EP3281106A1 - Verwaltung von schnittstellen in einem verteilten system - Google Patents
Verwaltung von schnittstellen in einem verteilten systemInfo
- Publication number
- EP3281106A1 EP3281106A1 EP16707430.1A EP16707430A EP3281106A1 EP 3281106 A1 EP3281106 A1 EP 3281106A1 EP 16707430 A EP16707430 A EP 16707430A EP 3281106 A1 EP3281106 A1 EP 3281106A1
- Authority
- EP
- European Patent Office
- Prior art keywords
- interfaces
- gateway
- hardware
- processor
- virtual machines
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Ceased
Links
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F9/00—Arrangements for program control, e.g. control units
- G06F9/06—Arrangements for program control, e.g. control units using stored programs, i.e. using an internal store of processing equipment to receive or retain programs
- G06F9/44—Arrangements for executing specific programs
- G06F9/455—Emulation; Interpretation; Software simulation, e.g. virtualisation or emulation of application or operating system execution engines
- G06F9/45533—Hypervisors; Virtual machine monitors
- G06F9/45558—Hypervisor-specific management and integration aspects
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F13/00—Interconnection of, or transfer of information or other signals between, memories, input/output devices or central processing units
- G06F13/38—Information transfer, e.g. on bus
- G06F13/40—Bus structure
- G06F13/4004—Coupling between buses
- G06F13/4022—Coupling between buses using switching circuits, e.g. switching matrix, connection or expansion network
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F13/00—Interconnection of, or transfer of information or other signals between, memories, input/output devices or central processing units
- G06F13/14—Handling requests for interconnection or transfer
- G06F13/20—Handling requests for interconnection or transfer for access to input/output bus
- G06F13/28—Handling requests for interconnection or transfer for access to input/output bus using burst mode transfer, e.g. direct memory access DMA, cycle steal
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F13/00—Interconnection of, or transfer of information or other signals between, memories, input/output devices or central processing units
- G06F13/38—Information transfer, e.g. on bus
- G06F13/382—Information transfer, e.g. on bus using universal interface adapter
- G06F13/385—Information transfer, e.g. on bus using universal interface adapter for adaptation of a particular data processing system to different peripheral devices
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F9/00—Arrangements for program control, e.g. control units
- G06F9/06—Arrangements for program control, e.g. control units using stored programs, i.e. using an internal store of processing equipment to receive or retain programs
- G06F9/44—Arrangements for executing specific programs
- G06F9/455—Emulation; Interpretation; Software simulation, e.g. virtualisation or emulation of application or operating system execution engines
- G06F9/45533—Hypervisors; Virtual machine monitors
- G06F9/45558—Hypervisor-specific management and integration aspects
- G06F2009/45579—I/O management, e.g. providing access to device drivers or storage
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F9/00—Arrangements for program control, e.g. control units
- G06F9/06—Arrangements for program control, e.g. control units using stored programs, i.e. using an internal store of processing equipment to receive or retain programs
- G06F9/44—Arrangements for executing specific programs
- G06F9/455—Emulation; Interpretation; Software simulation, e.g. virtualisation or emulation of application or operating system execution engines
- G06F9/45533—Hypervisors; Virtual machine monitors
- G06F9/45558—Hypervisor-specific management and integration aspects
- G06F2009/45595—Network integration; Enabling network access in virtual machine instances
Definitions
- the invention relates to a device and a method for managing interfaces in an electronic system, in which a plurality of virtual machines share a hardware platform virtualized by means of a hypervisor and their interfaces.
- Hypervisors also known as the Virtual Machine Monitor (VMM)
- VMM Virtual Machine Monitor
- VM virtual machine
- the software guests or virtual machines share a common hardware platform and their resources, for example their interfaces.
- Interfaces especially automotive interfaces such as CAN, Flexray or LIN, are commonly used by software running on the VM or the VMM is running, which allows sharing of the respective interfaces at runtime.
- these functions lead to a not insignificant overhead, which is at the expense of the performance of the VMM or the virtual machines and to a mutual temporal
- the object of the invention is to design the management of the common interfaces in a virtualized system such that the overhead and the temporal influence of the virtual machines resulting therefrom and the possible influence by safety and security gaps are reduced.
- An implemented in hardware gateway module is known for example from DE 10 2012 215 765 A1.
- the known gateway module comprises a configurable hardware circuit, which is set up for processing and forwarding data from one subnet to another subnet, taking into account the different communication protocols, so that in particular the interfaces, ie in particular the
- the software mechanisms in the hypervisor or the virtual machine monitor and in the virtual machines, which are in accordance with the known methods for sharing interfaces are necessary redundant.
