Certify the Uncertified: Towards Assessment of Virtualization for Mixed-criticality in the Automotive Domain

TL;DR

This paper investigates the certification potential of virtualization hypervisors in automotive mixed-criticality systems, proposing a testing methodology to identify fault states and guide certification processes.

Contribution

It introduces a testing methodology for Jailhouse hypervisor to assess certification readiness in automotive safety standards.

Findings

Identified fault states in Jailhouse hypervisor

Proposed a methodology for certification assessment

Guided future hypervisor certification efforts

Abstract

Nowadays, a feature-rich automotive vehicle offers several technologies to assist the driver during his trip and guarantee an amusing infotainment system to the other passengers, too. Consolidating worlds at different criticalities is a welcomed challenge for car manufacturers that have recently tried to leverage virtualization technologies due to reduced maintenance, deployment, and shipping costs. For this reason, more and more mixed-criticality systems are emerging, trying to assure compliance with the ISO 26262 Road Vehicle Safety standard. In this short paper, we provide a preliminary investigation of the certification capabilities for Jailhouse, a popular open-source partitioning hypervisor. To this aim, we propose a testing methodology and showcase the results, pointing out when the software gets to a faulting state, deviating from its expected behavior. The ultimate goal is to picture the right direction for the hypervisor towards a potential certification process.