Arm Community
Arm Community
  • Site
  • User
  • Site
  • Search
  • User
  • Groups
    • Research Collaboration and Enablement
    • DesignStart
    • Education Hub
    • Innovation
    • Open Source Software and Platforms
  • Forums
    • AI and ML forum
    • Architectures and Processors forum
    • Arm Development Platforms forum
    • Arm Development Studio forum
    • Arm Virtual Hardware forum
    • Automotive forum
    • Compilers and Libraries forum
    • Graphics, Gaming, and VR forum
    • High Performance Computing (HPC) forum
    • Infrastructure Solutions forum
    • Internet of Things (IoT) forum
    • Keil forum
    • Morello Forum
    • Operating Systems forum
    • SoC Design and Simulation forum
    • 中文社区论区
  • Blogs
    • AI and ML blog
    • Announcements
    • Architectures and Processors blog
    • Automotive blog
    • Graphics, Gaming, and VR blog
    • High Performance Computing (HPC) blog
    • Infrastructure Solutions blog
    • Innovation blog
    • Internet of Things (IoT) blog
    • Operating Systems blog
    • Research Articles
    • SoC Design and Simulation blog
    • Tools, Software and IDEs blog
    • 中文社区博客
  • Support
    • Arm Support Services
    • Documentation
    • Downloads
    • Training
    • Arm Approved program
    • Arm Design Reviews
  • Community Help
  • More
  • Cancel
Innovation
Innovation
Innovation blog How GuardKnox is innovating automotive cybersecurity
  • Blog
  • Videos & Files
  • Innovation events
  • Members
  • Mentions
  • Sub-Groups
  • Tags
  • Jump...
  • Cancel
  • New
Innovation requires membership for participation - click to join
More blogs in Innovation
  • Innovation blog

Tags
  • automotive
  • Arm Innovator Program
  • Security
  • Partner Product
  • Cortex-A65AE
Actions
  • RSS
  • More
  • Cancel
Related blog posts
Related forum threads

How GuardKnox is innovating automotive cybersecurity

Louise Paul
Louise Paul
June 12, 2019
5 minute read time.

GuardKnox is at the forefront of the automotive paradigm shift to generate in-vehicle high-performance computing platforms for security.

The way we interact, drive our cars, and transport goods over the roads is on the verge of a fundamental change. In the future, the road experience for hundreds of millions of people and companies will advance, from direct handling, to simply entering a destination and letting the vehicle drive itself. The automotive industry is moving towards a service-oriented vehicle, where the passengers or drivers and their needs are the focal point, rather than the vehicle itself. This concept is founded on the ability to continuously and securely change vehicle capabilities, instantaneously, on-demand and over-the-air (OTA) from future OEM app stores.

The vehicle as an app store

Just as mobile phones have become ubiquitous handheld computers, so too are autonomous vehicles quickly becoming ubiquitous “computers-on-wheels”. Similar to mobile phones and computers of today, drivers will desire additional levels of connectivity, personalization and customization to meet their changing needs over the life cycle of their vehicle.

Car part icons
OEM FUTURE APP STORES - Creating Additional Revenue Streams and Increased User Satisfaction

OEM future app stores will allow over-the-air updates and service/application downloads for vehicles - from suspension and powertrain upgrades to infotainment and cockpit design. This in essence converts the driver of a vehicle to a subscriber of services while creating new markets and additional revenue streams for OEMs.

Arm technology assists GuardKnox in making the vehicle a secured land point for applications, services and on-board data processing and storage.

GuardKnox’s vision for the future of automotive electronic architecture

Dionis Teshler headshot

Dionis Teshler, the CTO and Co-Founder of GuardKnox Cyber Technologies, has joined the Arm Innovator Program as the Automotive Cyber Security specialist.

Teshler’s goal is to position GuardKnox at the forefront of the automotive paradigm shift to generate in-vehicle high-performance computing platforms for security, safety and added functionality. This enables scalable, flexible and secure software and hardware architecture to allow vehicles to meet the challenges of rapid change and capability deployment.

Additionally, high-performance platforms enable personalization, high-performance connectivity, mobility services and safe autonomous driving without needing resource intensive vehicular hardware architecture changes – creating new revenue generating streams for OEMs.

Cybersecurity as the foundation for additional connectivity, services and vehicle customization

The GuardKnox team brings decades of experience providing similar cybersecurity solutions to the Israeli Air Force systems: Iron Dome, Arrow and Israeli F-16 and F-35 Fighter Jets.

The GuardKnox Secured Network Orchestrator (SNO ) product line is composed of:

  • Internal – Central Domain Controller
  • External - Local Domain Controller
  • Body Control Module
  • Electric Vehicle Gateway ECU
  • Infotainment Domain Controller
  • Application Hosting Domain Controller
  • Electrical vehicle charging ECU

In all GuardKnox SNO  products, the flexible and scalable Arm technology is used in the hardware architecture in order to facilitate the GuardKnox patented technologies unique benefits:

  • Patented Service-Oriented Architecture (SOA): enables a multi-platform and multi-service approach with the ability to host multiple operating systems and services on one ECU with secure separation and full permission control. SOA has a secure separation (both hardware and software) between all resources, application groups, and operating systems, simplifying edge computing capabilities by providing ample processing resources with maximal flexibility both in interface support and provisions for future software extension or additional services being added.

