Automobile software scheduling method and system based on information security and dynamic programming
By quantifying the execution time and weight of information security tasks, a dynamic programming model is constructed to select the optimal execution mode, which solves the problems of rigid resource allocation and insufficient security protection in existing automotive software scheduling strategies, and realizes efficient and dynamic information security task scheduling.
Patent Information
- Authority / Receiving Office
- CN · China
- Patent Type
- Applications(China)
- Current Assignee / Owner
- XIAMEN KING LONG UNITED AUTOMOTIVE IND CO LTD
- Filing Date
- 2026-03-04
- Publication Date
- 2026-06-09
AI Technical Summary
Existing automotive software task scheduling strategies fail to effectively quantify information security value, resulting in rigid resource allocation, an inability to dynamically respond to cyberattacks, and insufficient overall vehicle security protection.
The automotive software scheduling method based on information security and dynamic programming constructs a dynamic programming model by quantifying the execution time and weight of information security tasks, and selects sequential or concurrent execution modes to achieve the optimal task execution sequence.
It enhances the overall vehicle information security protection effectiveness, possesses strong dynamic adaptability, and can quickly construct the optimal information security response strategy in network attack scenarios, thereby improving resource utilization.
Smart Images

Figure CN122173233A_ABST
Abstract
Description
Technical Field
[0001] This invention relates to the fields of automotive electronics and in-vehicle network information security technology, and in particular to an automotive software scheduling method and system based on information security and dynamic planning. Background Technology
[0002] With the rapid development of intelligent and connected vehicles, the electronic and electrical architecture of automobiles is becoming increasingly complex, and the risk of vehicles being exposed to network attacks is increasing significantly. As a key component of vehicle network communication, the in-vehicle TBOX performs information security tasks such as intrusion detection, security auditing, and encrypted communication, which are the core line of defense for the information security of the whole vehicle.
[0003] Current automotive software task scheduling commonly employs static scheduling strategies based on fixed priorities, such as Rate-Monotonic and Deadline-Monotonic. These strategies have significant drawbacks when dealing with the diverse information security tasks in a vehicle-to-everything (TBOX): First, they only consider the temporal attributes of tasks, such as their period and deadlines, without quantifying the differences in information security value. This can easily lead to low-security-value tasks consuming a large amount of resources while high-security-value critical tasks are overlooked, resulting in the vehicle's overall security protection level failing to reach its optimal level. Second, resource allocation is rigid, failing to dynamically adjust scheduling strategies based on real-time system load and security threat dynamics. When computing resources are strained, they cannot intelligently decide which information security tasks to prioritize. Third, the execution mode is singular, with pre-set tasks to be executed sequentially or entirely concurrently. They fail to adaptively switch modes based on task characteristics and system state, resulting in low resource utilization.
[0004] In the prior art, patent CN115809128A discloses a multi-core task scheduling method, which only realizes the automated scheduling of tasks and code generation, without considering the real-time constraints and information security weights of tasks; patent CN102081366A discloses a time-based task scheduling method for hybrid vehicle controllers, which lacks a dynamic planning mechanism based on information security weights; and patent CN118981363A discloses a vehicle service scheduling method, which does not realize dynamic assessment of security risks and intelligent scheduling of tasks.
[0005] Given the above background, there is an urgent need for a vehicle software scheduling method and system that comprehensively considers task execution time, information security weight, and dynamic resource constraints, so as to quickly construct the optimal information security response strategy when an attack occurs or the risk increases, thereby improving the dynamic information security protection level of the whole vehicle. Summary of the Invention
[0006] Other features and advantages of the invention will be set forth in the description which follows, and will be apparent in part from the description, or may be learned by practicing the invention. The objects and other advantages of the invention may be realized and obtained by means of the structures particularly pointed out in the description and other accompanying drawings.
[0007] The purpose of this invention is to overcome the above-mentioned shortcomings and provide a vehicle software scheduling method and system based on information security and dynamic programming.
[0008] To achieve the above objectives, the technical solution of the present invention is: a vehicle software scheduling method based on information security and dynamic programming, applied to an in-vehicle telematics controller (TBOX), comprising the following steps: S1. Quantify and define multiple information security tasks to be scheduled, and configure the execution time and information security weight for each information security task. The execution time is the time it takes for the information security task to complete on the specified hardware platform, and the information security weight is the contribution of the information security task to the overall information security protection level of the vehicle. S2. Determine the available scheduling time window. Based on the scheduling time window, formalize the automotive software scheduling problem into a dynamic programming model. The optimization objective of the dynamic programming model is to maximize the sum of information security weights of the selected information security tasks under the time constraint of the scheduling time window. S3. Based on the hardware resource status of the vehicle-mounted TBOX and the resource requirements of the information security task, select either sequential execution mode or concurrent execution mode, solve the dynamic programming model through a dynamic programming recursive algorithm, and obtain the optimal task execution sequence within the scheduling time window. S4. Based on the optimal task execution sequence, the real-time operating system of the vehicle-mounted TBOX triggers and executes the corresponding information security tasks.
[0009] In some embodiments, in step S1, the formula for calculating the information security weight is: wi = α × Vi + β × Ti + γ × Ri, where wi is the information security weight of the i-th information security task, Vi is the value of the asset protected by the i-th information security task, Ti is the threat level corresponding to the i-th information security task, Ri is the regulatory compliance requirement of the i-th information security task, α, β, and γ are weight coefficients, and α, β, and γ are all real numbers greater than 0, and α + β + γ = 1.
