DOCSLIB.ORG

A Secure Isolation of Software Activities in Tiny Scale Systems

Total Page:16

File Type:pdf, Size:1020Kb

Download full-text PDF Read full-text

Load more

A Secure Isolation of Software Activities in Tiny Scale Systems Von der Fakultät 1 MINT - Mathematik, Informatik, Physik, Elektro- und Informationstechnik der Brandenburgischen Technischen Universität Cottbus - Senftenberg zur Erlangung des akademischen Grades Doktor der Naturwissenschaften (Dr. rer. nat.) genehmigte Dissertation vorgelegt von Dipl.-Informatiker Oliver Stecklina geboren am 22.09.1976 in Cottbus Gutachter: Prof. Dr. rer. nat. Peter Langendörfer Gutachter: Prof. Dr.-Ing. habil. Jochen H. Schiller Gutachter: Asst. Prof. Ph.D. Aurelien Francillon Tag der mündlichen Prüfung: 28.10.2016 ii Abstract With the introduction of the Internet at the end of the last century the modern society was fundamentally changed. Computer systems became an element of nearly all parts of our daily live. Due to the interconnection of these systems local borders are mostly vanished, so that information is accessible and exchangeable anywhere and at anytime. But this increased connectivity causes that physical fences are not longer an adequate protection for computer systems. Whereas the security of commodity computer systems was improved continuously and similarly with their increased connectivity, deeply embedded systems were then and now mostly protected by physical fences. But the ubiquitous availability of embedded systems in personal and commercial environments makes these systems likewise accessible and moves them strongly into the focus of security investigations. Deeply embedded systems are usu- ally equipped with tiny scale micro controllers, which are limited in their available resources and do not feature secure mechanisms to isolate system resources. Hence, a single error in a local software component is not limited to the component itself, instead the complete system may be influenced. The lack of resource isolation makes tiny scale systems prone for accidental errors but in particular vulnerable for a broad variety of malicious software. For a safe and secure operation of computer systems it is strongly recommended that software components are isolated in such a manner that they have access only to those resources, which are assigned to them. Even though a substantial number of approaches in the con- text of embedded system’s safety were investigated during the last fifteen years, security was mostly neglected. This thesis is focused on security aspects where malicious software wittingly tries to bypass available protection mechanisms. The thesis introduces a security platform for tiny scale systems that enforces an isolation of software components considering security aspects. Due to the limited resources of tiny scale systems the proposed solution is based on a co-design process that takes the static and predefined nature of deeply em- bedded systems into account and includes hardware, compile-time, and run-time partitions to reduce the number of additional run-time components, to avoid performance drawbacks, and to minimize the memory as well as the components footprint overhead. To prove the applicability of the presented platform it was applied and evaluated with two real applications. In addition, an investigation of technologies of commodity computer systems that are suitable to build secure systems is presented. The thesis analyzes their enforcement based on the features provided by the introduced security platform. The contributions of this thesis include an enforcement of a security isolation of system resources on tiny scale systems and enable the development of a broad variety of secure tiny scale system applications. iii iv Zusammenfassung Mit der Einführung des Internets am Ende des letzten Jahrhunderts hat sich in der heutigen Gesellschaft ein nachhaltiger Wandel vollzogen. Computer-Systeme wurden Bestandteil in nahezu allen Bereichen unseres täglichen Lebens. Durch die zunehmende Vernetzung der Systeme sind räumliche Grenzen weitgehend verschwunden, so dass die Informationen überall und jederzeit verfügbar sind bzw. verändert werden können. Diese erhöhte Konnek- tivität bedingt jedoch, dass der Schutz der Computer-Systeme durch physische Maßnahmen nicht mehr gewährleistet werden kann. Während die Sicherheit von alltäglichen Computer- Systemen kontinuierlich und in nahezu gleicher Weise zu ihrer gestiegenden Konnektivität verbessert wurde, sind tief eingebettete Systeme damals wie heute meist durch physikalische Maßnahmen geschützt. Die allgegenwärtige Verfügbarkeit von eingebetteten Systemen in persönlichen als auch in kommerziellen Umgebungen macht diese Systeme jedoch in glei- cher Weise für jedermann zugänglich und macht sie damit zu einem zentralen Bestandteil der aktuellen Sicherheitsforschung. Tief eingebettete Systeme sind in der Regel mit kleinen