Secure SOA Framework – Product Page – Guardknox

SECURE SOA FRAMEWORK

Middleware enabling Service Oriented Architecture

Today’s automotive software (SW) development is dealing with software components (SWCs), provided by Tier 1 suppliers, running on more than 100 electronic control units (ECUs) in a typical modern car. These ECUs are interconnected by a complex network of different networking technologies with different message formats. The integration of all these SWCs generates a monolithic block of SW which is difficult and time consuming to maintain. Every change in any SWC requires re-testing of the entire package. Such a package is typically created for a particular car model and cannot take into account customer-specific features. Applications, features and functions can hardly be introduced or modified after the vehicle has left the manufacturing plant.

The solution to this problem consists of a Service Oriented Architecture (SOA) where applications, features and functions are implemented as services that communicate via well-defined message-based interfaces.

Introducing GuardKnox’s Secure SOA Framework

GuardKnox‘s Secure SOA Framework is an innovative approach to automotive SW product life cycle management, i.e., the development, maintenance and distribution of software. The framework consists of a number of components that act as middleware between the Operating System (OS) and applications that provide or consume services (functions). GuardKnox’s Secure SOA allows maximum modularity and dynamic management of individual SWCs resulting in a decoupling of the SWCs from the runtime environment and HW. It provides an automotive grade implementation of a Service Oriented Architecture (SOA) which has been introduced initially for enterprise software environments.

Security Partition
Lockdown Core
Lockdown Core
GuardKnox patented Communication Lockdown 3 layer approach
SOA Port
The SOA port is the enabler of the communication between each 2 components, in other words it is the protocol, the agreed-upon language the two components share. The SOA port has a layer for specific implementations for “translations” between the languages (for specific HW, OS, protocols) to the common language.
Security Monitor
The SOA security monitor collects analytics and diagnostics data from other components to ensure the safe and secure operation of the device.
SOA Port
The SOA port is the enabler of the communication between each 2 components, in other words it is the protocol, the agreed-upon language the two components share. The SOA port has a layer for specific implementations for “translations” between the languages (for specific HW, OS, protocols) to the common language.
Crypto
The cryptography module is a security feature provided to the system as a service or application.
SOA Port
The SOA port is the enabler of the communication between each 2 components, in other words it is the protocol, the agreed-upon language the two components share. The SOA port has a layer for specific implementations for “translations” between the languages (for specific HW, OS, protocols) to the common language.
SOA Node Manager
The SOA node manager is the manager of a single partition, offering local management.
MANAGEMENT PARTITION
Health Monitor
The SOA health monitor collects analytics and diagnostics data from other components for ongoing analysis.
SOA Domain Manager
The domain manager is the central managing authority of the SOA infrastructure. It sits in the management partition and supervises the entire system.
SOA Node Manager
The SOA node manager is the manager of a single partition, offering local management.
PARTITION 1
Application SOA Port
The SOA port is the enabler of the communication between each 2 components, in other words it is the protocol, the agreed-upon language the two components share. The SOA port has a layer for specific implementations for “translations” between the languages (for specific HW, OS, protocols) to the common language.
SOA Node Manager
The SOA node manager is the manager of a single partition, offering local management.
OS1
PARTITION 2
Application SOA Port
The SOA port is the enabler of the communication between each 2 components, in other words it is the protocol, the agreed-upon language the two components share. The SOA port has a layer for specific implementations for “translations” between the languages (for specific HW, OS, protocols) to the common language.
Application SOA Port
The SOA port is the enabler of the communication between each 2 components, in other words it is the protocol, the agreed-upon language the two components share. The SOA port has a layer for specific implementations for “translations” between the languages (for specific HW, OS, protocols) to the common language.
SOA Node Manager
The SOA node manager is the manager of a single partition, offering local management.
OS2
Hypervisor
Secure Separation Kernel
Hardware
Component of GuardKnox SOA Framework

What do we offer?

GuardKnox’s SOA Framework consists of several core components providing the infrastructure functionality for automated and dynamic software life cycle management. Based on the Framework, GuardKnox is able to tailor customized solutions for single software-driven ECUs, up to a full software-defined E/E architecture that extends into the cloud.

The design is open and extensible and features cross-platform support. ‘Platform’ is defined as consisting of a CPU architecture, hypervisor, and partition OS. Several MPUs, MCUs, and partition OSs are supported. GuardKnox’s SOA framework integrates with AUTOSAR Adaptive in order to reuse existing concepts and implementations and cut down on development time and costs.

The framework supports multiple ESBs concurrently, and it can accommodate middleware implementations based on CORBA, DDS, etc.

