DOCSLIB.ORG

Atomicity and Visibility in Tiny Embedded Systems

Total Page:16

File Type:pdf, Size:1020Kb

Download full-text PDF Read full-text

Load more

Atomicity and Visibility in Tiny Embedded Systems John Regehr Nathan Cooprider David Gay University of Utah, School of Computing Intel Research Berkeley {regehr, coop}@cs.utah.edu [email protected] Abstract bool flag = false; // interrupt handler Visibility is a property of a programming language’s void __vector_5 (void) memory model that determines when values stored by { one concurrent computation become visible to other atomic flag = true; computations. Our work exploits the insight that in } nesC, a C-like language with explicit atomicity, the traditional way of ensuring timely visibility—volatile void wait_for_interrupt(void) variables—can be entirely avoided. This is advan- { tageous because the volatile qualifier is a notorious bool done = false; do { source of programming errors and misunderstandings. atomic if (!flag) done = true; Furthermore, the volatile qualifier hurts performance } while (!done); by inhibiting many more optimizations than are neces- } sary to ensure visibility. In this paper we extend the semantics of nesC’s atomic statements to include a visi- bility guarantee, we show two ways that these semantics Figure 1. nesC code containing a visibility er- can be implemented, and we also show that our better ror implementation has no drawbacks in terms of resource usage. Until now, nesC has left it to programmers to en- 1. Introduction sure visibility by judicious use of C’s volatile qual- ifier. In this paper we investigate the idea of strength- ening nesC’s memory model such that the semantics of The nesC [5] language is a C dialect designed for pro- atomic are augmented with a visibility guarantee. This gramming embedded wireless sensor network nodes. It change results in a novel design point for lightweight supports safe concurrent programming using an atomic atomicity in a C-like language that reduces program- construct. This construct guarantees that a statement “is mers’ effort and opportunities to make subtle errors. We executed ‘as-if’ no other computation occurred simul- present, and evaluate the performance and code size im- taneously.” These semantics do not address visibility, pact of, two implementations of the new semantics. which Alexandrescu et al. [1] define as addressing the question: “Under what conditions will the effects of a write action by one thread be seen by a read from an- 2. Problems with volatile other thread?” In situations where a computation spins waiting for the result of another computation, visibility In C and nesC, a volatile variable is one where every errors lead to deadlocks. In other situations data corrup- source-level read or write is guaranteed to correspond tion is possible. to a load from or store to a physical memory location. Atomicity on uniprocessor embedded systems is Furthermore, the compiler must not reorder these loads easily implemented by disabling interrupts. This im- and stores. In effect, volatile variables are exempt from plementation is extremely lightweight compared to soft- most compiler optimizations. Volatiles are used to im- ware transactional memory, but it lacks a visibility guar- plement communication between concurrent flows and antee. Since small uniprocessor embedded systems do also to ensure that hardware registers are accessed prop- not have caches, compiler optimizations are the only erly. issue that must be considered when making visibility Figure 1 shows nesC code that is unlikely to guarantees. work. When this code is compiled for two pop- ular sensor network platforms, Mica2 and TelosB, current code. Asynchronous variables may be modi- wait for interrupt spins on a register instead of on fied by concurrent code, but only inside atomic sections. the actual flag variable. The problem would not have Racing variables are those that may be concurrently occurred if the developer had declared flag as volatile. modified from outside of an atomic section. Of these Our experience is that developers do not do a good categories, we are interested only in asynchronous vari- job of declaring variables as volatile. This problem is ables. Synchronous variables require no visibility guar- common enough to appear at the top of the “frequently antee, and racing variables have platform-dependent be- asked question” list for the AVR port of the GNU C havior. Library [2]. Similarly, a simple inspection of the code We propose updating the semantics of nesC’s base of TinyOS 1.x [6], an operating system for wire- atomic construct, so it guarantees that a statement less sensor network nodes written in nesC, shows that volatile is used to declare 18 variables in 157k lines of ...is executed ‘as-if’ no other computation oc- code. Clearly, most shared data is not declared volatile. curred simultaneously, and furthermore any The data in Table 1, described in more detail in Sec- values stored to asynchronous variables from tion 5, support this claim. Part of the problem is that inside an atomic statement are visible inside there are a variety of situations in which code may work all subsequent atomic statements. No guaran- even when a shared variable is not declared volatile. For tee is made about asynchronous variables ac- example, a register may not be available in which to cessed outside of atomic sections (racing vari- cache a shared variable. Similarly, the scope in which a ables). shared variable is allocated to a register may end in time for a value to be pushed to RAM before it is needed. 