DOCSLIB.ORG

Secure RTOS Architecture for Building Automation

Total Page:16

File Type:pdf, Size:1020Kb

Download full-text PDF Read full-text

Load more

Secure RTOS Architecture for Building Automation Xiaolong Wang Masaaki Mizuno Mitch Neilsen Kansas State University Kansas State University Kansas State University Manhattan, Kansas, USA Manhattan, Kansas, USA Manhattan, Kansas, USA [email protected] [email protected] [email protected] Xinming Ou S. Raj Rajagopalan Kansas State University Honeywell ACS Labs Manhattan, Kansas, USA [email protected] [email protected] Will G. Baldwin Bryan Phillips Biosecurity Research Institute Biosecurity Research Institute Manhattan, Kansas, USA Manhattan, Kansas, USA [email protected] [email protected] ABSTRACT 1. INTRODUCTION Building Automation System (BAS) is a computer-based control Building Automation System (BAS) is a complex network-based system that is widely installed in office buildings and laboratories for distributed control system responsible for the communication and monitoring and controlling mechanical/electrical equipment. With cooperation of different electrical/mechanical subsystems. A typical the advancements in Cyber-Physical System (CPS) and Internet building automation is designed to automatically control a build- of Things (IoTs), BAS is in the process of becoming more intelli- ing’s heating, ventilation, and air conditioning (HVAC). Along with gent by merging computing resources and network communication advances in control systems, BAS has evolved into a gigantic sys- with physical control. Along with potential benefits, it also brings tem. It not only handles HVAC, lighting, air humidity, but also tremendous risks of security breaches and safety violations, espe- manages building security and safety subsystems by controlling and cially when it comes to Programmable Logic Controllers (PLCs). monitoring fire and flood safety, CCTV, elevator, power supply, and In this paper, we systematically analyze biocontainment laboratory part of the process for room access authentication. Often, BAS pro- control models based on real case scenarios from Biosecurity Re- vides a communication backbone which serves as an infrastructure search Institute (BRI) at Kansas State University. We present a that provides rules, policies, and integration medium for different vision for a new secure Real-Time Operating System (RTOS) archi- subsystems. tecture, which leverages various technologies, including microkernel Buildings, including commercial, government, and private, are structure, Trusted Platform Module (TPM), proxy-based policy en- a ubiquitous critical infrastructure [37] and yet the last to be con- forcement, and formal verification. The secure RTOS architecture is sidered as such. The Boston Marathon bombing revealed that the designed specifically to work with embedded controllers which are financial losses from the shutting down of large commercial build- widely used in BAS and other CPS to achieve a highly secure and ings in the area were in the hundreds of thousands of dollars per day. trustworthy control system. Recent cyber attacks have targeted critical infrastructure control system [1, 31] raising safety and security concerns. The safety and security of BAS is at high risk. Unfortunately, there have been few Categories and Subject Descriptors systematic studies of cybersecurity for building controls, in part be- D.4.6 [Operating Systems]: Security and Protection cause the sector is completely dominated by vendors who mostly do not have much interest in academic research. A significant number General Terms of off-the-shelf BAS products in the market are currently based on outdated technologies, which have limited security features, and un- Design; Security; Reliability predictable vulnerabilities due to their backward-compatible designs and focus on ease of maintenance. Moreover, the building industry Keywords is highly fragmented and no single vendor has a controlling share of the market to force change, which makes the situation even more Cyber-Physical System; Building Automation; RTOS; Microkernel; challenging. TPM; Trusted Computing In this paper, we conduct a systematic case study of biocon- Permission to make digital or hard copies of all or part of this work for tainment facility building automation system based on real case personal or classroom use is granted without fee provided that copies are not scenarios from Biosecurity Research Institute (BRI) at Kansas State made or distributed for profit or commercial advantage and that copies bear University, and analyze specification of the requirements for each this notice and the full citation on the first page. Copyrights for components control task. We provide a new possible research direction to se- of this work owned by others than ACM must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to cure CPS infrastructure from an operating system’s point of view redistribute to lists, requires prior specific permission and/or a fee. Request and present a roadmap of our proposed secure operating system permissions from [email protected]. architecture. Our contributions are: CPS-SPC’15, October 16 2015, Denver, Colorado USA ©2015 ACM. ISBN 978-1-4503-3827-1/15/10 ...