[0010] In some embodiments, in step S2, the state of the dynamic programming model is defined as dp[time], where dp[time] represents the maximum sum of information security weights that can be obtained in exactly time units of time. The value range of time is [0, W], where W is the total duration of the scheduling time window. The initialization rule of the dynamic programming model is: dp[0] = 0, and the initial values of dp[time] for the rest are all 0.
[0011] In some embodiments, in step S3, when the sequential execution mode is selected, the recursive formula of the dynamic programming recursive algorithm is: dp[time]=max(dp[time],dp[time−ti]+wi), where ti is the execution time of the i-th information security task, wi is the information security weight of the i-th information security task, and time decreases from the total duration W of the scheduling time window to ti; by tracing the state transition path of the recursive formula, the optimal task execution sequence in the sequential execution mode is obtained by backtracking.
[0012] In some embodiments, step S3, when selecting the concurrent execution mode, further includes: defining a concurrency factor k, where k is the maximum number of information security tasks that can be executed simultaneously by the vehicle TBOX per unit time, and the value of k matches the number of available processing cores of the vehicle TBOX; extending the state of the dynamic programming model to a two-dimensional state dp[time][c], where dp[time][c] represents the maximum sum of information security weights that can be obtained within time units of time when the currently available concurrent slots are c, and the value of c ranges from [0, k).
[0013] In some embodiments, the dynamic programming recursive algorithm in concurrent execution mode solves the optimal task execution sequence by processing three types of state transition events. The three types of state transition events are: starting a new concurrent task, if there are currently available concurrent slots (i.e., c>0), selecting an information security task and occupying a concurrent slot, with the state transition being dp[time][c−1]; releasing the slot upon task completion, simulating time progression, releasing the corresponding concurrent slot when the concurrently executed information security task is completed, and updating the number of available concurrent slots; and sequential execution, setting the concurrency factor k to 1 as a special case of concurrent execution mode to implement sequential execution of a single task.
[0014] In some embodiments, the method further includes step S5, which involves real-time monitoring of the system security status of the vehicle-mounted TBOX, the set of information security tasks to be scheduled, and available hardware resources. When any of these items changes, steps S1-S4 are repeated to dynamically replan the information security tasks and update the optimal task execution sequence.
[0015] An automotive software scheduling system based on information security and dynamic programming is applied to automotive electronic control units (ECUs), including: The task monitoring and quantification module is used to monitor the set of information security tasks to be scheduled in real time, obtain and quantify the execution time and information security weight of each information security task, and determine the available scheduling time window of the current vehicle ECU. The dynamic programming scheduling engine communicates with the task monitoring and quantization module to receive task parameters such as execution duration, information security weight, and scheduling time window, build and solve the dynamic programming model, and output the optimal task execution sequence. The mode switching unit is connected to the task monitoring and quantification module and the dynamic planning and scheduling engine respectively. It is used to automatically select the sequential execution mode or the concurrent execution mode according to the current system load of the vehicle ECU and the resource requirements of the information security task, and send the mode selection result to the dynamic planning and scheduling engine. The task execution management module communicates with the dynamic planning scheduling engine and is used to convert the optimal task execution sequence into task start, suspend, and resume instructions, which are then executed by the underlying real-time operating system of the vehicle ECU, and the execution status of information security tasks is monitored in real time. The context and policy storage module communicates and connects with the other modules to store historical data of information security tasks, evaluation strategies for information security weights, parameters of dynamic programming algorithms, and historical optimal scheduling schemes, providing data support for the decision-making of each module.
[0016] In some embodiments, the dynamic programming scheduling engine includes a model building unit, a sequential scheduling solver, and a concurrent scheduling solver; the model building unit is used to build a dynamic programming model based on task parameters, the sequential scheduling solver is used to execute a dynamic programming recursive algorithm in sequential execution mode, and the concurrent scheduling solver is used to execute a dynamic programming recursive algorithm in concurrent execution mode; the dynamic programming scheduling engine can automatically switch between calling the sequential scheduling solver and the concurrent scheduling solver according to the mode selection result of the mode switching unit.
[0017] In some embodiments, the task execution management module includes a status monitoring submodule and an instruction issuance submodule. The status monitoring submodule is used to collect the execution progress, execution results and abnormal information of information security tasks in real time, and to feed the information back to the context and policy storage module for storage. The instruction issuance submodule is used to issue task instructions to the underlying real-time operating system according to the optimal task execution sequence and preset time nodes to achieve precise scheduling of information security tasks.
[0018] By adopting the above technical solution, the beneficial effects of the present invention are: 1. For the first time, information security weight is introduced as a core optimization objective into vehicle task scheduling. The dynamic programming algorithm maximizes the total information security weight within a limited time, ensuring accurate allocation of security resources and improving the overall vehicle information security protection effectiveness. 2. The scheduling strategy has strong dynamic adaptability and can be replanned in real time according to the system security situation, task set and resource status, so as to flexibly respond to network attack scenarios. 3. Dynamic programming algorithms can find the global optimal solution for small- to medium-sized task sets in polynomial time, taking into account both the real-time requirements of the automotive system and the optimality of the scheduling scheme. For large-scale task sets, approximate algorithms can be used to quickly obtain feasible solutions. 4. Supports sequential and concurrent mixed execution modes, which can be intelligently switched according to hardware characteristics and task requirements, fully tapping the hardware potential and improving scheduling efficiency; 5. Easy to integrate and implement, it can be integrated into existing AUTOSAR or automotive RTOS frameworks as an upper-layer scheduling strategy without modifying the underlying kernel, making it highly practical for engineering applications.
[0019] It should be understood that the above general description and the following detailed description are exemplary and explanatory only, and are not intended to limit this disclosure.