4. Implementing Visibility Our sense is that the latter case is most common in TinyOS applications, where an important synchroniza- The nesC compiler produces a single C file as output, tion idiom is for an interrupt handler to post a task that which is then passed to a regular C compiler. Atomic runs at a later time. The end of the interrupt handler statements are compiled by calling target-specific in- serves as an implicit memory barrier, forcing the results trinsic functions at the start and end of each atomic sec- of its computations to be flushed to RAM. However, it tion. We extended this compiler with two implementa- is clear that in many cases, implicit visibility is fragile, tions for our visibility semantics; both are straightfor- and code making improper use of volatile can be bro- ward. ken by a change in compiler version, compiler flags, or The first is to mark all asynchronous variables as phase of the moon. volatile in the generated C code, and any pointers used Another problem with volatile variables is that to access them as pointer-to-volatile. This is overkill they are overkill: they affect all accesses to a vari- but it is clearly correct: all loads and stores to these able, whereas visibility only requires that the final ac- variables are forced to go to RAM. cess in an atomic section be forced to RAM. Since The second implementation is to strengthen the they are such a blunt tool for inhibiting compiler opti- nesC intrinsic functions that start and end atomic sec- mizations, declaring too many variables as volatile hurts tions (which until now simply disabled and enabled in- performance. Developers of resource constrained sys- terrupts) with compiler-level memory barriers. These tems tend to use a trial-and-error approach to declaring barriers stop the compiler from retaining copies of vari- volatiles: initially few variables are volatile, and then ables in registers across a barrier: values are flushed to more volatile qualifiers are added in order to fix bugs RAM before the barrier and reloaded afterwards. Again that are observed during testing. we believe this implementation to be correct, even though the analogous use of memory barriers around 3. Visibility Semantics for nesC mutex lock and unlock operations is not sufficient, as pointed out by Boehm [3]. We discuss this issue further nesC encourages the use of a static programming model under related work. Our second transformation enables with no dynamic memory allocation. Thus, in the rest a minor performance optimization where the volatile of this paper we will discuss concurrency, atomicity and qualifier can be removed from asynchronous variables visibility in terms of variables rather than more general that have already been declared as volatile. memory objects. While memory barriers cannot be portably speci- fied,1 they are supported by many C compilers. For in- nesC’s concurrency model divides global variables into three categories: synchronous, asynchronous, and 1The common idiom of calling an external function would not racing. Synchronous variables are not modified by con- seem sufficient to prevent optimization of static global variables. 2 application (loc) sync async race vol memory barriers strictly reduce the number of optimiza- blinktask (1871) 18 4 0 3 tions that the compiler can apply, and gcc is invoked osc (5587) 34 25 7 3 with its optimize-for-size flag. genericbase (6941) 51 57 1 4 Figure 3 shows the impact of our transformations rfmtoleds (7401) 57 46 7 4 on application duty cycles. Again the baseline is the cnttoledsandrfm (7810) 68 50 8 4 duty cycle of the executable generated by the unmodi- micahwverify (8131) 68 50 8 4 fied nesC toolchain. Adding the visibility guarantee has sensetorfm (8259) 67 54 8 4 no clear effect in either direction on application perfor- testtimestamping (8308) 60 57 22 5 mance, and the differences are at most a few percent. surge (10657) 117 53 10 4 ident (11146) 101 50 8 4 6. Related Work hfs (12284) 118 51 17 4 Boehm [3] discusses why C cannot reliably be used for threaded (concurrent) programming without compiler Table 1. Kinds of variables in the TinyOS ap- knowledge of threads. In particular, he shows that the plications that we use to evaluate our work. common approach of ensuring that mutex lock and un- The volatility of a variable is independent of lock operations contain compiler-level memory barri- whether it is synchronous, asynchronous, or ers is not sufficient to ensure correctness.
Recommended publications
  • Graphical Product-Line Configuration of Nesc-Based Sensor Network Applications Using Feature Models

