EP1894101A1 - Procede et dispositif pour surveiller un acces non autorise a une memoire d'une unite de calcul, en particulier dans un vehicule automobile - Google Patents

Procede et dispositif pour surveiller un acces non autorise a une memoire d'une unite de calcul, en particulier dans un vehicule automobile

Info

Publication number
EP1894101A1
EP1894101A1 EP05753228A EP05753228A EP1894101A1 EP 1894101 A1 EP1894101 A1 EP 1894101A1 EP 05753228 A EP05753228 A EP 05753228A EP 05753228 A EP05753228 A EP 05753228A EP 1894101 A1 EP1894101 A1 EP 1894101A1
Authority
EP
European Patent Office
Prior art keywords
computing device
memory
monitoring means
monitoring
sequence pattern
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Withdrawn
Application number
EP05753228A
Other languages
German (de)
English (en)
Inventor
Thomas Stauner
Astrid Schroeder
Martin E. Thiede
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Bayerische Motoren Werke AG
Original Assignee
Bayerische Motoren Werke AG
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Bayerische Motoren Werke AG filed Critical Bayerische Motoren Werke AG
Publication of EP1894101A1 publication Critical patent/EP1894101A1/fr
Withdrawn legal-status Critical Current

Links

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F12/00Accessing, addressing or allocating within memory systems or architectures
    • G06F12/14Protection against unauthorised use of memory or access to memory
    • G06F12/1416Protection against unauthorised use of memory or access to memory by checking the object accessibility, e.g. type of access defined by the memory independently of subject rights
    • G06F12/1425Protection against unauthorised use of memory or access to memory by checking the object accessibility, e.g. type of access defined by the memory independently of subject rights the protection being physical, e.g. cell, word, block
    • G06F12/1441Protection against unauthorised use of memory or access to memory by checking the object accessibility, e.g. type of access defined by the memory independently of subject rights the protection being physical, e.g. cell, word, block for a range
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F11/00Error detection; Error correction; Monitoring
    • G06F11/07Responding to the occurrence of a fault, e.g. fault tolerance
    • G06F11/0703Error or fault processing not based on redundancy, i.e. by taking additional measures to deal with the error or fault not making use of redundancy in operation, in hardware, or in data representation
    • G06F11/0706Error or fault processing not based on redundancy, i.e. by taking additional measures to deal with the error or fault not making use of redundancy in operation, in hardware, or in data representation the processing taking place on a specific hardware platform or in a specific software environment
    • G06F11/073Error or fault processing not based on redundancy, i.e. by taking additional measures to deal with the error or fault not making use of redundancy in operation, in hardware, or in data representation the processing taking place on a specific hardware platform or in a specific software environment in a memory management context, e.g. virtual memory or cache management
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F11/00Error detection; Error correction; Monitoring
    • G06F11/07Responding to the occurrence of a fault, e.g. fault tolerance
    • G06F11/0703Error or fault processing not based on redundancy, i.e. by taking additional measures to deal with the error or fault not making use of redundancy in operation, in hardware, or in data representation
    • G06F11/0751Error or fault detection not based on redundancy