$15.00 DOI: http://dx.doi.org/10.1145/2808705.2808709. 79 • We systematically study realistic bio-containment facility 2.1 PLC Basics building scenarios and identify safety requirements therein. PLCs play a critical rule in control systems. A PLC is a digi- • We provide a detailed analysis of potential security vulner- tal embedded device used for automation of industrial processes. abilities in the BAS and how that may impact the safety re- They perform real-time control of electromechanical processes. A quirements of biocontainment facilities. PLC works by continually scanning a program, which is called the scan cycle. This involves reading sensor measurements repeatedly, • We propose an architecture and roadmap for ensuring secu- executing control logic program to calculate output, and actuating rity/safety properties of building environments by adopting output with electromechanical processes. PLCs are responsible for a microkernel-based architecture, where the real-time oper- constantly adjusting physical machinery based on the sensor mea- ating systems (RTOS) on embedded controllers become the surement as well as functions as a gateway between the machinery security anchors for such cyber physical systems. We point to and human operators. PLCs translate continuous analog signals directions where this architecture could be used to strengthen into digital values. Processing is performed using a cycle of input, the security/safety properties of BAS. processing and output. The control logic for processing is typically represented using relay ladder logic written in a graphical language. 2. BACKGROUND The most widely used PLC control structure is a Proportional Inte- Buildings worldwide account for 30% to 40% of global energy gral Derivative (PID) controller. This controller algorithm has three consumption [45]. There are increasing concerns of energy effi- separate constant parameters: the proportional, the integral, and the ciency and high demand for more intelligent buildings. A number derivative values. PID controllers are used to dynamically adjust of advanced technologies are designed to incorporate into BAS to output by comparing setpoint (desired value) and actual value of the make it smarter. The concept of Smart Building has existed since process variable from the process under control. the 1980’s, and a definition given by the Intelligent Building Insti- 2.2 PLC Security Issues tution in Washington is “one which integrates various systems to effectively manage resources in a coordinated mode to maximize: BAS security and safety has gradually raised concerns of both technical performances; investment and operating cost savings; flex- industry and academia. While many researchers are working to ibility.” [13]. The idea is to use computers and networks to au- secure BAS protocols, and designing new detection algorithms [6, tomatically perform operations based on predefined rules. Today 8] we believe that the security of Programmable Logic Controller leveraging the advance of Internet and various digital technologies, is overlooked. PLC is the controller that directly interacts with researchers are proposing Cyber-Physical System (CPS) and Inter- sensors and actuators, as a central anchor. The stability of PLCs is net of Things (IoTs), which conjoin computational and physical the weak link in a chain that directly influences the robustness of the resources through digital networks to achieve a more intelligent, BAS. Current PLCs, however, are relatively fragile. A majority of automatic, and energy-efficient control system. PLCs are limited electrical devices that run a control loop directly The benefits new technologies bring to BAS have also opened the on bare hardware. They lack functionality for simple emergency gate for various safety and security risks. Those trends in the build- situations such as power outage or network failures. Some PLCs ing industry such as convergence of control and IT networks, use of run a simple real-time operating system (RTOS); e.g., FreeRTOS. mobile devices to access building controls, and the increasing use All applications are compiled together with a real-time scheduler of COTS is raising the risk of cybersecurity breaches dramatically. in a single binary file. Systems lack the capability for handling Even though the number of reported attacks on Industrial Control complex situations and the absence of protection
Recommended publications
  • All Computer Applications Need to Store and Retrieve Information

