Whitepapers

Use the filter function, select the whitepaper(s) you are interested in and download your selection (max. 10 whitepapers).

Whitepapers

PikeOS and Time Triggering

PikeOS and Time Triggering

PikeOS and Time Triggering

May 2013 | PDF (0.4 MB)
wp-pikeostt

Description

PikeOS is a leading European real-time operating system designed for time-critical, safe, and secure applications. With close ties to the Aerospace industry and research programs, it stays at the forefront of modern operating system design. This paper explores SYSGO's involvement in the ARTEMIS-JU ACROSS program, funded by the European Union, which examines time-triggered network on chip in combination with PikeOS's strict time partitioning. The research project aims to enhance PikeOS to meet the needs of this technology. The paper outlines time-triggered networks used with PikeOS, compares time partitioning and time-triggered network architectures, and discusses the implications of the research for future development.

First Multi-Core Certification to SIL 4

First Multi-Core Certification to SIL 4

First Multi-Core Certification to SIL 4

Jan 2014 | PDF (0.3 MB)
wp-mcsil4

Description

Multi-processors are common in the embedded industry, and industries refuse to disable secondary cores for extra power. Certification agencies seek ways to certify software and turn to robust common off-the-shelf solutions (COTS) from experienced companies in the multi-core world. However, hosting software on multiple cores is not enough, as many hypervisors lack certification intent due to their large code base. Certification in the multi-core world is complex, and hardware vendors must take responsibility to achieve a safe and secure system. RTOS like PikeOS offer building blocks and enforcement techniques for code partitioning and execution management, making it an industry leader in multi-core safe and secure certifiable systems. PikeOS recently received the SIL 4 certification, a groundbreaking achievement as the first certified multi-core operating system.

Safe & Secure Automotive Platform

Safe & Secure Automotive Platform

Safe & Secure Automotive Platform

Apr 2014 | PDF (0.2 MB)
wp-saseauto

Description

The Automotive industry is evolving faster than any industry today and brings with it more and more technology into our cars. The days of simple control systems to manage engine timings and fuel mappings are long gone. Today’s cars have many processors in them governing everything from internal lighting to braking systems. The driver may not be aware but from the moment he or she unlocks the door they are totally reliant on both hardware and software to keep their vehicle safe and secure from unwanted intervention.

Secure Boot – Secure your Software and intellectual Property

Secure Boot – Secure your Software and intellectual Property

Secure Boot – Secure your Software and intellectual Property

Sep 2015 | PDF (0.5 MB)
wp-secboot

Description

The Internet of Things (IoT) is the backbone for Industry 4.0 and means seamless communication between all connected devices. Connectivity requires Security, because the vulnerability of a communication channel can end in malfunction of a device or theft of intellectual property. Using standard Security means (firewalls, cryptography, antivirus/anti-malware software) is a first step to make your IoT devices more secure, but these Security means are not easily applicable to industrial systems, because they need updating, maintenance via remote access and they might not be available for the OS in use or the processor architecture.

Multi-Levels safe and secure Solution for Industrial Automation

Multi-Levels safe and secure Solution for Industrial Automation

Multi-Levels safe and secure Solution for Industrial Automation

Sep 2015 | PDF (0.5 MB)
wp-indauto

Description

This paper introduces a Security system architecture and framework that addresses the challenges of integrating policy specification and enforcement with industrial control processes. Currently, such interwoven mechanisms lead to interference, nonsecure behavior, and increased vulnerability to attacks. The proposed architecture adheres to separation and least privilege principles, ensuring strict separation of processes, policies, and enforcement. The weaknesses of modern industrial control systems arise from historical architectures, continuous updates, and heterogeneous devices, making maintenance and support difficult. Weakly controlled access to critical system interfaces poses significant risks. The paper emphasizes that Security must extend beyond access restrictions and consider human factors. Even with authorized access, operational control should adhere to policies that maintain safe execution boundaries for the technological process.

