforcing subsystem isolation with software firewalls. Unfortunately, as researchers have demonstrated, once the wires are joined, vulnerabilities in various subsystems can be exploited to jump the logical gap between safety and non-safety critical systems. While it may seem like a simple problem to solve (keep the air gap!), in practice, there are numerous demands that force these connections. For example, size, weight, and cost pressures promote a reduction in wiring and hardware components. This consolidation

Design category: 

Vous êtes certain ?

Si vous désactivez les cookies, vous ne pouvez plus naviguer sur le site.

Vous allez être rediriger vers Google.