    All Computer Applications Need to Store and Retrieve Information

    MyFS: An Enhanced File System for MINIX A Dissertation Submitted in partial fulfillment of the requirement for the award of the degree of MASTER OF ENGINEERING ( COMPUTER TECHNOLOGY & APPLICATIONS ) By ASHISH BHAWSAR College Roll No. 05/CTA/03 Delhi University Roll No. 3005 Under the guidance of Prof. Asok De Department Of Computer Engineering Delhi College Of Engineering, New Delhi-110042 (University of Delhi) July-2005 1 CERTIFICATE This is to certify that the dissertation entitled “MyFS: An Enhanced File System for MINIX” submitted by Ashish Bhawsar in the partial fulfillment of the requirement for the award of degree of Master of Engineering in Computer Technology and Application, Delhi College of Engineering is an account of his work carried out under my guidance and supervision. Professor D. Roy Choudhury Professor Asok De Head of Department Head of Department Department of Computer Engineering Department of Information Technology Delhi College of Engineering Delhi College of Engineering Delhi Delhi 2 ACKNOWLEDGEMENT It is a great pleasure to have the opportunity to extent my heartiest felt gratitude to everybody who helped me throughout the course of this project. I would like to express my heartiest felt regards to Dr. Asok De, Head of the Department, Department of Information Technology for the constant motivation and support during the duration of this project. It is my privilege and owner to have worked under the supervision. His invaluable guidance and helpful discussions in every stage of this thesis really helped me in materializing this project. It is indeed difficult to put his contribution in few words. I would also like to take this opportunity to present my most sincere regards to Dr.
  • Microkernel Construction Introduction

    Microkernel Construction Introduction

    Microkernel Construction Introduction Nils Asmussen 04/09/2020 1 / 32 Normal Organization Thursday, 4th DS, 2 SWS Slides: www.tudos.org ! Studies ! Lectures ! MKC Subscribe to our mailing list: www.tudos.org/mailman/listinfo/mkc2020 In winter term: Microkernel-based operating systems (MOS) Various labs 2 / 32 Organization due to COVID-19 Slides and video recordings of lectures will be published Questions can be asked on the mailing list Subscribe to the mailing list! Practical exercises are planed for the end of the semester Depending on how COVID-19 continues, exercises are in person or we use some video-conferencing tool 3 / 32 Goals 1 Provide deeper understanding of OS mechanisms 2 Look at the implementation details of microkernels 3 Make you become enthusiastic microkernel hackers 4 Propaganda for OS research done at TU Dresden and Barkhausen Institut 4 / 32 Outline Organization Monolithic vs. Microkernel Kernel design comparison Examples for microkernel-based systems Vision vs. Reality Challenges Overview About L4/NOVA 5 / 32 Monolithic Kernel System Design u s Application Application Application e r k Kernel e r File Network n e Systems Stacks l m Memory Process o Drivers Management Management d e Hardware 6 / 32 Monolithic Kernel OS (Propaganda) System components run in privileged mode No protection between system components Faulty driver can crash the whole system Malicious app could exploit bug in faulty driver More than 2=3 of today's OS code are drivers No need for good system design Direct access to data structures Undocumented
  • Flexible Task Management for Self-Adaptation of Mixed-Criticality Systems with an Automotive Example

    Flexible Task Management for Self-Adaptation of Mixed-Criticality Systems with an Automotive Example

    Fakultat¨ fur¨ Informatik Fachgebiet Vernetzte Rechensysteme Technische Universitat¨ Munchen¨ Flexible Task Management for Self-Adaptation of Mixed-Criticality Systems with an Automotive Example Daniel Andreas Krefft Vollst¨andigerAbdruck der von der Fakult¨atf¨urInformatik der Technischen Universit¨at M¨unchen zur Erlangung des akademischen Grades eines Doktors der Naturwissenschaften (Dr.rer.nat.) genehmigten Dissertation. Vorsitzende: Prof. Dr. Claudia Eckert Pr¨ufendeder Dissertation: Prof. Dr. Uwe Baumgarten Prof. Dr.-Ing. Andreas Herkersdorf Die Dissertation wurde am 22.08.2018 bei der Technischen Universit¨atM¨unchen eingereicht und durch die Fakult¨atf¨urInformatik am 11.12.2018 angenommen. Abstract With regard to future connected cars, there are two trends leading to consolidated hard- ware devices as well as an increasing software complexity within a car. In consequence, a rising number of software needs to use the provided resources of a few high-performance hardware devices. For an efficient resource usage, a flexible software management sup- porting the (self-)adaptation of a software system is getting more and more important - even within a car. This flexible software management therefore needs to consider the criticality and real-time properties of an application within this context. Corresponding to the hardware consolidation, the management approach should be combined with the actual application on one hardware device. With a recent advance of multi-core embed- ded systems, there exists a potential hardware platform which is able to support this combination in an embedded context. Especially, the usage of a flexible management supporting the self-adaptation of a mixed-criticality software system on an embedded hardware device during run-time is of interest.
  • A Secure Computing Platform for Building Automation Using Microkernel-Based Operating Systems Xiaolong Wang University of South Florida, Xiaolongw@Mail.Usf.Edu

