Conference Paper

The time-triggered System-on-a-Chip architecture

Real-Time Syst. Group, Vienna Univ. of Technol., Vienna
DOI: 10.1109/ISIE.2008.4677135 Conference: Industrial Electronics, 2008. ISIE 2008. IEEE International Symposium on
Source: IEEE Xplore

ABSTRACT It is the objective of the presented System-on-a-Chip (SoC) architecture to provide a predictable integrated execution environment for the component-based design of many different types of embedded applications (e.g., automotive, avionics, consumer electronics). At the core of this architecture is a time-triggered network-on-a-chip for the predictable interconnection of heterogeneous components. A component can be a self-contained computer, including system and application software, an FPGA, or a custom hardware unit. By providing a single uniform interface to all types of components for the exchange of messages, the architecture supports the component-based design of large applications and enables the massive reuse of components. The time-triggered network-on-a-chip offers inherent fault isolation to facilitate the seamless integration of independently developed components, possibly with different criticality levels. Furthermore, mechanisms for integrated resource management support dynamically changing resource requirements (e.g., different operational modes of an application), fault-tolerance, a power-aware system behavior, and the implementation of fault-handling by reconfiguration.

  • Source
    [Show abstract] [Hide abstract]
    ABSTRACT: The dependability deficiencies and bandwidth constraints of the controller area network (CAN) can prevent its use in safety-relevant and performance-demanding applications. This paper introduces mechanisms for fault detection and fault isolation based on an intelligent CAN router, which exploits a priori knowledge about the permitted behavior of attached electronic control units (ECUs) in order to detect and contain failures. Experiments using an FPGA-based implementation of the CAN router evaluate these mechanisms under different failure modes (e.g., timing failures, masquerading failures). Due to its compatibility to the CAN standard, the router can improve the dependability and performance of systems with existing ECUs. In addition, we extend the application areas of CAN to systems with higher performance and dependability requirements than can be supported with a conventional bus-based network.
    EURASIP Journal on Embedded Systems 01/2012; 2012(1).
  • Source
    [Show abstract] [Hide abstract]
    ABSTRACT: Fault containment between components is a significant property in embedded real-time systems in order to improve robustness, attain clear integration responsibilities and enable modular certification. This paper presents fault containment mechanisms, which are based on the time-triggered Network-on-a-Chip (NoC) of a reconfigurable MPSoC. Each component accesses this NoC via a communication interface that acts as a guardian of the component behavior in the time and value domain. The knowledge about the permitted behavior of a component is written into the communication interfaces by a trusted resource manager. We perform an evaluation of these fault containment capabilities using fault injection experiments. The experiments provide evidence that a faulty component cannot affect the timing or integrity of messages exchanged by other components.
  • Source
    [Show abstract] [Hide abstract]
    ABSTRACT: Controller Area Network (CAN) is the most widely used protocol in the automotive domain. Bus-based CAN does not provide any security mechanisms to counter manipulations like eavesdropping, fabrication of messages, or denial–of–service attacks. The vulnerabilities in bus–based CAN are alarming, because safety–critical subsystems (e.g., the power train) often deploy a CAN bus, and hence a failure propagation from the security domain to the safety domain can take place. In this paper we propose a star coupling router and a trust model for this router to overcome some of the security deficiencies present in bus–based CAN systems. The CAN router establishes a partitioning of a CAN bus into separate CAN segments and allows to rigorously check the traffic within the CAN system, including the value and time domains. We evaluate the introduced trust model on a prototype implementation of the CAN router by performing attacks that would be successful on classic bus–based CAN, but are detected and contained on router–based CAN. The router can consequently increase the security in automotive applications and render some of the attacks described in the literature (e.g., fuzzying attack) on a car useless. Since the CAN router offers ports that are compatible to standard CAN, the router can be used to increase the security of legacy CAN based systems.
    IEEE International Symposium on Industrial Embedded Systems (SIES); 01/2012


Available from