[0020] Undoubtedly, such and other objects of the present invention will become more apparent after the following detailed description of the preferred embodiments, which are illustrated in various accompanying drawings and figures.
[0021] To make the above-mentioned beneficial effects and other objects, features and advantages of the present invention more apparent and understandable, one or more preferred embodiments are described below in detail with reference to the accompanying drawings. Attached Figure Description
[0022] The accompanying drawings are provided to further illustrate the invention and form part of the specification. They are used in conjunction with the embodiments of the invention to explain the invention and do not constitute a limitation thereof.
[0023] In the accompanying drawings, the same parts use the same reference numerals, and the drawings are schematic and not necessarily drawn to actual scale.
[0024] To more clearly illustrate the technical solutions in the embodiments of the present invention or the prior art, the drawings used in the description of the embodiments or the prior art will be briefly introduced below. Obviously, the drawings described below are only one or more embodiments of the present invention. For those skilled in the art, other drawings can be obtained based on such drawings without creative effort.
[0025] Explanation of key figure labels: Figure 1 This is a flowchart illustrating the vehicle software scheduling method based on information security and dynamic programming of the present invention. Figure 2 This is a schematic diagram of the module structure of the vehicle software scheduling system based on information security and dynamic programming of the present invention. Detailed Implementation
[0026] The embodiments of the present invention will be described in detail below with reference to the accompanying drawings and examples, so that the process of how the present invention uses technical means to solve technical problems and achieve technical effects can be fully understood and implemented accordingly. It should be noted that, as long as there is no conflict, the various embodiments and features in the various embodiments of the present invention can be combined with each other, and the resulting technical solutions are all within the protection scope of the present invention.
[0027] Furthermore, numerous specific details are set forth in the following description for illustrative purposes to provide a thorough understanding of the embodiments of the invention. However, it will be apparent to those skilled in the art that the invention may be practiced without the specific details or particular methods described herein.
[0028] Please see Figure 1 This invention provides a vehicle software scheduling method based on information security and dynamic programming. This method, applied to an in-vehicle telematics controller (TBOX), includes the following steps: S1. Quantify and define multiple information security tasks to be scheduled, and configure the execution time and information security weight for each information security task. The execution time is the time it takes for the information security task to complete on the specified hardware platform, and the information security weight is the contribution of the information security task to the overall information security protection level of the vehicle. Specifically, step S1 transforms the abstract information security task into a quantitative indicator that includes execution time and information security weight. The execution time is determined by the hardware platform performance and task complexity, while the information security weight reflects the degree of contribution of the task to the overall vehicle safety. This lays the data foundation for the subsequent construction of the dynamic programming model and solves the problem that the safety value of the task cannot be quantified in the existing technology.
[0029] S2. Determine the available scheduling time window. Based on the scheduling time window, formalize the automotive software scheduling problem into a dynamic programming model. The optimization objective of the dynamic programming model is to maximize the sum of information security weights of the selected information security tasks under the time constraint of the scheduling time window. Specifically, step S2 determines the available scheduling time window (i.e., the time budget that TBOX can use to perform information security tasks) and transforms the scheduling problem into a dynamic programming model that maximizes the sum of information security weights under time constraints, thus clarifying the optimization objective of the scheduling.
[0030] S3. Based on the hardware resource status of the vehicle-mounted TBOX and the resource requirements of the information security task, select either sequential execution mode or concurrent execution mode, solve the dynamic programming model through a dynamic programming recursive algorithm, and obtain the optimal task execution sequence within the scheduling time window. Specifically, step S3 selects either sequential or concurrent execution mode based on the hardware resource status of TBOX (such as single-core / multi-core, number of hardware security modules) and task resource requirements (such as whether to exclusively use the cryptographic engine), and solves the model through a dynamic programming recursive algorithm to obtain the optimal task execution sequence.
[0031] S4. Based on the optimal task execution sequence, the real-time operating system of the vehicle-mounted TBOX triggers and executes the corresponding information security tasks. Specifically, step S4 transforms the optimal sequence obtained from the model solution into actual execution actions, which are then triggered sequentially or concurrently by TBOX's real-time operating system (RTOS).
[0032] Through steps S1-S4, the vehicle software scheduling process is divided into four core steps: task quantification, model building, mode selection and solution, and task execution. Using the in-vehicle TBOX as the application carrier, the system achieves optimized scheduling of information security tasks by parameterizing information security tasks, mathematizing scheduling problems, patterning the solution process, and automating the execution process. This effectively solves the problems of existing static scheduling strategies lacking clear security value optimization objectives and lacking systematic scheduling processes, laying the foundation for the design of subsequent sub-steps and realizing full-process scheduling from task quantification to actual execution.
[0033] According to some embodiments of this application, optionally, in step S1, the formula for calculating the information security weight is: wi=α×Vi+β×Ti+γ×Ri, where wi is the information security weight of the i-th information security task, Vi is the value of the asset protected by the i-th information security task, Ti is the threat level corresponding to the i-th information security task, Ri is the regulatory compliance requirement of the i-th information security task, α, β, and γ are weight coefficients, and α, β, and γ are all real numbers greater than 0, α+β+γ=1.