Mikrocontrollern ausgestattet, die über begrenzte Ressourcen verfügen und keine sicheren Mechanismen zur Trennung von Systemressourcen bereitstellen. Hierdurch ist ein einzelner Fehler in einer lokalen Softwarekomponente nicht auf diese Komponente beschränkt, son- dern beeinträchtigt nicht selten das gesamte System. Diese Schwäche macht eingebettete Systeme anfällig für zufällige Fehler, aber auch insbesondere anfällig für eine Vielzahl von bösartiger Software. Für einen stabilen und sicheren Betrieb von Computer-Systemen ist es zwingend erforderlich, dass Software-Komponenten in einer Art und Weise isoliert werden, dass sie nur Zugriff auf jene Ressourcen haben, die ihnen zugeordnet wurden. Wenngleich in den letzten fünfzehn Jahren eine beträchtliche Anzahl von Ansätzen zur Erhöhung der funktionalen Sicherheit in tief eingebetteten Systemen untersucht wurden, wurde die Sicher- heit gegenüber Angriffen Dritter weitestgehend vernachlässigt. Die hier vorliegende Arbeit konzentriert sich auf Sicherheitsaspekte zur Abwehr von bösartiger Software, die wissentlich versucht verfügbare Schutzmechanismen zu umgehen. Die Arbeit stellt eine Sicherheits- plattform für kleine tief eingebettete Systeme bereit, die eine Trennung von Softwarekom- ponenten unter Berücksichtigung von Sicherheitsaspekten erzwingt. Aufgrund der begrenz- ten Ressourcen dieser Systeme basiert die vorgeschlagene Lösung auf einem Co-Design- Prozess, der den statischen und vordefinierten Charakter von tief eingebetteten Systemen berücksichtigt. Der Prozess beinhaltet Hardware-, Compile-Zeit- und Laufzeit-Komponenten um die Zahl der zur Laufzeit notwendigen Komponenten möglichst gering zu halten. Hier- durch sollen nachteilige Einflüsse auf die Laufzeit, den Speicherplatzbedarf sowie die Größe von Hardware-Komponenten minimiert werden. Um die Verwendbarkeit der präsentierten Plattform nachzuweisen, wurden zwei reale Anwendungen auf diese portiert. Zusätzlich v wurden etablierte Technologien zum Bau von sicheren Systemen hinsichtlich ihrer Verwend- barkeit auf tief eingebetteten Systemen analysiert. Hierzu wurde deren Umsetzbarkeit unter Nutzung der durch die Sicherheitsplattform bereitgestellten Sicherheitsfunktionen untersucht. Der wesentliche Beitrag dieser Arbeit beinhaltet die Bereitstellung einer sicheren Trennung von Systemressourcen auf kleinen, tief eingebetteten Systemen, so dass eine Entwicklung einer Vielzahl von sicheren Systemanwendungen auf diesen Systemen möglich wird. vi Table of Contents 1 Introduction ........................................ 1 1.1 Theubiquitousofcyber-physicalsystems(CPSs) . 2 1.2 Contribution of this thesis . 4 1.3 Publications related to this work . 5 1.4 Structure of the thesis . 6 2 Goalsandassumptions ................................. 9 2.1 Security threats and system weaknesses . 9 2.1.1 Local attacks, software vulnerabilities . 9 2.1.1.1 Stack smashing . 10 2.1.1.2 Function pointers . 11 2.1.1.3 Return-oriented programming (ROP) attacks . 11 2.1.2 Non-localattacks............................... 11 2.1.2.1 Remote attacks . 12 2.1.2.2 Tampering attacks . 12 2.2 Thethreatmodel................................... 13 2.3 Buildingsecuresystems. 14 2.4 Systemassumptions................................. 15 2.4.1 Micro-processor architectures of tiny scale systems (TSSs) . 15 2.4.2 Soft-coreprocessor ............................. 17 2.5 Examplesoftinyscaleapplications . 18 2.5.1 Meeteringapp ................................ 18 2.5.1.1 Components, software activities and resources . 19 2.5.1.2 Interfaces and security threats . 20 2.5.2 Asecurewake-upreceiver(SWUR) . 21 2.5.2.1 Security module of a secure wake-up receiver (SWUR) . 22 2.5.2.2 Security threats . 23 vii 3 Theartofresourceisolation ............................ 25 3.1 Accesscontrol .................................... 25 3.1.1 Accessmatrix ................................ 26 3.1.1.1 Access control lists (ACLs) . 27 3.1.1.2 Capabilities . 27 3.1.2 Basicmodelsofaccesscontrol . 28 3.1.2.1 Discretionary access control (DAC) . 28 3.1.2.2 Mandatory access control (MAC) . 28 3.1.2.3 Role-basedaccesscontrol(RBAC) . 29 3.1.2.4 RBACinwirelesssensornetworks. 30 3.2 Memoryseparationschemes . 30 3.2.1 Messagesystems .............................. 31 3.2.1.1 Messages ............................. 31 3.2.1.2 Marshalling............................. 31 3.2.2 General-purposememorymanagement . 32 3.2.2.1 Protection rings . 33 3.2.2.2 Segmentation . 34 3.2.2.3 Paging ............................... 34 3.2.3 Capability-based computer systems . 36 3.2.4 Memory protection units . 37 3.2.4.1 Infineonembeddedprocessors. 38 3.2.4.2 Texas Instruments MSP430 . 38 3.2.4.3 Lopriore memory protection unit (MPU) . 39 3.2.4.4 Mondriaan memory protection (MMP) . 39 3.2.4.5 Micro memory protection unit (UMPU) . 40 3.2.4.6 Sancus..............................
Recommended publications
  • Low Power Or High Performance? a Tradeoff Whose Time

