BUILDING FUNCTIONAL SAFETY PRODUCTS WITH WIND RIVER VXWORKS RTOS

Similar documents
10 Steps to Virtualization

Making the Factory Floor Smarter with IoT and VxWorks

SIMPLIFYING THE CAR. Helix chassis. Helix chassis. Helix chassis WIND RIVER HELIX CHASSIS WIND RIVER HELIX DRIVE WIND RIVER HELIX CARSYNC

Functional Safety and Safety Standards: Challenges and Comparison of Solutions AA309

Report. Certificate Z Rev. 00. SIMATIC Safety System

Report. Certificate M6A SIMATIC Safety System

RTOS, Linux & Virtualization Wind River Systems, Inc.

WIND RIVER ANSWERS TO 50 QUESTIONS TO ASK YOUR ARINC 653 VENDOR

New ARMv8-R technology for real-time control in safetyrelated

Report. Certificate M6A SIMATIC S7 Distributed Safety

Applying Multi-core and Virtualization to Industrial and Safety-Related Applications

Using a Hypervisor to Manage Multi-OS Systems Cory Bialowas, Product Manager

Security: The Key to Affordable Unmanned Aircraft Systems

Securing Edge Devices

WIND RIVER VXWORKS CERT PLATFORM

Wind River VxWorks Cert Platform

THE RTOS AS THE ENGINE POWERING THE INTERNET OF THINGS

End-to-end Safety, Security and Reliability Keys for a successful I4.0 Migration

Report. Certificate Z SIMATIC S7 F/FH Systems

FLUID COMPUTING. ARC FORUM, India Ricky Watts Director of Industrial Solutions, Wind River IN A SOFTWARE-DEFINED WORLD

Hypervisor Market Overview. Franz Walkembach. for GENIVI AMM, April 19 th, 2018 (Munich) SYSGO AG Public

LINUX CONTAINERS. Where Enterprise Meets Embedded Operating Environments WHEN IT MATTERS, IT RUNS ON WIND RIVER

S1.1: RESEARCH AND DEVELOPMENT IN EUROPE FOR COMPETITIVE MANUFACTURING. Competitiveness of Industry by means of Cross Fertilisation

WIND RIVER OVERVIEW Wind River. All Rights Reserved.

Riccardo Mariani, Intel Fellow, IOTG SEG, Chief Functional Safety Technologist

ELECTROTECHNIQUE IEC INTERNATIONALE INTERNATIONAL ELECTROTECHNICAL COMMISSION

WIND RIVER INTELLIGENT DEVICE PLATFORM XT

T72 - Process Safety and Safety Instrumented Systems

Functional Safety Design Packages for STM32 & STM8 MCUs

Real-Time Systems and Intel take industrial embedded systems to the next level

IoT Market: Three Classes of Devices

ABB Process Automation, September 2014

Cyber Security for Process Control Systems ABB's view

GREEN HILLS SOFTWARE: EAL6+ SECURITY FOR MISSION CRITICAL APPLICATIONS

WIND RIVER VXWORKS MULTI-CORE EDITION

What functional safety module designers need from IC developers

VXWORKS PROSPECTUS VXWORKS UNIVERSITY OF SKILLS

IDE for medical device software development. Hyun-Do Lee, Field Application Engineer

IBM Rational Rhapsody

INTERNATIONAL STANDARD

Rugged Computer Boards and Systems for Harsh, Mobile and Mission-Critical Environments.

SCADE. SCADE Suite Tailored for Critical Applications EMBEDDED SOFTWARE

ENVISION TECHNOLOGY CONFERENCE. Functional intel (ia) BLA PARTHAS, INTEL PLATFORM ARCHITECT

DEMONSTRATION OF INDEPENDENCE

T1042-based Single Board Computer

Security analysis and assessment of threats in European signalling systems?

A Big Little Hypervisor for IoT Development February 2018

FUNCTIONAL SAFETY FOR INDUSTRIAL AUTOMATION

DATA SHEET RISK & CYBERSECURITY PRACTICE EMPOWERING CUSTOMERS TO TAKE COMMAND OF THEIR EVOLVING RISK & CYBERSECURITY POSTURE

Wind River Android Solutions

Hitex ARM Conference. Future Proof Software

Just How Vulnerable is Your Safety System?