    A Secure Computing Platform for Building Automation Using Microkernel-Based Operating Systems Xiaolong Wang University of South Florida, [email protected]

    University of South Florida Scholar Commons Graduate Theses and Dissertations Graduate School November 2018 A Secure Computing Platform for Building Automation Using Microkernel-based Operating Systems Xiaolong Wang University of South Florida, [email protected] Follow this and additional works at: https://scholarcommons.usf.edu/etd Part of the Computer Sciences Commons Scholar Commons Citation Wang, Xiaolong, "A Secure Computing Platform for Building Automation Using Microkernel-based Operating Systems" (2018). Graduate Theses and Dissertations. https://scholarcommons.usf.edu/etd/7589 This Dissertation is brought to you for free and open access by the Graduate School at Scholar Commons. It has been accepted for inclusion in Graduate Theses and Dissertations by an authorized administrator of Scholar Commons. For more information, please contact [email protected]. A Secure Computing Platform for Building Automation Using Microkernel-based Operating Systems by Xiaolong Wang A dissertation submitted in partial fulfillment of the requirements for the degree of Doctor of Philosophy in Computer Science and Engineering Department of Computer Science and Engineering College of Engineering University of South Florida Major Professor: Xinming Ou, Ph.D. Jarred Ligatti, Ph.D. Srinivas Katkoori, Ph.D. Nasir Ghani, Ph.D. Siva Raj Rajagopalan, Ph.D. Date of Approval: October 26, 2018 Keywords: System Security, Embedded System, Internet of Things, Cyber-Physical Systems Copyright © 2018, Xiaolong Wang DEDICATION In loving memory of my father, to my beloved, Blanka, and my family. Thank you for your love and support. ACKNOWLEDGMENTS First and foremost, I would like to thank my advisor, Dr. Xinming Ou for his guidance, encouragement, and unreserved support throughout my PhD journey.
  • WAMOS 2015 Second Wiesbaden Workshop on Advanced Microkernel Operating Systems

    WAMOS 2015 Second Wiesbaden Workshop on Advanced Microkernel Operating Systems

    WAMOS 2015 Second Wiesbaden Workshop on Advanced Microkernel Operating Systems Editor / Program Chair: Robert Kaiser RheinMain University of Applied Sciences Information Science Unter den Eichen 5 65195 Wiesbaden Germany Technical Report August 2015 Contents Foreword 3 Program Committee 3 Keynote Talk 5 Session 1: Kernel Design Principles7 Unikernels Kevin Sapper ...........................................7 Shared libraries for the seL4 Kernel Andreas Werner .......................................... 13 Session 2: IPC Performance and Security 19 Improvement of IPC responsiveness in microkernel-based operating systems Steffen Reichmann ......................................... 19 Side Channel and Covert Channel Attacks on Microkernel Architectures Florian Schneider and Alexander Baumgartner¨ ......................... 23 Session 3: Microkernel Scheduling 29 Towards policy-free Microkernels Olga Dedi ............................................. 29 User-level CPU Inheritance Scheduling Sergej Bomke ........................................... 33 Session 4: Device Drivers and I/O 37 USB in a microkernel based operating system Daniel Mierswa and Daniel Tkocz ................................ 37 User-mode device driver development Annalena Gutheil and Benjamin Weißer ............................. 43 Program 50 © Copyright 2015 RheinMain University of Applies Sciences (HSRM). All rights reserved. The copyright of this collection is with HSRM. The copyright of the individual articles remains with their authors. Foreword Welcome to HSRM and to WAMOS
  • Preemption Abstraction a Lightweight Approach to Modelling Concurrency

