The Foundation of the Service-Oriented Vehicle

When thinking about the benefits of connected and autonomous vehicles, many people first think of personal conveniences.

However the real promise of these vehicles is their societal benefits: improved road safety, more efficient utilization of roads, freeing up urban space used by parking lots, reduced pollution (of course) and more.

Click Here To Download SOA Whitepaper


In 2017, there were 1.2 million vehicle deaths around the world—90% from driver error. Driverless, autonomous vehicles promise to dramatically reduce road accidents from human error and potentially save nearly a million lives a year. But there are also risks with connected and autonomous vehicles:

  • Cyber-hijacking to cause accidents or vehicular chaos like in the movie Fast & the Furious 8- The Fate of the Furious
  • Ransomware
  • Stealing personal data or financial information
  • Tampering with communication between autonomous cars and road infrastructures like traffic lights or electrical charging systems

Like with any computing device, vehicle cybersecurity is a necessity rather than a luxury.

Click here to learn more about how GuardKnox provides the security foundation for services

The vehicle as an app-store

Just as mobile phones have become ubiquitous handheld computers, so too connected and autonomous vehicles are quickly becoming ubiquitous “computers-on-wheels”.

While there were

110 million

connected vehicles on the road in 2015

by 2025, there will be

470 million

connected cars, comprising 90% of all vehicles on the road


8 million

autonomous vehicles Source

And like with the mobile phones/computers of today, consumers will desire to use suppliers in the automotive aftermarket or vehicle app stores to personalize, customize, and enhance their “computers-on-wheels” of tomorrow from the suspension to the powertrain to the infotainment system.

The limits of today’s mobile computing

Computers were first added to cars in 1968 when Volkswagen introduced a microprocessor-controlled electronic fuel injection system to replace carburetors. These microprocessors or electronic control units (ECUs) precisely controlled the fuel-air mix and dramatically improved vehicle performance. Over the last 50 years, individual ECUs have been added to cars for managing specific vehicle functionality, including engine and transmission control, climate control, anti-lock braking, park assist and more. In the 1980s, an automotive computer called a Controller Area Network (CAN) bus was introduced to enable the disparate systems to communicate with one another. While older cars may have up to a dozen ECUs “talking” to one another, a new vehicle may have 150 or more independently operating ECUs using multiple network protocols with overlapping or redundant services. From 2010-2016 software code in vehicles and their ECUs grew from 10 million lines of code to 150 million lines of code—that’s about 1000 times more code that the Apollo mission needed to put Neil Armstrong on the moon. As you can imagine, with so much code there are bound to be numerous software-related quality issues that cause millions of vehicles to be recalled each year.


Approx. 150 ECUs

Approx. 7 networks


lines of code


lines of code


lines of code


lines of code

One of the biggest challenges facing today’s vehicle networks is the vast amount of data that is produced—and will exponentially increase as vehicles become increasingly autonomous and are required to process vehicle-to-vehicle and vehicle-to-infrastructure communications. Transferring and hosting this data is also very costly and increases vulnerabilities to hacking. Today’s ECUs offer the computing equivalent of 20 personal computers and transmit more than 25 gigabytes of data per hour but they are severely limited by the CAN’s data transfer rate of 1 Mbps—a far cry from the 1 Gbps we receive from our home and office Ethernet networks.


With 150 million lines of code and the software-related content increasing from 10% to 30% of a vehicle’s content by 2030, the current electronic architecture does not enable the services model to support vehicle applications, functions, and data usage. With more software code in a vehicle than in a fighter jet or space shuttle, the current model cannot be sustained due to the complexity, cost, and security risks associated with so many ECUs. At the same time, a faster network is desperately required to handle the vast amounts of vehicular data at the requisite speeds. By 2020-2021, the automotive industry is expected to release a more advanced ECU architecture, with most functionality centered on consolidated domain controllers that will especially useful for supporting autonomous driving.