Definitions

  • the invention relates to a method and a device for monitoring unauthorized memory access to a predetermined memory area in a computing device, in particular in a motor vehicle.
  • memory protection is understood to mean the capability of a microcomputer operating system to effectively prevent individual processes of the operating system from accessing those memory areas for which they have no authorization.
  • microcontrollers e.g., MPC 566 made by Motorola
  • memory protection unit e.g., RAM 466
  • MPC 566 made by Motorola
  • the protection can not be applied to all types of memory, such as memory. internal and external memory or volatile and non-volatile memory, equally applied.
  • a computing device with a plurality of computers which is embodied, for example, in a CAN (Controller Area Network) network in a motor vehicle
  • the computers designated as controllers are provided with no hardware-implemented memory protection for cost reasons.
  • the runtime pattern of the computing device or of a computer is used dynamically and in an automated manner, for example when updating a runtime pattern.
  • Unauthorized memory accesses can lead to errors in other sequence patterns or computers of the computing device. There is thus a fundamental need to prevent unauthorized memory accesses, in particular to a predetermined memory area in a computing device.
  • CMSD configuration management system
  • CMS configuration management system
  • the identity of a monitored process is uniquely determined and the correct operation of the monitored process is verified. Unless proper operation of the monitored process could be verified, the monitored process is restarted and a unique self-identification of the monitored system against the computing device after reboot is effected.
  • the described device has the initially mentioned disadvantage that, on the one hand, there is no direct monitoring of an unauthorized memory access to a predetermined memory area and, on the other hand, an additional device in the form of hardware components has to be provided.
  • the object of the present invention is to provide a method and a device for monitoring unauthorized memory access to a predetermined memory area in a computing device, in particular for a motor vehicle, so that the computing device has no undefined Can assume state. In particular, no additional hardware components should be necessary.
  • the basic idea of the present invention is to monitor unauthorized memory access to a predetermined memory area in a computing device by integrating the memory access information of the sequence pattern contained in the specification of a sequence pattern in a suitable manner for monitoring purposes of the sequence pattern.
  • the method for monitoring unauthorized memory access to a predetermined memory area in the computing device, in particular in a vehicle is characterized by the following steps: First, a runtime pattern is provided in the computing device. There is further provided a monitoring means, comprising at least one sensor means arranged to detect an event of the computing device, and at least one detection means arranged to track the behavior of the event detected by the sensor means. In a further step, the monitoring means is integrated into the sequence pattern. There is a monitoring of the sequence pattern during its term by the memory means as events memory accesses to a memory address or an address range are detected.
  • the monitoring means does not represent a hardware-implemented element of the computing device, but rather is a computer program product which is integrated in a suitable manner into the runtime pattern embodied as software.
  • the sensor means is a "software sensor” and the detection means is also implemented in software Approach makes it possible to monitor memory accesses of the sequence pattern during its runtime during operation. In particular, it is possible to detect and appropriately handle unauthorized memory accesses. It is based on the assumption that the specification is set such that, according to the specification, unauthorized memory access to a predetermined memory area in the computing device is not permitted.
  • errors ie unauthorized memory access
  • the reliability of the sequence pattern or the computing device is thereby increased.
  • the step of generating the monitoring means in which a specified behavior of the sequence pattern is defined with states and state changes associated with at least one event and the at least one event, wherein the specified behavior is converted into a program code.
  • this step provides that the e.g. in textual form specified behavior of the sequence pattern is converted into a readable and processable by the computing device form.
  • a setting of permitted and / or unauthorized address areas of a memory device takes place, wherein a behavior deviating from the specified behavior exists if the sequence pattern wishes to access an unauthorized address area.
  • those memory areas of the memory device are identified which are to be protected against unauthorized memory access. These can be, for example, those memory areas in which the operating system of the computing device or of a computer of the computing device are stored.
  • a comparison of the desired memory address follows with the memory addresses specified in the 1 specification. If a match is found, then a predefined fixed Reaction can be initiated, for example, the access of the sequence pattern can be suppressed to the desired memory area.
  • the generation of the monitoring means, and in particular the transfer of the monitoring means in the program code takes place automatically. This ensures high efficiency of the program code, i. the monitoring means requires only a few memory resources. Furthermore, the expiration pattern, if it works as intended, is not affected by the monitoring means.
  • the step of integrating the monitoring means in the sequence pattern comprises the introduction of the program code into a sequence pattern program code.
  • this present program code is integrated into the program code of the sequence pattern.
  • the integration may include the addition of additional lines of code in the execution pattern program code.
  • the integration may also include the provision of additional objects or modules. It is also a combination of the above options conceivable.
  • an access to a memory area attempted by the runtime pattern is monitored as an event, wherein the monitoring means checks whether the memory access takes place in an unauthorized or a permitted memory area, in response to an access to an unauthorized area Denial of the memory access and / or the call of an error handling routine and / or a signaling of the unauthorized memory access by the sequence pattern takes place. Specifically, the deviation is detected by the detection means of the monitoring means, which can distinguish unauthorized memory accesses from permitted memory accesses. According to a further embodiment, upon detection of an event by the monitoring means, more precisely the sensor means of the monitoring means, a function call is made in the sequence pattern program code.
