Eclipse SSAM

Scope

Eclipse SSAM project provides a high-performance and security-focused container execution framework designed primarily for automotive ECU systems, with limited applicability to other systems that share similar resource constraints.

The scope includes:

1. Lightweight Container Execution Framework

  • Fast initialization of container environments (target: within 100 ms)
  • Enables containerized application to begin execution with minimal startup latency
  • Optimized for resource-constrained systems such as automotive ECUs

2. Security and Integrity Assurance

  • Continuous integrity verification of container packages
  • Real-time detection of tampering or unauthorized modification during runtime
  • Designed to meet the security requirements of safety-critical systems

3. Host OS Support

  • Eclipse SSAM currently operates on Linux-based host operating systems
  • The architecture allows future portability to other operating systems that support container execution
  • Application behavior inside containers remains OS-dependent by design

4. Controlled Compatibility with OCI

  • Eclipse SSAM adopts an OCI-compatible runtime (e.g., runc) for container execution, but its other components — such as image format and package management — are independently designed without adhering to the OCI specification.

     

Applicability

Eclipse SSAM is designed primarily for automotive ECU systems.

It may also be applicable to other systems with similar characteristics, such as:

  • limited compute resources
  • strict startup time requirements
  • strong runtime integrity requirements

For general-purpose computing environments (e.g., cloud or enterprise systems), OCI-compliant container solutions are recommended.

Key Design Principles

Eclipse SSAM is designed for performance and security, without targeting full OCI compatibility.

SSAM does not implement low-level container runtimes (e.g., runc), and instead relies on externally provided runtimes.

SSAM provides the capability to execute containers efficiently in constrained systems, without defining higher-level management or orchestration behavior.

Out of Scope

  • Full OCI-compliant container runtime implementation
  • Development of low-level container runtimes (e.g., runc-equivalent)
  • General-purpose cloud or enterprise container platforms
  • Container orchestration systems (e.g., Kubernetes-like frameworks)
  • Initial support for non-Linux operating systems
  • Application-level platforms or service orchestration layers

Eclipse SSAM is a purpose-built container execution framework for automotive systems, designed for performance and security without targeting full OCI compatibility.

Releases
Name Date
Reviews
Name Date
Creation Review 2026-06-24