Best Practices Process & Technology. Sachin Dhiman, Senior Technical Consultant, LDRA

REALIZE YOUR. DIGITAL VISION with Digital Private Cloud from Atos and VMware

HARTING. Device Connectivity. People Power Partnership

Alexandre Esper, Geoffrey Nelissen, Vincent Nélis, Eduardo Tovar

Five Steps to Improving Security in Embedded Systems

COMBINED PROCESS CONTROL SYSTEMS AND SAFETY INSTRUMENTED SYSTEMS (SIS) DEMONSTRATION OF INDEPENDENCE

AUTOMOTIVE FOUNDATIONAL SOFTWARE SOLUTIONS FOR THE MODERN VEHICLE

Hardware safety integrity (HSI) in IEC 61508/ IEC 61511

Get more out of technology starting day one. ProDeploy Enterprise Suite

BRE Global Limited Scheme Document SD 186: Issue No December 2017

ED17: Architectures for Process Safety Applications

Cybersecurity for IoT to Nuclear

Regulatory Aspects of Digital Healthcare Solutions

Validation Suites vs. Validation Kits

Functional Safety Processes and SIL Requirements

SUCCESSFULL MULTICORE CERTIFICATION WITH SOFTWARE-PARTITIONING Efficient Implementation for DO-178C, EN 50128, ISO 26262

mbed OS Update Sam Grove Technical Lead, mbed OS June 2017 ARM 2017

NEWS 2018 CONTENTS SOURCE CODE COVERAGE WORKS WITHOUT CODE INSTRUMENTATION. English Edition

CFSE / CFSP Training & Certification

ARM mbed mbed OS mbed Cloud

Predstavenie štandardu ISO/IEC 27005

Modelos de Negócio na Era das Clouds. André Rodrigues, Cloud Systems Engineer

Don t Be the Developer Whose Rocket Crashes on Lift off LDRA Ltd

ISO INTERNATIONAL STANDARD. Safety of machinery Safety-related parts of control systems Part 1: General principles for design

Yocto Overview. Dexuan Cui Intel Corporation

Why you should adopt the NIST Cybersecurity Framework

INTERNET OF BIG THINGS : SMART INFRASTRUCTURES FOR IMPROVED MOBILITY. Sarah WELDON

Nebraska CERT Conference

FUNCTIONAL SAFETY CERTIFICATE

COMPASS FOR THE COMPLIANCE WORLD. Asia Pacific ICS Security Summit 3 December 2013

Software Verification and Validation (VIMMD052) Introduction. Istvan Majzik Budapest University of Technology and Economics

From Design to Production

WIND RIVER DIAB COMPILER

Scheme Document. For more information or help with your application contact BRE Global on +44 (0) or

CERTIFICATION ISSUES IN AUTOMOTIVE SOFTWARE

Android Everywhere. Cristina Segal, EMEA Director Android Solutions GM Android testing tools

IBM Rational Rhapsody

AVOIDING THE 2020 WINDOWS 10 ATM HARDWARE UPGRADE CYCLE A PROOF OF CONCEPT

See operational efficiency in a whole new light The Redwood intelligent lighting network solution from CommScope. Intelligent Building Solutions

Considerations in automotive embedded development Global Automotive Director Kiyo Uemura

Beyond Hardware IP An overview of Arm development solutions

LNE/G-MED North America, Inc

FUNCTIONAL SAFETY CERTIFICATE

ANSYS SCADE 17.0 Solutions for ARINC 661-Compliant Systems

Open Source in Automotive Infotainment

Failure Diagnosis and Prognosis for Automotive Systems. Tom Fuhrman General Motors R&D IFIP Workshop June 25-27, 2010

Automotive Functional Safety

Using Zynq-7000 SoC IEC Artifacts to Achieve ISO Compliance

Transcription:

BUILDING FUNCTIONAL SAFETY PRODUCTS WITH WIND RIVER VXWORKS RTOS Alex Wilson Director, Market Development 2017 WIND RIVER. ALL RIGHTS RESERVED.