  • the integration of the monitoring means in the sequence pattern thus makes it possible to carry out a check of its behavior, ie a check for an unauthorized memory access, at predefined locations in the sequence pattern and a predetermined function, for example the signaling, the Storing variables or the like may call.
  • the monitoring means is provided in one computer of a plurality of computers, and this computer of the plurality of computers of the computing device is limited to its expiration pattern, i. unauthorized memory access, monitored.
  • the monitoring means is provided in at least two computers of a plurality of computers of the computing device, and memory accesses between the computers of the computing device are monitored. Which of the two variants is selected, if appropriate in a combination, depends on the procedure of integration of the monitoring means in the sequence pattern.
  • a monitoring means is provided with at least one sensor means which is adapted to detect an event, in particular a desired memory access, of the computing device.
  • At least one detection means is provided, which is set up to track the behavior of the event detected by the sensor means, wherein the monitoring means is integrated in a sequence pattern on the computing device, and wherein the Monitoring means is adapted to monitor the execution pattern during its term by the memory means as events memory accesses to a memory address or an address range are detected.
  • the computing device has a plurality of computers coupled to one another, wherein the monitoring device is arranged in at least one of the computers.
  • the computing device is a bus system and the computers are bus subscribers of this bus system, which are coupled together via a bus line, via which the exchange of messages is possible.
  • a bus subscriber represents a control unit of a bus system.
  • the monitoring means is a computer program product which is integrated in the sequence pattern.
  • a further embodiment provides that the monitoring means is designed to monitor at least one of the computers of the computing device.
  • Another embodiment provides that the monitoring means for monitoring memory accesses between at least two computers of the computing device is formed.
  • the invention further describes a computer program product for a computing device of a motor vehicle, in which a monitoring means controlling the arithmetic unit, a monitoring means is integrated, which comprises a computer-readable specification of the behavior of the sequence pattern and which is adapted to determine memory accesses at runtime of the sequence pattern and a response thereto when there is memory access to an unauthorized memory area of a memory device of the computing device.
  • FIGS. Show it: 1 shows a device according to the invention for monitoring a sequence of a computing device
  • Fig. 2 shows a computing device according to the invention with a plurality of computers, wherein the device for monitoring in one of
  • FIG. 3 shows a further computing device with a plurality of computers, in which the device for monitoring in multiple computers is distributed, and
  • Fig. 4 is a schematic representation of that of the device for
  • FIG. 1 shows two computers 4 of a computing device 1 designed as bus subscribers, wherein in the left half a representation without the monitoring means according to the invention and in the right half a representation with the monitoring means according to the invention is shown.
  • the computer 4 components not shown in detail are provided in the figure, which allow to first apply a flow pattern 15 (software) and bring to expiration.
  • the computer 4 has a memory device which may comprise volatile and / or non-volatile memories and in which areas for an operating system, one or more sequence patterns and optionally further sequence-pattern components may be provided.
  • the computer 4 has a plurality of data inputs and outputs 7, via which data can be transmitted to the computer 4 and from the computer 4.
  • the functionality of the computer is essentially determined by the sequence pattern 15.
  • the sequence pattern 15 receives the information supplied via the data inputs and outputs 7, processes them in accordance with the sequence pattern 15 and provides, for example, results on at least some of the data inputs and outputs 7.
  • the smooth running of the sequence pattern 15 is essentially ensured by careful testing.
  • the computer 4 shown in the right-hand part of FIG. 1 is provided with a monitoring means 10 which has sensors 11 and detection means 12.
  • the number of four sensors 11 and a recognition means 12 shown in FIG. 1 is chosen merely by way of example and could be chosen arbitrarily in practice.
  • the schematic illustration shows two sensors 11 which filter the messages transmitted via the data inputs and outputs 7 and feed them to the recognition means 12.
  • sensors 11 are provided in the interior of the sequence pattern 15, which detect certain events of the sequence pattern 15 and supply the detected events to the recognition means 12.
  • the sensors 11 and the recognition means 12 are designed in the form of software code sections, which are integrated in a suitable location in the sequence pattern 15 in a manner to be described below.
  • FIG. 2 shows a computing device 1 which has a total of four computers 2, 3, 4, 5, of which the computer 4 is equipped with a monitoring means 10 in the manner described above.
  • An alternative exemplary embodiment is shown in FIG. 3, which by way of example comprises only three computers 2, 3, 4, wherein the monitoring means 10 is arranged distributed in all of the computers 2, 3, 4.
  • the computers are coupled together via a bus line 6, via which the computer can exchange messages. While the embodiment of FIG. 2 only provides for monitoring the behavior of the sequence pattern of the computer 4 for unauthorized memory accesses, the interaction of the individual components can be monitored with the representation shown in FIG. 3 if one of the computers accesses the memory device of one of the other Computer would like to access.
  • the monitoring of the sequence pattern of the computing device can be carried out in operation in two ways. Component-level monitoring is possible within which the monitoring means monitors a computer of the computing device as a component of the computing device. It is also possible to monitor at the system level, on the interaction of the individual components, ie computers of the computing device, is monitored. In another, not shown, embodiment, a combination of the two forms shown in Figures 2 and 3 could be provided.
  • a prerequisite is a specification that satisfies the desired behavior of a computing device, i. a flow pattern of the computing device, describes exactly and in detail. In particular, this includes information about unauthorized memory areas of the memory device, which may be e.g. are assigned exclusively to the operating system.
