Many cars incorporate more than 125 ECUs. Consolidation is an obvious answer. We explore how to integrate more functionality on fewer ECUs without complicating the testing effort.
However, there are multiple issues with this approach. The integration process itself is difficult and complex. It requires all applications to be optimized for the selected operating system. The memory model may propagate errors without isolating faults, and the process dramatically expands the test effort.
ECU consolidation via software integration.
(Source: Wind River)
Because of these complications, Wind River and other vendors have worked on a new approach that virtualizes the ECU. A virtualization layer is used to run multiple ECU operating systems simultaneously on a single processor, as shown below.
ECU consolidation via virtualization.
(Source: Wind River)
This virtualization model makes it possible to choose the appropriate solution for each application, and it provides clear fault isolation. The integration effort can be split into teams for more efficiency. However, it requires an additional integration step, potentially slowing down the process.
A smarter approach: Virtualized ECU combined with multi-core
More recently, Wind River has been further enhancing the virtualized ECU approach by adding multi-core processing capabilities. The basic concept is centralizing compute power into function-oriented regions, decoupling software functionality from the underlying hardware using virtualization technology, and deploying virtual ECUs on multi-core processors, so there is little interference between them, as shown below.
A better option: virtual ECU plus multi-core.
(Source: Wind River)
This model creates the opportunity to consolidate many software-driven functions on fewer, more powerful hardware platforms. Equally important, it helps solve the separation/latency tradeoff dilemma. Each application is walled off from the others, but each can still receive configurable, adjustable CPU resources to meet performance requirements.
The virtual ECU/multi-core approach also moves integration to an earlier stage of the project, so development and testing teams can identify bugs and other issues sooner, solve problems faster, and accelerate time to market. And legacy software and individual functions can be upgraded or replaced at any time -- over the air -- eliminating the need to bring the car in for servicing to deal with software issues.
From a security perspective, there are several advantages to the ECU/multi-core approach. First, it fundamentally simplifies threat analysis, because it is possible to build a virtual security appliance into the ECU once, rather than building separate ones for each individual ECU. This saves time and money and minimizes the performance impact of security inspection and analysis.
Second, security researchers can use sophisticated simulation tools such as Simics to test systematically and gain a deeper understanding of every aspect of system behavior than is possible through traditional methods. Simulation can improve the integration/testing environment, and it can expose flaws in hardware and software design and allow systems to be debugged faster and more effectively.
Third, the Wind River approach makes it possible to combine safe and unsafe functions without increasing risk to other software elements or impacting compliance.
ECU consolidation has been a goal for automakers for years. It's time to turn the vision into reality. The approach outlined in this brief article is based on mature technology. It has been proven in real-world implementations, and it is financially practical. Business leaders in the automotive industry can have their development, testing, and security teams take a closer look at the underlying technology of this new approach and the possibilities for improving the efficiency of new automobiles, the safety and security of future automobiles, the satisfaction and brand loyalty of consumers, and the bottom-line profitability of the business.
-- Georg Doll is vice president of automotive solutions at Wind River. For more information about its products, services, and technologies for the automotive industry, visit http://www.windriver.com/solutions/automotive/.