    Graphical Product-Line Configuration of Nesc-Based Sensor Network Applications Using Feature Models

    GRAPHICAL PRODUCT-LINE CONFIGURATION OF NESC-BASED SENSOR NETWORK APPLICATIONS USING FEATURE MODELS by MATTHIAS NIEDERHAUSEN Diplom, University of Applied Sciences, Frankfurt, Germany, 2007 A THESIS submitted in partial fulfillment of the requirements for the degree MASTER OF SCIENCE Department of Computing and Information Sciences College of Engineering KANSAS STATE UNIVERSITY Manhattan, Kansas 2008 Approved by: Major Professor John Hatcliff Copyright Matthias Niederhausen 2008 Abstract Developing a wireless sensor network application includes a variety of tasks, such as coding of the implementation, designing the architecture and assessing availability of hardware components, that provide necessary capabilities. Before compiling an application, the developer has to con- figure the selection of hardware components and set up required parameters. One has to choose from among a variety of configurations regarding communication parameters, such as frequency, channel, subnet identifier, transmission power, etc.. This configuration step also includes setting up parameters for the selection of hardware components, such as a specific hardware platform, which sensor boards and programmer boards to be used or the use of optional services and more. Reasoning about a proper selection of configuration parameters is often very difficult, since there are a lot of dependencies among these parameters which may rule out some other options. The developer has to know about all these constraints in order to pick a valid configuration. Unfor- tunately, the existing makefile approach that comes with nesC is poorly organized and does not capture important compatibility constraints. The configuration of a particular nesC application is distributed in multiple makefiles. There- fore a developer has to look at multiple files to make sure all necessary parameter are set up correctly for compiling a specific application.
  • FPGA BASED RECONFIGURABLE BODY AREA NETWORK USING Nios II and Uclinux

    FPGA BASED RECONFIGURABLE BODY AREA NETWORK USING Nios II and Uclinux

    FPGA BASED RECONFIGURABLE BODY AREA NETWORK USING Nios II AND uClinux A Thesis Submitted to the College of Graduate Studies and Research in Partial Fulfillment of the Requirements for the Degree of Master of Science in the Department of Electrical and Computer Engineering University of Saskatchewan by Anthony Voykin Saskatoon, Saskatchewan, Canada c Copyright Anthony Voykin, April 2013. All rights reserved. Permission to Use In presenting this thesis in partial fulfillment of the requirements for a Postgraduate degree from the University of Saskatchewan, it is agreed that the Libraries of this University may make it freely available for inspection. Permission for copying of this thesis in any manner, in whole or in part, for scholarly purposes may be granted by the professors who supervised this thesis work or, in their absence, by the Head of the Department of Electrical and Computer Engineering or the Dean of the College of Graduate Studies and Research at the University of Saskatchewan. Any copying, publication, or use of this thesis, or parts thereof, for financial gain without the written permission of the author is strictly prohibited. Proper recognition shall be given to the author and to the University of Saskatchewan in any scholarly use which may be made of any material in this thesis. Request for permission to copy or to make any other use of material in this thesis in whole or in part should be addressed to: Head of the Department of Electrical and Computer Engineering 57 Campus Drive University of Saskatchewan Saskatoon, Saskatchewan, Canada S7N 5A9 i Acknowledgments I would like to thank my advisors Professor Ron Bolton and Professor Francis Bui for providing me with guidance and support necessary to complete my thesis work.
  • Operating Systems and Applications for Embedded Systems >>> Toolchains