  • This specification or parts of the specification of the computing device to be monitored are formalized in an appropriate language. From the established formal specification, the monitoring means will be generative prior to the commissioning of the computing device, i. automated, generated. The relevant information from the specification in formalized form is incorporated into the monitoring means.
  • the monitoring means containing the specification, together with the sequence pattern is applied to the computing device, i. either one or a plurality of computers, applied.
  • the computing device which may, for example, be a bus system in a motor vehicle, it collects all information relevant to the fulfillment of its monitoring task. This is done using the software sensors described in the introduction, which are part of the generated monitoring means and register memory accesses of the sequence pattern.
  • a predefined response e.g. denying access.
  • the reaction could also be, for example, turning off the computer, calling a predetermined routine, or the like.
  • the sequence of monitoring is better apparent from FIG. 4. From this the logical view of the processes becomes understandable.
  • software sensors 11 are mounted which monitor memory accesses in the computing device 1. Detects one of the sensors 11 a Memory access (event E1 or E2), it forwards it to the detection means 12, which tracks the behavior (eg the desired address) of the monitored system based on the incoming events. In case of access to an unauthorized storage area, the recognition means 12 may trigger a response as described above. The sensors and the detection means together form the monitoring means. Logically, the specified behavior that compares the recognition means to the actual behavior of the computing device is committed in a recognizer configuration. In practice, this information is incorporated in the recognition means 12. The information on which locations in the computing device to be monitored which sensors 11 are to be placed is contained in a sensor configuration which is created as part of the formalization of the specification.
  • the generated code is as efficient as handwritten code.
  • the generation provides significant advantages over a manually created code:
  • the generator ensures that no conflicts occur due to the same naming of program variables.
  • the specified module concept ensures clarity and maintainability of the monitoring device.
  • the generator can ensure that no unwanted loops are hidden in the monitoring code, which costs resources at runtime or can considerably disrupt the computing device in its course.
  • the generated monitoring means is highly efficient in terms of its memory and computing time requirements.
  • the resource requirements for a particular monitoring device depend on the specification used to input the generation. In principle, it is possible to calculate the resource requirements of a monitoring scenario during generation by the generator. Likewise, an analysis of the required computing time per monitored event possible. In this way it can be left out whether the monitoring of each monitored event can work as expected. If, for example, an event is reported by a software sensor out of an interrupt, the monitoring must not usually delay the execution of the interrupt beyond a certain limit.
  • the invention makes it possible to achieve memory protection without explicit hardware support. This is achieved using software sensors and detection means which are combined in the monitoring means.
  • the monitoring means is arranged to ensure the correct functioning of a sequence pattern.
  • the term "correct function" of a sequence pattern is to be understood as meaning whether the sequence pattern unauthorized accesses a memory area or not.
  • the unauthorized memory areas are first specified in the specification.
  • the specification is implemented in software code sections and integrated into the process pattern to be monitored.
  • the thus modified execution pattern includes the mentioned software sensors and the recognition means that can detect memory accesses. If access to an unauthorized area is attempted, this is prevented by the monitoring means, or more precisely the recognition means. This ensures memory protection.
  • a boundary condition to be taken into consideration is that as a rule a very large number of memory accesses per unit of time must be checked by the computing device and therefore the monitoring can impair the performance of the computing device.
  • the integration of the monitoring means in the sequence pattern means that software code sections of the monitoring means are inserted in the program code of the sequence pattern before each point at which a potentially unauthorized memory access is performed. These check whether the destination address of the intended access falls into an unauthorized memory area. If this is the case, then an error can be signaled or the sequence pattern or the computing device can be stopped.
  • the additional software code sections of the monitoring means can be implemented as a function call, wherein in the called function, the destination address is compared with the previously defined, unauthorized memory areas.
  • the unauthorized memory areas may be stored in tabular form in the memory device for this purpose, for example. However, they can also be integrated into the program section of the called function.
  • the additional expenditure of computation time and storage requirement caused by the integration of the monitoring means into the runtime pattern can be kept low, in particular in computing devices or computers with a processor with load / store architecture, since a large part of the computations are processed there in the internal processor registers and the addressing types are usually easy to perform.
  • a reduction of the overhead is possible because only targeted, critical areas of the program code of the sequence pattern are provided with the monitoring means. This could for example relate to memory accesses of sequence patterns, which are loaded after configuration and delivery of the computing device in retrospect by the user of the computing device.
  • the invention thus provides a method and a device which ensure the proper functioning of a sequence pattern in a computing device.
  • the safety can be improved.
  • the monitoring means prior to delivery of a computing device, the monitoring means could be used in development to simplify testing. In support of the diagnosis, the monitoring means can detect error situations and record them in fault memory entries.
  • a sequence pattern in a computing device in particular a bus system in a motor vehicle
  • errors can be detected at runtime that were not revealed in tests.
  • the detected errors can be signaled and / or prevented.
  • the operational safety of Computing device is thereby increased.
  • information security becomes relevant and can be improved.
  • diagnostics can be supported by detecting the error context. This is possible with minimal effort.