- the invention thus enables the sharing of interfaces by virtual machines, without creating software overhead at runtime. This drastically reduces the mutual influence of the virtual machines. That expresses itself u.a. also in increased determinism, increased functional reliability and improved security in the virtual machines. In addition, the released processing power comes
- the hardware-based gateway known from DE 10 2012 215 765 A1 was originally developed for different automotive interfaces, such as CAN, LIN, Flexray, Ethernet. Such a gateway will
- This functionality allows the direct writing of data into the memory of a processor system, which is referred to as so-called DMA (Direct Memory Access) transfer. Due to the direct access to the memory of the processor or processors, the gateway is able to transfer the payload or the data of the interfaces to be managed (CAN, Flexray, LIN, Ethernet, ...) directly into the respective memory partitions of the virtual machines write or read from it.
- DMA Direct Memory Access
- PCle Peripheral
- PCIe interfaces are a standard for connecting peripheral devices to a main processor and are nowadays provided by the processor systems. This makes it possible to implement the extended functionality in the gateway cost-effectively and reliably. Furthermore, no further adaptation of the processor must take place. It is particularly advantageous here that the functionality of the gateway could be integrated directly into the processor.
- the gateway has a multicast capability so that a datum can be communicated to multiple virtual machines simultaneously.
- the routing of the data streams between the interfaces and the storage partitions is configured at system startup, so that an unauthorized change of this setting is no longer possible at runtime of the system.
- the configuration is authorized by the hypervisor and the values are checked for acceptability. This ensures that only data required by the particular virtual machine can be written to its memory partitions or read from its storage partition. At runtime, no software action is required to distribute the data to the virtual machines.
- the security of the virtual machines is increased because the data is selectively exchanged with the respective virtual machine.
- the management of the interfaces is performed by the gateway without software, whereby the functional security is increased, since now critical data streams are not influenced by software components with lower criticality.
- the gateway comprises a hardware implemented security module, by means of which encryption and decryption operations and / or
- Authentication operations on the data to be transmitted can be realized.
- the data transfer and the communication with the outside world can be encrypted and authenticated, without the data in the processor system having to be protected by software mechanisms.
- Also in this embodiment eliminates an interaction of the software at runtime.
- the object is also achieved by a method of the aforementioned type, in which the interfaces are accessed by means of a gateway implemented in hardware and data is written and / or read directly into the respective memory partitions of a processor system by means of a hardware circuit of the gateway.
- FIG. 1 shows a schematic representation of a virtualized system with a gateway designed according to the invention.
- FIG. 1 shows a virtualized system 1 that includes a hypervisor 2, which is also referred to as a virtual machine monitor (VMM), and a plurality of independent virtual machines (VM) 3.
- the virtualized system 1 has one
- Processor system 4 which may include one or more processors, and one or more memories comprising a plurality of memory areas 5.
- the hypervisor 2 creates an abstraction level so that the actual processor system 4 and the associated memory are presented to each virtual machine 3 as if the respective virtual machine 3 alone had the processor (s) 4 as well as the memory (s).
- a gateway 6 is further shown, which includes a hardware circuit in which the gateway core functions 7 are realized.
- Such a gateway 6 is known for example from DE 10 2012 215 765 A1.
- the gateway 6 manages access to multiple interfaces or
- Communication interfaces 8 for example, designed as interfaces to subnets, which preferably operate on different protocols (LIN, Flexray, CAN, Ethernet, ).
- the communication between the virtual machines 3 and the interfaces 8 is consequently regulated by the gateway 6.
- the gateway 6 shown in FIG. 1 also has a DMA interface 9, which allows direct access to the memory areas 5.
- DMA interface 9 allows direct access to the memory areas 5.
- data can be written directly into the memory areas 5 or data can be read from these memory areas 5.
- PCIe connection 10 is used that of today
- the gateway 6 additionally has a security module 11, by means of which encryption and decryption operations and / or authentication operations on the data to be transmitted can be implemented.
- a security module 11 by means of which encryption and decryption operations and / or authentication operations on the data to be transmitted can be implemented.