    Operating Systems and Applications for Embedded Systems >>> Toolchains

    >>> Operating Systems And Applications For Embedded Systems >>> Toolchains Name: Mariusz Naumowicz Date: 31 sierpnia 2018 [~]$ _ [1/19] >>> Plan 1. Toolchain Toolchain Main component of GNU toolchain C library Finding a toolchain 2. crosstool-NG crosstool-NG Installing Anatomy of a toolchain Information about cross-compiler Configruation Most interesting features Sysroot Other tools POSIX functions AP [~]$ _ [2/19] >>> Toolchain A toolchain is the set of tools that compiles source code into executables that can run on your target device, and includes a compiler, a linker, and run-time libraries. [1. Toolchain]$ _ [3/19] >>> Main component of GNU toolchain * Binutils: A set of binary utilities including the assembler, and the linker, ld. It is available at http://www.gnu.org/software/binutils/. * GNU Compiler Collection (GCC): These are the compilers for C and other languages which, depending on the version of GCC, include C++, Objective-C, Objective-C++, Java, Fortran, Ada, and Go. They all use a common back-end which produces assembler code which is fed to the GNU assembler. It is available at http://gcc.gnu.org/. * C library: A standardized API based on the POSIX specification which is the principle interface to the operating system kernel from applications. There are several C libraries to consider, see the following section. [1. Toolchain]$ _ [4/19] >>> C library * glibc: Available at http://www.gnu.org/software/libc. It is the standard GNU C library. It is big and, until recently, not very configurable, but it is the most complete implementation of the POSIX API. * eglibc: Available at http://www.eglibc.org/home.
  • A Review on Elliptic Curve Cryptography for Embedded Systems

    A Review on Elliptic Curve Cryptography for Embedded Systems

    International Journal of Computer Science & Information Technology (IJCSIT), Vol 3, No 3, June 2011 A REVIEW ON ELLIPTIC CURVE CRYPTOGRAPHY FOR EMBEDDED SYSTEMS Rahat Afreen 1 and S.C. Mehrotra 2 1Tom Patrick Institute of Computer & I.T, Dr. Rafiq Zakaria Campus, Rauza Bagh, Aurangabad. (Maharashtra) INDIA [email protected] 2Department of C.S. & I.T., Dr. B.A.M. University, Aurangabad. (Maharashtra) INDIA [email protected] ABSTRACT Importance of Elliptic Curves in Cryptography was independently proposed by Neal Koblitz and Victor Miller in 1985.Since then, Elliptic curve cryptography or ECC has evolved as a vast field for public key cryptography (PKC) systems. In PKC system, we use separate keys to encode and decode the data. Since one of the keys is distributed publicly in PKC systems, the strength of security depends on large key size. The mathematical problems of prime factorization and discrete logarithm are previously used in PKC systems. ECC has proved to provide same level of security with relatively small key sizes. The research in the field of ECC is mostly focused on its implementation on application specific systems. Such systems have restricted resources like storage, processing speed and domain specific CPU architecture. KEYWORDS Elliptic curve cryptography Public Key Cryptography, embedded systems, Elliptic Curve Digital Signature Algorithm ( ECDSA), Elliptic Curve Diffie Hellman Key Exchange (ECDH) 1. INTRODUCTION The changing global scenario shows an elegant merging of computing and communication in such a way that computers with wired communication are being rapidly replaced to smaller handheld embedded computers using wireless communication in almost every field. This has increased data privacy and security requirements.
  • System Size BOF

    System Size BOF

    ELC 2009 System Size BOF Michael Opdenacker Free Electrons 1 Free Electrons. Kernel, drivers and embedded Linux development, consulting, training and support. http//free-electrons.com Rights to copy © Copyright 2004-2009, Free Electrons [email protected] Document sources: http://free-electrons.com/pub/conferences/2009/elc/ Updates on size reduction techniques can be found on http://free-electrons.com/docs/optimizations/ Attribution ± ShareAlike 3.0 You are free to copy, distribute, display, and perform the work Corrections, suggestions, to make derivative works contributions and translations are welcome! to make commercial use of the work Under the following conditions Latest update: Apr 28, 2009 Attribution. You must give the original author credit. Share Alike. If you alter, transform, or build upon this work, you may distribute the resulting work only under a license identical to this one. For any reuse or distribution, you must make clear to others the license terms of this work. Any of these conditions can be waived if you get permission from the copyright holder. Your fair use and other rights are in no way affected by the above. License text: http://creativecommons.org/licenses/by-sa/3.0/legalcode 2 Free Electrons. Kernel, drivers and embedded Linux development, consulting, training and support. http//free-electrons.com 24 slides... To avoid a tragic increase in the size of your system. 3 Free Electrons. Kernel, drivers and embedded Linux development, consulting, training and support. http//free-electrons.com Why system size matters Because Linux wouldn©t fit otherwise To leave more space for user data (media players) To keep things easier to maintain Lighter code is faster to boot We should stop size growth because we don©t want to force people to use old kernels and old software.
  • Embedded Linux Training