    Low Power Or High Performance? a Tradeoff Whose Time

    Low Power or High Performance? ATradeoffWhoseTimeHasCome(andNearlyGone) JeongGil Ko1,KevinKlues2,ChristianRichter3,WanjaHofer4, Branislav Kusy3,MichaelBruenig3,ThomasSchmid5,QiangWang6, Prabal Dutta7,andAndreasTerzis1 1 Department of Computer Science, Johns Hopkins University 2 Computer Science Division, University of California, Berkeley 3 Australian Commonwealth Scientific and Research Organization (CSIRO) 4 Department of Computer Science, Friedrich–Alexander University Erlangen–Nuremberg 5 Department Computer Science, University of Utah 6 Department of Control Science and Engineering, Harbin Institute of Technology 7 Division of Computer Science and Engineering, University of Michigan, Ann Arbor Abstract. Some have argued that the dichotomy between high-performance op- eration and low resource utilization is false – an artifact that will soon succumb to Moore’s Law and careful engineering. If such claims prove to be true, then the traditional 8/16- vs. 32-bit power-performance tradeoffs become irrelevant, at least for some low-power embedded systems. We explore the veracity of this the- sis using the 32-bit ARM Cortex-M3 microprocessor and find quite substantial progress but not deliverance. The Cortex-M3, compared to 8/16-bit microcon- trollers, reduces latency and energy consumption for computationally intensive tasks as well as achieves near parity on code density. However, it still incurs a 2 overhead in power draw for “traditional” sense-store-send-sleep applica- tions.∼ × These results suggest that while 32-bit processors are not yet ready for applications with very tight power requirements, they are poised for adoption ev- erywhere else. Moore’s Law may yet prevail. 1Introduction The desire to operate unattended for long periods of time has been a driving force in de- signing wireless sensor networks (WSNs) over the past decade.
  • Building Intelligent Middleware for Large Scale CPS Systems

    Building Intelligent Middleware for Large Scale CPS Systems

    Building Intelligent Middleware for Large Scale CPS Systems Niels Reijers, Yu-Chung Wang, Chi-Sheng Shih, Jane Y. Kwei-Jay Lin Hsu Department of Electrical Eng. and Comp. Sci. Intel-NTU Connected Context Computing Center University of California, Irvine National Taiwan University Irvine, CA, USA Taipei, Taiwan Abstract—This paper presents a study on building intelligent application to express globally what it really wants from the middleware on wireless sensor network (WSN) for large-scale sensor network. Furthermore, since most WSN applications are cyber-physical systems (LCPS). A large portion of WSN projects specifically designed to particular scenarios and unique target has focused on low-level algorithms such as routing, MAC layers, environments, most behavior is hardcoded, resulting in rigid and data aggregation. At a higher level, various WSN networks that are typically not very flexible at adjusting their applications with specific target environments have been behavior to faults or changing external conditions. A more high developed and deployed. Most applications are built directly on level vision on how large-scale cyber-physical systems (LCPS) top of a small OS, which is notoriously hard to work with, and or networks of sensors should be programmed, deployed, and results in applications that are fragile and cannot be ported to configured is still missing. other platforms. The gap between the low level algorithms and the application development process has received significantly Indeed, we are far from conducting Rapid Application less attention. Our interest is to fill that gap by developing Development (RAD) for LCPS. This project aims to fill the gap, intelligent middleware for building LCPS applications.
  • Xtratum User Manual

