D72.2 - CORDIS
Project acronym: OVERSEE
Project title: Open Vehicular Secure Platform
Project ID:
Call ID:
Programme:
Objective:
248333
FP7-ICT-2009-4
7th Framework Programme for Research and Technological Development
ICT-2009.6.1: ICT for Safety and Energy Efficiency in Mobility
Contract type: Collaborative project
Duration: 01-01-2010 to 30-06-2012 (30 months)
Deliverable D7.2.2:
Plan for Use and Dissemination of Knowledge V2
Authors:
Reviewers:
Dissemination level:
Deliverable type:
Version:
Submission date:
Cyril Grepet (Trialog)
Antonio Kung (Trialog)
Florian Friederici (Fraunhofer FOKUS)
Jan Holle (University of Siegen)
Consortium Only
Report
1.0
13 February 2012
D7.2.2 Plan for Use and Dissemination of Knowledge v2
Abstract
This deliverable is the Plan for Use and Dissemination of knowledge V2 (PUD). It contains three parts:
an overview of OVERSEE objectives, of the intended market and business models considerations
a section describing the OVERSEE business plan
a section describing the OVERSEE use plan ii
D7.2.2 Plan for Use and Dissemination of Knowledge v2
Contents
Mobile Smartphones as Open In-Vehicle Platforms ...................................... 9
Application-Centric Business Model ............................................................ 10
OVERSEE Can Enable Multiple Business Models Simultaneously................ 13
iii
D7.2.2 Plan for Use and Dissemination of Knowledge v2
OVERSEE Viewpoint on Automotive Platform Related Applications Market27
Fraunhofer-Institut für offene Kommunikationssysteme ........................... 32
Universidad Politécnica de Valencia ............................................................ 34
OpenTech EDV Research GmbH .................................................................. 37
iv
D7.2.2 Plan for Use and Dissemination of Knowledge v2
List of Tables
v
D7.2.2 Plan for Use and Dissemination of Knowledge v2
List of Figure
Figure 1: Dissemination and Liaison Concepts Used by the OVERSEE Consortium ................. 15
vi
D7.2.2 Plan for Use and Dissemination of Knowledge v2
Document History
Version Date Changes
0.1 Draft 07-12-2011 Initial version – based on D7.2.1
0.2 Draft 03-01-2012 Advisory Board Meeting Summary – Ecosystem creation
0.3 Draft 20-01-2012 Business models consideration –contribution from University of Siegen
0.4 Draft 08-02-2012 First complete draft
1.0 13-02-2012 Full version including reviews vii
D7.2.2 Plan for Use and Dissemination of Knowledge v2
1 Executive Summary
1.1
Contact Information
No. Beneficiary
Name
Beneficiary
Short name
1 escrypt GmbH - Embedded Security
Zentrum für IT-Sicherheit
Lise-Meitner-Allee 4
44801 Bochum
Germany
2 Fraunhofer-Institut für Offene Kommunikationssysteme
Kaiserin-Augusta-Allee 31
10589 Berlin
Germany
3 TRIALOG
5 rue du Général Foy
75008 Paris,
France
4 Technische Universität Berlin
Sekr. FR 5-14
Franklinstr. 28/29
10587 Berlin
Germany
5 Universidad Politécnica de Valencia
Departement de Informatica de Syistemes i
Computadors
Camino de Vera S/N
46022 Valencia
Spain
6
Universitaet Siegen – Fak. IV, Dep 12
Chair for Data Communication Systems
Hoelderlinstr. 3
57076 Siegen
Germany
7 VOLKSWAGEN AG
AutoVision GmbH
K-EFFI/P - Security and Rapid Prototyping
Brieffach 17770
38436 Wolfsburg
Germany escrypt
Fraunhofer
FOKUS
Trialog
TUB
UPVLC
USiegen
VW
Country
Germany
Germany
France
Germany
Spain
Germany
Germany
1
D7.2.2 Plan for Use and Dissemination of Knowledge v2
8 OpenTech EDV Research GmbH
Augasse 21
A-2193 Bullendorf
Austria
Table 1: OVERSEE contact information
OpenTech Austria
1.2
Intended Audience
This deliverable is the second version of the Plan for Use and Dissemination (PUD) of
Knowledge for the OVERSEE project. The first version (D7.2.1) was provided at M12. This version (D7.2.2) is an updated version for M24. D7.2.2 is intended for use within the
OVERSEE project and the European Commission. It defines how the consortium will disseminate the concepts and the results of the project and the liaisons with other projects.
It will also provide information about the planned use of the outcome of the project.
1.3
Abbreviations and Conventions
The OVERSEE website includes a glossary that lists abbreviations and definitions that are common to all deliverables in the OVERSEE project.
1.4
Summary
This document presents the second version of the Plan for Use and Dissemination of
Knowledge for the OVERSEE Project. It consists of three parts:
An overview chapter
A chapter on the dissemination plan
A chapter on the use plan
2
D7.2.2 Plan for Use and Dissemination of Knowledge v2
2 Overview
2.1
Introduction
OVERSEE is a collaborative project funded under the Seventh Framework Programme, in the research area ICT-4-6.1: Safety and Energy Efficiency in Mobility. The 2.5-year project runs from 1 January 2010 to 30 June 2012.
2.2
OVERSEE Scope and Objectives
From the description of work
The idea of OVERSEE can be split in two main parts: first, the open platform for the execution of OEM and non OEM applications and second, the secure single point of access to
ITS communications. However, only the combination of these two aspects will offer the potential for a wide range of new automotive applications.
The automotive applications running on OVERSEE will be executed in protected runtime environments for maximum dependability and security. Applications are prevented from influencing each other, the OVERSEE platform, or communications on the connected networks - especially on the vehicle internal networks. To achieve this goal, virtualisation is one of the main concepts of OVERSEE. The applications will be executed in runtime environments which abstract from the physical hardware. They are controlled by the virtualisation system. The concepts of virtualisation are well-known in the IT domain but not applied to automotive applications yet. Virtualisation will be the solution to offer a temporal and spatial partitioning platform to execute several execution environments (applications) on one physical OVERSEE-ECU with very low overhead but increasing the reliability of the applications.
The improvements will be possible because of the intensive consideration of security, dependability and reliability issues within the development of OVERSEE. The API for developing OVERSEE applications will be publicly available. This will increase the quantity of available applications in the short term.
The communication interface of OVERSEE would be based on existing standards, and those currently under development, e.g. in ETSI TC ITS. Thus, it is possible to connect most recent and new vehicle internal and external networks with only small effort. As security issues are an integral part of OVERSEE, connecting new networks would be possible without the fear of creating new backdoors for attackers.
The security of communication via OVERSEE and with the applications executed on OVERSEE will be based on a small and well-defined message and command set. The message and command set will be defined in an early stage of the project. The access of applications executed on OVERSEE to the communication interfaces as well as the incoming interfaces of
OVERSEE will be protected by a message filtering firewall. The OVERSEE firewall will be customisable by user policy rules. The format of the policy rules and the firewall implementation will be developed within this project. The policy format will be based on standards and publicly available.
3
D7.2.2 Plan for Use and Dissemination of Knowledge v2
In order to provide a basis for secure and trustworthy communication via the connected networks, OVERSEE will provide a cryptographic API (e.g. encryption and decryption, signing and verify of signatures), as well as the interfaces for platform identity management to establish trust in large networks. By using OVERSEE and the provided APIs, developers are able to quickly and efficiently develop new automotive applications and integrate security and dependability aspects right from the start.
As another core aspect for establishing secure and dependable applications within an ITS environment, the capabilities to validate future OVERSEE compliant open platform implementations will be created. This enables automotive suppliers and future projects to offer OVERSEE compliant platforms and applications easily. Openness and ease of use for security and dependability mechanisms will promote the OVERSEE platform and make it wide-spread. Economics of scale as well as available tools will reducing the costs for developing OVERSEE compliant ECUs and applications.
The vision of the OVERSEE project is to provide an open platform for secure and dependable vehicular applications as well as the tools, services and their integration into ITS standards necessary for its widespread acceptance.
The objectives of OVERSEE are the following:
Providing a generic and open source platform for spatial and temporal partitioning of secure simultaneous execution of multiple innovative automotive applications on one single OVERSEE-ECU
Providing secure and dependable runtime environments
Create an open and standardized secure single point of access to in-vehicle networks
Providing a standardized API for accessing security and dependability services
Providing validation support capabilities and tools
Providing the capabilities of secure and non-deniable recording
The table below summarises the OVERSEE milestones and the way they can be verified.
Number Milestone name
Work package(s) involved
Expected date 1
Means of verification 2
MS1
Initial Version of requirements document
(Start WP2)
WP1 6 D1.2 + D 1.3
MS2
MS3
Design of OVERSEE available
Platform implementation
WP2
WP3
12
24
D2.1 – D2.5
D3.1
D3.2 – D 3.4
1 Measured in months from the project start date (month 1)
2 Show how both the participants and the Commission can check that the milestone has been attained.
4
D7.2.2 Plan for Use and Dissemination of Knowledge v2
MS4
MS5
Validation support of OVERSEE available
Proof of Concept Implementation available
WP4
WP5, WP6
27
29
D4.1 – D4.4
D5.4, D6.1
Table 2: Milestones of OVERSEE
Note that the project addresses two main concerns.