For over 30 years, Wind River has helped the world's technology leaders power generation after generation of the safest, most secure devices in the world HERITAGE 1981: Founded 1993: IPO 2009: An Intel Company LEADERSHIP Commercial OS Market Share Leader Broadest Embedded Software Portfolio SCALE 1,200 Employees Presence in 20+ countries INVESTMENT 30+% of Annual Spend is on R&D Rich History of M&A

DIGITAL BUSINESS TRANSFORMATION Business Drivers New approach for business strategy Increased efficiency, safety, resource sustainability Need for smart maintenance approaches The Use of Technology to Radically Improve the Performance or Reach of Enterprises 3 2017 WIND RIVER. ALL RIGHTS RESERVED.

DIGITAL TRANSFORMATION Business Impact Data-enabled intelligent systems Lifecycle costs Safety while enabling connectivity Security maintenance Industrial IoT The future is software defined Functional safety Cybersecurity 4 2017 WIND RIVER. ALL RIGHTS RESERVED.

IEC 61508 FUNCTIONAL SAFETY For Programmable Electronics Equipment Under Control PE Safety Function Safety Function Requirements What the function does Safety Integrity Requirements The likelihood of a safety function being performed satisfactorily (SIL) Equipment Under Control (EUC): Industrial plant, e.g., welding robotics Programmable Electronics (PE): Hardware + software Safety Function: A function that is carried out by a (safety-related) system to minimize risks with the goal of achieving and/or maintaining a secure state for the EUC when a pre-defined dangerous incident is taken into account 5 2017 WIND RIVER. ALL RIGHTS RESERVED.

FUNCTIONAL SAFETY APPLIES ACROSS MULTIPLE SEGMENTS Process Automation Control Automation Transportation Energy Safety Controllers Safety PLC Robot Controllers Manufacturing Systems Signalling Systems Control Systems Production Systems Distribution Systems 6 2017 WIND RIVER. ALL RIGHTS RESERVED.

SAFETY SECURITY The system must not harm the world Matures and gets more stable over time The world must not harm the system Becomes more challenging over time 7 2017 WIND RIVER. ALL RIGHTS RESERVED.

VxWORKS Real Time Operating System 2017 WIND RIVER. ALL RIGHTS RESERVED.

VxWORKS CORE PLATFORM Development Tools Compiler & Toolchain Full Source Code Workbench 4 IDE Linux & Windows Middleware and Application Support Network Stack USB Stack Filesystem Inter-Process Communication Operating System 32 and 64 Bit Uniprocessor and SMP Architecture and BSP Intel, ARM, PPC Atom, QoriQ, Drivers for Ethernet, USB, 9 2017 WIND RIVER. ALL RIGHTS RESERVED.

VxWORKS FOR SAFETY-CRITICAL SYSTEMS General Purpose OS Extensive Middleware Intel, ARM and PPC Time & Space Partitioning Module Additional Toolchain for Cert Kernel build Certifiable API Subset All VxWorks architectures Cert Evidence up to DO178C Level A and IEC61508 SIL 3 Verification Test Harness Verified OS Binaries Architecture-specific VxWorks Core Platform Safety Profile Certification Evidence 10 2017 WIND RIVER. ALL RIGHTS RESERVED.

VxWORKS CORE VERSUS SAFETY PROFILE VxWorks Safety Profile USB Stack OpenGL Stack File System Cert File system * Cert Network Stack * OS Libraries Cert Subset Libraries Architecture Adapter Cert Kernel Architectures BSPs, Drivers * Cert Filesystem/Network Stack not yet available on VxWorks 7 11 2017 WIND RIVER. ALL RIGHTS RESERVED.

CERTIFICATION STANDARDS Market Standards Area Industrial IEC 61508 Functional Safety Automotive ISO 26262 Functional Safety Nuclear IEC 60880 Safety Rail EN 50128 Safety Medical IEC 62304 Safety, Software Lifecycle Aviation DO-178C Safety All Markets IEC 27034 Security, Secure Dev. Lifecycle All Markets IEC 15408 Security, Common Criteria Industrial IEC 62443 Security for Industrial Devices 12 2017 WIND RIVER. ALL RIGHTS RESERVED.

