| 摘要 |
A method for improving the functional security and increasing the availability of an electronic control system, particularly a motor vehicle control system, including hardware components and software components, wherein the hardware components are abstracted by at least one basis software component and/or a runtime environment, and in which an implemented security concept describes two or more software levels, wherein a first software level includes control functions of an application software and a second software level is designed as functional monitoring, for safeguarding against control function faults, wherein a data encryption, provided by at least one hardware component, and/or a data signature for securing the data of at least one communication channel of the hardware component is used with at least one first software component. The invention additionally describes an electronic control system for performing the method. |
| 主权项 |
1. A method for improving the functional safety and increasing the availability of an electronic closed-loop control system, for a motor vehicle control system, comprising:
executing, by a processor, at least one basic software component, executing, by the processor, at least one runtime environment, and executing, by the processor, at least two levels of application software including:
1) a first software level executing control functions for controlling the vehicle,2) a second software level executing a function monitor for monitoring the control functions and detecting an error in the control functions, and executing, by the processor, a first software component that manages encrypted data communicated from at least one peripheral hardware component in the vehicle over at least one communication channel to the processor, wherein the at least one peripheral hardware component executes at least one of data encryption and data signature to produce the encrypted data communicated from the at least one peripheral hardware component over the at least one communication channel to the first software component executed by the processor, and wherein the first software component manages the encrypted data communicated from the at least one peripheral hardware component by analyzing integrity, including plausibility, correctness and currentness of the encrypted data,
1) wherein at least one of unencrypted and unsigned information data is provided to the at least one of the first and the second software level in response to the analysis verifying the integrity of at least one of the encrypted data and signed data, or2) wherein at least one of the encrypted data and the signed data is provided to at least one of the first and the second software level in response to the analysis verifying the integrity of at least one of the encrypted data and the signed data, wherein the first software component generates an error code which is processed by the at least one of the first and the second software level, when the integrity of at least one of the encrypted and the signed data is not existent, and wherein at least one of the unencrypted and the unsigned information data are not provided for the application software, or are provided together with the error code, or the unencrypted information data are assigned an implausible value. |