Landscapes
- Engineering & Computer Science (AREA)
- Theoretical Computer Science (AREA)
- Physics & Mathematics (AREA)
- General Engineering & Computer Science (AREA)
- General Physics & Mathematics (AREA)
- Software Systems (AREA)
- Mathematical Physics (AREA)
- Computer Hardware Design (AREA)
- Data Exchanges In Wide-Area Networks (AREA)
- Storage Device Security (AREA)
Abstract
Description
Claims
Applications Claiming Priority (2)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
DE102015206196.5A DE102015206196A1 (de) | 2015-04-08 | 2015-04-08 | Verwaltung von Schnittstellen in einem verteilten System |
PCT/EP2016/054352 WO2016162144A1 (de) | 2015-04-08 | 2016-03-02 | Verwaltung von schnittstellen in einem verteilten system |
Publications (1)
Publication Number | Publication Date |
---|---|
EP3281106A1 true EP3281106A1 (de) | 2018-02-14 |
Family
ID=55451186
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
EP16707430.1A Ceased EP3281106A1 (de) | 2015-04-08 | 2016-03-02 | Verwaltung von schnittstellen in einem verteilten system |
Country Status (4)
Country | Link |
---|---|
EP (1) | EP3281106A1 (de) |
CN (1) | CN107430575B (de) |
DE (1) | DE102015206196A1 (de) |
WO (1) | WO2016162144A1 (de) |
Cited By (1)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
DE102021203329A1 (de) | 2021-04-01 | 2022-10-06 | Robert Bosch Gesellschaft mit beschränkter Haftung | Vorrichtung und Verfahren zum Verwalten von Kommunikation über Schnittstellen in einem virtualisierten System |
Families Citing this family (3)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
DE102018124106A1 (de) * | 2018-09-28 | 2020-04-02 | Rockwell Collins Deutschland Gmbh | Datenverarbeitungsvorrichtung mit mehreren Prozessoren und mehreren Schnittstellen |
DE102020213018A1 (de) | 2020-10-15 | 2022-04-21 | Robert Bosch Gesellschaft mit beschränkter Haftung | Verfahren und Vorrichtung zur Übertragung von Daten zwischen Gastsystemen eines gemeinsamen Wirtssystems |
CN115190187B (zh) * | 2021-02-19 | 2024-06-28 | 神经元信息技术(成都)有限公司 | 数据转换方法及数据处理方法 |
Family Cites Families (8)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US8990799B1 (en) * | 2008-01-30 | 2015-03-24 | Emc Corporation | Direct memory access through virtual switch in device driver |
US8667187B2 (en) * | 2008-09-15 | 2014-03-04 | Vmware, Inc. | System and method for reducing communication overhead between network interface controllers and virtual machines |
US8788570B2 (en) * | 2009-06-22 | 2014-07-22 | Citrix Systems, Inc. | Systems and methods for retaining source IP in a load balancing multi-core environment |
WO2013064181A1 (de) * | 2011-11-02 | 2013-05-10 | Siemens Aktiengesellschaft | Echtzeit-ethernet in virtuellen maschinen |
DE102012105068A1 (de) * | 2012-06-12 | 2013-12-12 | Eads Deutschland Gmbh | Beschleunigungseinrichtung mit Unterstützung für virtuelle Maschinen |
DE102012215765A1 (de) | 2012-09-05 | 2014-05-15 | Robert Bosch Gmbh | Gateway-Modul für ein Kommunikationssystem, Kommunikationssystem und Verfahren zur Übertragung von Daten zwischen Teilnehmern eines Kommunikationssystems |
US9053340B2 (en) * | 2012-10-12 | 2015-06-09 | Citrix Systems, Inc. | Enterprise application store for an orchestration framework for connected devices |
US20150049096A1 (en) * | 2013-08-16 | 2015-02-19 | LEAP Computing, Inc. | Systems for Handling Virtual Machine Graphics Processing Requests |
-
2015
- 2015-04-08 DE DE102015206196.5A patent/DE102015206196A1/de active Pending
-
2016
- 2016-03-02 EP EP16707430.1A patent/EP3281106A1/de not_active Ceased
- 2016-03-02 CN CN201680019855.6A patent/CN107430575B/zh active Active
- 2016-03-02 WO PCT/EP2016/054352 patent/WO2016162144A1/de active Application Filing
Cited By (1)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
DE102021203329A1 (de) | 2021-04-01 | 2022-10-06 | Robert Bosch Gesellschaft mit beschränkter Haftung | Vorrichtung und Verfahren zum Verwalten von Kommunikation über Schnittstellen in einem virtualisierten System |
Also Published As
Publication number | Publication date |
---|---|
WO2016162144A1 (de) | 2016-10-13 |
CN107430575A (zh) | 2017-12-01 |
CN107430575B (zh) | 2021-07-23 |
DE102015206196A1 (de) | 2016-10-13 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
WO2016162144A1 (de) | Verwaltung von schnittstellen in einem verteilten system | |
DE112006001933B4 (de) | Stillegen eines Prozessorbusagenten | |