    Preemption Abstraction a Lightweight Approach to Modelling Concurrency

    Preemption Abstraction A Lightweight Approach to Modelling Concurrency Erik Schierboom3, Alejandro Tamalet1⋆, Hendrik Tews1⋆⋆, Marko van Eekelen12, and Sjaak Smetsers3 1 Digital Security Group, Radboud Universiteit Nijmegen 2 Faculty of Computer Science, Open University 3 BliXem Internet Services {eschierb,tamalet,tews,marko,s.smetsers}@cs.ru.nl Abstract. This paper presents the preemption abstraction, an abstrac- tion technique for lightweight verification of one sequential component of a concurrent system. Thereby, different components of the system are permitted to interfere with each other. The preemption abstraction yields a sequential abstract system that can easily be described in the higher- order logic of a theorem prover. One can therefore avoid the cumbersome and costly reasoning about all possible interleavings of state changes of each system component. The preemption abstraction is best suited for components that use preemption points, that is, where the concurrently running environment can only interfere at a limited number of points. The preemption abstraction has been used to model the IPC subsystem of the Fiasco microkernel. We proved two practically relevant properties of the model. On the attempt to prove a third property, namely that the assertions in the code are always valid, we discovered a bug that could potentially crash the whole system. 1 Introduction In this paper we focus on the verification of the following kind of systems: a component C is running in a concurrent environment E, where E interferes asyn- chronously with the component C by, for instance, changing some state variables of C. The goal is to prove some specified property about the component, regard- less of how the environment behaves.
  • Enabling Energy Efficient Smart Object Networking at Internet-Scale: Experimental Tools, Software Platform, and Information-Cent

    Enabling Energy Efficient Smart Object Networking at Internet-Scale: Experimental Tools, Software Platform, and Information-Cent

    Enabling Energy Efficient Smart Object Networking at Internet-Scale : Experimental Tools, Software Platform, and Information-Centric Networking Protocols Oliver Hahm To cite this version: Oliver Hahm. Enabling Energy Efficient Smart Object Networking at Internet-Scale : Experimental Tools, Software Platform, and Information-Centric Networking Protocols. Networking and Internet Architecture [cs.NI]. Université Paris-Saclay, 2016. English. NNT : 2016SACLX090. tel-01505064 HAL Id: tel-01505064 https://pastel.archives-ouvertes.fr/tel-01505064 Submitted on 10 Apr 2017 HAL is a multi-disciplinary open access L’archive ouverte pluridisciplinaire HAL, est archive for the deposit and dissemination of sci- destinée au dépôt et à la diffusion de documents entific research documents, whether they are pub- scientifiques de niveau recherche, publiés ou non, lished or not. The documents may come from émanant des établissements d’enseignement et de teaching and research institutions in France or recherche français ou étrangers, des laboratoires abroad, or from public or private research centers. publics ou privés. NNT : 2016SACLX090 Thèse de doctorat de l’Université Paris-Saclay préparée à Ecole Polytechnique École doctorale n∘580 Sciences et technologies de l’information et de la communication Spécialité de doctorat: Informatique par M. Oliver Hahm Enabling Energy Efficient Smart Object Networking at Internet-Scale Experimental Tools, Software Platform, and Information-Centric Networking Protocols Thèse présentée et soutenue à Berlin, le 01 décembre 2016. Composition du Jury : M. Jochen H. Schiller Professeur (Président du jury) Freie Universität Berlin M. Carsten Bormann Professeur (Rapporteur) Universität Bremen M. Dirk Kutscher Docteur (Rapporteur) Huawei German Research Center M. Anis Laouiti Maître de conférences (Examinateur) Telecom SudParis M.
  • Real-Time Field Bus Systems with Linux Semester Thesis