Safe Time-Partitioning Scheduling for certified Multi-Core Platforms

Safe Time-Partitioning Scheduling for certified Multi-Core Platforms

Safe Time-Partitioning Scheduling for certified Multi-Core Platforms

Jun 2016 | PDF (0.7 MB)
wp-tpen50128

Description

Scheduling a complex application scenario is an own area of science and handle by various scheduling schemes, which are optimized for specific use cases. The complexity rises, if the CPU has multiple cores, so that applications can run concurrently on all cores in parallel. Appropriate scheduling mechanisms are able to handle this with various concepts so that ideally a scheduler should be adaptable by considering the system configuration and the application design. Learn with this whitepaper how to use an adaptive time-partitioning scheduler for EN 50128 certified multi-core platforms.

Secure Update Architecture for High Assurance Mixed-Criticality System

Secure Update Architecture for High Assurance Mixed-Criticality System

Secure Update Architecture for High Assurance Mixed-Criticality System

Sep 2016 | PDF (0.5 MB)
wp-uhamcs

Description

The recent Security news from the Automotive domain highlighted the urgent need for secure architectures for modern vehicles. The vast number of software components originating from diverse developers, open-source and reused IT COTS modules makes the development of secure systems an impossible task. One piece in the Security puzzle is the secure update of ECUs, which is an important component in a life-cycle of a system in the field. In this paper we demonstrate how a high assurance mixed-critical ECU can provide secure update functionality for various use-cases while preserving Safety guarantees. We present a novel architecture based on a separation kernel and describe how Safety and Security concerns are addressed within a certification context.

Successful Multi-Core Certification with Software Partitioning

Successful Multi-Core Certification with Software Partitioning

Successful Multi-Core Certification with Software Partitioning

Nov 2016 | PDF (0.7 MB)
wp-mccpart

Description

This paper addresses the current state on multi-core certification in the industry mainly based on experiences from the Railway, Avionics and Automotive industry. It will address the certification aspects of multi-core based platforms with the focus on today's technologies and processes related to the new requirements of Avionics certification authorities for multi-core processors. The paper provides an overview of certification concerns on multi-core processors and possible answers which can be given by a multi-core supporting hypervisor operating system.

System-on-a-Chip certifiable OS Solution

System-on-a-Chip certifiable OS Solution

System-on-a-Chip certifiable OS Solution

Aug 2017 | PDF (0.6 MB)
wp-socos

Description

The world of Avionics is continually changing in terms of technology and application, whether on manned or unmanned platforms. The same goals exist for software operating system vendors to meet the demands of system designers with new system architectures, which feature any number of processor types and core configurations. Avionics systems require different certification levels based on the guidelines of the RTCA DO-178C document, where Level A or DAL A (Design Assurance Level) defines the highest safety certifiable requirements and Level E defines the lowest. System Safety Assessments for the system as a whole determines the highest required safety level for the aircraft systems to be certified.

Avionics Application: Security for Safety

Avionics Application: Security for Safety

Avionics Application: Security for Safety

Nov 2017 | PDF (0.5 MB)
wp-avsecsaf

Description

People like paradigms. One common way to define Safety goals is to ensure that "something good does happen" where the Security problem is more focused on "something bad won’t happen". Safety and Security seem to be antagonist. They are in a way. The Safety process is applied, to ensure, that the developed software respects high-level requirements, in other terms, the final application is correctly designed and tested to follow known expectations in a known and strictly defined environment. Avionics system are more and more exposed to the external world, from the pure Avionics communications point of view, but also because aircraft host more and more facilities for the travellers.

Safety-Critical Ethernet/AFDX® Network

Safety-Critical Ethernet/AFDX® Network

Safety-Critical Ethernet/AFDX® Network

Dec 2017 | PDF (0.5 MB)
wp-sceth

Description

"Avionics Full-Duplex Switched Ethernet" (AFDX), is a specification for a deterministic aircraft data network bus for Aeronautical, Railway and Military systems. The network is based on standard IEEE 802.3 Ethernet technology. The benefits from using commercial-off-the-shelf (COTS) Ethernet components include reduced overall costs, faster system development and less-costly maintenance for the system network. Hardware components, cables and test equipment for Ethernet are field-proven and much more affordable than “built-to-spec” Avionics solutions. Standard commercial grade Ethernet won’t meet Avionics network requirements. Therefore, AFDX extends the Ethernet standard by adding Quality of Service (QoS) and deterministic behaviour with a guaranteed dedicated bandwidth. AFDX technology is currently used in the Airbus A380, A350 and A400M as well as in the Boeing 787 Dreamliner.

