Springer Nature is making SARS-CoV-2 and COVID-19 research free. View research | View latest news | Sign up for updates

An integrated architecture for future car generations


The DECOS architecture is an integrated architecture that builds upon the validated services of a time-triggered network, which serves as a shared resource for the communication activities of more than one application subsystem. In addition, encapsulated partitions are used to share the computational resources of Electronic Control Units (ECUs) among software modules of multiple application subsystems. This paper investigates the benefits of the DECOS architecture as an electronic infrastructure for future car generations. The shift to an integrated architecture will result in quantifiable cost reductions in the areas of system hardware cost and system development. In the paper we present a current federated Fiat car E/E architecture and discuss a possible mapping to an integrated solution based on the DECOS architecture. The proposed architecture provides a foundation for mixed criticality integration with both safety-critical and non safety-critical subsystems. In particular, this architecture supports applications up to the highest criticality classes (10−9 failures per hour), thereby taking into account the emerging dependability requirements of by-wire functionality in the automotive industry.

This is a preview of subscription content, log in to check access.


  1. Ademaj A, Sivencrona H, Bauer G, Torin J (2003) Evaluation of fault handling of the time-triggered architecture with bus and star topology. In: Proc of the 2003 int conference on dependable systems and networks, pp 123–132

  2. ARINC (1991) ARINC specification 651: design guide for integrated modular avionics. Aeronautical Radio Inc, Annapolis

  3. ARINC (1993) ARINC specification 659: backplane data bus. Aeronautical Radio Inc, Annapolis

  4. ARINC (2003) ARINC specification 664 (draft): aircraft data network part 7—deterministic networks. Aeronautical Radio Inc, Annapolis

  5. ARINC (2006) ARINC specification 653: avionics application software standard interface, part 1—required services. Aeronautical Radio Inc, Annapolis

  6. AUTOSAR GbR (2006a) AUTOSAR—specification of RTE software V1.0.1

  7. AUTOSAR GbR (2006b) AUTOSAR—technical overview V2.0.1

  8. Bauer G, Kopetz H, Steiner W (2003) The central guardian approach to enforce fault isolation in a time-triggered system. In: Proc of the 6th int symposium on autonomous decentralized systems, pp 37–44

  9. Bosch B (1991) CAN specification, version 2.0. Robert Bosch Gmbh, Stuttgart

  10. Bouyssounouse B, Sifakis J (eds) (2005) Embedded systems design. Springer, New York

  11. Butler R, Caldwell JL, Vito B (1991) Design strategy for a formally verified reliable computing platform. In: Proc of the 6th annual conference on computer assurance systems, pp 125–133

  12. Elmenreich W (2002) Sensor fusion in time-triggered systems. PhD thesis, Technische Universität Wien, Institut für Technische Informatik

  13. Flex (2005) FlexRay communications system protocol specification version 2.1. FlexRay Consortium

  14. Giusto P, Ferrari A, Lavagno L, Brunel J-Y, Fourgeau E, Sangiovanni-Vincentelli A (2002) Automotive virtual integration platforms: why’s, what’s, and how’s. In: Proc of the IEEE int conference on computer design: VLSI in computers and processors, pp 370–378

  15. Hammett R (2003) Flight-critical distributed systems: design considerations [avionics]. IEEE Aerosp Electron Syst Mag 18(6):30–36

  16. Hedenetz B, Belschner R (1998) Brake-by-wire without mechanical backup by using a TTP-communication network. In: Proceedings of SAE congress. Daimler-Benz AG

  17. Heinecke H et al (2004) Automotive open system architecture—an industry-wide initiative to manage the complexity of emerging automotive E/E-architectures. In: Proc of the convergence int congress & exposition on transportation electronics 2004-21-0042

  18. Heitzer H (2003) Development of a fault-tolerant steer-by-wire steering system. Auto Technol 4:56–60

  19. Huber B, Peti P, Obermaisser R, Salloum CE (2005) Using RTAI/LXRT for partitioning in a prototype implementation of the DECOS architecture. In: Proc of the third int workshop on intelligent solutions in embedded systems

  20. IEC (1999) IEC 61508-7: functional safety of electrical, electronic, programmable electronic safety-related systems—part 7: overview of techniques and measures IEC: int Electrotechnical Commission

  21. Johnson S, Butler R (1992) Design for validation. IEEE Aerosp Electron Syst Mag 7(1):38–43

  22. Jones C et al (2002) Final version of the DSoS conceptual model. DSoS project (IST-1999-11585)

  23. Kinnan L, Wlad J, Rogers P (2004) Porting applications to an ARINC 653 compliant IMA platform using VxWorks as an example. In: Proc of the 23rd digital avionics systems conference, vol 2, pp 10.B. 1–10.1–8

  24. Kopetz H (1997) Real-time systems, design principles for distributed embedded applications. Kluwer Academic, Dordrecht

  25. Kopetz H (2003) Fault containment and error detection in the time-triggered architecture. In: Proc of the sixth int symposium on autonomous decentralized systems