    Real-Time Field Bus Systems with Linux Semester Thesis

    Institut für Technische Informatik und Kommunikationsnetze Real-Time Field Bus systems with Linux Semester Thesis Fabian Dalbert [email protected] Computer Engineering and Networks Laboratory Department of Information Technology and Electrical Engineering ETH Zürich Supervisors: Pengcheng Huang Georgia Giannopoulou Tonio Gsell Gert Brettlecker (Ergon Informatik AG) Prof. Dr. Lothar Thiele Thesis ID: SA-2015-21 January 13, 2016 Acknowledgements This thesis was written under the supervision of Pengcheng Huang (pengcheng. [email protected]), Georgia Giannopulou ([email protected]) and Tonio Gsell ([email protected]) at the Computer Engineering and Networks Lab- oratory lead by Professor Dr. Lothar Thiele ([email protected]) at ETH Zurich and Gert Brettlecker ([email protected]) at the Ergon Informatik AG. I would like to thank my supervisors as well as the industry team at Ergon for their incredible patience, their supervision and support and Professor Thiele for the opportunity to write this thesis in his research group. i Abstract Can the timing constraints of a soft real-time field bus protocol be met on a microcontroller running a real-time Linux framework without additional hard- ware? This semester thesis implements and evaluates the MP-Bus protocol, a proprietary field bus protocol developed by the Belimo AG, with a preempt-RT patched Linux operating system. It concludes that software solutions can replace dedicated hardware modules for bus control in soft real-time environments. Dif- ferent real-time capable Linux frameworks and the BACnet MS/TP protocol were additionally assessed in the theoretical part. A kernel module bit banging the UART port using pin multiplexing at runtime to change pin modes to GPIO was implemented to comply with the MP-Bus’ collision avoidance scheme.
  • Interrupt Handler Μ−Kernel – Harder to Let System Services Share Resources Dispatcher • Why?

    Interrupt Handler Μ−Kernel – Harder to Let System Services Share Resources Dispatcher • Why?

    Operating System “Structures” Otto J. Anshus 1 Demo •POS P5 (today) •MorbOS (tomorrow) 2 “Structures” (Architectures) • Layered • OS as Resource Manager & Protector • Monolithic – HW (CPU, memory, ...) – SW (file systems, network stack, ...) • Micro kernel – Isolate users and processes from each other • OS as illusionist (a.k.a. virtual machine) • Virtual Machine – Abstractions – Easy use of abstractions • Unix: read/write data from/to sockets instead of having to • Hybrids handle TCP/IP packets in user level code 3 Layered • Hiding information at each layer • Develop a layer at a time Level N • Examples . – THE (6 layers, semaphores, Dijkstra 1968) . – MS-DOS (4 layers) Level 2 • Pros – Separation of concerns Level 1 – Elegant (at first sight) • Cons Hardware – Protection boundary crossings – Performance 4 Layered • Hiding information at each layer • Develop a layer at a time Level N • Examples . – THE (6 layers, semaphores, Dijkstra 1968) . – MS-DOS (4 layers) Level 2 • Pros – Separation of concerns Level 1 – Elegant (at first sight) • Cons Hardware – Protection boundary crossings – Performance Each layer can end up having to support multiple events happening (a.k.a. complications (and we don’t like complications)) 4 Layered • Hiding information at each layer • Develop a layer at a time Level N • Examples . B – THE (6 layers, semaphores, Dijkstra 1968) . A – MS-DOS (4 layers) Level 2 D • Pros – Separation of concerns Level 1 – Elegant (at first sight) • Cons Hardware – Protection boundary crossings – Performance Each layer can end up having to support multiple events happening (a.k.a. complications (and we don’t like complications)) 4 Monolithic • All of OS is in a fat Kernel User User • Examples program program – Classic Unix (Linux, BSD Unix, ...) return – Windows NT (hybrid) call – Mach (can be a fat kernel) – MacOS (Mach kernel) • Pro entry – Performance – Shared kernel space Kernel (Does it all) • Cons – Stability: Faulty drivers can crash the system (>75% of a modern OS are drivers).
  • From L3 to Sel4 What Have We Learnt in 20 Years of L4 Microkernels?

    From L3 to Sel4 What Have We Learnt in 20 Years of L4 Microkernels?

    From L3 to seL4 What Have We Learnt in 20 Years of L4 Microkernels? Kevin Elphinstone and Gernot Heiser NICTA and UNSW, Sydney fkevin.elphinstone,[email protected] Abstract vices back into the kernel [Condict et al. 1994]. There were The L4 microkernel has undergone 20 years of use and evo- also arguments that high IPC costs were an (inherent?) conse- lution. It has an active user and developer community, and quence of the structure of microkernel-based systems [Chen there are commercial versions which are deployed on a large and Bershad 1993]. scale. In this paper we examine the lessons learnt in those 20 In this context, the order-of-magnitude improvement of years in relation to microkernel design. We revisit the L4 de- IPC costs Liedtke demonstrated was quite remarkable. It was sign papers, re-examine the approaches and conclusions, and followed by work discussing the philosophy and mechanisms provide insights into the long-term validity, or lack thereof, of L4 [Liedtke 1995; 1996a], the demonstration of a para- of the original design and implementation principles. We fur- virtualized Linux on L4 with only a few percent overhead [Hartig¨ et al. 1997], the deployment of an L4 version on ther examine the design of the seL4 kernel, which has pushed 1 the L4 model furthest and was the first OS kernel to undergo billions of mobile devices, and, finally, the world’s first a complete formal verification of its implementation. We use functional correctness proof of an OS kernel [Klein et al. the seL4 design to illustrate how the microkernel has evolved, 2009].
  • MPICH2 on Fiasco.OC/L4re