[0034] Specifically, a weighted summation formula is used to quantify three core influencing factors—the value of the assets protected by the task, the corresponding threat level, and regulatory compliance requirements—into specific weight values. In the formula, α, β, and γ are weight coefficients, all greater than 0 and summing to 1. These coefficients can be dynamically adjusted according to the vehicle's overall security needs (e.g., increasing the coefficient β corresponding to the threat level when the vehicle is in a high-risk cyberattack scenario; increasing the coefficient γ corresponding to regulatory compliance when the vehicle needs to meet strict regulatory requirements). The value of the assets protected by the task is categorized and quantified based on the importance of the assets (e.g., vehicle control modules, user privacy data); the threat level is categorized based on the probability and severity of cyberattacks; and the regulatory compliance requirements are quantified based on compliance with automotive cybersecurity standards such as ISO / SAE 21434. This approach addresses the problem of quantifying the security value of information security tasks in existing technologies, providing accurate and objective core parameters for constructing dynamic programming models. It makes the optimization objective of maximizing the sum of information security weights calculable, and the adjustability of the weight coefficients allows this method to adapt to different vehicle security needs and application scenarios.
[0035] According to some embodiments of this application, optionally, in step S2, the state of the dynamic programming model is defined as dp[time], where dp[time] represents the maximum sum of information security weights that can be obtained in exactly time units of time, and the value range of time is [0, W], where W is the total duration of the scheduling time window; the initialization rule of the dynamic programming model is: dp[0] = 0, and the initial values of dp[time] for the rest are all 0.
[0036] Specifically, the dynamic programming model is specifically defined for the sequential execution mode as follows: a 3D state array dp[time], with time as the sole state dimension. dp[time] represents the maximum sum of information security weights obtainable when exactly time units are used, and the time value range is [0, W] (W is the total duration of the scheduling time window). The model initialization rule is dp[0] = 0 (zero time investment corresponds to zero security weight gain), and the initial values of dp[time] for the rest are 0, ensuring that the starting point of the model calculation is an initial state with no time and no task, thus guaranteeing the accuracy of the recursive calculation. This process transforms the scheduling problem into a mathematical problem that can be solved by dynamic programming, providing a clear state definition and a unified starting point for the recursive calculation in the sequential execution mode, thereby solving the problem of the lack of a standard mathematical model for finding the optimal solution of the task execution sequence in the sequential scheduling scenario.
[0037] According to some embodiments of this application, optionally, in step S3, when the sequential execution mode is selected, the recursive formula of the dynamic programming recursive algorithm is: dp[time]=max(dp[time],dp[time−ti]+wi), where ti is the execution time of the i-th information security task, wi is the information security weight of the i-th information security task, and time decreases from the total duration W of the scheduling time window to ti; by tracing the state transition path of the recursive formula, the optimal task execution sequence in the sequential execution mode is obtained by backtracking.
[0038] Specifically, the dynamic programming recursive formula for the sequential execution mode is: dp[time] = max(dp[time], dp[time−ti] + wi), where ti is the task execution duration and wi is the task information security weight. During calculation, time is decreased from the total scheduling time window duration W to ti. This decreasing calculation method ensures that each task is selected at most once, conforming to the solution logic of the 0-1 knapsack problem and avoiding resource waste caused by repeated task execution. After the recursive calculation is completed, the state transition path is traced back from dp[W] to determine the task selected at each time node, ultimately obtaining the optimal task execution sequence in the sequential execution mode. By providing a specific solution method for the dynamic programming model in the sequential execution mode, the task execution sequence that maximizes the sum of information security weights under time constraints can be quickly found, thus solving the problem that existing sequential scheduling strategies cannot achieve optimal security benefits. Furthermore, the recursive algorithm has high computational efficiency, meeting the real-time requirements of automotive systems.
[0039] According to some embodiments of this application, optionally, in step S3, when the concurrent execution mode is selected, the method further includes: defining a concurrency factor k, where k is the maximum number of information security tasks that can be executed simultaneously by the vehicle TBOX per unit time, and the value of k matches the number of available processing cores of the vehicle TBOX; expanding the state of the dynamic programming model to a two-dimensional state dp[time][c], where dp[time][c] represents the maximum sum of information security weights that can be obtained in time units when the current available concurrent slots are c, and the value of c is in the range [0, k).
[0040] Specifically, for concurrent execution mode, a concurrency factor k is first defined, whose value matches the number of available processing cores / hardware security modules of the TBOX (e.g., k=2 for a dual-core TBOX, k=4 for a quad-core TBOX), representing the maximum number of tasks that can be executed simultaneously per unit time. Then, the model state is expanded from one dimension to a two-dimensional array dp[time][c], adding the dimension of "available concurrent slot c", where the value of c ranges from [0, k). dp[time][c] represents the maximum sum of information security weights that can be obtained within a unit time of time when the current available concurrent slot is c. This achieves accurate modeling of the multi-core hardware resource occupancy state, thereby solving the problem that existing concurrent scheduling strategies cannot be optimized by combining hardware resource state and security benefits. Through state dimension expansion and concurrency factor definition, the concurrent scheduling problem of multi-core TBOX is transformed into a computable dynamic programming model, realizing a dual consideration of task resource occupancy and security benefits in concurrent execution scenarios.
[0041] According to some implementations of this application, optionally, the dynamic programming recursive algorithm in the concurrent execution mode solves the optimal task execution sequence by processing three types of state transition events. The three types of state transition events are: starting a new concurrent task, if there are currently available concurrent slots (i.e., c>0), selecting an information security task and occupying a concurrent slot, with the state transition being dp[time][c−1]; releasing the slot upon task completion, simulating time progression, releasing the corresponding concurrent slot when the concurrently executed information security task is completed, and updating the number of available concurrent slots; and sequential execution, setting the concurrency factor k to 1 as a special case of the concurrent execution mode to implement sequential execution of a single task.
