Process isolation for autonomous driving.

This proposal has been accepted as a session.

*
Accepted Session
Automotive
Microconference Session

One Line Summary

How mainline kernels support enforcement of freedom from interference between processes.

Abstract

Linux has already made it into cars, but is currently only applied in the infotainment domain. In future car manufacturers plan to leverage Linux and its eco system also for safety relevant software, like for driver assistance and autonomous driving.

Autonomous driving functions require high-performance computing with strong safety and security demands. Such systems will consist of multiple and partially redundant software components. Therefore, one key capability of such systems is to isolate faulty or malicious behavior of individual software components from each other. Interference is for example possible through shared resources, such as caches and exhausting of kernel objects (inodes, task slots, …).

Virtualization solutions seem not appropriate because number of software components greatly exceeds available CPU cores. Further more, the nature of software algorithms requires dynamic resource allocation to software components during runtime, which is hard to achieve with full virtualization technologies.

The Linux kernel gained real-time capability through the PREEMPT_RT work and OSADL is currently pushing towards safety qualification in the SIL2LinuxMP project. Current work in the Linux community is focusing on appropriate scheduling and memory partitioning techniques.

In this topic, I like to explore capabilities and limits of the mainline Linux kernel to achieve strong process isolation fulfilling the above mentioned boundary conditions.

Tags

real-time automotive safety security preempt-rt sched_deadline cgroups

Presentation Materials

slides
Back to list of sessions

Speaker