    Xtratum User Manual

    XtratuM Hypervisor for LEON4 Volume 2: XtratuM User Manual Miguel Masmano, Alfons Crespo, Javier Coronel November, 2012 Reference: xm-4-usermanual-047d This page is intentionally left blank. iii/134 DOCUMENT CONTROL PAGE TITLE: XtratuM Hypervisor for LEON4: Volume 2: XtratuM User Manual AUTHOR/S: Miguel Masmano, Alfons Crespo, Javier Coronel LAST PAGE NUMBER: 134 VERSION OF SOURCE CODE: XtratuM 4 for LEON3 () REFERENCE ID: xm-4-usermanual-047d SUMMARY: This guide describes the fundamental concepts and the features provided by the API of the XtratuM hypervisor. DISCLAIMER: This documentation is currently under active development. Therefore, there are no explicit or implied warranties regarding any properties, including, but not limited to, correctness and fitness for purpose. Contributions to this documentation (new material, suggestions or corrections) are welcome. REFERENCING THIS DOCUMENT: @techreport fxm-4-usermanual-047d, title = fXtratuM Hypervisor for LEON4: Volume 2: XtratuM User Manualg, author = f Miguel Masmano and Alfons Crespo and Javier Coronelg, institution = fUniversidad Polit´ecnicade Valenciag, number = fxm-4-usermanual-047dg, year=fNovember, 2012g, g Copyright c November, 2012 Miguel Masmano, Alfons Crespo, Javier Coronel Permission is granted to copy, distribute and/or modify this document under the terms of the GNU Free Documentation License, Version 1.2 or any later version published by the Free Software Foundation; with no Invariant Sections, no Front-Cover Texts, and no Back-Cover Texts. A copy of the license is included in the section entitled ”GNU Free Documentation License”. Changes: Version Date Comments 0.1 November, 2011 [xm-4-usermanual-047] Initial document 0.2 March, 2012 [xm-4-usermanual-047b] IOMMU included.
  • TECOM Project Results Leaflet

    TECOM Project Results Leaflet

    Project Results TECOM (ITEA2 ~ 06038) Delivering trust in embedded ••••••••••••••• systems n Partners Offering secure and dependable solutions Atego EADS DS for a wide range of applications Fagor ••••••••••••••••••••••••••••••••••••• Ikerlan Technicolor Technikon The TECOM (Trusted Embedded ABSTRACT ARCHITECTURES Trialog Computing) project has developed TECOM focused on the growing demand Universidad Politécnica de Madrid architectures and solutions combining for execution platforms in embedded Universidad Politécnica de Valencia embedded trust services and trusted systems that address both integrity and Visual Tools operating system technologies to security concerns. It developed abstract ensure security and dependability in architectures based on generic modules a wide range of complex and dynamic involving on one side an embedded trust n Countries involved embedded systems. The project focused services layer offering hardware security, on enabling multiple applications to and on the other trusted operating Austria be run safely on the same systems system technology involving system and France and processors while acting totally middleware space. The result can be Spain independently of each other. customised to a specific application. Applications range from protecting film rights in video-on-demand applications The state-of-the art approach to trust at n Project start to ensuring bug-free software upgrades systems level, close to the processor, is September 2007 in domestic appliances. some form of hypervisor or virtualisation application for securely partitioning the n Project end Industry and society are increasingly applications. While this has already been August 2010 dependent on embedded systems that are developed for use on PCs where it was becoming ever more complex, dynamic and possible to run two windows independently open, while interacting with progressively at the same time, it has not been available more demanding and heterogeneous for embedded systems.
  • Arxiv:1712.05590V2 [Cs.PL] 18 Dec 2017 Ffaue,Btsffrfo Lwono N Otoodr Fm and of Throughput Orders Reducing Two to Consumption

    Arxiv:1712.05590V2 [Cs.PL] 18 Dec 2017 Ffaue,Btsffrfo Lwono N Otoodr Fm and of Throughput Orders Reducing Two to Consumption

