Benefits and implications of the DECOS encapsulation approach

In contrast to federated architectures, an integrated architecture provides means to support mixed-criticality systems, i.e., systems that consist of distributed application parts (subsystems) with different criticality levels, on top of the same physical hardware. A major prerequisite for the integration of subsystems with different criticality levels, is given by a strong and reliable protection of the subsystems against each other - both in space and time. Within DECOS, an encapsulated execution environment is set up in order to establish the required level of protection by providing a mixture of hardware (e.g., memory protection) and software mechanisms (e.g., realtime operating system). The development of an encapsulated execution environment is driven by the enormous advances in the domain of dependable real-time control systems in the past decade and the increase of system size in terms of required hardware components (ECUs). This paper shall give an overview of the benefits of the chosen approach and investigate its implications. Thereby, it examines the need for proper development methods that assist the application developer. For instance, the emulation of a subsystem or its parts within an integrated architecture through a simulation requires appropriate approaches.