Model-Based Generation of Run-Time Monitors for AUTOSAR

  • Lars Patzina
  • Sven Patzina
  • Thorsten Piper
  • Paul Manns
Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 7949)


Driven by technical innovation, embedded systems, especially in vehicles, are becoming increasingly interconnected and, consequently, have to be secured against failures and threats from the outside world. One approach to improve the fault tolerance and resilience of a system is run-time monitoring. AUTOSAR, the emerging standard for automotive software systems, specifies several run-time monitoring mechanisms at the watchdog and OS level that are neither intended, nor able to support complex run-time monitoring. This paper addresses the general challenges involved in the development and integration of a model-based generation process of complex run-time security and safety monitors. A previously published model-based development process for run-time monitors based on a special kind of Petri nets is enhanced and tailored to fit seamlessly into the AUTOSAR development process. In our evaluation, we show that efficient monitors for AUTOSAR can be directly modeled and generated from the corresponding AUTOSAR system model.


AUTOSAR extended live sequence charts model-based monitor petri nets run-time monitoring signatures 


Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.


  1. 1.
    AUTOSAR: Specification of Operating System (2011),
  2. 2.
    AUTOSAR: Specification of Watchdog Manager (2011),
  3. 3.
    Cotard, S., Faucou, S., Bechennec, J.L., Queudet, A., Trinquet, Y.: A Data Flow Monitoring Service Based on Runtime Verification for AUTOSAR. In: IEEE 14th International Conference on HPCC-ICESS 2012, pp. 1508–1515 (2012)Google Scholar
  4. 4.
    Cotard, S., Faucou, S., Béchennec, J.: A Dataflow Monitoring Service Based on Runtime Verification for AUTOSAR OS: Implementation and Performances. OSPERT pp. 46–55 (2012)Google Scholar
  5. 5.
    Damm, W., Harel, D.: LSCs: Breathing Life into Message Sequence Charts. Formal Methods in System Design 19(1), 45–80 (2001)zbMATHCrossRefGoogle Scholar
  6. 6.
    Frankowiak, M.R., Grosvenor, R.I., Prickett, P.W.: Microcontroller-Based Process Monitoring Using Petri-Nets. EURASIP Journal on Embedded Systems 2009, 3:1–3:12 (2009)Google Scholar
  7. 7.
    Groll, A., Ruland, C.: Secure and Authentic Communication on Existing In-Vehicle Networks. In: Intelligent Vehicles Symposium, pp. 1093–1097. IEEE (2009)Google Scholar
  8. 8.
    Harel, D., Thiagarajan, P.: Message Sequence Charts. In: Lavagno, L., Martin, G., Selic, B. (eds.) UML for Real, pp. 77–105. Springer (2004)Google Scholar
  9. 9.
    Koscher, K., Czeskis, A., et al.: Experimental Security Analysis of a Modern Automobile. In: IEEE Symposium on SP, pp. 447–462 (2010)Google Scholar
  10. 10.
    Kumar, R., Mercer, E., Bunker, A.: Improving Translation of Live Sequence Charts to Temporal Logic. ENTCS 250(1), 137–152 (2009)Google Scholar
  11. 11.
    Kumar, S.: Classification and Detection of computer Intrusions. Ph.D. thesis, Purdue University (1995)Google Scholar
  12. 12.
    Oh, N., Shirvani, P., McCluskey, E.: Control-flow Checking by Software Signatures. IEEE Transactions on Reliability 51(1), 111–122 (2002)CrossRefGoogle Scholar
  13. 13.
    Papadimitratos, P., Buttyan, L., et al.: Secure Vehicular Communication Systems: Design and Architecture. IEEE Communications Magazine 46(11), 100–109 (2008)CrossRefGoogle Scholar
  14. 14.
    Patzina, L., Patzina, S., Piper, T., Schürr, A.: Monitor Petri Nets for Security Monitoring. In: Proc. of 1st S&D4RCES, pp. 3:1–3:6. ACM (2010)Google Scholar
  15. 15.
    Patzina, S., Patzina, L., Schürr, A.: Extending LSCs for Behavioral Signature Modeling. In: Camenisch, J., Fischer-Hübner, S., Murayama, Y., Portmann, A., Rieder, C. (eds.) SEC 2011. IFIP AICT, vol. 354, pp. 293–304. Springer, Heidelberg (2011)CrossRefGoogle Scholar
  16. 16.
    Patzina, S., Patzina, L.: A Case Study Based Comparison of ATL and SDM. In: Schürr, A., Varró, D., Varró, G. (eds.) AGTIVE 2011. LNCS, vol. 7233, pp. 210–221. Springer, Heidelberg (2012)CrossRefGoogle Scholar
  17. 17.
    Piper, T., Winter, S., Manns, P., Suri, N.: Instrumenting AUTOSAR for Dependability Assessment: A Guidance Framework. In: 42nd Annual IEEE/IFIP International Conference on DSN, pp. 1–12. IEEE (2012)Google Scholar
  18. 18.
    The MathWorks, Inc.: Modeling an Automatic Transmission Controller (2012), (visited on Feburary 12, 2013)

Copyright information

© Springer-Verlag Berlin Heidelberg 2013

Authors and Affiliations

  • Lars Patzina
    • 1
  • Sven Patzina
    • 1
  • Thorsten Piper
    • 2
  • Paul Manns
    • 2
  1. 1.Real-Time Systems LabTechnische Universität DarmstadtDarmstadtGermany
  2. 2.DEEDS GroupTechnische Universität DarmstadtDarmstadtGermany

Personalised recommendations