High-Confidence Bus Architectures: The Backbone of Automotive Cyber-Physical Systems

Introduction and Scope Automotive cyber-physical systems (CPS) encompass nearly every research challenge offered by high-confidence computing. To scope this position paper, I will focus on open research questions in the design and assurance of fault-tolerant real-time automotive communication buses. An example of a fault-tolerant automotive bus in development today is FlexRay, and there are a variety of fault-tolerant buses being researched and developed for avionics systems [4]. Such buses provide the intra-vehicle communications network for the most safety-critical applications, such as drive-by-wire, brake-by-wire, and throttle-by-wire systems. That said, I consider bus architectures in this paper broadly: this includes the buses themselves, bus interface units, and the interacting processing units driving the sensors, actuators, and other CPS applications. In the following, I describe three broad research agendas I believe to be paramount to the success of high-confidence CPS systems. The first of these is a community effort to specify and build an open bus architecture to act as a springboard for future research efforts. The second describes research challenges in formally specifying and verifying bus architectures for automotive CPSes. The safety-critical and security-critical nature of these systems, coupled with their complexity and multiple layers of abstraction, suggest that mathematically-rigorous specification and verification is necessary to have confidence in their correctness. Finally, I describe the research challenges in building bus architectures that at once integrate applications while providing needed partitioning.