Green Hills Software - Experts & Thought Leaders

Green Hills Software, the pioneer in embedded safety and security, announces the release of µ-visor™, its safe and secure embedded virtualisation hypervisor, for the Renesas RH850/U2A microcontroller (MCU). Designed to support the emerging automotive cybersecurity requirements of ISO/SAE 21434 and UNECE WP.29 and to meet ISO 26262 ASIL D functional safety, µ-visor for MCUs expands Green Hills leadership in safe and secure virtualisation technology and its product line. µ-visor joins the proven, broadly deployed INTEGRITY Multivisor® virtualisation for application processors already used in tens of millions of commercial vehicles worldwide. Multiple virtual machines µ-visor is the basis for safe and secure consolidation of multiple MCU-based systems onto a single multicore RH850/U2A design, enabling savings in cost, size, and power for the resulting consolidated system, while at the same time simplifying the safety design of the system. µ-visor allows multiple virtual machines to run simultaneously, supporting a variety of scheduling By employing the advanced hardware-based assisted virtualisation capabilities of Renesas’ RH850/U2A, µ-visor allows multiple virtual machines to run simultaneously, supporting a variety of scheduling and core management strategies to meet various automotive uses cases and to ensure extremely low overhead. The Green Hills MULTI® integrated development environment (IDE) and related ISO 26262 ASIL D-certified tools provide developers with tightly integrated tools that deliver unprecedented visibility into system performance and runtime behaviour, enabling rapid integration and optimisation of multiple workloads onto a single RH850/U2A MCU. Hardware virtualisation function µ-visor can host a variety of operating systems, including AUTOSAR environments from third-party vendors, Green Hills Software’s own µ-velOSity™ operating system, customer in-house operating systems, or micro-executive designs, giving customers a great deal of flexibility on how to design consolidation for their automotive controller use cases, including support for ECU safety islands. The Renesas RH850/U2A is the world’s first MCU with embedded flash that integrates a hardware-based virtualisation-assisted function while maintaining the fast, real-time performance that customers expect of the RH850 products. The hardware virtualisation function supports ISO 26262 ASIL D functional safety, enabling greater levels of system integration of the safety applications of automotive OEMs and Tier 1s into a single, unified MCU-based electronic control unit (ECU). Multiple software services µ-visor from Green Hills Software fully supports all of these advanced capabilities To support ASIL D, the hardware-based virtualisation technology allows customers to implement multiple software services with different functional safety levels on the RH850/U2A MCU that can run concurrently without interference while maintaining the hard real-time deterministic performance required to control modern and future vehicle functions. µ-visor from Green Hills Software fully supports all of these advanced capabilities. “Renesas and Green Hills have been working together for decades to provide the best functional safety solutions for Renesas MCUs for our mutual customers,” said Naoki Yoshida, Vice President of Automotive Digital Products Marketing Division at Renesas. Challenging consolidation requirements “Renesas RH850/U2A’s hardware-based virtualisation assisted technology and Green Hills Software’s extensive experience with virtualisation and Renesas’ products is a natural combination. We’ve worked together to address our customers’ most challenging consolidation requirements, and µ-visor enables the full utilisation of the advanced capabilities of our latest MCUs.” “Green Hills Software’s virtualisation technology for application processors is already in production in tens of millions of vehicles today,” said Matthew Slager, Vice President of Asia-Pacific Operations at Green Hills Software. “By extending our virtualisation technology expertise and experience into the MCU market with µ-visor and working with Renesas, Green Hills Software can offer best-in-class performance, functional safety and cybersecurity on the RH850/U2A, allowing automotive customers to achieve the challenging goals of developing and deploying highly performant and entirely safe and secure ECU consolidation.”