The SW lifecycle within an ECU is managed automatically: SWCs are automatically deployed, initialized, started, stopped, torn down and removed. A deployment decision for a SWC can be automatic, based on a manifest.

GuardKnox’s toolchain allows system architects to utilize multiple components from pre-existing frameworks and automatically create a hypervisor configuration and partition images using a graphical interface resulting in faster time to market and lower development costs.

GuardKnox’s Secure SOA Framework includes the following deliverables based on customer needs:

  • Interfaces and APIs
  • Binaries and libraries required to run the framework on the target environment
  • Technical documentation for developers and system architects
  • Tools required for efficient development of applications running on the framework
  • Professional Services
    • Professional engineering services to customize the framework
    • Integration services
    • Certification packages
  • Source code (under specific commercial conditions)

The generic framework of GuardKnox’s SOA approach

On top of the hardware there is the Secure Separation Kernel (SSK). A separation kernel is a SW layer which creates an environment that is indistinguishable from that provided by a physically distributed system. The secure separation kernel adds sophisticated security functions to the separation functions.

On top of the SSK is the hypervisor that creates a Virtual Machine (VM) environment. For this purpose it emulates a HW platform on which multiple guest partitions with their respective Operating Systems (OSs) can run. This means that for a Guest OS it is indistinguishable whether it runs on top of a hypervisor or directly on top of a processor HW.

On top of each Guest OS and the common functions SOA Node Manager and SOA Port there are one or several applications that have been developed for this particular OS. The applications, common functions, and their OS form a partition. One particular partition is the Central Management Partition which manages the entire GuardKnox SOA framework.

AUTOSAR Adaptive has been a state-of-the art approach for SW development in the automotive industry for a few years. Many applications have been implemented already and are available to be (re-)used. GuardKnox’s SOA framework, however, is more powerful and provides a much more comprehensive approach to the entire SW lifecycle. Instead of having to re-implement the existing AUTOSAR Adaptive applications they are supported within GuardKnox’s SOA framework. They run on dedicated partitions, with their own specific OS. The SOA Node Manager ensures that AUTOSAR Adaptive messages are properly routed within the system.

management-part-img

A SWC can be manually and automatically relocated, by the SOA framework, into a compatible partition. When the source was compiled using a supported compiler for a compatible OS, it can be seamlessly shifted to a different partition. Otherwise, a POSIX-compliant SWC can be built and activated on top of any OS and hypervisor which is POSIX compliant.

GuardKnox’s SOA Framework is even powerful enough to shift a partition containing an OS and applications between ECUs and even between compatible hypervisors.

Access to the virtualized communication infrastructure is seamlessly mediated through the SOA framework, allowing for virtualized RPC and data exchange.

The Central Management Partition that manages the entire SOA framework is divided into four segments:

  • Software Distribution is responsible for bringing new SW components into the different ECUs. The OTA Agent receives a SWC through secure communication. The Software Verifier/Activator verifies and activates the SWC, potentially involving a license from a cloud management server.
  • Services Management manages the software lifecycle inside the ECU. From the SW repository the deployment location is determined and the SWC sent to the right partition where it is deployed and initialized. The SOA Management segment employs an Applications Catalog listing all available applications and services, while optimizing their locations and communications. This means that decisions about optimal SW deployment are performed in real time.
  • Unified Communication is responsible for the communications infrastructure by monitoring network connectivity, along with the paths to all the different ECUs, and controls the communication between SWCs.
  • Health Monitoring and Management monitors what happens in the system, initiates recovery actions in case of failures and logs events, in order to guarantee the proper functioning of the entire system. It uses AI mechanisms for health monitoring.
management-part-img2

In a nutshell – the benefits of GuardKnox's SOA framework

  • Automatic management of the software lifecycle within the vehicle, down to every ECU – automatic deployment, initialization, start, stop, teardown and removal of SW components
  • Flexible unified communication between SWCs and services, where the underlying transport middleware can be easily changed, allowing for multiple ESBs to co-exist seamlessly together
  • Cross-platform support
  • AI support for health monitoring
  • Integration of AUTOSAR Adaptive platform to support existing concepts and implementations

THE GUARDKNOX SOA FRAMEWORK EXPLAINED

The GuardKnox SOA Framework Explained

Click To Configure Your Own Customized Version Of The SOA Stack

LEARN MORE ABOUT SOA STACK

  • Whitepaper:
    Guardknox’s Patented Approach To Service Oriented Architecture

  • READ MORE
  • Blog:
    Distributed Automotive SOA For Automotive Infrastructure

  • READ MORE
  • Blog:
    The Competitive Edge For A Modern Vehicle Is All About Its Software

  • READ MORE