NUREMBURG, Germany There may be as many ways to implement safety and security features in embedded applications as there are engineers working on the challenge, but it is becoming a key topic as fail-safe and security technologies migrate to applications well away from the traditionally security- and safety-conscious military-aerospace and automotive sectors.
At one time it may have been acceptable to leave application code and data unsecured on the basis that an embedded system in question stood alone on a controlled geographical site, which nobody would go to the trouble of hacking. The realization has come that hiding "in plain sight" by simply being one of millions of unsecured installations is becoming, if not unacceptable, decidedly risky.
Embedded applications are all on the network now. With networking comes great functionality and flexibility but also great responsibility,” said one attendee at the Embedded World exhibition and conference, which took place here last week. This busy show highlighted numerous approaches to providing security and safety – from those focused on software, operating partitions and virtualization, to hardware-oriented architectures. Nonetheless it is often the traditional safety-critical applications, such as automotive, and secure applications, such as smart cards, that provide the technology for deployment elsewhere.
One example is the FlexRay time-triggered protocol for automotive drive-by-wire applications. The protocol, launched in October 2003, is now presided over by a consortium that includes Freescale Semiconductor Inc., BMW, DaimlerChrysler, General Motors, NXP, Robert Bosch, and Volkswagen but there is now discussion of applying the protocol to other sectors.
"Aerospace is interested in the Flexray protocol and there are discussions about whether Flexray should be opened up. Although it’s not yet open to industrial applications," said James Stuart, a marketing manager in the microcontroller division of Freescale.
A time-triggering architecture is considered a key to reliable operation of such safety-critical systems as drive-by-wire, adaptive cruise control, collision avoidance and active suspension. It is clear that aerospace systems could also make use of safety-critical subsystems to protect, engine systems, and landing gear, but such safety technology can also be deployed in some transportation systems such as railways.
However, one objection raised by some attendees at the exhibition is the distance remit for Flexray which stands a few tens of meters. Full-blown industrial bus systems must normally be capable of deployment over hundreds of meters.
It is notable that if FlexRay does gain traction as a more broadly used bus protocol it will be following the path of CAN and LIN which both started off in the automotive domain before becoming reused in industrial applications.
Christian Pfeiler, business development manager, with TTTech Automotive GmbH (Vienna, Austria) acknowledged that there is discussion going on within the Flexray working groups but said that the use of Flexray in industrial applications was not going to be an easy or automatic choice. "CAN is migrating to replace numerous smaller fieldbuses, but ‘industrial Ethernet’ is already doing much of the work." Pfeiler acknowledged that there are many flavors of industrial Ethernet but pointed out it is possible to layer a time-triggered protocol onto industrial Ethernet. "It combines office data, with secure data and safety on the same network at the same time," he said.