[0042] Specifically, based on the two-dimensional state definition, state transition rules for concurrent execution mode are given, and the model is solved recursively by handling three types of events: "starting a new concurrent task", "releasing slots upon task completion", and "continuous execution". 1. Start a new concurrent task: When there are available concurrent slots (c>0), select the target task to execute and occupy a slot. The state changes from dp[time][c] to dp[time][c−1], thus realizing the modeling of the start of a new task. 2. Release slots upon task completion: Simulate the time progression process. When concurrently executed tasks are completed, the corresponding slots are released, and the number of available concurrent slots is updated, thus modeling the resource release after task execution. 3. Sequential execution compatibility: Set the concurrency factor k to 1. At this time, the two-dimensional model degenerates into a one-dimensional model, which is consistent with the previous sequential mode model, thus achieving compatibility between the concurrent mode and the sequential mode.
[0043] By dynamically processing three types of events, the recursive calculation of the two-dimensional dynamic programming model is completed, and the optimal task execution sequence under the concurrent execution mode is finally obtained. This enables accurate modeling of concurrent task execution and resource release in multi-core TBOX, thereby solving the problems of fixed execution mode and low resource utilization of existing concurrent scheduling strategies. At the same time, it achieves seamless compatibility between sequential and concurrent modes, improving the versatility of the method.
[0044] According to some embodiments of this application, optionally, step S5 is also included: real-time monitoring of the system security status of the vehicle-mounted TBOX, the set of information security tasks to be scheduled, and available hardware resources. When any of these items changes, steps S1-S4 are repeated to dynamically replan the information security tasks and update the optimal task execution sequence.
[0045] Specifically, a dynamic replanning step S5 is added. This step involves real-time collection of the TBOX's system security status (such as network attack risk level and intrusion detection results), the set of information security tasks to be scheduled (such as new tasks being added and old tasks being completed), and available hardware resources (such as core faults and resource utilization) through sensors and network monitoring modules. When any of these items change, steps S1-S4 are immediately repeated to requantize tasks, build models, and solve for the optimal sequence. This enables real-time updates to the scheduling strategy, giving the scheduling method strong dynamic adaptability. It can quickly adjust the execution sequence according to network attack status, task changes, and hardware status, ensuring that the vehicle always maintains the optimal level of information security protection in complex scenarios.
[0046] Scheduling method example: Sequential mode: Assuming the vehicle-mounted TBOX is a single-core architecture with a scheduling time window W=10ms, there are 5 information security tasks to be executed, with the following task parameters: T1 (execution time 2ms, weight 3), T2 (4ms, 8), T3 (3ms, 5), T4 (5ms, 10), and T5 (1ms, 2).
[0047] Initialization: dp[0..10], dp[0]=0, the rest are 0; Calculation using recursive formula: Processing T1(2,3): For time from 10 to 2, dp
[10] =max(dp
[10] , dp[8]+3)=3, ..., dp[2]=3, dp[1]=0.
[0048] Processing T2(4, 8): dp
[10] = max(dp
[10] , dp[6] + 8) = max(3, 3 + 8) = 11, dp[9]=max(dp[9], dp[5]+8)=11, dp[8]=11, dp[7]=11, dp[6]=11, dp[5]=8, dp[4]=8, dp[3]=3, dp[2]=3, dp[1]=0.
[0049] Processing T3(3, 5): dp
[10] = max(8, dp[7] + 5) = max(8, 11 + 5) = 16, dp[9]=max(8,dp[6]+5)=max(8,11+5)=16, dp[8]=max(dp[8], dp[5]+5)=max(11,8+5)=13, dp[7]=max(dp[7],dp[4]+5)=max(11,8+5)=13.
[0050] dp[6]=11, dp[5]=8, dp[4]=8, dp[3]=5, dp[2]=3, dp[1]=0.
[0051] Processing T4(5, 10): dp
[10] = max(16, dp[5] + 10) = max(13, 8 + 10) = 18, dp[9] = 18.
[0052] Processing T5(1,2): dp
[10] =max(18,dp[9]+2)=max(18,18+2)=20; Tracing back the state transition path, the final dp
[10] =20. Through backtracking, it was found that the solution to obtain the maximum weight of 20 is to execute tasks {T2, T4, T5}, with a total time of 4+5+1=10ms and a total weight of 8+10+2=20. This shows that within a 10ms window, the optimal choice is to execute the time-consuming but highly weighted tasks T2 and T4, rather than executing all the short tasks.
[0053] Concurrency mode: Based on the above embodiment, assuming TBOX has a dual-core architecture and tasks T2, T4, T5 and T1, T3 can be executed concurrently (without resource conflicts), with a concurrency factor k=2. The system will perform calculations through a concurrent scheduling solver. One possible optimization scheme is: During time 0-4ms: Core 1 executes T2(4,8), then Core 1 executes T1(2,3). T1 completes before T4, and Core 2 continues to execute T3(3,5).
[0054] Between 5 and 9 ms: Core 2 completes T3(3,5) from 5 ms to 6 ms and then becomes idle, while Core 1 executes T4(5,10).
[0055] At time 9-10ms: Core 1 executes T5(1,2).
[0056] Ultimately, tasks {T1, T2, T3, T4, T5} were completed within 10ms, with a total weight of 3+8+5+10+2=28. Compared to 20 in the sequential execution scenario, concurrent execution significantly improved security benefits.
[0057] It can be seen that if TBOX is a dual-core architecture (k=2), and all 5 tasks are executed concurrently, the total weight can reach 28. Compared with sequential execution, the security benefits are improved by 40%, which fully demonstrates the resource utilization advantage of the concurrent mode.
[0058] Please see Figure 2 A vehicle software scheduling system based on information security and dynamic programming, applied to the vehicle's electronic control unit (ECU), including: The task monitoring and quantification module is used to monitor the set of information security tasks to be scheduled in real time, obtain and quantify the execution time and information security weight of each information security task, and determine the available scheduling time window of the current vehicle ECU; and realize the collection and quantification of task parameters.