Landscapes

  • Engineering & Computer Science (AREA)
  • Theoretical Computer Science (AREA)
  • Physics & Mathematics (AREA)
  • General Engineering & Computer Science (AREA)
  • General Physics & Mathematics (AREA)
  • Quality & Reliability (AREA)
  • Computer Security & Cryptography (AREA)
  • Storage Device Security (AREA)
  • Debugging And Monitoring (AREA)

Abstract

L'invention concerne un procédé et un dispositif pour surveiller un accès non autorisé à une zone de mémoire spécifique dans une unité de calcul (1), comprenant un moyen de surveillance (10) pourvu d'au moins un moyen de détection (11) qui est configuré pour identifier un événement de l'unité de calcul (1). Le moyen de surveillance comprend également au moins un moyen d'identification (12) qui est configuré pour suivre le déroulement de l'événement identifié par le moyen de détection (11). Selon l'invention, le moyen de surveillance (10) est intégré dans un modèle d'exécution (15) dans l'unité de calcul (1). De plus, le moyen de surveillance (10) est configuré pour surveiller le modèle d'exécution (15) pendant sa durée d'exécution, ledit moyen de surveillance (10) détectant des accès à une adresse de mémoire ou à un espace adressable comme étant des événements (E1, E2).
EP05753228A 2005-06-23 2005-06-23 Procede et dispositif pour surveiller un acces non autorise a une memoire d'une unite de calcul, en particulier dans un vehicule automobile Withdrawn EP1894101A1 (fr)