The project mainly addresses focus a) “ICT for Intelligent Vehicle Systems for further improving road safety and overall performance of transportation systems. This includes advanced in-vehicle safety systems with improved performance and reduced costs, based on open standard elements; systems supporting autonomous driving (first in restricted environments and later on open environments); new approaches to crash avoidance and collision reduction including development of sensors and sensor networks; human machine interface design principles; advanced methods for traffic situation detection and communication (including vulnerable road users); and technologies for addressing digital footprint, data security and privacy of in-vehicle applications; numerical and experimental methods and technologies for design and evaluation of systems under real world conditions; methods for the design and evaluation of systems.” [ICT Work Programme 2009-2010].
The project addresses partially also focus b) “ICT for Clean and Efficient Mobility for further improving energy efficiency and reducing CO2 emissions in all modes of transport. This includes new tools, systems and services supporting energy-efficient driving (eco-driving) based on on-board systems and/or co-operative infrastructure and energy-optimised, adaptive traffic control and management technologies and systems for urban areas and inter-urban road networks. It also includes methodologies for assessing the impact of advanced ICTs in energy efficiency and CO2 reduction, aiming at international harmonisation and standardisation of the methodologies through co-operation with Japan and the USA.”
[ICT Work Programme 2009-2010].
2.3
Overview of Expected Results
The table below shows the project objectives, the related expected results and an assessment on exploitation. A updated version is expected in subsequent versions of this deliverable.
Objectives Expected Results Assessment on Exploitation
Providing a generic and open source platform for spatial and temporal partitioning of secure simultaneous execution of multiple innovative automotive applications on one single
OVERSEE-ECU
Demonstration of a platform based on virtualisation using open source subsystems
(Linux, Meego, OSEK,
XtratuM) with meaningful ITS applications
A roadmap approach is needed for adoption, from initial adoption in R&D projects to industry adoption. In the first step, a complete flexible customisable platform must be made available. In the second step, a stable community for platform support possible backed by
5
D7.2.2 Plan for Use and Dissemination of Knowledge v2
Providing secure and dependable runtime environment
Create an open and standardized secure single point of access to in-vehicle networks
Providing a standardized API for accessing security and dependability services
Use of a virtualisation technology allows highintegrity assurances.
OVERSEE is based on
XtratuM technology that has been endorsed in space applications
An examples of such a single point of access will be demonstrated in OVERSEE.
The example will be based on a list of project determined interfaces/peripherals. major industry stakeholders is needed. Three business models are identified application centric, service centric and OEM centric
(further explained below)
Creation of a spinoff by UPV
( www.fentiss.com
) to support this technology
This spinoff will address all application sectors where assurance requirements needed to be met
Exploitation depends on a consensus in the ITS ecosystems on (1) the selected interfaces and associated APIs and (2) on the flexibility of the OVERSEE technology for customisation
A community group would be needed (e.g. a working group in the immobility forum)
Implementation carried out and API will be made available
Need to create consensus.
This means (1) agreement on platform approach and (2) agreement on API
Still in assessment phase Providing validation support capabilities and tools
Providing the capabilities of secure and non-deniable recording
Still in assessment phase
Table 3: OVERSEE expected results
2.4
Market Situation and Overview
Modern vehicles are an integral part of the daily life in industrial nations. In 2005 more than
170 Million cars were registered in the European Union. Besides the use of cars for individual transport of European citizen, commercial road vehicles are an inherent part of flexible logistic chains and an additional load to the European road network. With respect to the amount of vehicles and the vehicle miles travelled per year there are two main goals for the use of vehicles and the operation of the European road network:
6
D7.2.2 Plan for Use and Dissemination of Knowledge v2
The use of vehicles should be as safe as possible for the user and all other traffic participants, especially with regard to accidents with injury of persons and fatalities.
The use of vehicles should be as efficient as possible, especially with regard to the emission of CO
2
and the consumption of fossil fuels, but also with regard to the efficient use of road infrastructure.
Modern automotive applications (e.g. postulated in the ITS action plan) and traffic telematics solutions (e.g. theft intervention by Car2X communication, differentiated charging of vehicles by Electronic Toll Collection systems for circulating on certain routes as a way to influence traffic demand) which could add a valuable contribution to achieve these goals are mostly software based with the need of secure access to a wide range of vehicle internal and external networks. Additionally there is a wide range of modern automotive applications which could add new functions to vehicles and increase the comfort for vehicle users. These new products and services could stimulate the automotive market and strengthen the innovation leadership of European automotive manufactures and hence sustain and create jobs in the automotive sector.
Today, every new automotive project causes the development of a new and project specific
Electronic Control Unit (ECU) which causes immense costs and project risks. Furthermore currently there is no universal device obtainable that is able to connect vehicle internal and external networks in a secure and common way (e.g. for downloading tolling information or transmitting of diagnose information). This gap, the high costs and project risks impede the development of new products and services that could be helpful to make automotive traffic safer and more efficient. Additionally the impeded development impairs the growth of the
European automotive industry. Therefore new concepts which are currently not available in the automotive field are necessary.
The Automotive Industry is a fast growing innovative and economic key industry segment. In addition the Automotive Industry is a very cost sensitive and on the other hand needs to take as much effort as possible to provide safety measures for all road users.
The OVERSEE project provides access to vehicular internal and external network in a secure manner and therefore enables e-safety use cases, which will be crucial for vehicular applications to meet the future trends. In addition OVERSEE offers an open and secure application platform, hence the high costs and risks for the development of new safety application will be limited. There is no project known up to date, that provides an automotive platform providing an open platform using virtualization.
Therefore, with the knowledge and technology, the industry will be able to further decrease time to market for innovative and connected car functionality, as well as reduce the cost and risks. This will lead into new global market shares and safeguarding existing shares due to technological leadership.
The strategy is to aggregate all key stakeholders, the automotive industry (i.e. OEMs and suppliers), the application providers (i.e., leading tolling system provider), security experts in the project in order to achieve a complete and consistent system solution, which subsequently can be transformed into an industrial series development. The envisaged to provide the Open VEhiculaR SEcurE platform as an open specification will speed up the economic success for the automotive and the dissemination of safety related car functions.
7
D7.2.2 Plan for Use and Dissemination of Knowledge v2
2.5
Survey of Current Open In-Vehicle Platforms
The current section describes some state-of-the-art projects and products, started to develop or provide an open in-vehicle platform. All platforms are at least suited (except Ford
SYNC © ) to install applications, which could be chosen by the driver freely. The compared
©
Finally, mobile smart phones which are often discussed as a possible open in-vehicle platform were considered.
AutoLinQ™: AutoLinQ™ is a platform that is currently in development stage. The company
Continental and other partners plan to build a platform aiming to enable easy development and integration of infotainment applications. Doing so, the focus of AutoLinQ™ is to offer a holistic user experience integrating home, mobile and in-vehicle view of applications. The platform is based on the open source project Google Android™; a SDK including an emulator are already available. Security and safety issues were already considered in the project and the solutions will be based on an application certification process involving the OEMs.
Beyond this, legacy Android™ applications, which could be executed on the platform, will not able to be executed while driving. Anyway, the project is still in first stage and a real world implementation in vehicles will not be expected before the next vehicle product generation.
GENIVI: The reference platform will be developed by the GENIVI Alliance, involving a lot of
OEMs and automotive suppliers. The GENIVI (Geneva In-Vehicle Infotainment) platform focuses on infotainment applications and will consist of Linux based core services, middleware and an application layer interface. Currently, the GENIVI core code is combined
with MeeGo an open source Linux based operating system [5]. By now, an integration of
GENVI in real world vehicles is not conceivable.
Ford SYNC © : Ford SYNC is an already available product offered in a lot of brands of the FORD group. Until now, the platform was only used for applications offered by this OEM, so it was a closed platform. Anyway, since the platform is under the control of the OEM, a good connectivity to the vehicle electronic is implemented (e.g., to support vehicle diagnosis services). Currently, Ford aims to offer an programming interface for SYNC that provides applications running on mobile devices an interface to the vehicle electronics. Thus, the application still runs on the mobile device but could be accessed from the vehicle display as
well as control units and vice versa. The platform uses Microsoft Auto [4] as software base
and Bluetooth as wireless interface.
The following table provides an overview on the presented platforms and their assessment concerning some important aspects of open platforms as well as a current status of the development process.
8
D7.2.2 Plan for Use and Dissemination of Knowledge v2
Open for development
Open for deployment
Software environment for applications
Development status
AutoLinQ™
GENIVI
Ford SYNC®
Yes,
SDK available
Application certification process will be considered
Android plus
AutoLinQ™ API
Prototypes shown
Yes, should be.
Application certification process will be considered
Linux likewise environment
API for applications on connected mobile devices
Application store for mobile device applications with
SYNC capabilities, controlled by the
OEM, is announced.
