The Safety and Security of Autonomous Vehicle Systems

At the recently-held CDNLive India 2019, Cadence’s annual user conference, we had a session by Cadence’s partners Green Hills Software. Green Hills Software is the worldwide leader in embedded safety and security. Cadence and Green Hills recently announced a strategic partnership that is expected to leverage their respective strengths to drive embedded system safety and security.

Chris Tubbs, Director of Business Development for EMEA at Green Hills Software, started the talk by saying that self-driving is becoming a thing of the past and that getting driven (autonomously, not by a driver!) will become the norm. With more than 150 million connected cars on the road, it’s not surprising that safety and security are of prime importance.

Embedded systems in autonomous vehicles (AVs) are complex, running billions of lines of code. (In comparison, the Boeing 787 runs only 12-14 million lines of code.) Complex systems give rise to complex challenges that include increased vulnerability; more safety requirements; exponential increase in the cost of development and deployment; more cybersecurity; more open-source platforms like Linux, which comes with vulnerabilities of its own; and legal ramifications.

The need for safety and cybersecurity has called for new industry certifications and regulations as existing ones that include AUTOSAR and ISO-26262, need updating to be fit for purpose. The standards have already significantly affected the development process, which became much longer as software has to be certified before being used. The introduction of new standards, particularly with respect to security, will affect the development cycle of software further.

Challenges in AV production deployment

Chris discussed the following challenges:

• Autonomous driving systems will have cognitive networks and run billions of lines of code, which means more vulnerabilities.
• They will exhibit dynamic behavior, something that is detested by safety engineers who prefer static behavior instead.
• AV systems will have to have an ASIL-D certification at the least, along with increased cybersecurity.
• The environment for AVs is huge, trillions of test cases are required to cover all kinds of road instances.
• There is a need to bridge the gap between purpose-built for testing and purpose-built for production.
• The expense of certification.

Testing, testing, 12345678…

Chris said that perhaps the most challenging aspect of AV deployment is the testing. The crash tests for AVs are nothing like their traditional counterparts, which are smashed into concrete walls. AVs need to be tested in the real environment with many variables. More than 8 billion miles need to be covered for such tests, which is humanly impossible. Thus, simulations are required, but they may have limitations such as inability to cover all edge cases, storage problems for the terabytes of data generated each day, and the possibility of mid-test failure, rendering that test useless.

As a result, safety and security have to be implemented from Day One of the design process. In addition, there has to be a culture of safety and security through the rungs of the corporate ladder; the CEO is as responsible as the safety and security engineer. Moreover, an understanding of the Safety Of The Intended Functionality (SOTIF) does not necessarily mean that the function will always be safe, simply because the manufacturers do not know all the different circumstances wherein the function would be used.

As Levels 4 and 5 of autonomous vehicle systems use neural networks, developers need to ensure the accuracy of the training data. AVs may have up to a dozen 4K camera sensors, which hugely increases the number of pixels captured. As a result, the amount of data moving around the car will require huge amounts of computing power to process and validate. Design mistakes like implementing safety and security at a late stage, a lack of isolation of components leading to crosstalk between them, improper application of standards, the introduction of elements out of control, and inadequate debugging tools can all result in vulnerabilities that can cause the system to fail.

Hacking

Hacking is a huge issue when it comes to any safety system within the vehicle. Hackers can attack from both the outside (using the connectivity of the car) and the inside (installing a bug into a component during development, production or servicing), causing potentially catastrophic system malfunctions and information theft. The reuse and sharing of components by manufacturers make it possible for hackers to perform fleet wide attacks.

Green Hills Software and Cadence

Green Hills Software is a company whose products are used by global OEMs in computers throughout the vehicle. The Green Hills Software INTEGRITY-178 real-time operating system (RTOS) has been certified at the highest safety levels including Common Criteria EAL 6+, an internationally recognized security certification used by the US government. It takes pride in being independently certified across multiple industries to the highest levels of safety and security.

Chris concluded by saying that by striving to deliver integrated solutions, Green Hills Software and Cadence can speed up the development process using the latter’s technology and simulations. Green Hills Software is working at integrating its tools and RTOS in the Cadence network, making autonomous vehicle systems more safe and secure.