SOA Implementation

GuardKnox SOA patented technology creates a secure environment which enables added services and applications by hosting downloads or upgrades on the SNO  platform throughout the lifecycle of the vehicle. The safety critical domain is enabled by the Arm Cortex-R lockstep processing CPUs, which allows the safety critical domain to be certified to the highest level of safety – ASIL D.

The hardware which allows successful secure SOA is based off of the capabilities of the Armv8-A architecture coupled with Arm TrustZone and an integrated Memory Management Unit (MMU) – allowing full hardware virtualization support, hardware separation between partitions, access control and enforced memory and interface separation.

  • GuardKnox’s patented Communication Lockdown Methodology: is completely revolutionary in its approach. GuardKnox’s patented three-layer Communication Lockdown  Methodology enforces an ongoing, formally verified, and deterministic configuration of communication among the multiple bus networks embedded in the vehicle. The Communication Lockdown  framework is based on the communication specifications of the vehicle: 
  1. The Routing Layer: Verifies that the message has arrived from a legal source
  2. The Content Layer: Verifies that the content of the message, down to the bit level, is legal
  3. The Contextual Layer: Verifies that this specific message is legitimate in the specific functional state of the vehicle (state machine) 

Communication verification is enabled in part by the Arm processor architecture, enabling 64bit processing with an extended scalable vector instruction set to optimize real-time communication verification performance. The Arm processor is coupled with GuardKnox’s programmable hardware data flow architecture to provide line rate speeds without latency delays, all whilst conducting full verification of all communication.

Read more on the patented methodology On GuardKnox's website.

  • Scalability and Interoperability: The GuardKnox SNO  has a high-performance flexible architecture based on Armv8-A processing cores, Armv7-R processing cores and FPGA logic

The hardware scalability ‘leaves room’ for future unforeseen data requirements as the connected and autonomous industry develops and matures. Changes in vehicle functionality will not require costly and resource intensive changes to vehicular hardware architecture. SNO’s interoperability (SOA) enables mission-critical and non-mission critical operating systems and application to run simultaneously on one ECU without interference. The compartmentalization ensures that if one application is compromised, all others will be unaffected. The Arm TrustZone and hardware virtualization support in the Armv8-A architecture allows GuardKnox’s hypervisor enabled software stack to efficiently and securely operate without interference.

What’s next for GuardKnox? 

In the future, GuardKnox is looking to integrate the new Arm Cortex-A65AE architecture which is the first in allowing microprocessor cores based on the Cortex-A to operate in a real-time Lockstep environment. Until recently, multiple architectures were required on a single SoC to answer all the needs in an integrated unit (Cortex-A processors for GP application, Cortex-R for real-time and safety-critical and Cortex-M or other soft processors for non-safety real-time).

From GuardKnox’s perspective, there are a number of distinct benefits from integrating the A65AE into GuardKnox’s product line:

  • Customers in the industry are now demanding advanced multi-domain ECUs, and GuardKnox is highly focused on providing integrated and cost-effective systems.
  • The Cortex-A65AE will bring the next generation in integrated multi-domain design for mixed criticality, mixed safety and mixed real-time applications.
  • The Cortex-A65AE enables flexibility and higher uniformity when designing products which inherently include multiple domains, each with its own criticality, safety, security and RT requirement.
  • In order to effectively simplify and consolidate functions, development complexity and toolchains within the Cortex-A65AE need to be integrated.

Integration of the new arm Cortex-A65AE will consolidate all application onto a single platform.

GuardKnox resources

Explore the latest resources from GuardKnox to help with your development:

  • Communication Lockdown Methodology Whitepaper
  • GuardKnox Blog – full of informative content including aftermarket and EV
  • Central SNO Datasheet
  • Local SNO Datasheet

To keep up-to-date with Innovator-based projects, and the ways you can benefit from their work, sign up to the Innovator Program newsletter below:

Sign up to the Arm Innovator Program

Anonymous
Innovation blog
  • Innovation Coffee: benchmarking & service migration with Liz Fong-Jones from Honeycomb

    Robert Wolff
    Robert Wolff
    Entrepreneur, developer advocate, labor and ethics organizer, Liz Fong-Jones joined us for this episode of Innovation Coffee. We talked about benchmarking and profiling, Honeycomb on AWS, OpenTelemetry
    • April 1, 2022
  • Innovation Coffee - Learn about Nix and NixOS

    Robert Wolff
    Robert Wolff
    In this episode of Arm's Innovation Coffee, Robert Wolff met with Matthew Croughan who runs his own software consultancy firm called Nix.how, and is a DevOps engineer at Platonic Systems.
    • March 22, 2022
  • Innovation Coffee - MWC Breakdown

    Robert Wolff
    Robert Wolff
    Missed MWC 2022? Don't worry! Watch this episode to learn about the latest news, best demos, and the most exciting updates from Mobile World Congress 2022
    • March 14, 2022