SACoP

Secure Automotive Connectivity Platform

  • High-performance base system for Automotive & Transportation communication
  • Support for several networks, e.g. 4G/5G, WI-FI, Ethernet & CAN
  • Firewall, Intrusion Detection System & software life cycle management
  • Optional guest operating systems, such as Android, Linux or AGL
  • Protection of critical vehicle-internal communication
PDF


SACoP Flyer

Vehicle-to-Vehicle


Vehicle-to-Vehicle
Communication

Vehicle-to-Infrastructure


Vehicle-to-Everything
Communication

ASIL


Safe and secure
RTOS Basis

Network Settings


Pre-configured
Network Settings

Guest Operating System


Optional Guest OSs

Multi-Core Configuration


Multi-Core Support

Turnkey-ready Development Platform
and secure Gateway for Automotive Connectivity

Especially in this industry, the frequency of model changes
and functionality updates is extremely high.

Automotive Connected Car

Gateway Communication

In particular the communication with the outside world requires deterministic and accurate response times that can only be achieved by means of an underlying real-time operating system.

The electronic systems inside a modern car are able to take control over critical systems, such as the steering and braking gear. This significantly improves the Safety during the car's operation, but at the same exposes the risk of unauthorised access. As a consequence, the vehicle's Safety must be accompanied by Security measures. Therefore, the connectivity platform contains a gateway utilising a robust routing system implementing a firewall and an intrusion detection system.

Virtualization

The list of desired features is growing year by year. This usually requires the combination of existing software components with completely new and partially incompatible application programming interfaces. Maintaining a stable software basis while being able to follow the desires of the end user is a challenge. This is where virtualization comes into play. The connectivity platform is extendable easily by adding an arbitrary number of guest operating systems without compromising Safety or Security.

Performance

The PikeOS operation system has been chosen as the backbone of the Secure Automotive Platform, as it naturally fulfils the substantial requirements of determinism and real-time, Security, Safety and virtualization. As a Type 1 hypervisor, it directly runs on the embedded hardware and makes the overall system as performant as possible. Another performance boost comes through the multi-core support, which has proven its maturity in recent Railway projects.


Figure 1: Inter-Partition Communication within the Telematics Gateway

Gateway Interfaces

In the example of a gateway, the supported default configuration communicates to the outside world by means of a 4G/5G network. A firewall protects the vehicle internal WI-FI hotspot, which is available to the passenger’s convenience.

The internal communication lines, such as CAN and Ethernet are available to the hotspot by means of dedicated and surveillance channels only. The gateway supports Virtual Local Area Networks (VLAN).


Networking in Security

Connectivity of embedded computer devices by means of different network technologies has increases during the last years. We tell you why RTOS virtualization regarding Safety & Security certification is recommended.

Learn more

Seamless IoT Protection - How to make connected Gateways secure

Together with Karamba Security, SYSGO has introduced an Automotive connectivity platform that can be used as secure gateway, protected - amongst others - by means of Karamba's Automotive Control Flow Integrity (CFI) technology. The underlying operating system is SYSGO's PikeOS RTOS and Hypervisor.

Candera's & SYSGO's secure Automotive HMI Solution

his secure automotive HMI Solution is based on SYSGO's Secure Automotive Connectivity Platform (SACoP) and Candera's HMI-Tool CGI Studio. It enables embedded developers building powerful applications for embedded tasks within an automobile.

SYSGO presenting Secure Automotive Connectivity Platform

Targeted to the automotive industry, SYSGO offers a complete and ready to use system for all communication needs involved in transportation. That includes vehicle to vehicle (V2V), and vehicle to infrastructure (V2X) as well as car internal communication.

Security

The platform utilises a secure boot mechanism. Communication is assured by means of a Transport Layer Security (TLS) library. Cryptography and Storage is supported by executable binaries and configuration files that are digitally signed and stored on a secure Certified File System (CFS). The gateway’s network Intrusion Detection System (IDS) is located within a separate partition, that monitors the network traffic. In addition to security aspects, this approach demonstrates the ability of PikeOS to resolve licensing issues by means of software isolation

Over-The-Air (OTA) Updates

The platform allows the update of software and firmware components of the entire system by means of secure communication via TLS (Transport Layer Security, FIPS certified). Update files are signed digitally.

Shadow
CODEO Development

CODEO - Integrated Development Environment

SACoP comes with a developing suite, providing a complete toolchain for software development, which is integrated into the Eclipse-based IDE CODEO. The integrated development environment provides all the components that software engineers need to develop embedded applications and includes comprehensive little helpers to finish embedded projects in a time-saving and cost-efficient way.

CODEO Product Page

Shadow

Certified Base System

PikeOS Hypervisor (Separation Kernel Version 4.2.3 (build S5577))
certified according to Common Criterial EAL3+ and certifiable up to ASIL-D
 

More about PikeOS

CFS

  • Certifiable File System (ASIL-B)

Automotive API

  • Crypto services
  • Management API
  • Secure Automotive Communication API
  • VLAN, IPv6 and IP-Multicast
  • Router supporting Firewall
  • Secure OTA
  • ARM Trustzone support

IDS

  • Network Intrusion Detection System
  • Optional CAN Intrusion Detection System

Security Maintenance

  • Security Monitoring (CVE’s)
  • Long-term support

Optional Guest Operating Systems

The platform supports the integration of the following guest operating systems:

  • PikeOS native
  • POSIX
  • Android
  • Linux (generic by means of hardware virtualization)
  • AGL (Automotive Grade Linux)
  • ELinOS, SYSGO’s own robust Embedded Linux distribution
Shadow

Customer Benefits

Check

Robust Automotive Development Platform

API compatibility to ELinOS, PikeOS native, POSIX or CFS

Check

Interference-free Mechanisms

Enabled freedom from interference mechanisms with regards to safe/unsafe or secure/unsecure critical functions

Check

Reduced Time-to-Market

  • Included pre-certified components according to ISO 26262 or Common Criteria EAL 3+ or FIPS
  • Pre-integrated Security components such as secure boot, IDS, TLS or CFS
  • Pre-configured network settings and infrastructure
  • Re-use of existing legacy code from previous projects
Check

High Performance

  • Fast system reaction time via deterministic real-time behaviour
  • Multi-core applications
  • Task scheduling

Need more Information?

Tell us about your project and your needs.
 

Contact us

Logo ST Microelectronics

About STMicroelectronics

At ST, we are 46,000 creators and makers of semiconductor technologies mastering the semiconductor supply chain with state-of-the-art manufacturing facilities. An independent device manufacturer, we work with more than 100,000 customers and thousands of partners to design and build products, solutions, and ecosystems that address their challenges and opportunities, and the need to support a more sustainable world. Our technologies enable smarter mobility, more efficient power and energy management, and the wide-scale deployment of the Internet of Things and 5G technology.

www.st.com