Use the filter function, select the whitepaper(s) you are interested in and download your selection (max. 10 whitepapers).
May 2013 | PDF (0.4 MB) wp-pikeostt
PikeOS is a leading European real-time operating system designed for time-critical, safe, and secure applications. With close ties to the Aerospace industry and research programs, it stays at the forefront of modern operating system design. This paper explores SYSGO's involvement in the ARTEMIS-JU ACROSS program, funded by the European Union, which examines time-triggered network on chip in combination with PikeOS's strict time partitioning. The research project aims to enhance PikeOS to meet the needs of this technology. The paper outlines time-triggered networks used with PikeOS, compares time partitioning and time-triggered network architectures, and discusses the implications of the research for future development.
Jan 2014 | PDF (0.3 MB) wp-mcsil4
Multi-processors are common in the embedded industry, and industries refuse to disable secondary cores for extra power. Certification agencies seek ways to certify software and turn to robust common off-the-shelf solutions (COTS) from experienced companies in the multi-core world. However, hosting software on multiple cores is not enough, as many hypervisors lack certification intent due to their large code base. Certification in the multi-core world is complex, and hardware vendors must take responsibility to achieve a safe and secure system. RTOS like PikeOS offer building blocks and enforcement techniques for code partitioning and execution management, making it an industry leader in multi-core safe and secure certifiable systems. PikeOS recently received the SIL 4 certification, a groundbreaking achievement as the first certified multi-core operating system.
Apr 2014 | PDF (0.2 MB) wp-saseauto
The Automotive industry is evolving faster than any industry today and brings with it more and more technology into our cars. The days of simple control systems to manage engine timings and fuel mappings are long gone. Today’s cars have many processors in them governing everything from internal lighting to braking systems. The driver may not be aware but from the moment he or she unlocks the door they are totally reliant on both hardware and software to keep their vehicle safe and secure from unwanted intervention.
Sep 2015 | PDF (0.5 MB) wp-secboot
The Internet of Things (IoT) is the backbone for Industry 4.0 and means seamless communication between all connected devices. Connectivity requires Security, because the vulnerability of a communication channel can end in malfunction of a device or theft of intellectual property. Using standard Security means (firewalls, cryptography, antivirus/anti-malware software) is a first step to make your IoT devices more secure, but these Security means are not easily applicable to industrial systems, because they need updating, maintenance via remote access and they might not be available for the OS in use or the processor architecture.
Sep 2015 | PDF (0.5 MB) wp-indauto
This paper introduces a Security system architecture and framework that addresses the challenges of integrating policy specification and enforcement with industrial control processes. Currently, such interwoven mechanisms lead to interference, nonsecure behavior, and increased vulnerability to attacks. The proposed architecture adheres to separation and least privilege principles, ensuring strict separation of processes, policies, and enforcement. The weaknesses of modern industrial control systems arise from historical architectures, continuous updates, and heterogeneous devices, making maintenance and support difficult. Weakly controlled access to critical system interfaces poses significant risks. The paper emphasizes that Security must extend beyond access restrictions and consider human factors. Even with authorized access, operational control should adhere to policies that maintain safe execution boundaries for the technological process.
Jun 2016 | PDF (0.7 MB) wp-tpen50128
Scheduling a complex application scenario is an own area of science and handle by various scheduling schemes, which are optimized for specific use cases. The complexity rises, if the CPU has multiple cores, so that applications can run concurrently on all cores in parallel. Appropriate scheduling mechanisms are able to handle this with various concepts so that ideally a scheduler should be adaptable by considering the system configuration and the application design. Learn with this whitepaper how to use an adaptive time-partitioning scheduler for EN 50128 certified multi-core platforms.
Sep 2016 | PDF (0.5 MB) wp-uhamcs
The recent Security news from the Automotive domain highlighted the urgent need for secure architectures for modern vehicles. The vast number of software components originating from diverse developers, open-source and reused IT COTS modules makes the development of secure systems an impossible task. One piece in the Security puzzle is the secure update of ECUs, which is an important component in a life-cycle of a system in the field. In this paper we demonstrate how a high assurance mixed-critical ECU can provide secure update functionality for various use-cases while preserving Safety guarantees. We present a novel architecture based on a separation kernel and describe how Safety and Security concerns are addressed within a certification context.
Nov 2016 | PDF (0.7 MB) wp-mccpart
This paper addresses the current state on multi-core certification in the industry mainly based on experiences from the Railway, Avionics and Automotive industry. It will address the certification aspects of multi-core based platforms with the focus on today's technologies and processes related to the new requirements of Avionics certification authorities for multi-core processors. The paper provides an overview of certification concerns on multi-core processors and possible answers which can be given by a multi-core supporting hypervisor operating system.