Since the applications are executed on the mobile device the software environment depends on the device
Reference platform available
In the field
(except openness for third party applications)
Table 4: Overview of open in-vehicle platforms
2.5.1
Mobile Smartphones as Open In-Vehicle Platforms
Within the automotive and ITS community smart phones are regularly discussed as an implementation of an open in-vehicle platform. And indeed they are open platforms with imposing flexibility and functionality. Since smart phones are also becoming more and more the key device in people's life, replacing a broad range of classically discrete devices, for instance media players, navigation systems, etc., it seems to be natural to bring this approach to the automotive domain, too. Nevertheless, there are some strong contradictions:
HMI integration: The main job of the driver of a vehicle is to steer his vehicle in a safe manner. Therefore, one of the main goals of application development in automotive is to avoid any unnecessary distraction of the driver. Integrating mobile phones with their complex handling is problematic and, additionally, touching it while driving is thus prohibited in many countries. Furthermore, as described in the section above, the seamless integration of HMI would be a huge task depending on the amount of implementations on both sides –
OEM or brand specific user interfaces versus smartphone specific interfaces.
Onboard integration: Most of the vehicle based functions are controlled via the vehicle internal networks. Mobile phones are typically not equipped with appropriate interfaces, for instance CAN. And also if it would be feasible to add these interfaces there would be still the question if drivers would connect a smartphone – with its typically untrusted applications – to their safety relevant vehicle networks.
Runtime environments: Solving the issues of a secure integration of smartphones in the vehicles communication system would be only one part of the integration. A further
9
D7.2.2 Plan for Use and Dissemination of Knowledge v2 question is how to cope with the real-time requirements of automotive applications and their inherent needs of dependability. Current smartphones are not able to guarantee spatial and timely separation of applications and also the assurance of dedicated computing power and time slots for execution of applications is not provided. Therefore, it seems to be unreasonable to serve any safety relevant application on top of smartphones.
Physical constraints: Smartphones are designed to be cheap while offering a lot of functionality. This leads to only a limited allocation of computing power and other hardware resources forcing smartphones to operate at their maximum capacity. This would also prevent the use as an open in-vehicle platform where sufficient reserve capacity, at least for safety relevant applications, would be expected.
While this reflection on smartphones as open in-vehicle platforms is still not exhaustive it is clear that smartphones are no reasonable alternative to dedicated open in-vehicle platforms. Nevertheless, smartphones would for sure be connected to open platforms to allow seamless integration of user data, for instance media files.
2.6
Business Model Consideration
Business model considerations will have a strong impact on how the platform will be exploited. The business model will in particular depend on the underlying value chain that is used and the channel through which ITS applications are deployed (e.g. through OEMs, through road operators or telecom operators).
It is believed that the flexibility and cost efficiency introduced of such a platform as OVERSEE could enable a new way to study the market in the ITS (for cars) and the automotive domain.
Currently three business models have been identified. They relate to an ITS platform
ecosystem which is presented in section 4.2
2.6.1
Application-Centric Business Model
This business model will mainly be the focus of companies involved in application software development. It could be applied to the three main application domains identified for
OVERSEE (ITS, Infotainment, Automotive).
This model relies on the vision that there is a widely deployed standardized secure open platform with standardized interfaces for automotive ITS, (e.g. API, Middleware, virtual driver to access ready-to-use hardware transparently). These interfaces make it easy to develop applications. This model is inspired from the android or iphone model. It is also the model implied in past FP projects such as GST or CVIS (note that with respect to these projects, Oversee is focussing on security and dependability, while GST and CVIS focused on application support).
10
D7.2.2 Plan for Use and Dissemination of Knowledge v2
Many discussions related to the application centric business model have taken place within the ITS community. The eSecurity WG report 3 provides the following conclusion: a clear separation should be made between interactive systems and independent vehicle-based electronics. Consequently, the following recommendation is made: “Ensure separation between independent vehicle-based systems and interactive systems. Vehicle based systems should remain under the responsibility of the OEMs and should not be affected by interactive
systems”
We therefore conclude that to make the application centric business model a reality, any platform solution should (1) create separation of concern and (2) ensure that the result legally ensures separation of responsibility. OVERSEE platform use virtualisation as a foundation and therefore creates separation of concern. OVERSEE platform is also based on virtualisation technology that can be certified (i.e. XtratuM is used in space applications). To be adopted, stakeholders in the ITS community would have to agree on a level of assurance of the platform that would legally ensure separation of responsibility/liability.
But agreeing on the use of a virtualisation platform and on a level of certification is not sufficient. Applications themselves would have to be certified (e.g. by a public authority) to avoid a potential driver distraction caused by applications or a potential malfunction of applications.
To make this model work, the resulting ecosystem should include the following:
A platform approach ensuring separation of concern between interactive systems and independent vehicle-based electronics.
An assurance approach that would legally ensure separation of responsibility and liability. Essentially, the OEM will not be liable for malfunctioning of applications.
An Application Store dedicated for 3rd-party applications. Applications could be provided by any developer. Such application store would need some governance structure 4 .
An agreed level of application assurance, and agreed verification/certification scheme.
2.6.2
Service Centric Business Model
This business model will mainly be the focus of companies involved in providing services to end users. The difference with application centric business models is that the service provider is responsible for applications provisioning. A service provider could develop its own applications or could subcontract other companies for application development. Also note that the service centric business model could coexist with the application centric business model.
3 http://www.esafetysupport.org/en/esafety_activities/esafety_working_groups/esecurity.htm
and http://www.esafetysupport.org/download/working_groups/eSecurity/finalreport/v1/esecurity_vulnerabilitiesi nroadtransport_v1.pdf
4 For instance Apple provides the governance for its application store.
11
D7.2.2 Plan for Use and Dissemination of Knowledge v2
Services take more and more space in the private and the public areas. The main goals of ITS
(e.g. enhance traffic efficiency, ease travel in Europe) should be mainly provided by public or private companies. As OVERSEE can run critical applications safely and securely and protect important data, a lot of services can emerge for the use of such a platform, e.g:
Insurance can provide “pay as you drive” services based on reliable information
Eco taxes can rely on your everyday consumption
Travel services, including a perfect integration between plane, car, bus with no time to wait, can be put in place involving a vast number of companies
Dynamic traffic management to reduce traffic can be set
The services can be also interesting at other levels. For example an SME can specialise to certify some services according to standards.
The difference between the service centric and the application centric business model relates to stakeholder roles and responsibilities/liability in the supply chain. In the service centric approach the service provider can endorse a level of responsibility/liability. To make this model work, the resulting ecosystem should include the following:
A platform approach ensuring separation of concern between interactive systems and independent vehicle-based electronics.
An assurance approach that would legally ensure separation of responsibility and liability. Essentially, the OEM will not be liable for malfunctioning of applications, but
the service provider can be liable.
An Application development ecosystem set up by the service provider (it would be an application store).
An agreed level of application assurance, and agreed verification/certification scheme.
2.6.3
OEM Centric Business Model
This business model will mainly be the focus of an OEM. The difference with the service provider centric model is that services are directly offered by the OEM. This solves the problem of separation of concern on responsibility and liability, i.e. the OEM is liable. On the other hand, the OEM still has to organise its supply chain so that responsibility/liability are well identified. This still justifies the use of a platform like OVERSEE enabling the execution of ITS applications next to Infotainment applications on a single ECU. Different exploitation scenarios are imaginable:
Customisation of vehicles after Start of Production for different user groups of special-purpose vehicles or fleet operators
Maintenance of rapid changing online services without reverification of the whole system
Enabling an OEM application store to offer new functionalities to any customer after the start of production
To make this model work, the resulting ecosystem should include the following:
12
D7.2.2 Plan for Use and Dissemination of Knowledge v2
A platform approach ensuring separation of concern between interactive systems and independent vehicle-based electronics.
An assurance approach that would legally ensure separation of responsibility and liability. Essentially, the OEM will have to negotiate with supplier's responsibility and liabilities. The use of virtualisation could actually be a requirement for suppliers to negotiate such liabilities.
An ecosystem for applications, this would be decided by the OEM.
An agreed level of application assurance, and agreed verification/certification scheme. This would be decided by the OEM.
2.6.4
OVERSEE Can Enable Multiple Business Models Simultaneously
The considered business models have pros and cons, but as they can be beneficial for different companies, they can be combined.
This is made possible by the isolation and security capabilities of the OVERSEE platform, i.e. the three business models can be supported by the same OVERSEE platform.
Note that in all cases, there could be restrictions on applications that are allowed. Public authorities could have to decide on policies for restricting applications and possibly verifying/certifying them, in order to guarantee that they are harmless for road safety.
The consortium is now in the stage of liaising with the ITS community. If needed, this section will be revisited for the end of the project.
13
D7.2.2 Plan for Use and Dissemination of Knowledge v2
3 Description of Dissemination Plan
3.1
Approach to Dissemination and Use
As defined in the description of work:
The overall objectives for the dissemination and use task within OVERSEE are as follows:
To establish effective mechanism for continuous communication and dissemination
To follow-up standardisation activities and submit standardisation proposals to the relevant bodies as an outcome of the project
To organise and attend meetings to liaison with related projects and initiatives
To support the organisation of specific workshops
To help ensure that OVERSEE results will be fully exploited
The project implementation involves the close participation and cooperation among organisations from multiple areas of expertise. Technically oriented commercial partners will benefit from the added experience in a growing technology to gain competitive advantage into their respective type of business. Academic institutions are always eager to enhance their experience in the various levels of ICT in order to make one step forward in scientific knowledge and fulfil their academic roles. The greatest beneficiaries in the case of a project like OVERSEE though are the industry partners involved. They will be the actual users of the project’s results and their input and participation will be crucial in order to produce a viable solution that may be used by many more companies or expand to other types of application scenarios.