    MPICH2 on Fiasco.OC/L4re

    Großer Beleg MPICH on Fiasco.OC/L4Re Michael Jahn 16. April 2013 Technische Universität Dresden Faculty of Computer Science Institute of Systems Architecture Chair Of Operating Systems Supervising Professor: Prof. Dr. rer. nat. Hermann Härtig Supervisor: Dipl.-Inf. Carsten Weinhold Selbstständigkeitserklärung (Statutory Declaration) Hiermit erkläre ich, dass ich diese Arbeit selbstständig erstellt und keine anderen als die angegebenen Hilfsmittel benutzt habe. Dresden, den 16. April 2013, Michael Jahn Acknowledgements First I want to thank my supervisor Carsten for guiding me through the process of finishing this work. Further thanks are due to everyone at the OS chair and in the OS lab who kindly helped me with advise, insight and hardware. I want to thank my friend Dirk for lending me an ear when I encountered problems in my work. Last but not least... thanks go out to my dearly beloved Suse and our son Gustav for indulging my coming home late and bringing happiness into my life. Contents 1 Introduction 1 2 Background 3 2.1 Parallel Computational Models . .3 2.1.1 Data Parallelism . .3 2.1.2 Shared-Memory . .3 2.1.3 Message-Passing . .4 2.1.4 Remote Memory Access . .5 2.1.5 Combined Models . .5 2.2 Message Passing Interface . .6 2.3 MPICH . .7 2.4 Process Managers . .7 2.5 The L4 Microkernel Family . .7 2.5.1 Microkernels . .7 2.5.2 L4 . .8 2.5.3 Fiasco . .9 2.6 L4Re . .9 2.7 Related Work . 10 2.7.1 The PARAS Microkernel . 10 2.7.2 IBM Blue Gene/L/P/Q - The Compute Node Kernel (CNK) .

  • System Support for Distributed Energy Management in Modular Operating Systems

    ' $ System Support for Distributed Energy Management in Modular Operating Systems zur Erlangung des akademischen Grades eines Doktors der Ingenieurwissenschaften von der Fakultat¨ fur¨ Informatik des Karlsruher Instituts fur¨ Technologie genehmigte Dissertation von Jan Stoess aus Karlsruhe Tag der mundlichen¨ Prufung¨ : 5. Februar 2010 Hauptreferent: Prof. Dr. Frank Bellosa Karlsruher Institut fur¨ Technologie Korreferent: Prof. Dr. Gernot Heiser University of New South Wales &KIT – Universitat¨ des Landes Baden-Wurttemberg¨ und nationales Forschungszentrum in der Helmholtz-Gemeinschaft www.kit.edu % ii Abstract Energy management has become a challenge for modern computing environments that needs to be addressed by all involved components, including the operating system. At the same time, the trend in operating-system design is moving away from monolithic to modular structures; modern operating systems often come as a small kernel and a set of unprivileged service modules atop. Their custom operating-system abstractions render them extensible; their integrated virtualiza- tion capabilities retain compatibility to existing applications. Nonetheless, most existing energy-management schemes are tailored to monolithic operating sys- tems, where software and hardware can be directly controlled to meet thermal or energy constraints. A modern operating system, however, consists of multiple components, and direct or centralized energy management is unfeasible. This thesis proposes a novel approach for managing energy in modular opera- ting systems. Our approach strives to enable energy awareness and energy mana- gement if the resource-management subsystem is distributed and scattered among operating-system modules rather than being centralized and monolithic. There are four key achievements: a model for modularization-aware energy management; the support for exposed and distributed energy accounting and allocation; the use of different energy-management interaction protocols; and, finally, the support for virtualization of energy effects.