Aug 2017 | PDF (0.6 MB) wp-socos
The world of Avionics is continually changing in terms of technology and application, whether on manned or unmanned platforms. The same goals exist for software operating system vendors to meet the demands of system designers with new system architectures, which feature any number of processor types and core configurations. Avionics systems require different certification levels based on the guidelines of the RTCA DO-178C document, where Level A or DAL A (Design Assurance Level) defines the highest safety certifiable requirements and Level E defines the lowest. System Safety Assessments for the system as a whole determines the highest required safety level for the aircraft systems to be certified.
Nov 2017 | PDF (0.5 MB) wp-avsecsaf
People like paradigms. One common way to define Safety goals is to ensure that "something good does happen" where the Security problem is more focused on "something bad won’t happen". Safety and Security seem to be antagonist. They are in a way. The Safety process is applied, to ensure, that the developed software respects high-level requirements, in other terms, the final application is correctly designed and tested to follow known expectations in a known and strictly defined environment. Avionics system are more and more exposed to the external world, from the pure Avionics communications point of view, but also because aircraft host more and more facilities for the travellers.
Dec 2017 | PDF (0.5 MB) wp-sceth
"Avionics Full-Duplex Switched Ethernet" (AFDX), is a specification for a deterministic aircraft data network bus for Aeronautical, Railway and Military systems. The network is based on standard IEEE 802.3 Ethernet technology. The benefits from using commercial-off-the-shelf (COTS) Ethernet components include reduced overall costs, faster system development and less-costly maintenance for the system network. Hardware components, cables and test equipment for Ethernet are field-proven and much more affordable than “built-to-spec” Avionics solutions. Standard commercial grade Ethernet won’t meet Avionics network requirements. Therefore, AFDX extends the Ethernet standard by adding Quality of Service (QoS) and deterministic behaviour with a guaranteed dedicated bandwidth. AFDX technology is currently used in the Airbus A380, A350 and A400M as well as in the Boeing 787 Dreamliner.
May 2018 | PDF (1.0 MB) wp-uav
This whitepaper considers all aspects of autonomous unmanned aircraft, where autonomous means that the generic term "unmanned air vehicle" (UAV) has the capabilities built into the operational flight program (OFP) to be able to fly without human intervention. This paper will try to provide a historical progress of UAV technology, as well as combat aircraft (UCAV) through to modern perceptions and a look at future technology for autonomous drones.
May 2018 | PDF (1.0 MB) wp-in40
The usage of electronic devices in industry automation has come a long way since the invention of the transistor, as there are plenty of microchips involved at each level of the automation pyramid. Yet on the field level, the "conventional" Industry 3.0 has been adopting new trends in IT at remarkably slow rate. Take for example PLCs with their very simple IPO (input-process- output) pattern. IEC 61131, which standardizes the PLC programming languages, has been introduced in 1992 and is still going strong. With Industry 4.0 around the corner, many things that were universally accepted are going to change. Devices are getting more powerful, can communicate new protocols and behave more dynamically. This implies that their design, in particular the software which controls them, increases in complexity by magnitudes.
Feb 2019 | PDF (0.8 MB) wp-arinc653
The ARINC 653 specification is published and maintained by the Aeronautical Radio Inc. (ARINC), started in 1929 as a major provider of transport communications and system engineering solutions for eight industries including airports and Aviation. Rockwell Collins acquired ARINC on December 23rd 2013. United Technologies acquired Rockwell Collins on Nov 2018. ARINC 653 is still an evolving standard aimed primarily at Integrated Modular Avionics (IMA) and is intended to compliment ARINC 651, which is the Design Guidance for Integrated Modular Avionics (IMA). IMA has traditionally been implemented without a high level Real Time Operating System (RTOS) in the past, due to the software integrity requirements for DO-178 Design Assurance Level (DAL) A.
May 2019 | PDF (0.6 MB) wp-cots
The Safety standards for Railway (CENELEC – EN 50128, EN 50129, EN 50126) have introduced unified requirements for building Safety related electronic systems, which consist of software and hardware. Before the establishment of the CENELEC standards, countries had local standards, which were not as stringent as the CENELEC standards. The standardization lead to a unified understanding of Safety and quality, which is definitely positive, but it also forced companies to adopt a more costly development and certification process for Safety systems. Both Safety standards EN 50128 (Software for Railway control and protection systems) and EN 50129 (Safety-related electronic systems for signalling), define generic (software) applications and generic (hardware) products, which can obtain an independent Safety approval. When building a complex Safety system, these generic products can be reused, including their existing certification artefacts. With this approach a Safety-related electronic system can be composed out of pre-certified software and hardware modules.
Nov 2019 | PDF (0.3 MB) wp-cast32a
This whitepaper discusses potential challenges associated with using multi-core processors in Safety-critical applications. It proposes platform-specific extensions to measure and limit interference on shared platform resources during runtime. While multi-core processors offer advantages in performance and power consumption, shared resources can lead to interference between cores. The Avionics industry has undertaken initiatives like the EASA research project, MCFA, and ARINC 653 standard to address these concerns. PikeOS is an operating system that meets CAST-32A requirements and supports Safety and Security standards for avionics systems with or without multi-cores.