OVERSEE will move horizontally along the concepts and vertically within each of them. Each underlined concept recalls a route for dissemination, which can be categorised:
according to the kind of access reserved to external people, such as access: through media, on demand, through events, and
based on the contribution that the OVERSEE actors may also bring to specific sectors group-based promotion and contribution to standards.
14
D7.2.2 Plan for Use and Dissemination of Knowledge v2
GroupBased
Promotion
Access through
Media
Project Results
Access on
Demand
Access through
Events
Contribution to Standards
Figure 1: Dissemination and Liaison Concepts Used by the OVERSEE Consortium
Figure 1 roughly shows the roadmap of the dissemination activities. The basic line of thinking
is as follows: The work-packages need to give first results before we can make material that is worthwhile and includes enough content and information to enable adequate and effective dissemination.
In terms of organisation, the idea is to have the academic partners involved in standards contribution and access through events (conferences and seminars). To have the businesses involved in the access on demand and using their own access channels to media to disseminate OVERSEE. Different types of partners will be involved in access through events and group-based promotions
Group based promotions
Events and group-based promotions will enable localisation of OVERSEE findings and material. The OVERSEE partners will be involved in many of the dissemination activities, in fact, they will have to take the lead in organising some national/international events and group based promotion. OVERSEE industrial partners will help the consortium in the regions that are included.
The preparations of group-based promotion will start early in the project to make sure that the necessary agreements and arrangements can be made.
Standards contribution
The work in this respect will start early in the project and be done by selected business partners and academic institutions. Standardisation organisations that deal automotive applications and security will be contacted as early as possible.
Developments of these groups are followed and material of OVERSEE is reworked and submitted to these organisations, through the appropriate channels. This line of disseminating needs a continuous effort and will be dealt with on a continuous basis, from the start to the end of the project.
Access through media
This is the more traditional way of promotion, which includes selected journals, newspapers, scientific or targeted publications, bulletin, newsletters, television at a local or a national level, publication and diffusion of advertising material, brochure,
CD-ROM etc. The recipient is accessed by a spread-as-possible dissemination.
OVERSEE has prepared an ambitious plan for making external companies aware of the project. A number of professionally prepared promotional materials will be
15
D7.2.2 Plan for Use and Dissemination of Knowledge v2 prepared. The intent is clearly to enlarge awareness of the technology and applications being experimented to enlarge the potential recipients of the message and increase the number of interested companies.
This is a continuous action that will result in communication around on OVERSEE preferably through channels that the OVERSEE partners already use, or have easily access to. This includes magazines and electronic channels. The basis communication set will be made when the project is one year underway. Further activities in this respect are planned as of the beginning of the project and will be implemented in the second year of the project. Especially the more scientific channels usually take some more time to be effectuated.
Access on demand
It includes all forms of data archives, which may be consulted by interested users, generally freely or with a limited charge, upon request. The OVERSEE plans for dissemination envisage the setup of at least one dedicated server (but possibly more, according to individual plans and applications), whose main objective is to diffuse the
OVERSEE results as wider as possible throughout the Community and Standardisation
Bodies. In particular, the OVERSEE web server will provide the update view on
OVERSEE, using the latest available technology (i.e. animation, multimedia etc.), including: o Objectives and achievements o Public deliverables in electronic forms o Key persons and contacts o Advertisement and announces of forthcoming public events (workshops, trials etc.) o Reports on events completed (workshops, trials etc.), and project updates o Technical page on trials and internal tests and experiment information/updates o Cost-benefit and impact analysis o Cooperation with similar projects/external bodies, and references to publications and other miscellaneous information
The development of a website / server will start at the beginning of the project. It will be used to support other communication means. Given the planning of OVERSEE the site will only be really useful after 1 year in the project. The aim is to come to monthly refreshing of the material in the second year. The site will remain available after the project is finished. The site may be integrated to some extent in some of the
consortium member’s websites.
Access through events
Examples are workshops, conferences, seminars, trials and any other activities, which lead to the involvement of different spectrum of audiences from different backgrounds not only in the educational and training sector. In this case, the access is very specific: the audience is generally limited in number but qualified and has experience in the field. Access through events covers exploitation externally as well as internally within the partners' organisations.
OVERSEE will be active in the organisation of domain workshops, participation and
16
D7.2.2 Plan for Use and Dissemination of Knowledge v2 contribution to relevant conferences not only in the automotive domain but also in the data security, virtualisation, embedded industry, Legal & Regulatory as well as other related areas. Presentation of the project’s achievements and results will be of benefit to a wide range of audience.
Workshops will be organized in cooperation with the Commission. One Workshop is foreseen by the end of the project. This workshop will need some preparation as we intend to invite relations of the partners in the consortium, as well as invitees of the
Commission. Conferences and seminars are visited and attended by mainly the academic partners. They will use these platforms also to get inputs from peers.
Possible conferences for OVERSEE dissemination
Conference
World Congress on ITS
World Automotive Congress of the International Federation of Automotive
Engineering Societies (FISITA) 2010 escar – Embedded Security in Cars
Workshop
URL http://www.itsworldcongress.org
http://fisita2010.com
http://www.escar.info
European Congress & and Exhibition on
Intelligent Transport Systems and
Services http://www.itsineurope.com
European Embedded Real-Time Software
Congress 2010 http://www.erts2008.org
German Automotive Safety & Security
Conference
International Forum on Advanced Microsystems for Automotive Applications
(AMAA) http://www.automotive-deutschland.de
IEEE Vehicular Technology Conference http://www.ieeevtc.org/
International VDI Congress “Vehicular
Electronics” http://www.elektronik-auto.de
http://www.amaa.de
VDI Workshop on Automotive Security www.vdi.de/security2009
World Congress of the Society of
Automotive Engineers (SAE) www.sae.org/congress
ETSI TC ITS Workshop
International Workshop on VehiculAr
Inter-NETworking (VANET) http://www.etsi.org/webSite/NewsandEvent s/Past_Events/2009_ITSWORKSHOP.aspx
http://www.sigmobile.org/workshops/vanet
2009/
Table 5: OVERSSE target conferences for dissemination
17
D7.2.2 Plan for Use and Dissemination of Knowledge v2
3.2
Project Identity
3.2.1
Project Identity
The OVERSEE project has created the following logo, which is available in various sizes:
This logo is used with the following standard documents:
Press release
Fact sheet
Deliverable
Presentation
Templates
Flyer
Website.
Standard documents and templates for these documents are maintained on the project workspace. Some of the documents are also available on the OVERSEE wiki.
3.3
Video as a dissemination material
One of the main goals of the OVERSEE project is to show the feasibility of an open platform for innovative automotive applications in real word vehicles, thus, leaving the research lab and showing the readiness for use. Therefore, within the OVERSEE project a demonstration in a real world vehicle provided by VW will be presented in the Proof of Concept phase.
Since naturally such demonstrations are very costly and limited in time and audience, the
OVERSEE consortium decided to prepare a video showing the overall vision of OVERSEE, the architectural concepts, the resulting benefits and of course documenting the real world demonstration.
To use the budget for dissemination activities economically the OVERSEE consortium will try to go for a video production which is supported by work of students of the University of
Siegen that are interested in this topic. These students are trained for video projects during their studies and are able to draw on the well equipped video laboratories of the University.
Additionally, the marketing department of VW will be involved in the video production.
18
D7.2.2 Plan for Use and Dissemination of Knowledge v2
3.4
OVERSEE Dissemination Highlights
3.4.1
Highlights of 2011
Date
01/03/2011
4-5/04/2011
11-15/04/2011
6-9/05/2011 meeting
Description
Presentation with the title “OVERSEE -
Potentials and Challenges for the Automotive
Industry” at embedded world, Nuremberg
Presentation of OVERSEE in ICT for transport concertation meeting
Participation at ISO Subcommittee 27
Presentation with the title "Open Platforms
On the Way To Automotive Practice" at ITS in
Europe in Lyon
Communication
Activity
Presentation and
Discussion
Presentation of
OVERSEE.
Discussion on platforms.
Discussion about standardization in the field of embedded security
(light weight cryptography, group key cryptography)
Presentation and
Discussion
Impact & Audience
Experts on embedded systems and automotive.
Awareness within the ICT community
Information concerning future standardization activities regarding lightweight embedded security; ISO SC 27 members
16-20/10/2011
Misc.