    Embedded Linux Training

    Free Electrons Embedded Linux training Gregory Clement Thomas Petazzoni Michael Opdenacker Free Electrons. Kernel, drivers and embedded Linux development, consulting, training and support. http//free-electrons.com Rights to copy © Copyright 2004-2011, Free Electrons [email protected] Electronic version of this document available on http://free-electrons.com/doc/training/embedded-linux Updates will be available on http://free-electrons.com/doc/training/embedded-linux/ Attribution ± ShareAlike 3.0 Corrections, suggestions, You are free contributions and translations are welcome! to copy, distribute, display, and perform the work to make derivative works Latest update: Feb 14, 2011 to make commercial use of the work Under the following conditions Attribution. You must give the original author credit. Share Alike. If you alter, transform, or build upon this work, you may distribute the resulting work only under a license identical to this one. For any reuse or distribution, you must make clear to others the license terms of this work. Any of these conditions can be waived if you get permission from the copyright holder. Your fair use and other rights are in no way affected by the above. License text: http://creativecommons.org/licenses/by-sa/3.0/legalcode Free Electrons. Kernel, drivers and embedded Linux development, consulting, training and support. http//free-electrons.com Linux kernel Linux device drivers Free Electrons Board support code Our services Mainstreaming kernel code Kernel debugging Custom Development System integration
  • Aicesis Presidency

    Aicesis Presidency

    20 YEARS 1999 2019 INTERNATIONAL ASSOCIATION OF ECONOMIC AND SOCIAL COUNCILS AND SIMILAR INSTITUTIONS President Iacob Baciu AICESIS PRESIDENCY SEPTEMBER 2017-OCTOBER 2019 President Iacob Baciu AICESIS PRESIDENCY – SEPTEMBER 2017-OCTOBER 2019 BOARD AND GENERAL ASSEMBLY INTERNATIONAL CONFERENCE ILO-AICESIS-ESC OF ROMANIA 9 – 11 OCTOBER 2019, BUCHAREST, ROMANIA AICESIS PRESIDENCY BETWEEN SEPTEMBER 2017 AND OCTOBER 2019 President Iacob Baciu I had the privilege and honour of being the President of the International Asso- ciation of Economic and Social Councils and Similar Institutions (AICESIS) for a two-year term, from September 2017 to October 2019, and the main theme of my mandate was the digital revolution. Industry 4.0, as named by Chancellor Angela Merkel in 2011, represents the fourth stage of the Industrial Revolution and has brought major changes in the economy, labour relations, labour market, education, significantly influencing social life. The next industrial revolution finds itself on an unknown horizon and is difficult to predict. Humanity has come a long way in seeking its solutions to the problems it faces; history has recorded all the achievements, hesitations, mistakes, conflicts and progress made. Only if we learn from experience will we be able to avoid repeating the mistakes made. The first industrial revolution began at the end of the eighteenth century and in the first decades of the nineteenth century first in England, which managed to remain the world’s first industrial power until the end of the nineteenth century. In France, the industrial revolution evolved slowly, its beginnings dating back to the 1830s. The low demand for industrial products under a predominantly agrarian population meant that the true industrial era began only in 1890.
  • Implantación De Linux Sobre Microcontroladores