  26. Kopetz H, Bauer G (2003) The time-triggered architecture. IEEE special issue on modeling and design of embedded software

  27. Kopetz H, Obermaisser R (2002) Temporal composability. Comput Control Eng J 13:156–162

  28. Kopetz H, Suri N (2003) Compositional design of RT systems: a conceptual basis for specification of linking interfaces. In: Proc of the 6th IEEE int symposium on object-oriented real-time distributed computing, pp 51–60

  29. Kopetz H, Ademaj A, Grillinger P, Steinhammer K (2005) The Time-Triggered Ethernet (TTE) design. In: Proc of 8th IEEE int symposium on object-oriented real-time distributed computing (ISORC)

  30. Lala J, Harper R (1994) Architectural principles for safety-critical real-time applications. Proc IEEE 82:25–40

  31. Laprie J (1992) Dependability: basic concepts and terminology. In: Dependable computing and fault tolerant systems, vol 5. Springer, Vienna, pp 257–282

  32. Leen G, Heffernan D (2002) Expanding automotive electronic systems. Computer 35(1):88–93

  33. Leveson N (1986) Software safety: why, what, and how. ACM Comput Surv 18(2):125–163

  34. LIN (2003) LIN specification package revision 2.0. LIN Consortium

  35. LynuxWorks (2006) LynxOS 4.0 user’s guide. LynuxWorks

  36. NextTTA (2003) Project deliverable D2.4. Emulation of CAN and TCP/IP. IST-2001-32111. High confidence architecture for distributed control applications

  37. Obermaisser R, Peti P (2005a) Comparison of the temporal performance of physical and virtual CAN networks. In: Proc of the IEEE int symposium on industrial electronics, Dubrovnik, Croatia

  38. Obermaisser R, Peti P (2005b) Realization of virtual networks in the DECOS integrated architecture. In: Proc of the workshop on parallel and distributed real-time systems 2006 (WPDRTS). IEEE

  39. Obermaisser R, Peti P (2005c) Specification and execution of gateways in integrated architectures. In: Proc of the 10th IEEE int conference on emerging technologies and factory automation, Catania, Italy. IEEE

  40. Obermaisser R, Peti P (2006) A fault hypothesis for integrated architectures. In: Proc of the 4th int workshop on intelligent solutions in embedded systems

  41. Obermaisser R, Peti P, Huber B, Salloum CE (2006) DECOS: an integrated time-triggered architecture. e & i J (J Austrian Prof Instit Electr Inf Eng) 3:83–95

  42. Peti P, Obermaisser R (2006) A diagnostic framework for integrated time-triggered architectures. In: Proc of the 9th IEEE int symposium on object-oriented real-time distributed computing

  43. Poledna S (1994) Replica determinism in distributed real-time systems: a brief survey. Real-Time Syst 6:289–316

  44. Reichart G, Haneberg M (2004) Key drivers for a future system architecture in vehicles. In: Convergence int congress. SAE

  45. Reif K (2006) Automobilelektronik. Eine Einführung für Ingenieure (Broschiert). Vieweg, Braunschweig

  46. Rolina T (2006) Past, present, and future of real-time embedded automotive software: a close look at basic concepts of AUTOSAR. In: Proc of SAE world congress, Detroit, Michigan

  47. Rushby J (2001) Bus architectures for safety-critical embedded systems. In: Proc of the 1st workshop on embedded software. Lecture notes in computer science, vol 2211. Springer, New York, pp 306–323

  48. Saad A, Weinmann U (2004) Intelligent automotive system services: requirements, architectures and implementation issues. In: Convergence int congress, Detroit, MI, USA. SAE

  49. Segarra M, Losert T, Obermaisser R (2003) Hard real-time CORBA: TTP transport definition. Technical report IST37652/067, Universidad Politecnica de Madrid

  50. Simon H (1996) The sciences of the artificial. MIT Press, Cambridge

  51. Suri N, Walter C, Hugue M (1995) Advances in ultra-dependable distributed systems. IEEE Computer Society Press, Los Alamitos. Chapter 1

  52. Swingler J, McBride J (1999) The degradation of road tested automotive connectors. In: Proc of the 45th IEEE holm conference on electrical contacts, pp 146–152

  53. TTTech (2002) Time-triggered protocol TTP/C—high level specification document. TTTech Computertechnik AG

  54. Witwer B (1996) Systems integration of the 777 airplane information management system (aims). IEEE Aerosp Electron Syst Mag 11(4):17–21

Download references

Author information

Correspondence to Roman Obermaisser.

Rights and permissions

Reprints and Permissions

About this article

Cite this article

Obermaisser, R., Peti, P. & Tagliabo, F. An integrated architecture for future car generations. Real-Time Syst 36, 101–133 (2007). https://doi.org/10.1007/s11241-007-9015-4

Download citation


  • Real-time systems
  • System architectures
  • Automotive electronics
  • Communication networks
  • Legacy systems
  • Dependability
  • Component-based integration