12/07/2011
Presentation with the title "Towards A Shared
Digital Communication Platform for Vehicles"
ITS world in Orlando
Participation at Escar (Dresden), Evita
Workshop (Erlensee), Final year event
EuroBITS (Bochum)
Publication of a paper with the title “Platforma de TI para veículos,” in RTI - Redes, Telecom e Instalações, vol. XII, no. 136, pp. 84–
94,http://www.arandanet.com.br/midiaonline/r ti/2011/setembro/index.html, 2011.,
Presentation at CAST Workshop “Embedded
Security” (12. July Darmstadt Germany)
Presentation and
Discussion
Informal dissemination of
OVERSEE results and concepts
Paper
Presentation
Presentation of
OVERSEE open platform approach for automotive and ITS; ITS experts
Presentation of
OVERSEE open platform approach for ITS development and deployment; ITS experts
Information concerning
OVERSEE and the open platform approach for ITS; automotive vendors (e.g.
Hyundai), other research projects, experts on embedded security
Dissemination of
OVERSEE results to south America, especially
Brazil.
27/07/2011
15/12/2011
01-15/12/2011
02/2011
Meeting with ADAC (Mr. Coldewey) for a general discussion on future of open platforms.
Telephone conference with Hyundai
Application to the ETSI Workshops (Security
Workshop 18 January, France and ITS
Workshop 9. February Qatar) (Accepted for both and presentations done)
Paper in a journal (Planned publication Feb
2-3) Device Virtualization in a Partitioned
System: the OVERSEE Approach
Discussion
Discussion
Presentation
Paper
Presentation with topic
“On the way to a secure and open in-vehicle platform”
Joint demonstration and possible cooperation's were discussed.
Discussion on possible cooperations with Hyundai
Consortium requested slots at the ETSI workshops. Both got accepted and presentations were done in first quarter 2012.
Table 6: OVERSEE dissemination activities.
19
D7.2.2 Plan for Use and Dissemination of Knowledge v2
3.4.2
Meetings with Advisory Board
3.4.2.1
First Meeting (May 2010)
The advisory board had its first meeting in May 5 th
, 2010. Figure 2 shows the meeting
agenda.
Figure 2: Agenda Meeting OVERSEE Advisory Board
During this meeting each Advisory Board members held a presentation concerning his company and their interest in OVERSEE. The first slides of each presentation are presented in Annex A.
The second part of the meeting was dedicated to the presentation of the first results of the
OVERSEE project as well as the next foreseen steps. The participants provided useful comments.
The meeting was concluded by an open discussion about some very interesting topics:
1.
Sharing a vision of OVERSEE. In particular,
2.
Taking into account standards and contributing to them
3.
Business opportunities
20
D7.2.2 Plan for Use and Dissemination of Knowledge v2
The chair for OVERSEE during this discussion ask the Advisory Board member on their opinion about these three topics in an interrogative way. The first point was composed by 5 questions, the second by 3 questions and the last one by 4 questions.
Here is the list of questions discussed:
Point 1: OVERSEE vision o Enable more flexible online applications? o Different levels of security and dependability? o Technical solutions? o Technical features to investigate? o Legal issues?
Point 2: Standards o Can we standardise a platform? o Can we standardise application delivery? o Is Autosar in the picture?
Point 3: Business aspects o Value chains? Business stakeholders? o Where should the platform be used (e.g. In-vehicle, RSU)? o Approval/Certification? o Open source as a business model for automotive?
The following comments were made by the Advisory Board.
OVERSEE should focus on business critical application, not on safety critical applications. As a result, supporting Autosar is not a priority.
Supporting OSGi-based systems is important. As one automotive supplier said, he would have a problem in promoting a platform that cannot support OSGi-based systems
Two further Advisory Board meetings were planned:
A meeting in 2011 that will focus on a presentation of the solution proposed by
OVERSEE in order to seek a feedback
A meeting in 2012 in order to present the developed solution and seek a feedback
3.4.2.2
Second Meeting (September 2011)
In September 2011, a second OVERSEE Advisory Board meeting was organised in Berlin.
The following Invitation was sent.
Dear OVERSEE Advisory Board Members,
The OVERSEE advisory board meeting is taking place next week on
6-7 September 2011. Below is the agenda of the meeting and
21
D7.2.2 Plan for Use and Dissemination of Knowledge v2 location. We would be happy if you could also join our social evening on the 6.September.
We also planned a session for presentations of our advisory board members. It is of course not obligatory but we would appreciate if you could make a short speech/presentation
(~10min) about your organization, thoughts about OVERSEE
Project and your future expectations from the outcome.
I would be happy if you could inform me if you would like to make a short presentation and join the social evening.
- -- Agenda --
06.09.2011
19:00 Small Tour
19:30 Dinner
07.09.2011
10:00 - 10:50 Welcome and OVERSEE Overview
10:50 - 11:10 Coffee Break
11:10 - 12:00 OVERSEE Overview (cont.) and Demo's
12:00 - 13:00 Lunch
13:00 - 14:00 Presentations from Advisory Board Members
14:00 - 14:15 Coffee Break
14:15 - 15:30 Future Aspects - Discussion
- -- Location --
Fraunhofer Fokus Kaiserin-Augusta-Allee 31 10589 Berlin,
Germany
How to get there: http://www.fokus.fraunhofer.de/en/fokus/institut/service/anfahr t/anfahrt_berlin/index.html
Best regards
Hakan Cankaya
Some members of the board were not available for the meeting but sent some questions and topics to the consortium to discuss.
22
D7.2.2 Plan for Use and Dissemination of Knowledge v2
During this meeting the project was introduced with a presentation of the project and its status. A summary of the work done in each work package was also presented to the
Advisory Board members. The main point in this presentation was the architecture and security solutions currently being implemented. Moreover, intended demonstrators were presented. All along the day, the board has provided feedback and comments on the proposed outcome of the project.
Their main feedbacks were:
OVERSEE enables more flexible online application deployment and helps to solve vehicle software lifecycle problems by authorizing updates. Security features of
OVERSEE should be presented in a better form. What can Oversee provide, what kind of infrastructure/framework can be built upon OVERSEE, what is out of scope.
OVERSEE should provide a basis for possible standards in the field of open vehicular platform and security policies for applications
Virtualization hastens time-to-market and enables the reuse of existing products in a simpler way
OVERSEE platform seems adapted to an industrial environment. The validation of such a product should be feasible at a reasonable cost
Some further questions were raised (during the meeting or through later mail interactions).
In particular on internet connectivity: the connection to web services, the multiple connectivity options, the specific aspects of V2X communications, the specific aspects of invehicle environment, and the use of open ICT infrastructure which imply an overall understanding of the security concept. OVERSEE should be able to position itself clearly. In particular, OVERSEE should be able to provide the expected answer:
HW or SW solutions?
Is there some end-to-end consideration?
Is there an architectural approach?
Is the solution affordable?
The next Advisory Board Meeting will be held at the end of the project to present the final result of the OVERSEE project. The members of the board have expressed that they looking forward to this demonstration.
3.4.3
Liaison with other Projects
This section lists the liaisons carried out with other projects.
PRESERVE: Is a 4 year project which started in November 2010. Its objective is to combine and extend results from earlier research projects (SEVECOM, PRECIOSA, EVITA), integrating and developing them to a pre-deployment stage by enhancing scalability, reducing the costlevel, and addressing open deployment issues. A technology kit will be made available to field-operation-test projects in 2012. The platform solution developed by OVERSEE should be available at the end of 2011 and could be integrated in the PRESERVE technology kit.
Liaison will take place this year through Escrypt and Trialog who are partners of both projects.
23
D7.2.2 Plan for Use and Dissemination of Knowledge v2
Liaison objective: investigate use of OVERSEE platform in PRESERVE
Work done in 2011: Discussion on cooperation between both projects to provide a demonstration during ITS World 2012. Unfortunately, PRESERVE consortium has not taken into account OVERSEE platform from the beginning because of the earlier stage of the project when PRESERVE started. Nevertheless, all participants agreed that PRESERVE should be perfect to be integrated into the core OVERSEE partitions (Secure I/O and Secure Services partitions) to handle V2X communications. Study is still on-going to show the feasibility of a joint demonstration.
Work to be done in 2012: Finalisation of the study to show the feasibility of a joint demonstration and strong cooperation during ITS World 2012
Contact point: Thomas Wollinger (Escrypt)
SEVECOM: The SEVECOM project has specified architecture and mechanisms for secure vehicular communications, including already requirements for security APIs, as well as secure HW modules. Those requirements and potential solutions, where available, and used as input to the OVERSEE requirements engineering process as well as the later specification and implementation process. The pioneering work done within SEVECOM will be a solid foundation for the secure open vehicular platform developed within OVERSEE.
Liaison objective: reuse features for secure communication
Work done in 2011: as SEVECOM results (software) were not very efficient in the state, it has been decided by the consortium to only reuse some features during the project lifetime.
Nonetheless, a future OVERSEE implementation should reuse the SEVECOM results
(architecture)
Contact point: Antonio Kung (Trialog)
TECOM: TECOM is a completed ITEA project which investigated solutions and architectures for embedded systems platforms which need to meet both security and integrity requirements. The TECOM approach is applying the concept of trusted platforms to realtime embedded systems. TECOM used XtratuM as the underlying technology. More information is available at http://www.tecom-itea.org
Liaison objective: input for architecture of platform
Contact point: Alfons Crespo (UPV)
EVITA: The EVITA project designs, verifies, and prototypes a standardized security hardware anchor for vehicular onboard networks such that all security-relevant components and sensitive information can be protected against tampering and unauthorized manipulations.