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
PCT/EP2005/006767 WO2006136189A1 (fr) 2005-06-23 2005-06-23 Procede et dispositif pour surveiller un acces non autorise a une memoire d'une unite de calcul, en particulier dans un vehicule automobile

Publications (1)

Publication Number Publication Date
EP1894101A1 true EP1894101A1 (fr) 2008-03-05

Family

ID=35788467

Family Applications (1)

Application Number Title Priority Date Filing Date
EP05753228A Withdrawn EP1894101A1 (fr) 2005-06-23 2005-06-23 Procede et dispositif pour surveiller un acces non autorise a une memoire d'une unite de calcul, en particulier dans un vehicule automobile

Country Status (3)

Country Link
US (1) US9286244B2 (fr)
EP (1) EP1894101A1 (fr)
WO (1) WO2006136189A1 (fr)

Families Citing this family (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US10540524B2 (en) 2014-12-31 2020-01-21 Mcafee, Llc Memory access protection using processor transactional memory support
EP3179371A1 (fr) * 2015-12-08 2017-06-14 Gilwa GmbH embedded systems Procédé et dispositif pour la collecte de données de traçage de manière non intrusive
US10650621B1 (en) 2016-09-13 2020-05-12 Iocurrents, Inc. Interfacing with a vehicular controller area network
CN110754068A (zh) * 2017-06-14 2020-02-04 住友电气工业株式会社 车外通信装置、通信控制方法和通信控制程序

Citations (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
FR2740235A1 (fr) * 1995-10-24 1997-04-25 Peugeot Dispositif de controle du fonctionnement d'un systeme electronique embarque a bord d'un vehicule automobile

Family Cites Families (13)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US4093987A (en) * 1977-03-24 1978-06-06 International Business Machines Corporation Hardware control storage area protection method and means
US5513337A (en) * 1994-05-25 1996-04-30 Intel Corporation System for protecting unauthorized memory accesses by comparing base memory address with mask bits and having attribute bits for identifying access operational mode and type
US5970251A (en) * 1994-06-16 1999-10-19 Robert Bosch Gmbh Process for optimizing program parts for motor vehicle controllers
US5920690A (en) * 1997-08-11 1999-07-06 Motorola, Inc. Method and apparatus for providing access protection in an integrated circuit
US6049876A (en) * 1998-02-09 2000-04-11 Motorola, Inc. Data processing system and method which detect unauthorized memory accesses
EP1119809B1 (fr) * 1998-10-09 2003-05-07 Sun Microsystems, Inc. Controle de processus dans un systeme informatique
FR2790844B1 (fr) * 1999-03-09 2001-05-25 Gemplus Card Int Procede et dispositif de surveillance du deroulement d'un programme, dispositif programme permettant la surveillance de son programme
US7430670B1 (en) * 1999-07-29 2008-09-30 Intertrust Technologies Corp. Software self-defense systems and methods
DE10110050A1 (de) * 2001-03-02 2002-09-05 Bosch Gmbh Robert Verfahren zur Absicherung sicherheitskritischer Programmteile vor versehentlicher Ausführung und eine Speichereinrichtung zur Durchführung dieses Verfahrens
FR2849226B1 (fr) * 2002-12-20 2005-12-02 Oberthur Card Syst Sa Procede et dispositif de securisation de l'execution d'un programme informatique.
DE10315638A1 (de) * 2003-04-04 2004-10-28 Infineon Technologies Ag Programmgesteuerte Einheit
US20050071668A1 (en) * 2003-09-30 2005-03-31 Yoon Jeonghee M. Method, apparatus and system for monitoring and verifying software during runtime
US7873947B1 (en) * 2005-03-17 2011-01-18 Arun Lakhotia Phylogeny generation

Patent Citations (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
FR2740235A1 (fr) * 1995-10-24 1997-04-25 Peugeot Dispositif de controle du fonctionnement d'un systeme electronique embarque a bord d'un vehicule automobile

Non-Patent Citations (1)

* Cited by examiner, † Cited by third party
Title
See also references of WO2006136189A1 *