[0059] The dynamic programming scheduling engine communicates with the task monitoring and quantization module to receive task parameters such as execution duration, information security weight, and scheduling time window, construct and solve the dynamic programming model, and output the optimal task execution sequence; thus realizing model construction and optimal sequence solution.
[0060] The mode switching unit is connected to the task monitoring and quantification module and the dynamic planning and scheduling engine respectively. It is used to automatically select the sequential execution mode or the concurrent execution mode according to the current system load of the vehicle ECU and the resource requirements of the information security task, and send the mode selection result to the dynamic planning and scheduling engine; thus realizing intelligent selection of the execution mode.
[0061] The task execution management module communicates with the dynamic programming scheduling engine and is used to convert the optimal task execution sequence into task start, suspend, and resume instructions, which are then executed by the underlying real-time operating system of the vehicle ECU. The module also monitors the execution status of information security tasks in real time, enabling the issuance of task instructions and monitoring of execution status.
[0062] The context and policy storage module communicates and connects with the other modules to store historical data of information security tasks, evaluation strategies for information security weights, parameters of dynamic programming algorithms, and historical optimal scheduling schemes, providing data support for the decision-making of each module; and realizing the storage and sharing of various types of data and policies.
[0063] Each module interacts and collaborates via communication connections. The functions of each module are interconnected, forming a system operation logic of acquisition, quantification, modeling, solving, execution, and storage, enabling the cyclical operation of each module. This scheduling system transforms the scheduling method into an engineering-featured system architecture, solving the problem of lacking a specific hardware / software platform for implementing the scheduling method. Each module has a clear division of labor and works collaboratively, achieving automated and intelligent execution of the scheduling method. Furthermore, the modular design of the system architecture facilitates subsequent functional expansion and maintenance.
[0064] According to some embodiments of this application, optionally, the dynamic programming scheduling engine includes a model building unit, a sequential scheduling solver, and a concurrent scheduling solver; the model building unit is used to build a dynamic programming model based on task parameters, the sequential scheduling solver is used to execute the dynamic programming recursive algorithm in the sequential execution mode, and the concurrent scheduling solver is used to execute the dynamic programming recursive algorithm in the concurrent execution mode; the dynamic programming scheduling engine can automatically switch between calling the sequential scheduling solver or the concurrent scheduling solver according to the mode selection result of the mode switching unit.
[0065] Specifically, the dynamic programming scheduling engine is subdivided into three internal units: a model building unit, a sequential scheduling solver, and a concurrent scheduling solver. The functions of each unit correspond one-to-one with the method claims. 1. The model building unit constructs a one-dimensional model (sequential mode) or a two-dimensional model (concurrent mode) based on the parameters provided by the task monitoring and quantization module and the selection results of the mode switching unit. 2. The sequential scheduling solver executes the recursive formula and backtracking method to solve for the optimal sequence of the sequential pattern; 3. The concurrent scheduling solver executes the two-dimensional model recursion and state transition method to solve for the optimal sequence of concurrent modes.
[0066] The dynamic programming scheduling engine can automatically switch and call the corresponding solver based on the mode selection result of the mode switching unit, achieving seamless switching of solution logic. This process, through the modular division of labor between dynamic programming model construction and solution, makes the engine's functions more refined and specialized, solving the problem of the core algorithm layer lacking clear internal logic. At the same time, the automatic solver switching design improves the system's operating efficiency and ensures accurate matching between model solution and execution mode.
[0067] According to some embodiments of this application, optionally, the task execution management module includes a status monitoring submodule and an instruction issuance submodule; the status monitoring submodule is used to collect the execution progress, execution results and abnormal information of information security tasks in real time, and feed the information back to the context and policy storage module for storage; the instruction issuance submodule is used to issue task instructions to the underlying real-time operating system according to the optimal task execution sequence and preset time nodes to achieve precise scheduling of information security tasks.
[0068] Specifically, the task execution management module is further subdivided into a status monitoring submodule and an instruction issuance submodule: 1. The instruction issuance submodule issues instructions such as task start, suspension, and resumption to the underlying RTOS according to the optimal task execution sequence output by the dynamic programming scheduling engine and preset time nodes, so as to realize the time-sequential and precise execution of tasks and ensure that the execution process is completely matched with the optimal sequence. 2. The status monitoring submodule collects the execution progress, execution results, and abnormal information (such as task execution failure, timeout, and insufficient resources) of the task in real time, and feeds the collected information back to the context and strategy storage module for storage. At the same time, when a task abnormality is detected, the system's dynamic replanning process is triggered.
[0069] It enables precise control and full-process monitoring of task execution, solving the problems of lack of monitoring and precise timing of instruction issuance in existing scheduling systems. It ensures that the optimal task execution sequence can be implemented as actual task execution actions. At the same time, the collection and feedback of abnormal information provides a trigger basis for the system's dynamic replanning, thereby improving the system's robustness.
[0070] According to some embodiments of this application, optionally, the task monitoring and quantification module has a built-in weight evaluation submodule. The weight evaluation submodule is used to calculate the information security weight formula and, in conjunction with the automotive cybersecurity standard ISO / SAE21434, calculates and updates the information security weight of each information security task in real time.