Hence, the EVITA acts as an important building block of the OVERSEE hardware layer, which anchors the security of all upper layer software security mechanisms and security applications. Moreover the EVITA hardware will strengthen the dependability aspect of
OVERSEE by preventing possible attacks and detect failures. OVERSEE will be the first application that puts the EVITA results into practice (besides the proof-of-concept applications realized within EVITA). OVERSEE further extends the safety-centric application
24
D7.2.2 Plan for Use and Dissemination of Knowledge v2 focus of EVITA to a much more diversified vehicular field of application with strong needs for
IT security such as various business applications (e.g., location-based services, mBusiness) and legal applications (e.g., vehicle black box, digital license plate) or the vehicular cooperation application as for instance developed by the CVIS project. Hence, OVERSEE is the overall enabler and connector between the EVITA security hardware anchor and many upcoming vehicular applications
Liaison objective: reuse hardware security module
Work done in 2011: integration of the EVITA hardware module
Work to be done in 2012: finalization of the integration.
Contact point: Hakan Cankaya (Escrypt)
PRECIOSA
The results from the PRECIOSA project will be relevant for OVERSEE with respect to the support of privacy enhancing technologies to be implemented in future ITS systems. In particular, requirements concerning the controlled access to confidential information (from key material to private information) will be input to the OVERSEE requirements engineering process and the later specifications and implementations.
Liaison objective: input for requirements on data protection
Contact point: Christophe Jouvray (Trialog)
SAFETRIP
The SafeTRIP project (Satellite Applications For Emergency handling, Traffic alerts, Road safety and Incident Prevention) is a European research project co-funded within the FP7. The goal of SafeTRIP is to integrate innovative satellite technologies and communication in ITS vehicular applications, as emergency call, traffic and fleet management, infotainment. This includes broadcast satellite communication towards vehicles, messaging communication from the vehicle to the satellite and also bidirectional satellite communication for professional users and safety-oriented applications. To enable this vision, the SafeTRIP consortium develops a service oriented platform for vehicles, including a middleware for the selection of the appropriate communication channel. Due to the common interest in a communication/application platform for vehicles and the complementary focus of the projects (satellite communication and services vs. security of applications and communication) the project consortia agreed to investigate options for integrating of
OVERSEE functionalities in SafeTRIP and vice versa. Furthermore, the consortium is interested to jointly work towards a common in-vehicle platform definition, maybe leading to a subsequent standardization of key components/interfaces of open in-vehicle communication and application platforms.
The interested partners of the SafeTRIP and OVERSEE consortia already passed some joint conference calls and will intensify their common work during a workshop-like meeting at the end of January.
Liaison objective: cooperation for joint work (reuse of each other project)
25
D7.2.2 Plan for Use and Dissemination of Knowledge v2
Work done in 2011: Conference Call to present both project and initiate a discussion on a possible joint effort
Work to achieve in 2012: Meeting in Munich in January to decide the integration of one project in the other.
Contact point: Jan Holle (University of Siegen)
ADAC
The OVERSEE Consortium was in contact with Mr. Coldewey from ADAC. He is also a member of the eCall "Task Force Open". ADAC is Europe’s largest automobile club and operate the most widespread breakdown service in Germany. Both ADAC and the “Task
Force Open” fraction have interest in open platforms for vehicles. In this context we had a meeting with ADAC and discussed the future of open platforms, exchanged ideas and views on this topic and planned possible further steps to extend the cooperation It is planned to integrate the breakdown service application of ADAC into OVERSEE as a demonstration use case if the integration efforts can be planned within the OVERSEE schedule.
Liaison objective: Demonstrate with the ADAC application a real use case and business case.
Feedback for further steps of OVERSEE Project.
Contact point: Hakan Cankaya (Escrypt)
26
D7.2.2 Plan for Use and Dissemination of Knowledge v2
4 Description of Use Plan
4.1
OVERSEE as Part of a Roadmap
OVERSEE has worked on understanding a roadmap. This work was started further to the second Advisory Board meeting. It focuses on the creation of an ecosystems using OVERSEE technology.
4.2
Making the OVERSEE Platform a Reality
4.2.1
Current Challenges
The current challenges in the foreseen automotive platform come from different categories:
Integrating innovation: innovations come mainly from research and are the basis of
R&D projects. Therefore, the integration of these innovations can be split into integration in a research oriented platform, and integration in (pre-)industrial platform.
Integrating transversal features: A lot of transversal features are increasingly important in the ITS part of the automotive world, e.g. Scalability or Quality of
Service.
Interoperability: interoperability is a main concern as soon as communicating systems are involved. The definition of the interoperability between components, modules, or systems has to reflect a consensus including on items that have not been formally defined. Moreover, standards have to be taken into account. Nonetheless some existing standards may defeat interoperability.
Technology independence: to enable the three points above, the automotive platform should not depend strongly on specific technologies, i.e. specific hardware or specific proprietary resources.
Multiple business models and multiple service providers: an automotive platform should be able to be updated, or to have new applications from various providers downloaded and installed. Thus on one hand complete isolation has to be available between independent vehicle-based systems and interactive systems, and on the other hand isolation between different interactive systems is needed.
4.2.2
OVERSEE Viewpoint on Automotive Platform Related Applications Market
The advent of an ecosystem depends on:
1.
Widely available technology
2.
Associated standards
3.
Compatible business models.
27
D7.2.2 Plan for Use and Dissemination of Knowledge v2
These three points can be addressed through an initiative and a consensus. 1. is usually the result of an initiative for an open platform such as OVERSEE. 2. and 3. can be addressed though a consensus building forum involving the stakeholders.
Thus it is possible to summarize the process that leads to a successful ecosystem by the following picture:
Figure 3: Building an Ecosystem for an automotive open platform.
From this structure of the Ecosystem, several mainstream markets should emerge. One of them is already foreseen and will rely on the architecture of the platform by itself, i.e. a strict
separation of concerns between platform (independent of determined technology cf. 4.2.1)
and applications. The application level will be composed by both applications and services.
Thus, four actors can be defined:
Consumer: the end user of the system. In the OVERSEE project it is mainly the driver
Service Provider: provides many end-to-end solutions to the consumer
Application Developer: designs, develops and sells many applications to the Service
Provider or the Consumer.
Platform provider: develops and enhances the open platform to fit all the requirements of the applications and/or the services provided by the above actors.
To enable this business model, it is necessary to define on one hand an interface between the platform providers and the applications-services actors, and on the other hand a mainstream offer.
28
D7.2.2 Plan for Use and Dissemination of Knowledge v2
Figure 4: One interface for one mainstream market.
4.2.3
Building the Ecosystem
To build an ecosystem, the various stakeholders have to struggle with some hurdles. These
stakeholders, as presented in Figure 4 are: the Platform Provider (PP), the Application
Developer (AD), and the Service Provider (SP). An ideal process to establish the ecosystem could be the following steps:
1.
PPs agree with ADs on an interface
2.
PPs create several platforms
3.
PPs agree on how the platform should meet market expectations
4.
PPs bring research to industry and synchronize with the mainstream market
5.
ADs invent many applications relying on the platform
6.
SPs use the application to develop end-to-end solutions and get it to market
In recent years, the design of several platforms was supported by the European Commission, for example through FP6 and FP7 projects. Unfortunately, the step 1. has not been yet carried out. Nonetheless, various platforms have been designed and successfully used in proof-of-concept situations (e.g. CVIS). Thus, step 2. can be considered essentially done. To successfully build the ecosystem, all the community members must synchronize their work and converge it to form a perfect solution suited for the market.
One of the main steps toward the broader use of an open ITS platform in the automotive domain, e.g. the OVERSEE platform, is standardization.
Currently some standardization work has already been done or is in progress. For instance,
ETSI is standardising ITS communication architecture, and there is already existing safety standards such as DO178B, IEC 61508, and the recommendations provided by the eSafety
Forum. However, some standardisation aspects have not yet been taken into account.
Assuming that the future European open ITS platform will be based on a virtualization mechanism, such as OVERSEE, standards have to be provided on different levels. For instance:
29
D7.2.2 Plan for Use and Dissemination of Knowledge v2
Interfaces and middleware: to abstract the hardware from the software. This will help to reduce the time-to-market of software, ease the interoperability of applications, and make them portable on any vehicle using the standard platform.
Partition of resources and accesses: Another possible point of standardisation is the characterisation of a “standard partition” dedicated to a certain kind of application and recommendations for resource access (e.g. an ITS partition must have access to
ITS 5.9 GHz communication, to GSM, and to GPS system).
Certification: an ITS platform must be provided with a Security partition that enforces some defined properties and policies, and which could be certified according predefined criteria such as a particular Common Criteria Protection Profile. Moreover, the scheduling must provide a certain percentage or some priority for emergency situations or other critical applications.
This standardization clearly has to involve all the actors (e.g., academics, service providers,
OEMs, application developers, suppliers) of the community. In this way, it should be possible to establish a dedicated task force within the (probably future) iMobility Forum that will be a follow-up of the eSafety Forum. One of the main tasks of the forum will be to detail the entire set of requirements to build this platform.