Also Published As

Publication number Publication date
US20080178292A1 (en) 2008-07-24
US9286244B2 (en) 2016-03-15
WO2006136189A1 (fr) 2006-12-28

Similar Documents

Publication Publication Date Title
EP2981926B1 (fr) Dispositif de stockage de données permettant un échange de données protégé entre différentes zones de sécurité
EP1479003B1 (fr) Procede et dispositif de commande d'une unite fonctionnelle d'un vehicule automobile
DE19927657A1 (de) Partitionierung und Überwachung von softwaregesteuerten Systemen
EP1639465B1 (fr) Procede permettant de surveiller l'execution d'un programme dans un micro-ordinateur
DE102018214999A1 (de) Vorrichtung zur Absicherung von Diagnosebefehlen an ein Steuergerät und entsprechendes Kraftfahrzeug
EP3709166B1 (fr) Procédé et système de manipulation sécurisée de signal pour l'essai des fonctionnalités de sécurité intégrées
EP3473512A1 (fr) Module fonctionnel, unité de commande pour un système d'aide au fonctionnement et dispositif de travail
EP1262856B1 (fr) Unité contrôlée par programme
EP1804144A1 (fr) Surveillance du programme de commande d'un contrôleur d'une machine
EP1894101A1 (fr) Procede et dispositif pour surveiller un acces non autorise a une memoire d'une unite de calcul, en particulier dans un vehicule automobile
WO2008014940A1 (fr) Dispositif de commande et procédé pour la commande de fonctions
EP3983897B1 (fr) Procédé pour garantir ou maintenir la fonction d'un système global critique pour la sécurité
DE102013021231A1 (de) Verfahren zum Betrieb eines Assistenzsystems eines Fahrzeugs und Fahrzeugsteuergerät
WO2003075104A2 (fr) Systeme et procede pour evaluer la securite de systemes et l'ameliorer, et programme informatique correspondant
EP1733284B1 (fr) Commande d'execution de fonctions sur des appareils qui interagissent les uns avec les autres
EP1563358B1 (fr) Procede de controle securise d'une zone de memoire d'un microcontroleur faisant partie d'un dispositif de commande, et dispositif de commande pourvu d'un microcontroleur protege
WO2005001692A2 (fr) Procede et dispositif pour la surveillance d'un systeme reparti
DE102013202961A1 (de) Verfahren zum Überwachen eines Stackspeichers in einem Betriebssystem eines Steuergeräts eines Kraftfahrzeuges
DE102004051991A1 (de) Verfahren, Betriebssystem und Rechengerät zum Abarbeiten eines Computerprogramms
DE102006045153A1 (de) System und Verfahren zum Verteilen und Ausführen von Programmcode in einem Steuergerätenetzwerk
WO2005006091A1 (fr) Appareil de commande et reseau pour une pluralite de dispositifs
EP1248965B1 (fr) Procede pour eviter des dysfonctionnements dans un systeme de traitement de signaux et systeme de processeur
DE102017212560A1 (de) Verfahren zum ausfallsicheren Durchführen einer sicherheitsgerichteten Funktion
DE10220811B4 (de) Verfahren und Vorrichtung zur Überwachung der Funktionsweise eines Systems
DE102021212594A1 (de) Verfahren zum Starten einer Speichereinheit einer Recheneinheit

Legal Events

Date Code Title Description
PUAI Public reference made under article 153(3) epc to a published international application that has entered the european phase

Free format text: ORIGINAL CODE: 0009012

17P Request for examination filed

Effective date: 20071124

AK Designated contracting states

Kind code of ref document: A1

Designated state(s): DE FR GB

RBV Designated contracting states (corrected)

Designated state(s): DE FR GB

DAX Request for extension of the european patent (deleted)
17Q First examination report despatched

Effective date: 20090212

RAP1 Party data changed (applicant data changed or rights of an application transferred)

Owner name: BAYERISCHE MOTOREN WERKE AKTIENGESELLSCHAFT

STAA Information on the status of an ep patent application or granted ep patent

Free format text: STATUS: THE APPLICATION IS DEEMED TO BE WITHDRAWN

18D Application deemed to be withdrawn

Effective date: 20170712