The IT industry went through a similar challenge in the late 1990s with the advent of Web 2.0 and the utilization of the Internet for many business applications and processes. To solve the challenge of enabling applications on multiple platforms such as personal computers and via the web, they were broken down into specific functional components or “services” that could be remotely accessed and updated independently. The services are independent of the vendors that implement them and of the clients that use them. Standardized functionality or services are offered by distributed networked computers (servers) and are accessed through standardized protocols and Application Program Interfaces (APIs). This “Service-Oriented Architecture” offers four primary benefits:

Creating reusable code

Code components are created and reused to decrease development time


A new standardized communication protocol enables the platforms to communicate and pass data regardless of the languages used to build them


A standard communication protocol limits the interaction between the clients and the backend services and enables web-based services to be scaled without overly taxing the application

Reduced costs

Maintenance costs are reduced as fixes or changes to code can be performed in specific services without impact or requiring the test of end-to-end application performance.


The GuardKnox Product Family offers several options for implementing a vehicle-based Service-Oriented Architecture (SOA).  A Service-Oriented Architecture creates the in-vehicle environment to securely host applications and services on a single chip with access control and service level partitioning for an upgraded and customized driving experience.

Our product line and solution offerings can be seamlessly integrated into next-generation Zonal architecture, current generation Domain Controller architecture, aftermarket, and retrofitted solutions, as well as custom bespoke development. Additionally, the patented Secure SOA Software Stack can be integrated into existing components or architectures to provide both software and hardware (if supported) safety and security isolation for mixed-criticality systems. As a complete stack, it is provided to OEMs and Tier 1 manufacturers for seamless interoperability with other vehicle services and applications while simultaneously reducing development costs.

GuardKnox Service Oriented Architecture for vehicles offer OEMs and Tier-1 vendors the following unique benefits:

Reusable cybersecurity services

Including firewalls, remote server management, cryptography or the Communication Lockdown™ framework

Increased connectivity

Hosting services and downloadable applications for customization

New revenue streams

Supporting an app-store for downloadable personalized apps and features


Flexible hardware architecture (based on FPGA) for future unforeseen needs and data requirements


Ability to host and communicate with all operating systems, whether mission critical or not and containing the failure of a single app/service so that others are unaffected.


GuardKnox provides a real-time safe and secure environment for the various services to operate in isolation without unintended interference from other services or networks—or intentional manipulation by hackers. GuardKnox cybersecurity serves as a foundation for implementing the use of “virtual machines” that enables compartmentalized functionality for microservices. GuardKnox provides a hypervisor with an unmatched level of security so that so all apps and ECUs can securely speak to one another. In addition, it empowers developers to securely integrate new applications without compromising the security and safety of the rest of the system. Using the GuardKnox Communication Lockdown™ framework, the GuardKnox hypervisor verifies each message between the vehicle services on three different layers:

  • The routing layer that creates a physical separation between different networks using the FPGA and enables the GuardKnox Domain Controller to differentiate messages by their origin.
  • The content layer that locks all bits in each field of all messages for the entire vehicle
  • The contextual layer that compares and enforces the real-world performance of the vehicle with the relevancy of the network’s request

This compartmentalization will enable easy changes to the vehicles’ software and hardware, enabling OEMs, aftermarket service providers and vehicle owners to add, delete and update vehicle apps, including:

Infotainment and news apps to deliver a driver experience closer to commercial air travel (as vehicles become more autonomous and drivers become passengers)
Productivity apps for paying bills or ordering groceries or performing office work
AI-powered virtual assistants for coordinating family schedules, making dinner reservations or scheduling garage visits
Customizing vehicle performance-related ECUs to fit one’s personal tastes or needs, from sports handling to city driving in the snow, to boat towing.
Live person and emergency services like OnStar in-car assistance

Most importantly, the migration of the current vehicle architecture to a Service Oriented Architecture will eliminate millions of lines of redundant code, increase overall security, and make updating, adding or deleting vehicle apps as easy and as transparent as updating our smartphones.


Click Here To Download SOA Whitepaper


drivers to subscribers

communication lockdown™ methodology uniquely delivers cyber-safe travel and connected car data protection

Read more