Eclipse SSAM

Scope

Eclipse SSAM project provides a high-performance and security-focused container execution framework designed primarily for automotive ECU systems, with limited applicability to other systems that share similar resource constraints.The scope includes:1. Lightweight Container Execution Framework<ul><li data-list-item-id="e15de6957bfc56a06e26ddc86305c67bd">Fast initialization of container environments (target: within 100 ms)</li><li data-list-item-id="ea2e8f2e2fdeaecc477eb1f89eb2e2fa2">Enables containerized application to begin execution with minimal startup latency</li><li data-list-item-id="e6eef9db1f87b4022b7f3eb138f6be653">Optimized for resource-constrained systems such as automotive ECUs</li></ul>2. Security and Integrity Assurance<ul><li data-list-item-id="e62ec1d16140112a2cd26d645c33d0d45">Continuous integrity verification of container packages</li><li data-list-item-id="e2fff86dd64192f3c91c9a1029a2498bd">Real-time detection of tampering or unauthorized modification during runtime</li><li data-list-item-id="ebbe0a31604e803222e78a3b4d69be7e6">Designed to meet the security requirements of safety-critical systems</li></ul>3. Host OS Support<ul><li data-list-item-id="e47d8530dfd369b8a51fdef39f09561be">Eclipse SSAM currently operates on Linux-based host operating systems</li><li data-list-item-id="ef22235ca9865637fc13a6a8632cb3cfc">The architecture allows future portability to other operating systems that support container execution</li><li data-list-item-id="e9254c2c69aef340dbadc2a9963773623">Application behavior inside containers remains OS-dependent by design</li></ul>4. Controlled Compatibility with OCI<ul><li data-list-item-id="e995f2e1ff3f11bfda76f5d74e1480b91">Eclipse SSAM adopts an OCI-compatible runtime (e.g., runc) for container execution, but its other components — such as image format and package management — are independently designed without adhering to the OCI specification. </li></ul>ApplicabilityEclipse SSAM is designed primarily for automotive ECU systems.It may also be applicable to other systems with similar characteristics, such as:<ul><li data-list-item-id="e22283296292895da83e8639a6b93668e">limited compute resources</li><li data-list-item-id="ed53ec6780d57883a0c794a841ccd6c48">strict startup time requirements</li><li data-list-item-id="e04f8285138279301aac286e3541f25eb">strong runtime integrity requirements</li></ul><blockquote>For general-purpose computing environments (e.g., cloud or enterprise systems), OCI-compliant container solutions are recommended.</blockquote>Key Design Principles<blockquote>Eclipse SSAM is designed for performance and security, without targeting full OCI compatibility.</blockquote><blockquote>SSAM does not implement low-level container runtimes (e.g., runc), and instead relies on externally provided runtimes.</blockquote><blockquote>SSAM provides the capability to execute containers efficiently in constrained systems, without defining higher-level management or orchestration behavior.</blockquote>Out of Scope<ul><li data-list-item-id="e4bc563fb88dd9669a410fa48180fac08">Full OCI-compliant container runtime implementation</li><li data-list-item-id="e89d341bc30315ea475efebb436ae8c24">Development of low-level container runtimes (e.g., runc-equivalent)</li><li data-list-item-id="e3c7d52008e5a11eee71dcbca935388f3">General-purpose cloud or enterprise container platforms</li><li data-list-item-id="e8645466b54653354948fb0d0594b0f0c">Container orchestration systems (e.g., Kubernetes-like frameworks)</li><li data-list-item-id="e38da648f0040183e5a8ee06e34b85c99">Initial support for non-Linux operating systems</li><li data-list-item-id="e1f3212cac9eddfb00097702758214e75">Application-level platforms or service orchestration layers</li></ul><blockquote>Eclipse SSAM is a purpose-built container execution framework for automotive systems, designed for performance and security without targeting full OCI compatibility.</blockquote>

Releases

Name	Date

Reviews

Name	Date
Creation Review	2026-06-24