DE102018132970A1 (de) | Verfahren und Vorrichtung zur Isolation von sensiblem nichtvertrauenswürdigem Programmcode auf mobilen Endgeräten | |
DE102012017339B4 (de) | Rechnersystem | |
DE112020005949T5 (de) | Informationsverarbeitungsvorrichtung, Anomalieerfassungsverfahren und Computerprogramm | |
DE102012105093A1 (de) | Sicherer Datenspeicher für Fahrzeugnetzwerke | |
EP3655876B1 (de) | Ein-chip-system, verfahren zum betrieb eines ein-chip-systems und kraftfahrzeug | |
EP3186710B1 (de) | Mikrocontrollersystem und verfahren für sicherheitskritische kraftfahrzeugsysteme sowie deren verwendung | |
DE102019106551A1 (de) | Mehrfach-steuergerät für ein fahrzeug | |
EP3566398B1 (de) | Verfahren und halbleiterschaltkreis zum schützen eines betriebssystems eines sicherheitssystems eines fahrzeugs | |
EP3418933A1 (de) | Edge-gerät und verfahren zum betrieb eines edge-geräts | |
DE102013226700A1 (de) | Fahrzeugelektronikeinheit | |
EP4364015A1 (de) | Ausführen von privilegierten operationen in einem container | |
EP2793196A2 (de) | Tachograph und On-Board-Einheit für ein Nutzkraftfahrzeug | |
DE102021203329A1 (de) | Vorrichtung und Verfahren zum Verwalten von Kommunikation über Schnittstellen in einem virtualisierten System | |
DE102021201236A1 (de) | Verfahren zum Authentifizieren einer Nachricht einer Recheneinheit, Recheneinheit, Computerprogramm und Fahrzeug | |
DE102007018777A1 (de) | Steuervorrichtung für Fahrzeuge | |
EP3391279B1 (de) | Mikrocontrollersystem und verfahren zur kontrolle von speicherzugriffen in einem mikrocontrollersystem | |
DE102018200555A1 (de) | Fahrzeugelektronikeinheit mit einer physikalischen Netzwerk-Schnittstelle und mehreren virtuelle Netzwerk-Schnittstellen aufweisenden virtuellen Maschinen sowie Datenkommunikationsverfahren zwischen den virtuellen Maschinen und der Netzwerk-Schnittstelle zu einem lokalen Fahrzeugnetzwerk eines Fahrzeugs | |
DE102016222691A1 (de) | Mikrocontrollersystem und Verfahren zur Kontrolle von Speicherzugriffen in einem Mikrocontrollersystem | |
DE102022206744B3 (de) | Ressourcenschutz | |
DE102022133985A1 (de) | Steuergerät mit QM-Betriebssystem als Servicearchitektur für ASIL-Anwendungen | |
DE102018010323A1 (de) | Datenkommunikationsverfahren zwischen den virtuellen Maschinen einer Fahrzeugelektronikeinheit und deren Netzwerk-Schnittstelle zu einem lokalen Fahrzeugnetzwerk eines Fahrzeugs | |
DE102020213018A1 (de) | Verfahren und Vorrichtung zur Übertragung von Daten zwischen Gastsystemen eines gemeinsamen Wirtssystems | |
DE102023002199A1 (de) | Verfahren, Prüfeinrichtung und Programmprodukt zum Prüfen eines Fahrzeugdatenaufzeichnungssystems |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
STAA | Information on the status of an ep patent application or granted ep patent |
Free format text: STATUS: THE INTERNATIONAL PUBLICATION HAS BEEN MADE |
|
PUAI | Public reference made under article 153(3) epc to a published international application that has entered the european phase |
Free format text: ORIGINAL CODE: 0009012 |
|
STAA | Information on the status of an ep patent application or granted ep patent |
Free format text: STATUS: REQUEST FOR EXAMINATION WAS MADE |
|
17P | Request for examination filed |
Effective date: 20171108 |
|
AK | Designated contracting states |
Kind code of ref document: A1 Designated state(s): AL AT BE BG CH CY CZ DE DK EE ES FI FR GB GR HR HU IE IS IT LI LT LU LV MC MK MT NL NO PL PT RO RS SE SI SK SM TR |
|
AX | Request for extension of the european patent |
Extension state: BA ME |
|
DAV | Request for validation of the european patent (deleted) | ||
DAX | Request for extension of the european patent (deleted) | ||
STAA | Information on the status of an ep patent application or granted ep patent |
Free format text: STATUS: EXAMINATION IS IN PROGRESS |
|
17Q | First examination report despatched |
Effective date: 20200221 |
|
RAP1 | Party data changed (applicant data changed or rights of an application transferred) |
Owner name: ROBERT BOSCH GMBH |
|
STAA | Information on the status of an ep patent application or granted ep patent |
Free format text: STATUS: EXAMINATION IS IN PROGRESS |
|
REG | Reference to a national code |
Ref country code: DE Ref legal event code: R003 |
|
STAA | Information on the status of an ep patent application or granted ep patent |
Free format text: STATUS: THE APPLICATION HAS BEEN REFUSED |
|
18R | Application refused |
Effective date: 20211109 |