Developing Mixed-Criticality ADAS Systems with Connext Drive

As the automotive industry shifts toward zonal architectures, architects have moved from managing ECUs to orchestrating environments where fail-operational ADAS and high-bandwidth infotainment must coexist. But combining critical, safety-certified functions with non-critical applications on a single, integrated cockpit controller presents design challenges. Developers must balance the need for high reliability in critical functions with the importance of maintaining cost-effectiveness, reduced weight, and lower power consumption.

RTI Connext Drive addresses this through a unified, data-centric platform that supports both non-safety applications and the most rigorous safety-critical use cases. It provides a common data backbone for AUTOSAR Classic, Adaptive, ROS 2 and DDS^® systems, enabling architects to build a software-defined foundation that scales from sensor-to-cloud without sacrificing the deterministic, real-time performance that safety-critical applications demand. The full Connext Drive product serves a wide range of requirements, including its Connext Cert component that provides the ASIL D certification required for safety-critical environments, ensuring a resilient and flexible software-defined architecture.

This blog post describes mixed-criticality use cases that are addressed by Connext Drive, as well as those with ASIL requirements that Connext Cert addresses.

Strategic Advantages of Mixed-Criticality with RTI Connext Drive and DDS

Built on the Data Distribution Service (DDS) standard, the Connext Drive software framework transforms mixed-criticality from a design challenge into a competitive advantage by enforcing strict architectural isolation. This approach delivers:

• Architectural Isolation and Control: Enables clear isolation between safety and non-safety domains, while enabling controlled, one-way or filtered two-way communication.
• Certification Cost Control: Significantly reduces certification costs by isolating the frequently changing, non-safety-critical components (such as HUD graphics or mobile applications) from the safety-certified core.
• Reuse Existing Components: Enables OEMs to leverage specific components of Connext Drive for each use case: Connext Drive supports infotainment and mobile applications while Connext Cert handles ADAS domains, minimizing reimplementation efforts.

Use Case 1: Secure and Safety-Critical Communication (ASIL B/D)

For automotive OEMs, the shift to a software-defined vehicle (SDV) architecture brings new risks and liability challenges. Manufacturers are accountable for ISO 26262 safety compliance and ISO/SAE 21434 cybersecurity. One flawed update can lead to costly recalls, cyber incidents, and delayed or withdrawn regulatory approvals. Connext Drive provides the scalable, pre-certified communication framework that drastically reduces risks and certification friction, while protecting the vehicle’s brand. This foundation allows manufacturers and suppliers to evolve vehicle features at software speed without compromising the rigorous safety and security standards that protect the bottom line.

Tier 1 suppliers, meanwhile, are caught in a structural squeeze to deliver ASIL-ready, cybersecurity-compliant components, while meeting increasingly aggressive OEM timelines. Compliance is no longer a post-development task; it is a prerequisite for the RFQ phase. Leveraging pre-certified, reusable building blocks eliminates the need to reinvent middleware for every project. With Connext Drive, suppliers can shorten integration cycles, prove system integrity and transform compliance from a cost center into a competitive edge.

Connext Cert is utilized on safety-certified ECUs to provide highly reliable and deterministic data exchange for critical automotive functions:

• Built-in Safety & Security Mechanisms:
• CRC over Payload: Ensures payload integrity for safety-critical data.
• Message Authentication Codes (MAC) and encryption with AES-GCM: Protects against tampering and intellectual property breaches with strong authentication and encryption.
• HSM/HSE Integration: Supports Hardware Secure Modules and Hardware Secure Engines for hardware-level key management and cryptographic operations.
• Low Latency & Budget Compliance: Optimized to meet stringent automotive timing, memory, and compute constraints while maintaining deterministic communication.

As an example use case, a safety-certified vehicle speed control system, running proprietary acceleration and deceleration algorithms on a Connext Cert ECU, detects when the car exceeds the applicable road speed limit (e.g., 65 mph). The system then publishes a safety-critical SpeedLimitExceedanceEvent, ensuring secure, authenticated communication of this condition to other vehicle subsystems.