[0071] Specifically, the core function of the weight assessment submodule is to calculate and update information security weights in real time. Its working logic strictly follows the calculation formula for information security weights, and also incorporates the ISO / SAE 21434 automotive cybersecurity standard to quantify asset value, threat level, and regulatory compliance requirements, ensuring the objectivity and compliance of the weight calculation. When the system security posture changes, the submodule can dynamically adjust the weight coefficients α, β, and γ, and update the information security weights of all tasks in real time. It provides the task monitoring and quantification module with accurate weight calculation capabilities, thereby solving the problem of the lack of a dedicated calculation unit for information security weights and the inability to update them in real time. This ensures that the task parameters output by the module always match the current system security posture, providing an accurate data foundation for subsequent model construction and solving.
[0072] According to some embodiments of this application, optionally, the system is integrated into the controller of the vehicle ECU in a software, hardware or a combination of software and hardware manner. The dynamic planning scheduling engine runs as an independent middleware service and can be directly integrated into the existing AUTOSAR framework or the vehicle real-time operating system (RTOS) framework without modifying the underlying operating system kernel.
[0073] Specifically, the scheduling system is integrated into the vehicle-mounted TBOX, enabling the TBOX to dynamically optimize and schedule information security tasks. The TBOX schedules core information security tasks such as intrusion detection, security auditing, encrypted communication, certificate updates, and malicious code scanning through the scheduling system. Its working logic is as follows: the scheduling system monitors the task status, security posture, and hardware resources of the TBOX in real time, solves the optimal execution sequence through dynamic programming algorithm, executes the corresponding tasks by the TBOX's RTOS, and re-plans in real time according to the status changes, thereby realizing the productization of scheduling technology, solving the problems of weak security protection capabilities and low resource utilization of the existing scheduling strategy of TBOX, significantly improving the TBOX's resistance to network attacks, and thus improving the information security protection level of the entire vehicle.
[0074] Scheduling system example: Based on the normal operation of the dual-core on-board TBOX, the scheduling system operates collaboratively through five modules. All modules are integrated into the TBOX controller, while the dynamic programming scheduling engine runs as an independent middleware service, compatible with the AUTOSAR framework. The specific process is as follows: Task monitoring and quantification module: Scans the information security task queue of TBOX in real time, collects basic information such as task execution time, protected assets, and threat level, calculates information security weight through the weight evaluation submodule, determines the scheduling time window W by combining CPU load and memory usage, and sends standardized task parameters (ti, wi, W) to the dynamic planning scheduling engine and mode switching unit. Mode switching unit: Receives task parameters and TBOX hardware resource status (dual cores, 2 hardware security modules, no resource mutual exclusion), determines the execution mode as concurrent execution according to preset mode switching rules (multi-core idle and no resource mutual exclusion, which is concurrent mode), and sends the mode selection result to the dynamic programming scheduling engine; Dynamic programming scheduling engine: Model building unit: Based on task parameters and concurrency mode, construct a two-dimensional dynamic programming model dp[time][c]; Concurrent scheduling solver: Executes state transition algorithms to find the optimal task execution sequence and sends the sequence to the task execution management module; Task Execution Management Module: Instruction delivery submodule: Converts the optimal sequence into RTOS instructions and delivers them to the dual cores according to the hardware timing to trigger task execution; Status monitoring submodule: Collects task execution progress, results, and exception information in real time, and sends them synchronously to the context and strategy storage module. If an exception / state change is detected, dynamic replanning is triggered. Context and strategy storage module: Stores historical task data, weight coefficients, dynamic programming algorithm parameters, and historical best sequences, providing data support for decision-making in each module. It also supports manual configuration and dynamic updates of weight coefficients and mode switching rules.
[0075] It can be seen that the five modules of the scheduling system have clear division of labor and work together efficiently, with an end-to-end scheduling delay of ≤2ms, which meets the real-time requirements of automotive electronic systems. The modules use standardized interface communication, and the dynamic planning scheduling engine is an independent middleware that does not require modification of the underlying kernel of the RTOS. It can be directly integrated into the existing automotive framework, reducing engineering implementation costs by more than 60%, and has good engineering practicality and compatibility.
[0076] It should be understood that the embodiments disclosed herein are not limited to the specific processing steps or materials disclosed herein, but should be extended to equivalent substitutions of such features as understood by those skilled in the art. It should also be understood that the terminology used herein is for the purpose of describing particular embodiments only and is not intended to be limiting.
[0077] The term "embodiment" in this specification refers to a specific feature or characteristic described in connection with an embodiment that is included in at least one embodiment of the invention. Therefore, phrases or "embodiments" appearing in various places throughout the specification do not necessarily refer to the same embodiment.
[0078] Furthermore, the described features or characteristics can be incorporated into one or more embodiments in any other suitable manner. In the above description, specific details, such as thickness, quantity, etc., are provided to provide a comprehensive understanding of embodiments of the invention. However, those skilled in the art will understand that the invention can be implemented without the aforementioned specific details or may be implemented using other methods, components, materials, etc.
Claims
1. A vehicle software scheduling method based on information security and dynamic programming, applied to an in-vehicle telematics controller (TBOX), characterized in that: Includes the following steps: S1. Quantify and define multiple information security tasks to be scheduled, and configure the execution time and information security weight for each information security task. The execution time is the time it takes for the information security task to complete on the specified hardware platform, and the information security weight is the contribution of the information security task to the overall information security protection level of the vehicle. S2. Determine the available scheduling time window. Based on the scheduling time window, formalize the automotive software scheduling problem into a dynamic programming model. The optimization objective of the dynamic programming model is to maximize the sum of information security weights of the selected information security tasks under the time constraint of the scheduling time window. S3. Based on the hardware resource status of the vehicle-mounted TBOX and the resource requirements of the information security task, select either sequential execution mode or concurrent execution mode, solve the dynamic programming model through a dynamic programming recursive algorithm, and obtain the optimal task execution sequence within the scheduling time window. S4. Based on the optimal task execution sequence, the real-time operating system of the vehicle-mounted TBOX triggers and executes the corresponding information security tasks.