    Implantación De Linux Sobre Microcontroladores

    Embedded Linux system development Embedded Linux system development DSI Embedded Linux Free Electrons Developers © Copyright 2004-2018, Free Electrons. Creative Commons BY-SA 3.0 license. Latest update: March 14, 2018. Document updates and sources: http://free-electrons.com/doc/training/embedded-linux Corrections, suggestions, contributions and translations are welcome! DSI - FCEIA http://dsi.fceia.unr.edu.ar 1/263 Derechos de copia © Copyright 2018, Luciano Diamand Licencia: Creative Commons Attribution - Share Alike 3.0 http://creativecommons.org/licenses/by-sa/3.0/legalcode Ud es libre de: I copiar, distribuir, mostrar y realizar el trabajo I hacer trabajos derivados I hacer uso comercial del trabajo Bajo las siguientes condiciones: I Atribuci´on. Debes darle el cr´editoal autor original. I Compartir por igual. Si altera, transforma o construye sobre este trabajo, usted puede distribuir el trabajo resultante solamente bajo una licencia id´enticaa ´esta. I Para cualquier reutilizaci´ono distribuci´on,debe dejar claro a otros los t´erminos de la licencia de este trabajo. I Se puede renunciar a cualquiera de estas condiciones si usted consigue el permiso del titular de los derechos de autor. El uso justo y otros derechos no se ven afectados por lo anterior. DSI - FCEIA http://dsi.fceia.unr.edu.ar 2/263 Hiperv´ınculosen el documento Hay muchos hiperv´ınculosen el documento I Hiperv´ıncluosregulares: http://kernel.org/ I Enlaces a la documentaci´ondel Kernel: Documentation/kmemcheck.txt I Enlaces a los archivos fuente y directorios del kernel: drivers/input include/linux/fb.h I Enlaces a declaraciones, definiciones e instancias de los simbolos del kernel (funciones, tipos, datos, estructuras): platform_get_irq() GFP_KERNEL struct file_operations DSI - FCEIA http://dsi.fceia.unr.edu.ar 3/263 Introducci´ona Linux Embebido Introducci´ona DSI Linux Embebido Embedded Linux Developers Free Electrons © Copyright 2004-2018, Free Electrons.
  • NASA Engineering and Safety Center Technical Assessment Report

    NASA Engineering and Safety Center Technical Assessment Report

    Version: NASA Engineering and Safety Center 1.0 Technical Assessment Report Title: Page #: National Highway Traffic Safety Administration 1 of 177 Toyota Unintended Acceleration Investigation Technical Support to the National Highway Traffic Safety Administration (NHTSA) on the Reported Toyota Motor Corporation (TMC) Unintended Acceleration (UA) Investigation January 18, 2011 NESC Assessment #: TI-10-00618 NASA Engineering and Safety Center Version: 1.0 Technical Assessment Report Title: Page #: National Highway Traffic Safety Administration 2 of 177 Toyota Unintended Acceleration Investigation Report Approval and Revision History Approval and Document Revision History NOTE: This document was approved at the January 13, 2011, NRB. This document was submitted to the NESC Director on January 19, 2011, for configuration control. Approved Original Signature on File 1/19/11 Version: 1.0 NESC Director Date Office of Primary Version Description of Revision Effective Date Responsibility 1.0 Initial Release Michael T. Kirsch, 1/13/11 NESC Principal Engineer, LaRC REDACTION NOTE Since public release of this report on February 8, 2011, the Agency has revised its redactions to the document to release certain material previously deemed confidential under U.S.C. § 30167. This document, which was posted April 15, 2011 to NHTSA’s web site, replaces the one posted previously and contains the Agency’s revised redactions. NESC Assessment #: TI-10-00618 Version: NASA Engineering and Safety Center 1.0 Technical Assessment Report Title: Page #: National Highway
  • Cyber-Physical Codesign of Distributed Structural Health

    Cyber-Physical Codesign of Distributed Structural Health

    1 Cyber-Physical Codesign of Distributed Structural Health Monitoring with Wireless Sensor Networks Gregory Hackmann, Weijun Guo, Guirong Yan, Zhuoxiong Sun, Chenyang Lu, and Shirley Dyke Abstract—Our deteriorating civil infrastructure faces the critical challenge of long-term structural health monitoring for damage detection and localization. In contrast to existing research that often separates the designs of wireless sensor networks and structural engineering algorithms, this paper proposes a cyber-physical co-design approach to structural health monitoring based on wireless sensor networks. Our approach closely integrates (1) flexibility-based damage localization methods that allow a tradeoff between the number of sensors and the resolution of damage localization, and (2) an energy-efficient, multi-level computing architecture specifically designed to leverage the multi-resolution feature of the flexibility-based approach. The proposed approach has been implemented on the Intel Imote2 platform. Experiments on a simulated truss structure and a real, full-scale truss structure demonstrate the system’s efficacy in damage localization and energy efficiency. Index Terms—wireless sensor networks, structural health monitoring, cyber-physical systems F 1 INTRODUCTION lantern batteries [29]. The high latency and relatively short lifetime arose from the underlying SHM method Deterioration of civil infrastructure is a growing problem being designed separately from the WSN system. The in the US and around the world. For example, during SHM method required the WSN to reliably deliver the their lifetimes, bridges face environmental corrosion, entire raw sensor dataset to the base station for cen- persistent traffic and wind loading, extreme earthquake tralized processing, inherently placing a high network events, material aging, etc., which inevitably result in burden on the WSN system.
  • Future-Proofing the Connected World: 13 Steps to Developing Secure Iot Products