Use Case 2: Non-Safety Infotainment and Mobile Apps Integration

Connext Drive is deployed on high-performance vehicle computers (HPVCs) for infotainment and other non-safety-critical functions, including integration with mobile applications:

• Built-in Security Mechanisms:
• PKI-Based Authentication and Access Control: Protects against unauthorized access to the vehicle notification, alerts, and remote configuration systems.
• Message Authentication Codes (MAC) and encryption with AES-GCM: Protects against tampering and privacy breaches with strong authentication and encryption.
• Rich User Experience: Enables advanced graphics, animations, and user-configurable preferences on the head-up display (HUD), without requiring safety certification for these elements.

In this example, a mobile app allows the car owner to configure a custom speed limit (e.g., restricting maximum speed to 55 mph when a teenager is driving) and to receive notifications when limits are exceeded. Connext Drive, running on the HPVC, subscribes to the SpeedLimitExceedanceEvent from the Connext Cert ECU and renders a visual warning on the HUD. Crucially the core audio warning from the Connext Cert ECU remains functional even if the HUD fails.

Use Case 3: Controlled Data Flow Between Criticality Levels

Connext Drive provides DDS-based isolation, ensuring that high-bandwidth, non-safety data cannot saturate the communication bus or starve critical ASIL D control loops. By enforcing strict, one-way, or filtered data flows, architects can maintain deterministic performance for steering and braking, while allowing telemetry and infotainment to share the same physical network.

• Safety → Non-Safety:
• Purpose: Allow safety-certified sensor data to be displayed by non-safety applications and forward alerts to mobile-based applications.
• Mechanism: The Connext Cert ECU publishes safety topics (e.g., SpeedLimitExceedanceEvent), which Connext Drive instances on the HPVC subscribe to (publish/subscribe pattern). Connext Drive can relay this data to external mobile applications over the WAN using RTI Routing Service with RTI Security Plugins to ensure privacy and confidentiality.
• Benefit: Enables rich visualizations and seamless wide-area network (WAN) connectivity, without burdening the safety domain with certification of display or external connectivity components.
• Non-Safety → Safety:
• Purpose: Allow user-friendly, non-safety mobile applications to configure settings on safety-certified systems.
• Mechanism: Connext Drive instances running in a mobile app publish non-safety topics (e.g., UserDrivingProfile), which Connext Cert (running on a safety ECU) can subscribe to. Routing Service relays secured traffic from outside the in-vehicle network.
• Benefit: Supports user-friendly integrations while ensuring the core safety logic remains independent and fully functional, even if the auxiliary data is absent.

Figure 1: Connext Drive enables controlled data flow between criticality levels, enabling optimized real-time,  deterministic performance.

Top 3 Benefits of Connext Drive for Mixed Criticality Environments

With Connext Drive, developers gain a unified platform that eliminates the traditional trade-off between rigorous safety and rapid innovation. The Top 3 benefits are:

1. Faster Feature Delivery at Lower Cost: Safety certification is required only for the safety-critical core; rapidly evolving components like HUD graphics or mobile apps remain uncertified.
2. Secure Mixed-Criticality Architecture: Connext Drive keeps safety and non-safety components isolated but enables secure, controlled communication between them.
3. Maximize Reuse: OEMs can use Connext Drive components to extend functionality without rewriting existing systems.

The result? A secure, mixed-criticality architecture that can maximize design reuse across the entire vehicle line, significantly slashing certification overhead while accelerating the path to a truly software-defined future. For more information on how Connext Drive can help you can optimize performance for mixed criticality use cases, please visit www.rti.com/drive or contact an RTI representative.

About the authors:

Jose M. Lopez-Vega is a Distinguished Software Engineer and Security Architect at RTI, where he has worked since 2013. As the Security Architect for all RTI Connext products, he has played a key role in shaping the RTI Security Extensions. Jose is an active contributor to the OMG DDS Security specification and brings deep technical expertise in large-scale real-time distributed systems, security, and network protocols. He holds a Ph.D. in Multimedia Systems, an M.S. in Multimedia Technologies, and an M.Sc. in Telecommunications Engineering, all from the University of Granada.

Mihai Potoceanu is a Senior Product Manager at RTI with over a decade of experience in the automotive industry. He specializes in intelligent automotive systems through cutting-edge middleware solutions that power next-generation architectures. Mihai plays a key role in driving initiatives in the development of Software-Defined Vehicles (SDVs), leveraging technologies like Data Distribution Service (DDS) to drive innovation and connectivity. He holds a Master's degree in Analytical and Geometric Modeling Systems.