OVERSEE should be a main building block in this cooperative effort due to the experience gained during the project, and the fact that it is the first open ITS platform for the automotive domain able to support multiple applications with a mix-criticality at the same time. Moreover, some existing results (e.g. CVIS, CALM) can be integrated on top of the
OVERSEE platform. Furthermore, the OVERSEE consortium is sure that some of the requirements for an ideal ITS automotive platform are already solved by OVERSEE: hardware transparency, flexibility, isolation, cost reduction (both hardware and software), and opening market opportunities.
This topic will be submitted as a paper for ITS World 2012 which will refine the final results of OVERSEE. We believe strongly that the OVERSEE project and its consortium should be a leading part of such initiative.
4.3
Further Liaison Activities Related to the Ecosystem
Two lines of actions are planned:
Starting/joining discussion within the ITS community on platforms
Getting involved in the immobility WG on legal issues to cope with liability issues in such a platform
30
D7.2.2 Plan for Use and Dissemination of Knowledge v2
4.4
Consortium
The consortium consists of a combination of research and industry partners with extensive background in the topics related to OVERSEE objectives.
Partner Profile escrypt GmbH
Embedded Security
Fraunhofer-Institut für
Offene
Kommunikationssyste me
Private company, expertise in all aspects of embedded security
Institute for Open Communication Systems, researches and develops communication systems in wireless and wired fixed and ad-hoc networks
TRIALOG
Technical University
Berlin
Universidad Politécnica de Valencia
Private company for system and software engineering in the fields of real-time and embedded systems
University specialized on future scenarios for vehicular electronics, including embedded systems, networked cars, as well as human machine interfaces.
University, expertise in real-time applications and real-time operating systems
University of Siegen
University, expertise in security in real-time oriented communications systems
VOLKSWAGEN AG
OpenTech EDV
Research GmbH
Private company, one of the largest globally active automotive manufacturers
Private company, expertise in distributed embedded and realtime systems
Table 7: OVERSEE Consortium
This section provides a description of each partner interest. This section will evolve as we get a better understanding of the initial exploitation steps (i.e. the roadmap).
4.4.1
Escrypt
4.4.1.1
Escrypt GmbH’s background
As a system provider, escrypt offers solutions for all aspects of embedded security from one source. The services include system design, specification, prototyping up to product development and certification. escrypt works in all areas of embedded applications with need for security. escrypt’s unique branch expertise and technical competence is based on many years of experience in the field of embedded security and an extensive number of successful projects in the automotive domain.
31
D7.2.2 Plan for Use and Dissemination of Knowledge v2
4.4.1.2
Escrypt GmbH’s interest in OVERSEE
Today’s market does not offer an open und secure platform fitting the needs of today’s and future automotive applications such as, e.g., tolling. These kinds of applications require specific properties like virtualisation on basis of a sound security architecture.
The experience and result of this project will extend escrypt’s expertise not only for embedded applications in the automotive domain. Moreover, the expertise will be helpful for many other industries with security problems in embedded applications. The common challenge of many companies in the embedded industry is the small volume of devices produced per year and the unavailability of an open common security platform. escrypt is convinced that the production of such a cost-efficient platform will help many embedded applications to efficiently improve the security. escrypt will support their customers by designing and implementing the security into their systems on the basis of
OVERSEE.
4.4.2
Fraunhofer-Institut für offene Kommunikationssysteme
4.4.2.1
Fraunhofer’s background
The Fraunhofer-Gesellschaft is an autonomous organization with a decentralized organizational structure, which currently maintains 58 research institutes and a patent office in locations throughout Germany. Fraunhofer-Gesellschaft is the leading organization of institutes of applied research and development in Europe. Future-oriented strategic research commissioned by the government and public authorities are carried out with the aim of promoting innovations in key technologies with an economic and social relevance in the next five to ten years.
Work focuses on specific tasks across a wide spectrum of research fields including communications, energy, microelectronics, manufacturing, transport, and the environment.
Based on its vision of a user-centric ubiquitous computing and communication environment,
Fraunhofer FOKUS (www.fokus.fraunhofer.de), the Institute for Open Communication
Systems, researches and develops communication systems in wireless and wired fixed and ad-hoc networks. Thereby, Fraunhofer FOKUS designs, specifies, implements, and evaluate communication protocols, services, and applications. Furthermore, Fraunhofer FOKUS is actively working in protocol testing and developing tools for automated and formalized test systems.
4.4.2.2
Fraunhofer’s interest in OVERSEE
Fraunhofer FOKUS will exploit the results achieved in OVERSEE in different fields. First of all, according to the “Fraunhofer model”, the expertise gained will be used in the acquisition of new industry and research projects. The expertise will therefore by made substantial by publishing papers in the relevant conferences and journals. If applicable, Fraunhofer FOKUS aims at founding spin-offs, which can market its own solutions and create new jobs in the region of Berlin. Finally, Fraunhofer FOKUS, through its membership in the European
Telecommunication Standards Institute, can influence and create standards for, e.g., ITS and
32
D7.2.2 Plan for Use and Dissemination of Knowledge v2 the use of secure platforms in the domain. Therefore, FOKUS can disseminate the project results of OVERSEE to standards bodies, which in turn will create a benefit for all partners, if the OVERSEE platform, or parts of it are backed by standards.
4.4.3
TRIALOG
4.4.3.1
Trialog’s background
TRIALOG is a system and software engineering company in the fields of real-time and embedded systems. It focuses on innovative systems for the automotive and home / consumer electronics marketplaces. Most of the devices being developed for these markets today have networking capabilities and can communicate with their environment, such as other peer devices and Internet access. Trialog core competencies are therefore oriented towards the right combination of real-time embedded software and networking technologies which are the keys to building such communicating devices and their interfaces to large business information systems. TRIALOG engineering process focuses on system, network and software architecture, design-to-cost and design-to-security.
Some work carried out recently include:
Network protocols and connectivity solutions, in the area of automotive applications
(VAN, CAN, TTP, Flexray, etc.), in the area of home networking including control buses such as the EHS/KNX bus, in the area of audio/video high-speed buses such as the IEEE1394 / HAVI bus, Hiperlan 2, etc. Connectivity solutions focus on embedded gateways with Internet Capabilities (integration of OSGi technology) and wireless communications (GSM./GPRS, 802.11, Bluetooth, etc.).
Coordination of security projects such as e-PASTA IST project (e-Protection of
Appliances through Secure and Trusted Access) or GST-SEC (security subproject of
GST IST IP). Technical coordination of the TEAHA (The European Home Application
Alliance) IST project with support of security aspects. Coordination of the Sevecom
(Secure Vehicle Communication) IST Project. Technica coordination of the e-Inclusion
MonAMI IST project.
More information on Trialog can be found in http://www.trialog.com.
4.4.3.2
Trialog’s interest in OVERSEE
Trialog has 20 years involvement in automotive systems, in particular in telematics applications. The results of this project will allow it to enhance its business activities along two directions:
Validation tools for open secure vehicle platforms. In particular, Trialog will lead WP4
(Open Platform Validation Support), an area where it has already a wealth of building blocks available, in particular in the area of testing based on ISO 9646 and TTCN3 test technology. Trialog plans to develop specific enhancement of test tools that can be use to validated Oversee types of platforms.
Trialog also plans to provide consulting and services around the use of such platforms. For instance the development of specific test suite could be of interest.
33
D7.2.2 Plan for Use and Dissemination of Knowledge v2
OVERSEE is an example of the fact that transversal aspects (security, interoperability, privacy, liability) have a profound impact on the ICT solutions used in ITS. The ICT ecosystems is impacted. Trialog plans to be active in this area (ecosystem building)
Note that we plan to extend the scope of our business to other area than automotive (e.g. home control, industry control in machine-to-machine (M2M) configurations ...)
4.4.4
Technical University Berlin
4.4.4.1
Technical University Berlin’s Background
The department for Open Communications Systems (OKS) at Technische Universität (TU)
Berlin is researching and developing methods for a cooperative but autonomic behaviour of system elements. OKS has years of experience in the design, specification, and development of open distributed systems.
As part of OKS, the Daimler Center for Automotive Information Technology Innovations
(DCAITI), has been founded in 2006 as a public-private partnership between Daimler AG and
TU Berlin.
DCAITI is specialized on future scenarios for vehicular electronics, including embedded systems, networked cars, as well as human machine interfaces. Focus is on research in platform and application development and evaluation.
4.4.4.2
Technical University Berlin’s interest in OVERSEE
DCAITI will use the expertise and integrated platform gained for further input to research, improved quality of teaching, and acquisition of new projects. The results will be published in international conferences and journals. Further, where appropriate, the results will be used in internal collaborations with Daimler.
4.4.5
Universidad Politécnica de Valencia
4.4.5.1
UPV’s Background
The Real-Time Systems Group at the Universidad Politécnica de Valencia has a relevant experience in the real-time field. It has developed scheduling analysis techniques for realtime applications. Also, It has been involved in the design and implementation of real-time operating systems which have been distributed in the community by GPL licenses. This group has developed the real-time operating system Partikle which is the substitute of RTLinux-GPL distribution. During last 4 years, it has develop the hypervisor XtratuM which is the first open source virtualiser for critical real-time systems. The group has also made contributions in the field of real-time systems scheduling and control.