2. The vehicle software scheduling method based on information security and dynamic programming according to claim 1, characterized in that, In step S1, the formula for calculating the information security weight is: wi=α×Vi+β×Ti+γ×Ri, where wi is the information security weight of the i-th information security task, Vi is the value of the assets protected by the i-th information security task, Ti is the threat level corresponding to the i-th information security task, Ri is the regulatory compliance requirement of the i-th information security task, α, β, and γ are weight coefficients, and α, β, and γ are all real numbers greater than 0, and α+β+γ=1.
3. The vehicle software scheduling method based on information security and dynamic programming according to claim 1, characterized in that, In step S2, the state of the dynamic programming model is defined as dp[time], which represents the maximum sum of information security weights that can be obtained in exactly time units of time. The value range of time is [0, W], where W is the total duration of the scheduling time window. The initialization rule of the dynamic programming model is: dp[0] = 0, and the initial values of dp[time] for the rest are all 0.
4. The vehicle software scheduling method based on information security and dynamic programming according to claim 3, characterized in that, In step S3, when the sequential execution mode is selected, the recursive formula of the dynamic programming recursive algorithm is: dp[time]=max(dp[time],dp[time−ti]+wi), where ti is the execution time of the i-th information security task, wi is the information security weight of the i-th information security task, and time decreases from the total duration W of the scheduling time window to ti; by tracing the state transition path of the recursive formula, the optimal task execution sequence in the sequential execution mode is obtained by backtracking.
5. The vehicle software scheduling method based on information security and dynamic programming according to claim 1, characterized in that, In step S3, when the concurrent execution mode is selected, the following steps are also included: defining a concurrency factor k, where k is the maximum number of information security tasks that can be executed simultaneously by the vehicle TBOX per unit time, and the value of k matches the number of available processing cores of the vehicle TBOX; expanding the state of the dynamic programming model to a two-dimensional state dp[time][c], where dp[time][c] represents the maximum sum of information security weights that can be obtained within time units of time when the current available concurrent slots are c, and the value of c ranges from [0, k).
6. The vehicle software scheduling method based on information security and dynamic programming according to claim 5, characterized in that, The dynamic programming recursive algorithm in the concurrent execution mode solves the optimal task execution sequence by handling three types of state transition events. The three types of state transition events are: starting a new concurrent task; if there are available concurrent slots, i.e., c>0, select the information security task and occupy a concurrent slot, and the state transition is dp[time][c−1]. Upon completion of a task, the slot is released, and time is simulated to advance. When a concurrently executed information security task is completed, the corresponding concurrent slot is released, and the number of available concurrent slots is updated. For sequential execution, the concurrency factor k is set to 1, which serves as a special case of the concurrent execution mode to achieve sequential execution of a single task.
7. The vehicle software scheduling method based on information security and dynamic programming according to any one of claims 1-6, characterized in that, It also includes step S5, which involves real-time monitoring of the system security status of the vehicle-mounted TBOX, the set of information security tasks to be scheduled, and available hardware resources. When any of these items change, steps S1-S4 are repeated to dynamically replan the information security tasks and update the optimal task execution sequence.
8. A vehicle software scheduling system based on information security and dynamic programming, applied to the vehicle electronic control unit (ECU), characterized in that: include: The task monitoring and quantification module is used to monitor the set of information security tasks to be scheduled in real time, obtain and quantify the execution time and information security weight of each information security task, and determine the available scheduling time window of the current vehicle ECU. The dynamic programming scheduling engine communicates with the task monitoring and quantization module to receive task parameters such as execution duration, information security weight, and scheduling time window, build and solve the dynamic programming model, and output the optimal task execution sequence. The mode switching unit is connected to the task monitoring and quantification module and the dynamic planning and scheduling engine respectively. It is used to automatically select the sequential execution mode or the concurrent execution mode according to the current system load of the vehicle ECU and the resource requirements of the information security task, and send the mode selection result to the dynamic planning and scheduling engine. The task execution management module communicates with the dynamic planning scheduling engine and is used to convert the optimal task execution sequence into task start, suspend, and resume instructions, which are then executed by the underlying real-time operating system of the vehicle ECU, and the execution status of information security tasks is monitored in real time. The context and policy storage module communicates and connects with the other modules to store historical data of information security tasks, evaluation strategies for information security weights, parameters of dynamic programming algorithms, and historical optimal scheduling schemes, providing data support for the decision-making of each module.
9. The vehicle software scheduling system based on information security and dynamic programming according to claim 8, characterized in that, The dynamic programming scheduling engine includes a model building unit, a sequential scheduling solver, and a concurrent scheduling solver. The model building unit is used to build a dynamic programming model based on task parameters. The sequential scheduling solver is used to execute the dynamic programming recursive algorithm in the sequential execution mode, and the concurrent scheduling solver is used to execute the dynamic programming recursive algorithm in the concurrent execution mode. The dynamic programming scheduling engine can automatically switch between calling the sequential scheduling solver and the concurrent scheduling solver based on the mode selection result of the mode switching unit.
10. The vehicle software scheduling system based on information security and dynamic programming according to claim 8, characterized in that, The task execution management module includes a status monitoring submodule and an instruction issuance submodule. The status monitoring submodule is used to collect the execution progress, execution results and abnormal information of information security tasks in real time, and feed the information back to the context and policy storage module for storage. The instruction issuance submodule is used to issue task instructions to the underlying real-time operating system according to the optimal task execution sequence and preset time nodes, so as to achieve precise scheduling of information security tasks.