Green Hills Software, the pioneer in embedded safety and security, announces it has adopted the two new international security standards and regulations for automotive cybersecurity – ISO/SAE 21434 and UNECE WP.29 – for the INTEGRITY® real-time operating system (RTOS) and associated products and services. For decades, Green Hills has been helping electronics manufacturers create and deploy embedded systems at the highest levels of safety and security. By offering compliant products and associated evidence reports for these new standards, Green Hills will build upon its proven pedigree as the foundational run-time software provider trusted by OEMs and their Tier 1 suppliers for automotive electronics. Software-defined services Utilising these new security standards enables manufacturers to design and deploy purpose-built, secure, software-defined systems in connected vehicles, including highly automated driving, high performance compute clusters, domain controllers, vehicle gateways, telematics, keyless entry, diagnostic connections and electric vehicle charging stations, to name a few. As reliance on vehicle connectivity grows and demand for software-defined services rises, the risk of cyberattacks against connected vehicles continues to rise. With over 100 ECUs and hundreds of millions of lines of code, connected vehicles are a target-rich platform for cyberattacks. Malicious vehicle control A single exploited security vulnerability could put an entire fleet of vehicles at risk, numbering in the millions Multiple points of entry to modern connected vehicles provide opportunities for malicious vehicle control, fraud, and data-breaches that threaten companies, drivers, and road users. A single exploited security vulnerability could put an entire fleet of vehicles at risk, numbering in the millions. With nearly 80% of new cars connected to the internet, cybersecurity breaches have the potential to put billions of dollars in sales and lawsuits at risk – not to mention the damage to brand reputation. As a result, governmental bodies and independent regulators are drafting two related measures for managing cybersecurity threats throughout a connected vehicle’s lifecycle. Ensuring cybersecurity risks Green Hills is collaborating with its customers and adopting cybersecurity assessment policies for the following: The draft ISO/SAE 21434 ‘Road vehicles – Cybersecurity engineering’ Standard was recently published by SAE International and ISO (Organisation for Standardisation). It is a baseline for vehicle manufacturers and suppliers to ensure cybersecurity risks are managed efficiently and effectively from both a product lifecycle and organisational perspective spanning concept, development, production, operation, maintenance, and decommissioning. The WP.29 regulations from the United Nations Economic Commission for Europe (UNECE) make OEMs responsible for cybersecurity mitigation in four cybersecurity areas spanning the entire vehicle lifecycle: managing cyber risks; securing vehicles by design; detecting and responding to security incidents; and providing safe and secure over-the-air (OTA) software updates. While WP.29 defines concrete examples of threats and mitigations, OEMs can choose how they show the threats are addressed, such as complying with ISO/SAE 21434. The regulation is expected to be finalised in early 2021 and applied initially to many member nations including European nations, South Korea, UK, and Japan, and will likely influence vehicle homologation polices in the US, Canada and China. WP.29 will be legally binding within adopting countries, and while the ISO/SAE 21434 standard is not a regulation, it is expected to be widely accepted in the global industry like ISO 26262. Connected vehicle electronics “Connected cars bring significant risks and rewards to OEMs and their suppliers,” said Chris Rommel, Executive Vice President, IoT & Industrial Technology at VDC Research. “Green Hills has earned a high stature in the industry for supplying security-critical foundational software to companies building life-critical systems like aircraft avionics, vehicle ADAS and medical equipment, and its support of these new cybersecurity standards is noteworthy.” “ISO/SAE 21434 and WP.29 are valuable additional steps towards protecting connected vehicles from cybersecurity vulnerabilities,” said Dan Mender, VP of Business Development at Green Hills Software. “Green Hills has decades of experience developing and delivering security-certified technologies at the highest levels. Adopting these standards expands our offerings to global automotive OEMs and their suppliers bringing the industry’s leading secure software run-time environment to next-generation connected vehicle electronics.”

Sectigo®, a provider of automated digital identity management, embedded security, and web security solutions, and Green Hills Software, the pioneer in high-assurance operating systems, have announced a global reseller agreement. The agreement enables Green Hills Software to offer Sectigo's Icon LabsTM Embedded Firewall, integrated and optimised for use with Green Hills Software’s INTEGRITY® real-time operating system (RTOS) and its embedded high-performance TCP/IP v4/v6 host and router networking stack. Internet-connected platform The pairing strengthens Green Hills Software’s internet-connected platform solutions with the expanded networking security required in connected systems responsible for critical functions for automotive, industrial, medical, transportation and mil/aero industries. “Most cyberattacks on embedded systems remain undetected until it is too late. Early detection is critical as it maximises the safety of products while helping to prevent the loss of IP, disruption of services, and attacks proliferating to other portions of the system or network,” explained Alan Grau, VP of IoT/Embedded Solutions, Sectigo. “Green Hills Software’s integration of our embedded firewall with their proven and mature INTEGRITY RTOS will provide customers worldwide with a powerful combination of experience and security technology that sounds the alarm, then stops the attack.” Critical embedded systems The INTEGRITY RTOS microkernel architecture is designed for critical embedded systems The INTEGRITY RTOS microkernel architecture is designed for critical embedded systems demanding proven separation, security, and real-time determinism. The operating system’s separation architecture helps manufacturers safely and securely partition software running at different levels of criticality. For critical functions, INTEGRITY assures secure and real-time execution by means of impenetrable partitions that deliver freedom-from-interference and guaranteed system resources. The Sectigo Icon Labs Embedded Firewall enjoys widespread global adoption, combining numerous powerful and configurable features to detect and contain cyberattacks. Disabling static filtering Configurable filtering policies — Uses configured filtering rules to control the filtering engine. The rules provide complete control over the type of filtering performed and the specific criteria used to filter packets. Rules can be configured for: Static filtering rules for IP address, MAC address, port number, and protocol number Block list and allow list filtering modes DPI filtering rules for message type, message contents, and message source Threshold-based filtering criteria Independently enabling and disabling static filtering, dynamic filtering, DPI filtering, and threshold-based filtering Replay attack protection EDSA Compliance support — Serves as an important building block for achieving EDSA compliance for embedded devices, providing support for many capabilities mandated by EDSA-311: Protocol fuzzing and replay attack protection Data flooding protection Denial of service protection Notification of attacks Disabling of unused ports Logging and alerting — Maintains a log of security events and policy violations, enabling command audits and forensic investigation to determine the source of an attack. Enabling remote management Management system integration — Incorporates an agent that enables remote management from an enterprise security manager system, or to other Security Information and Event Management (SIEM) systems. This integration provides: Centralised management of security policies Situational awareness and device status monitoring Event management and log file analysis Intrusion detection and prevention — Blocks all unused ports and protocols, limiting the attack surface hackers can exploit. Logging packets that violate configured filtering rules enables detection of unusual traffic patterns, traffic from unknown IP addresses, and other suspicious behaviour. Additional cybersecurity capability “Green Hills is pleased to be adding this additional cybersecurity capability to our portfolio of industry-leading foundational security offerings,” said Dan Mender, VP of Business Development, Green Hills Software. “Protecting critical internet-connected solutions is paramount for our customers, and Sectigo’s Icon Labs Embedded Firewall capability extends our customers’ ability to design purpose-built secure solutions in automotive, industrial, medical, transportation and mil/aero markets.” Green Hills Software’s internet-connected platforms are integrated and optimised with Sectigo’s embedded firewall and are available.