34
D7.2.2 Plan for Use and Dissemination of Knowledge v2
4.4.5.2
UPV’s interest in OVERSEE
As an academic partner, the individual exploitation plans will be focused in dissemination of the ideas resulting from the research via academic and industrial channels by submitting scientific papers into the appropriate conferences and journals, and by organizing workshops and tutorials related to the new technology. As a group interested in the technology transfer to the industry, the development will be offered to the scientific and industrial communities providing the sources through GPL like licenses.
4.4.6
University of Siegen
4.4.6.1
University of Siegen’s Background
Partner is the Chair for Data Communications Systems of the University of Siegen. Main research area of the chair is the integration of security and cryptography in communications systems considering all layers of the ISO model. Encryption devices for SDH (622 MBit/s) and
ATM (155 MBits/s) have been developed as well as secure multimedia applications or XML signatures. The institute was already responsible for the security aspects of 7 EU projects
(SCARAB, WEBSIG, ELIAS, GNIUS, USBCRYPT, SETIC, eMAYOR). The chair is member of
ISO/IEC SC 27 (Security Techniques) for more than 20 years and was editor of more than 5 international standards. The team includes more than 10 scientific assistants and around 20 persons in total. More than 20 doctors and 180 graduates finished their studies at the institute.
The chair works on security of automotive systems since 12 years. These activities started in
1997, when the chair participated in the realization of the security and cryptographic system of the Toll Collect System in Singapore (“ERP” Electronic Road Pricing). On behalf of the
German Security Agency it has performed security studies on the security of TMC/TPEG and the security of automotive bus systems (CAN, FLEXRAY, MOST, LIN). One dissertation has been already published “Informationssicherheit in Automobilen” by S. Goss (Volkswagen
AG), another four doctor theses are under research work (automotive sensor protection, security of the diagnosis interface, secure in-car communication, secure gateway). The leader of the chair is co-chair of the eSecurity Working Group of the eSafety Forum of the EU
Commission. The chair has a lot of connections and relations to the automotive stakeholders by this activity and became one of the known players in this area.
4.4.6.2
University of Siegen’s interest in OVERSEE
USiegen will use the expertise and the knowledge gained from the OVERSEE project in the following fields of its work and research areas:
Science: USiegen has academic interests in the project. It is planned that the knowhow and results trigger continuation activities after the end of this project and will be used in current research work as well as may be transferred into other research projects with similar or different but intersected subjects. Furthermore, USiegen will publish results as papers in scientific journals and by presenting at conferences.
35
D7.2.2 Plan for Use and Dissemination of Knowledge v2
Education: Being a university, project results will be directly forwarded to university students, especially in the area of engineering and computer science. Thus, the
OVERSEE results can be directly used for educating tomorrow's engineers.
Additionally, diploma, master and Ph.D. theses will be written on the project's topics.
Consultancy: USiegen's strategic goal is to increase the number of direct consultancy and industry collaborations. Collaboration and cooperation with other academic institutions will be done. We would also look to provide research consultancy services to government and industry.
4.4.7
Volkswagen AG
4.4.7.1
Volkswagen AG’s Background
With 48 production facilities in 19 countries and a broad product range stretching from passenger car to luxury and sports cars, light & heavy duty trucks and commercial vehicles, the Volkswagen Group has grown up to one of the largest globally active automotive manufacturers with world-wide sales of roughly 6,27 million units in 2008 (market share
10,3 %). The company consists of 8 independent brands from six European countries. Since many years VW is market leader in Western Europe with last year sales of about 3 million cars (market share 20,3 %). Volkswagen Group’s annual turnover exceeded 113,8 billion
EUROS in 2008 with expenditures for R&D of approx. 3 billion EUROS. The average number of employees worldwide was 369.928 of which 8.954 were occupied in Group-wide RTD activities.
In 2008, research and development activities mainly focused on expanding the product portfolio and improving the functionality, quality, safety and environmental compatibility of
Group products. The ideas contributed by our employees and the expertise of external partners played a key role here.
Volkswagen's aim is to produce vehicles with ever increasing quality, comfort, safety and technology standards and at the same time reduce fuel consumption and emission levels.
VW is interested in the application of new developments in all automotive areas not only to meet all relevant technical and legal requirements but also to satisfy customer demands on a consistently high level.
Volkswagen's Group Research is working on every field of automotive application and is responsible for identifying, evaluating and transferring innovative technologies to advanced engineering or series development departments of all brands of the Volkswagen Group i.e.
AUDI, SKODA (Czech Republic), SEAT (Spain) etc.
Research areas include: Electronics, Environmental and Mobility Science, Vehicle Technology and Dynamics, Manufacturing Science, Powertrain and Engine Technology and Control,
Pedestrian Protection, Pre-Crash, Accidentology
4.4.7.2
Volkswagen AG’s interest in OVERSEE
Volkswagen is the leading European car manufacturer. Its products are long lasting and incorporate the most recent and sophisticated automotive technology. For further
36
D7.2.2 Plan for Use and Dissemination of Knowledge v2 competitive products in the global market the introduction of additional new functions and technologies, mostly driven by the development of electronics, into the car will be very important. The next big technological steps within the next years for the automotive industry will be the interconnection of single cars to other cars and recipients.
By means of workshops and meetings of research projects, many possible use cases with different needs of communication and security issues were elaborated. To fulfil these different requirements for each application in series production, a wide spectrum of electronic control unit variants and complicated vehicle architecture would be the result.
If Volkswagen would like to offer versatile C2C and C2I functions with e.g. safety functionality to decrease fatalities in road traffic or e.g. convenience functionality to offer an additional value to the costumer with this internal and external car infrastructure, a fusion of these applications in one electronic control unit and one communication architecture is needed.
To increase the controllability of such a total system, virtualisation could be used as a powerful instrument. That technology would avoid a mutual influence of those applications running on one machine and using the same interfaces. OVERSEE could close this gap by offering an encapsulated runtime environment for each application and an adjustable access to all internal and external interfaces by security policies.
The automobile industry partners could directly implement the methodologies created within this project into the product development process.
4.4.8
OpenTech EDV Research GmbH
4.4.8.1
OpenTech’s Background
OpenTech EDV Research GmbH, registered in Mistelbach Austria, was founded in 2003 and is primarily engaged in research projects for industrial customers in the area of distributed embedded and real-time systems. The fields covered in OpenTechs activities include automation, mobile and telecom systems, thus including safety-related as well as security relevant systems components. As a consequence of the research activities OpenTech has been involved in training worldwide both for the commercial and academic arena.
Some of the open-source related projects
Real Time Audio Tools
XtratuM PowerPC porting efforts (PPC 405/440)
RT-Preempt MIPS porting effort (RT-Preempt 2.6.29-rc8 for Longsoon 2F)
Melita - Digital filter library for Linux kernel
RTL_REDD_UDP - real-time UDP protocol implementation for
RTLinux/GPL
Assessment related tools (KFT, GDB-tracepoints).
XtratuM real-time nanokernel components (XM tracer).
37
D7.2.2 Plan for Use and Dissemination of Knowledge v2
As strong advocate of open-source, OpenTech runs its project under open-source compliant licenses, and has also been involved in a number of migration activities, moving commercial entities to open-source solutions.
General activities in the OVERSEE context: OSS assessment (technical and risk), core system specification and development of missing components, support in the base distribution both host and target parts, testing and documentation review. Project management review, documentation review, system validation issues, assistance in community infrastructure setup. Implementation and technical documentation. Dissemination activities.
Specific activities in the OVERSEE context:
With the know how background of OpenTech we see main contributions in support for multiple hardware platforms including porting of key low level technologies to specific hardware (i.e. real-time services, fault tolerant resource infrastructure elements, etc.).
Notably as this projects covers not only demanding safety issues but at the same time stringent security demands our experience in both safety related system and security fit the demands of OVERSEE well. This experience not only covers specific tools for validation efforts but, based on a good understanding of relevant safety standards, also covers procedural issues of system certification (RAMS). While current safety standards have generally neglected security issues, these have been an active work field for OpenTech in the context of industrial systems based on current security standards (notably FIPS) covering secure communication issues as well as security issues of storage systems.
4.4.8.2
OpenTech’s interest in OVERSEE
As an SME that builds its business on Software being a service rather than a product, we intend to provide our contributions under an FLOSS license (preferably EUPL V1.1). Our primary exploitation activities is to promote core technical concepts along with our competence to provide services based on these technologies, thus OpenTech will focus on dissemination of concepts at industrial workshops (i.e. embedded world Nuremberg) as well as at academic and open-source community conferences. OpenTech, which is deeply involved in industrial open-source (Nicholas Mc Guire is the chair of OSADLs safety critical
Linux working group at OSADL), will utilize its channels to bring the concepts and most notably the specific implementation to the attention of potential users
38
D7.2.2 Plan for Use and Dissemination of Knowledge v2
5 References
[1] GENIVI Alliance, www.genivi.org
[2] AutoLinQ™, http://www.autolinq.de
[3] Ford SYNC®, http://www.ford.com/technology/sync/
[4] Microsoft Auto, http://www.microsoft.com/auto
[5] MeeGo, http://www.meego.com
39