RTOS Considerations for unmanned Air Vehicles

RTOS Considerations for unmanned Air Vehicles

RTOS Considerations for unmanned Air Vehicles

May 2018 | PDF (1.0 MB)
wp-uav

Description

This whitepaper considers all aspects of autonomous unmanned aircraft, where autonomous means that the generic term "unmanned air vehicle" (UAV) has the capabilities built into the operational flight program (OFP) to be able to fly without human intervention. This paper will try to provide a historical progress of UAV technology, as well as combat aircraft (UCAV) through to modern perceptions and a look at future technology for autonomous drones.

Security by Design in Industry 4.0

Security by Design in Industry 4.0

Security by Design in Industry 4.0

May 2018 | PDF (1.0 MB)
wp-in40

Description

The usage of electronic devices in industry automation has come a long way since the invention of the transistor, as there are plenty of microchips involved at each level of the automation pyramid. Yet on the field level, the "conventional" Industry 3.0 has been adopting new trends in IT at remarkably slow rate. Take for example PLCs with their very simple IPO (input-process- output) pattern. IEC 61131, which standardizes the PLC programming languages, has been introduced in 1992 and is still going strong. With Industry 4.0 around the corner, many things that were universally accepted are going to change. Devices are getting more powerful, can communicate new protocols and behave more dynamically. This implies that their design, in particular the software which controls them, increases in complexity by magnitudes.

ARINC 653 RTOS for Multi-Core Certification

ARINC 653 RTOS for Multi-Core Certification

ARINC 653 RTOS for Multi-Core Certification

Feb 2019 | PDF (0.8 MB)
wp-arinc653

Description

The ARINC 653 specification is published and maintained by the Aeronautical Radio Inc. (ARINC), started in 1929 as a major provider of transport communications and system engineering solutions for eight industries including airports and Aviation. Rockwell Collins acquired ARINC on December 23rd 2013. United Technologies acquired Rockwell Collins on Nov 2018. ARINC 653 is still an evolving standard aimed primarily at Integrated Modular Avionics (IMA) and is intended to compliment ARINC 651, which is the Design Guidance for Integrated Modular Avionics (IMA). IMA has traditionally been implemented without a high level Real Time Operating System (RTOS) in the past, due to the software integrity requirements for DO-178 Design Assurance Level (DAL) A.

Safety Certification for unsafe COTS Platforms

Safety Certification for unsafe COTS Platforms

Safety Certification for unsafe COTS Platforms

May 2019 | PDF (0.6 MB)
wp-cots

Description

The Safety standards for Railway (CENELEC – EN 50128, EN 50129, EN 50126) have introduced unified requirements for building Safety related electronic systems, which consist of software and hardware. Before the establishment of the CENELEC standards, countries had local standards, which were not as stringent as the CENELEC standards. The standardization lead to a unified understanding of Safety and quality, which is definitely positive, but it also forced companies to adopt a more costly development and certification process for Safety systems. Both Safety standards EN 50128 (Software for Railway control and protection systems) and EN 50129 (Safety-related electronic systems for signalling), define generic (software) applications and generic (hardware) products, which can obtain an independent Safety approval. When building a complex Safety system, these generic products can be reused, including their existing certification artefacts. With this approach a Safety-related electronic system can be composed out of pre-certified software and hardware modules.

PikeOS Multi-Core Features and CAST-32A Compliance

PikeOS Multi-Core Features and CAST-32A Compliance

PikeOS Multi-Core Features and CAST-32A Compliance

Nov 2019 | PDF (0.3 MB)
wp-cast32a

Description

This whitepaper discusses potential challenges associated with using multi-core processors in Safety-critical applications. It proposes platform-specific extensions to measure and limit interference on shared platform resources during runtime. While multi-core processors offer advantages in performance and power consumption, shared resources can lead to interference between cores. The Avionics industry has undertaken initiatives like the EASA research project, MCFA, and ARINC 653 standard to address these concerns. PikeOS is an operating system that meets CAST-32A requirements and supports Safety and Security standards for avionics systems with or without multi-cores.