RULES OF THUMB FOR QUALITATIVE REQUIREMENTS Zones of Similar Qualitative Requirements Zone A Zone B 10-9 10-8 10-7 10-6 DAL C DAL B DAL A SIL1 SIL2 SIL3 SIL4 SIL1 SIL2 SIL3 SIL4 10-5 ARP4761 EN 5012x IEC 61508 13 2017 WIND RIVER. ALL RIGHTS RESERVED.

USING VXWORKS FOR FUNCTIONAL SAFETY 2017 WIND RIVER. ALL RIGHTS RESERVED.

SIMPLE SAFETY SYSTEM VxWorks Safety Profile used Natively Safety Application SIL 3 VxWorks Safety Profile Non-Safe Application Simple Safe / non-safe use case Segregated non-safe application All resources under the control of VxWorks Safety profile. Core 0 Core 1 Core 2 Core 3 Intel FuSa / Cyclone V SoC 15 2017 WIND RIVER. ALL RIGHTS RESERVED.

VIRTUALIZATION CONFIGURATION Single safety application per core Safety Application SIL 3 Safety Application SIL 3 Non-Safe Application Non-Safe Application Separated non-safe application Device redirect by Hypervisor/Hardware VxWorks Safety Profile VxWorks Safety Profile Wind River Linux VxWorks Performance impacts easily measured against single core Safety Certified VxWorks Hypervisor Core 0 Core 1 Core 2 Core 3 Intel FuSa 16 2017 WIND RIVER. ALL RIGHTS RESERVED.

FUTURE CONFIGURATION FOR VIRTUALIZATION Safety Application SIL 3 Safety Application SIL 3 Multiple cores per application Separated safety applications Separated non-safe application VxWorks Safety Profile VxWorks Safety Profile Safety Certified VxWorks Hypervisor Core 0 Core 1 Core 2 Core 3 Intel FuSa 17 2017 WIND RIVER. ALL RIGHTS RESERVED.

USING COTS TECHNOLOGY FOR CERTIFICATION 2017 WIND RIVER. ALL RIGHTS RESERVED.

WHERE DO WIND RIVER & INTEL FIT INTO THE STORY? Programmable Electronics PE Safety Critical Applications Safety Evidence for VxWorks Safety Evidence for Drivers & Middleware Target Hardware Customer IEC 61508 SIL 3 Wind River COTS IEC 61508 SIL 3 Wind River Professional Services Intel Functional Safety CPU 19 2017 WIND RIVER. ALL RIGHTS RESERVED.

WIND RIVER ENGAGEMENT IN THE OVERALL FRAMEWORK Part 1 Development of the overall safety requirements (concept, scope definition, hazard and risk analysis) 7.1 to 7.5 Allocation of the safety requirements to the E/E/PE safety-related systems 7.6 Realization phase for E/E/PE safetyrelated systems Part 1 Realization phase for safety-related software Part 2 Part 3 Part 1 Installation and commissioning and safety validation of E/E/PE safety-related systems 7.13 and 7.14 Part 1 Operation and maintenance, modification and retrofit, decommissioning or disposal of E/E/PE safety-related systems 7.15 to 7.17 Part 5 Risk based approaches to the development of the safety integrity requirements Overview of techniques and measures Part 6 Part 7 Guidelines for the application of parts 2 and 3 Technical Requirements Other Requirements Definitions and Abbreviations Part 4 Documentation Clause 5 and Annex A Part 1 Management of Functional Safety Clause 6 Part 1 Functional Safety Assessment Clause 8 Part 1 20 2017 WIND RIVER. ALL RIGHTS RESERVED.

VxWORKS SAFETY MANUAL Guidance for VxWorks usage in a certified environment Standards Best Practices Guidelines Hazard Mitigation IEC 61508 Cert authority TÜV Determines compliance with standards Installation instructions Build environment User interface BSP Processor Error handling APIs RTPs DKMs VIP VSBs Restrictions TPs, DKMs, VIP, VSB Failure mode and effect analysis (FMEA) Partitioning Safe inter-process communications Hardware hazards 21 2017 WIND RIVER. ALL RIGHTS RESERVED.

SUMMARY Wind River is the industry leader, with over 45% market share and deep corporate support with our parent company, Intel. Safety systems minimize risks for failures Connected safety systems provide value VxWorks provides proven basis for Functional Safety 19 2017 WIND RIVER. ALL RIGHTS RESERVED.

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback