Back to the Overview

Sicherheit in Elektronik Praxis

"As soon as it comes to Safety, we're in the Game"

Safety, Security

Read the original interview HERE (German).

SYSGO: Comfortable in the Safety-critical Environment

The Mainz-based software manufacturer SYSGO has written a European success story as a producer of operating systems for safety-critical applications.

The Mainz-based real-time software specialist SYSGO can now look back on 25 years of company history. Founded in 1991, the company initially focused on adapting operating systems to hardware platforms. At the end of the 90's, the unixoid real-time operating system LynxOS from the US manufacturer Lynx Software Technologies (formerly LynuxWorks) was the main sales driver for the Mainz-based company.

The expertise that SYSGO acquired in this area led one evening in 1999 to a call from the American avionics specialist Rockwell Collin to Knut Degen, the founder of the Mainz-based company. His interlocutor got straight to the point: "We heard that you are LynxOS specialists; we would like to use it in aircraft and we would like to certify it to the DO-178 standard. Would you be interested?"

Degen was interested, but also skeptical: SYSGO already had experience with the DO-178 safety standard from its work with Airbus, but he thought it would be difficult to have a relatively extensive operating system with around 50,000 lines of code certified to the demanding standard.

However, the prospective customer did not let up: "That was a nice situation for a salesman - when the customer tries to persuade you that you can really do it," recalls Degen. Eventually the order came, and in the course of the job "we learned a lot about avionics requirements: At the end of the day, it's all about partitioning, about being able to separate secure and insecure things on a computer. Until then, it was the case in the aircraft that each function had its own computer."

Airbus was determined to find a European Solution

The job required 52 man-years. From this came the experience that it was incredibly costly to adapt an existing operating system to the requirements of the aviation industry. And a second: The operating system market was beginning to erode. "We saw there were only highly critical operating systems developed according to formal methods and Linux. That was our view of the market at the time, and we aligned ourselves accordingly."

Fortunately, Germany in particular was doing intensive research on microkernel operating systems. Among others, the research work of Professor Jochen Liedtke (1953 - 2001) at the University of Karlsruhe was groundbreaking. The L4 kernel family designed by him may be regarded as the spiritual ancestor of the PikeOS operating system platform from SYSGO, which was developed from 2000. From the beginning, the focus of development was to make the software certifiable.

In 2007, the primary development was completed. However, the project had stretched the financial resources of the Mainz-based software house to the limit. After all, the aircraft manufacturer Airbus recognized the potential of the technology and evaluated the PikeOS hypervisor against two well-known competitor products from the USA.

"Airbus was looking for this technology," recalls Knut Degen. "It's quite an honor to have an alpha or beta release, so to speak, of an operating system in development evaluated against the big two." The European aircraft manufacturer eventually placed the order. However, SYSGO was "actually broke." Employees waived their salaries for three months, and bridge financing was raised from their own funds. "Of course, an experience like that also welds people together," CEO Degen reports about this exciting time. Later, the employees' commitment also paid off financially: Each of the colleagues who had deferred their salaries at the time received twelve times that amount back.

Airbus' decision in favor of the SYSGO platform had political as well as technical reasons: The aircraft manufacturer was looking for a European solution. This aspect is now also benefiting the Mainz-based company in the automotive sector, where similar requirements have now become established as in the aviation segment. There, too, the consolidation of control units is the topic of the day. That is why solutions for partitioning and separating critical and non-critical applications are also being sought there.

Independence thanks to French Partner

In 2012, the French company Thales joined as an investor. The important supplier for Airbus and specialist for security applications - including communication and payment systems - already knew SYSGO and was considering replacing its self-developed operating system with PikeOS. The French joined the Mainz-based company not least to ensure that the technology would be retained in Europe. Under Thales' wing, the software company has largely retained its independence; according to SYSGO CEO Degen, the group's intervention is limited to seeing each other four times a year at the supervisory board meeting: "We can continue as before, we are independent as far as our business is concerned, we have a stable basis with Thales and we get our growth financed."

One advantage of the Mainz-based company's technical approach was that PikeOS was designed as a hypervisor from the start. "We have continued to develop this hypervisor, and the hypervisor that was certified for avionics is exactly the same one that is certified for rail and is also the same one that is now going into security certification at the BSI (German Federal Office for Information Security). We don't have different products and then just call them PikeOS, it's always the same core." Real-time operating systems created in the 1980s, on the other hand, often had to be laboriously modified for other application purposes, according to Degen. "We had it easier because we started later; we just built from the hypervisor up."

Meanwhile, the SYSGO operating system is available for many hardware platforms, from the Power PC platform to x86 and ARM to the Sparc architecture developed by Sun Microsystems. A Sparc derivative called LEON, for example, is used in satellites because this hardware has a high resistance to radiation, which is essential in the unforgiving conditions of space.

"As soon as it comes to Safety, we're in the Game"

Anyone flying on an Airbus A350 is using the software from Mainz, and some mass-produced cars are already equipped with PikeOS. But as far as the ubiquitous buzzword Internet of Things is concerned: CEO Knut Degen does not see the software platform in the end devices, billions of which will be connected to the network in the future: "I don't think we're in the temperature sensors of the heating system. But then there's the electricity meter. The poor electricity meter has three enemies: the user, who of course would like to reduce his electricity costs and hack the device, then the electricity providers, who may not be trusted either, and lastly the hackers, who take it as an interface. The device has to be highly security critical. So as soon as it's about security - in terms of safety and security - we're in the game."

Hypervisor technology also forces device manufacturers to structure security requirements, he says: "In a classic operating system, it's all mush. Everything is in a process or managed by a kernel. Just saying, 'You need to distribute this across multiple partitions,' forces architects to think about security."

In addition, Degen can imagine that the lessons learned from the Volkswagen scandal will lead to resorting to ECUs with multiple partitions: "Today, after all, it's the case that the tier one supplier does the customization for each OEM itself - with the effect that if the OEM screws up, the tier one is also caught in the crossfire."

In the future, the solution could look like this: The tier one supplier could provide the device to the automaker with the basic functionality that resides in one partition. In the second partition is the control logic developed by the automaker. Both can communicate with each other, but the functionality developed by the supplier is clearly separated from that of the OEM.

All in all, SYSGO has written a German, but even more so, a European success story in the field of embedded software - partly because Airbus, as an early adopter, recognized the potential of the technology at an early stage. In any case, CEO Knut Degen has his sights clearly set on the goal for the coming years: "Our goal is to be the number one alternative to American providers by 2020."

# # # # #

All rights reserved by Elektronik Praxis.

# # # # #