    Future-Proofing the Connected World: 13 Steps to Developing Secure Iot Products

    Future-proofing the Connected World: 13 Steps to Developing Secure IoT Products Presented by the IoT Working Group Table of Contents Forward Introduction Document Scope The Need for IoT Security IoT Products Can Compromise Privacy IoT products can lend their computing power to launch DDoS Attacks Medical Devices and Medical Standard Protocols are Vulnerable to Attack Drones Are Approaching Mainstream Status and Being Used as a Platform for Reconnaissance Critical national infrastructure can rely on the IoT ecosystem Cars are becoming connected and autonomous Moving Forward Why Development Organizations Should Care About Securing IoT Products IoT Device Security Challenges IoT products may be deployed in insecure or physically exposed environments Security is new to many manufacturers and there is limited security planning in development methodologies Security is not a business driver and there is limited security sponsorship and management support in development of IoT products There is a lack of defined standards and reference architecture for secure IoT development There are difficulties recruiting and retaining requisite skills for IoT development teams including architects, secure software engineers, hardware security engineers, and security testing staff The low price point increases the potential adversary pool Resource constraints in embedded systems limit security options IoT Security Survey Guidance for Secure IoT Development 1. Start with a Secure Development Methodology Security Requirements Security Processes Perform Safety Impact Assessment Perform Threat Modeling 2. Implement a Secure Development and Integration Environment Evaluate Programming Languages OWASP Python Security Project Link Integrated Development Environments Continuous Integration Plugins Testing and Code Quality Processes 3. Identify Framework and Platform Security Features Selecting an Integration Framework Evaluate Platform Security Features 4.
  • Internet of Things (Iot) Operating Systems Management: Opportunities, Challenges, and Solution

    Internet of Things (Iot) Operating Systems Management: Opportunities, Challenges, and Solution

    sensors Editorial Internet of Things (IoT) Operating Systems Management: Opportunities, Challenges, and Solution Yousaf Bin Zikria 1, Sung Won Kim 1,*, Oliver Hahm 2, Muhammad Khalil Afzal 3 and Mohammed Y. Aalsalem 4 1 Department of Information and Communication Engineering, Yeungnam University, 280 Daehak-Ro, Gyeongsan, Gyeongbuk 38541, Korea; [email protected] 2 Zühlke Group, Eschborn, 65760 Hessen, Germany; [email protected] 3 Department of Computer Science, COMSATS University Islamabad, Wah Campus, Wah Cantt 47010, Pakistan; [email protected] 4 Department of Computer Networks, Jazan University, Jazan 45142, Saudi Arabia; [email protected] * Correspondence: [email protected]; Tel.: +82-53-810-4742 Received: 9 April 2019; Accepted: 11 April 2019; Published: 15 April 2019 Abstract: Internet of Things (IoT) is rapidly growing and contributing drastically to improve the quality of life. Immense technological innovations and growth is a key factor in IoT advancements. Readily available low cost IoT hardware is essential for continuous adaptation of IoT. Advancements in IoT Operating System (OS) to support these newly developed IoT hardware along with the recent standards and techniques for all the communication layers are the way forward. The variety of IoT OS availability demands to support interoperability that requires to follow standard set of rules for development and protocol functionalities to support heterogeneous deployment scenarios. IoT requires to be intelligent to self-adapt according to the network conditions. In this paper, we present brief overview of different IoT OSs, supported hardware, and future research directions. Therein, we provide overview of the accepted papers in our Special Issue on IoT OS management: opportunities, challenges, and solution.