Separation Kernel-based Systems with High Availability for embedded Safety-critical Systems

Separation Kernel-based Systems with High Availability for embedded Safety-critical Systems

Separation Kernel-based Systems with High Availability for embedded Safety-critical Systems

Jul 2020 | PDF (0.4 MB)
wp-ha

Description

High availability (HA) is a property of Safety-critical systems in order to detect failures and recover from those, while still keeping the system’s main functionality active without interruption. In this paper we will examine the use cases and how these can be managed if the main core of the system’s computational capabilities is based on a Separation Kernel OS.

Towards Host Intrusion Detection for embedded Industrial Systems

Towards Host Intrusion Detection for embedded Industrial Systems

Towards Host Intrusion Detection for embedded Industrial Systems

Oct 2020 | PDF (0.4 MB)
wp-hids

Description

Original Equipment Manufacturers now embed hardware virtualization in car equipments to reduce costs and hardware complexity, while allowing more functionalities, such as connectivity. This paper presents a novel runtime Security solution for embedded mixed-criticality systems, which integrates HIDS in a partitioned system based on Multiple Independent Levels of Security (MILS) architecture. Our HIDS monitors a program’s execution by observing both hardware and software signals; there is to our knowledge no HIDS providing such precise representation of program execution.

Towards Transparent Control-Flow Integrity in Safety-Critical Systems

Towards Transparent Control-Flow Integrity in Safety-Critical Systems

Towards Transparent Control-Flow Integrity in Safety-Critical Systems

Jan 2021 | PDF (0.5 MB)
wp-tcfi

Description

Protecting Safety-critical Cyber-Physical Systems (CPS) against Security threats is becoming a growing necessity. Due to the high level of network integration, CPS pose new targets to remote code reuse attacks, such as Return-Oriented Programming (ROP). An effective mechanism to detect code-reuse attacks is Control-Flow Integrity (CFI). Despite imposing a significant overhead on the overall system, our approach reliably protects the control-flow of the monitored application, while guaranteeing its real-time constraints. We evaluate our solution by analysing its timing impact and discussing the resulting considerations for the integration and practical deployment in a Safety-critical CPS.

A Security Architecture for Protecting Safety-Critical Railway

A Security Architecture for Protecting Safety-Critical Railway

A Security Architecture for Protecting Safety-Critical Railway

June 2021 | PDF (0.3 MB)
wp-sarail

Description

This whitepaper gives an overview of an IT Security architecture, which allows to operate Security measures on Safety systems such as object controllers. It consists of a hardware platform with a Trusted Platform Module (TPM) 2.0, a MILS (Multiple Independent Levels of Safety and Security) Separation Kernel (SK), and various Security applications. The TPM serves as Security anchor and enables, e.g., secure storage, measured boot, and remote attestation to detect tampering with the system software. The MILS OS ensures freedom of interference when running Safety and Security applications.

C++ in Safety-critical Environments

C++ in Safety-critical Environments

C++ in Safety-critical Environments

Nov 2021 | PDF (0.2 MB)
wp-cppsafe

Description

C is a programming language that is widely used within Safety-critical projects. Due to its simplicity, compilers are broadly available and their results (namely the object code) are more or less deterministic. At least when optimization is turned off, the linkage between the source code and the generated machine code is understood and generally accepted by certification authorities. There are a few corner cases where the definition of C is not fully clear and the final outcome is left to the C compiler implementation. However, those ambiguities can be avoided by following strict programming standards, such as MISRA-C in the Automotive world. It is also important to mention that different Safety markets have different impacts on the choice of the compiler. This whitepaper focuses on the Avionics and Automotive markets.

Use of Hypervisor in Space Applications

Use of Hypervisor in Space Applications

Use of Hypervisor in Space Applications

Apr 2022 | PDF (0.2 MB)
wp-spaceapps

Description

This whitepaper discusses usage scenarios and implementation hints for the application of a hypervisor with special view on SYSGO's RTOS PikeOS in space. SYSGO has a long tradition with Aviation projects and inevitable certification topics. However, the requirements for space-related applications show subtle different challenges that need to be mastered by choosing the right instrument out of the PikeOS toolbox.