Jul 2020 | PDF (0.4 MB) wp-ha
High availability (HA) is a property of Safety-critical systems in order to detect failures and recover from those, while still keeping the system’s main functionality active without interruption. In this paper we will examine the use cases and how these can be managed if the main core of the system’s computational capabilities is based on a Separation Kernel OS.
Oct 2020 | PDF (0.4 MB) wp-hids
Original Equipment Manufacturers now embed hardware virtualization in car equipments to reduce costs and hardware complexity, while allowing more functionalities, such as connectivity. This paper presents a novel runtime Security solution for embedded mixed-criticality systems, which integrates HIDS in a partitioned system based on Multiple Independent Levels of Security (MILS) architecture. Our HIDS monitors a program’s execution by observing both hardware and software signals; there is to our knowledge no HIDS providing such precise representation of program execution.
Jan 2021 | PDF (0.5 MB) wp-tcfi
Protecting Safety-critical Cyber-Physical Systems (CPS) against Security threats is becoming a growing necessity. Due to the high level of network integration, CPS pose new targets to remote code reuse attacks, such as Return-Oriented Programming (ROP). An effective mechanism to detect code-reuse attacks is Control-Flow Integrity (CFI). Despite imposing a significant overhead on the overall system, our approach reliably protects the control-flow of the monitored application, while guaranteeing its real-time constraints. We evaluate our solution by analysing its timing impact and discussing the resulting considerations for the integration and practical deployment in a Safety-critical CPS.
June 2021 | PDF (0.3 MB) wp-sarail
This whitepaper gives an overview of an IT Security architecture, which allows to operate Security measures on Safety systems such as object controllers. It consists of a hardware platform with a Trusted Platform Module (TPM) 2.0, a MILS (Multiple Independent Levels of Safety and Security) Separation Kernel (SK), and various Security applications. The TPM serves as Security anchor and enables, e.g., secure storage, measured boot, and remote attestation to detect tampering with the system software. The MILS OS ensures freedom of interference when running Safety and Security applications.
Nov 2021 | PDF (0.2 MB) wp-cppsafe
C is a programming language that is widely used within Safety-critical projects. Due to its simplicity, compilers are broadly available and their results (namely the object code) are more or less deterministic. At least when optimization is turned off, the linkage between the source code and the generated machine code is understood and generally accepted by certification authorities. There are a few corner cases where the definition of C is not fully clear and the final outcome is left to the C compiler implementation. However, those ambiguities can be avoided by following strict programming standards, such as MISRA-C in the Automotive world. It is also important to mention that different Safety markets have different impacts on the choice of the compiler. This whitepaper focuses on the Avionics and Automotive markets.
Apr 2022 | PDF (0.2 MB) wp-spaceapps
This whitepaper discusses usage scenarios and implementation hints for the application of a hypervisor with special view on SYSGO's RTOS PikeOS in space. SYSGO has a long tradition with Aviation projects and inevitable certification topics. However, the requirements for space-related applications show subtle different challenges that need to be mastered by choosing the right instrument out of the PikeOS toolbox.
Oct 2022 | PDF (1.2 MB) wp-castamc
Multi-core processors (MCPs) offer enhanced computing power while maintaining a favorable Size, Weight, and Power (SWaP) profile, making them attractive for embedded applications. However, their adoption in safety-critical, hard real-time applications poses challenges. Unlike single-processor applications, finding an optimal task schedule across multiple cores is difficult, requiring restrictions for Worst-Case Execution Time guarantees. Additionally, hardware interference in shared resources can widen the distribution of execution times, impacting software reliability and safety. Shared critical resources, such as L2 cache and memory subsystems, are particularly susceptible to interference. Addressing these challenges is crucial for successful MCP integration in safety-critical environments.
Jun 2023 | PDF (0.4 MB) wp-hcspos
Increased demand for higher level of integration, miniaturization in particular in the case of nano and picosatellite constellation requires the use of state-of-the-art embedded computing systems and operating systems. We describe how the combined use of MMU- and MPU-based partitioned real-time operating systems on COTS heterogeneous computing platforms contributes to increase integration, improve SWaP (Size, Weight and Power), and reduce costs.
Jul 2023 | PDF (0.8 MB) wp-doedmc
The embedded Avionics industry is moving from single-core to multi-core processors. This change is being driven by ever-increasing demands for software functionality, improved SWaP (Size, Weight and Power) characteristics, and increasing challenges in sourcing high-performance single-core processors. The trend is expected to accelerate in the future, making it more important than ever to understand the certification landscape for multi-core Avionics systems. Certification for multi-core software according to DO-178C and A(M)C 20-193 objectives must take into account not only the software itself, but also how the full multi-core environment, including the Real-Time Operating System (RTOS), hardware, and configuration can affect execution of the software.