The Multi-Core Challenge: A practical Approach to CAST-32A & AMC 20-193 Compliance

The Multi-Core Challenge: A practical Approach to CAST-32A & AMC 20-193 Compliance

The Multi-Core Challenge: A practical Approach to CAST-32A & AMC 20-193 Compliance

Oct 2022 | PDF (1.2 MB)
wp-castamc

Description

Multi-core processors (MCPs) offer enhanced computing power while maintaining a favorable Size, Weight, and Power (SWaP) profile, making them attractive for embedded applications. However, their adoption in safety-critical, hard real-time applications poses challenges. Unlike single-processor applications, finding an optimal task schedule across multiple cores is difficult, requiring restrictions for Worst-Case Execution Time guarantees. Additionally, hardware interference in shared resources can widen the distribution of execution times, impacting software reliability and safety. Shared critical resources, such as L2 cache and memory subsystems, are particularly susceptible to interference. Addressing these challenges is crucial for successful MCP integration in safety-critical environments.

Use of Heterogeneous Computing Systems and Partitioned OS in Space Applications

Use of Heterogeneous Computing Systems and Partitioned OS in Space Applications

Use of Heterogeneous Computing Systems and Partitioned OS in Space Applications

Jun 2023 | PDF (0.4 MB)
wp-hcspos

Description

Increased demand for higher level of integration, miniaturization in particular in the case of nano and picosatellite constellation requires the use of state-of-the-art embedded computing systems and operating systems. We describe how the combined use of MMU- and MPU-based partitioned real-time operating systems on COTS heterogeneous computing platforms contributes to increase integration, improve SWaP (Size, Weight and Power), and reduce costs.

Developing DO-178C and ED-12C-certifiable Multi-Core Software

Developing DO-178C and ED-12C-certifiable Multi-Core Software

Developing DO-178C and ED-12C-certifiable Multi-Core Software

Jul 2023 | PDF (0.8 MB)
wp-doedmc

Description

The embedded Avionics industry is moving from single-core to multi-core processors. This change is being driven by ever-increasing demands for software functionality, improved SWaP (Size, Weight and Power) characteristics, and increasing challenges in sourcing high-performance single-core processors. The trend is expected to accelerate in the future, making it more important than ever to understand the certification landscape for multi-core Avionics systems. Certification for multi-core software according to DO-178C and A(M)C 20-193 objectives must take into account not only the software itself, but also how the full multi-core environment, including the Real-Time Operating System (RTOS), hardware, and configuration can affect execution of the software.

Common Criteria EAL 5+ for Automotive Security ISO 21434

Common Criteria EAL 5+ for Automotive Security ISO 21434

Common Criteria EAL 5+ for Automotive Security ISO 21434

Dec 2023 | PDF (0.6 MB)
wp-ccauto

Description

As modern vehicles evolve, their increased complexity demands a comprehensive approach to Cybersecurity, especially with the groth of interconnected electronic systems. This whitepaper explores the imperative of integrating Common Criteria Security-certified supplier technology, like RTOS/Hypervisor, with Automotive systems adhering to ISO 21434 standards. The interconnection of Electronic Control Units (ECUs), gateways, Software-Defined Vehicles (SDV), and main computers introduces vulnerabilities to remote attacks, physical breaches, supply chain manipulations, insider threats, sensor attacks, and more. We delve into the significance of Common Criteria Evaluation and ISO 21434 compliance, offering insights into fortifying Automotive Security against evolving threat vectors, ensuring Safety, reliability, and consumer trust in the ever-advancing Automotive landscape.

Intelligent LiDAR Software Technology for autonomous Vehicles

Intelligent LiDAR Software Technology for autonomous Vehicles

Intelligent LiDAR Software Technology for autonomous Vehicles

Dec 2023 | PDF (0.5 MB)
wp-lidar

Description

The integration of cutting-edge LiDAR (Light Detection and Ranging) technology is pivotal for autonomous vehicles, spanning driverless cars to automated ground vehicles in digital factories. LiDAR, a laser-based sensor, offers wide-angle visibility, surpassing the capabilities of cameras and radar. It operates in one, two, and three dimensions, providing crucial distance and positional data. LiDAR's ability to detect objects at long ranges influences Safety features in vehicles, with sensor fusion using radar and cameras. Advanced LiDAR systems, such as Time-of-Flight (ToF) LiDAR, can detect objects over 200m away. The growing demand for sophisticated Safety-critical embedded software, including real-time operating systems like PikeOS, underscores the evolution toward safer, more secure autonomous vehicles and industrial Automated Guided Vehicles (AGV).

Captcha image

Fields marked with * are mandatory fields