    Abstract Many virtual machines exist for sensor nodes with only a few KB RAM and tens to a few hundred KB flash memory. They pack an impressive set of features, but suffer from a slowdown of one to two orders of magnitude compared to optimised native code, reducing throughput and increasing power consumption. Compiling bytecode to native code to improve performance has been studied extensively for larger devices, but the restricted resources on sen- sor nodes mean most modern techniques cannot be applied. Simply replac- ing bytecode instructions with predefined sequences of native instructions is known to improve performance, but produces code several times larger than the optimised C equivalent, limiting the size of programmes that can fit onto a device. This paper identifies the major sources of overhead resulting from this basic approach, and presents optimisations to remove most of the remain- ing performance overhead, and over half the size overhead, reducing them to 69% and 91% respectively. While this increases the size of the VM, the break-even point at which this fixed cost is compensated for is well within the range of memory available on a sensor device, allowing us to both improve performance and load more code on a device. arXiv:1712.05590v2 [cs.PL] 18 Dec 2017 1 Improved Ahead-of-Time Compilation of Stack-Based JVM Bytecode on Resource-Constrained Devices Niels Reijers, Chi-Sheng Shih NTU-IoX Research Center Department of Computer Science and Information Engineering National Taiwan University 1 Introduction Internet-of-Things devices come in a wide range, with vastly different perfor- mance characteristics, cost, and power requirements.
  • Spatial Isolation Refers to the System Ability to Detect and Avoid the Possibility That a Partition Can Access to Another Partition for Reading Or Writing

    Spatial Isolation Refers to the System Ability to Detect and Avoid the Possibility That a Partition Can Access to Another Partition for Reading Or Writing

    Virtualización Apolinar González Alfons Crespo OUTLINE Introduction Virtualisation techniques Hypervisors and real-time TSP Roles and functions Scheduling issues Case study: XtratuM 2 Conceptos previos Máquina virtual (VM): software que implementa una máquina (computadora) como el comportamiento real. Hipervisor (también virtual machine monitor VMM) es una capa de software (o combinación de software/hardware) que permite ejecutar varios entornos de ejecución independientes o particiones en un computador. Partición: Entorno de ejecución de programas. Ejemplos: Linux + aplicaciones; un sistema operativo de tiempo real + tareas; … 3 Conceptos previos Partition Hypervisor 4 INTRODUCTION: Isolation Temporal isolation refers to the system ability to execute several executable partitions guaranteeing: • the timing constraints of the partition tasks • the execution of each partition does not depend on the temporal behaviour of other partitions. The temporal isolation enforcement is achieved by means of a scheduling policy: • Cyclic scheduling, the ARINC 653 • Periodic Priority Server • EDF Server • Priority 5 PARTITIONED SYSTEMS Temporal Isolation: duration Origin relative to MAF Slot (temporal window) P1P1 P2P2 P1P1 P3P3 P2P2 P2P2 P2P2 MAF (Major Frame) SlotP1P1 id = 3 start = 400ms duration = 100 partition: P1 Execution MAF 1 MAF 2 MAF 3 MAF 4 6 INTRODUCTION: Isolation Spatial isolation refers to the system ability to detect and avoid the possibility that a partition can access to another partition for reading or writing. The hardware
  • Virtualization Technologies Overview Course: CS 490 by Mendel

    Virtualization Technologies Overview Course: CS 490 by Mendel

    Virtualization technologies overview Course: CS 490 by Mendel Rosenblum Name Can boot USB GUI Live 3D Snaps Live an OS on mem acceleration hot of migration another ory runnin disk alloc g partition ation system as guest Bochs partially partially Yes No Container s Cooperati Yes[1] Yes No No ve Linux (supporte d through X11 over networkin g) Denali DOSBox Partial (the Yes No No host OS can provide DOSBox services with USB devices) DOSEMU No No No FreeVPS GXemul No No Hercules Hyper-V iCore Yes Yes No Yes No Virtual Accounts Imperas Yes Yes Yes Yes OVP (Eclipse) Tools Integrity Yes No Yes Yes No Yes (HP-UX Virtual (Integrity guests only, Machines Virtual Linux and Machine Windows 2K3 Manager in near future) (add-on) Jail No Yes partially Yes No No No KVM Yes [3] Yes Yes [4] Yes Supported Yes [5] with VMGL [6] Linux- VServer LynxSec ure Mac-on- Yes Yes No No Linux Mac-on- No No Mac OpenVZ Yes Yes Yes Yes No Yes (using Xvnc and/or XDMCP) Oracle Yes Yes Yes Yes Yes VM (manage d by Oracle VM Manager) OVPsim Yes Yes Yes Yes (Eclipse) Padded Yes Yes Yes Cell for x86 (Green Hills Software) Padded Yes Yes Yes No Cell for PowerPC (Green Hills Software) Parallels Yes, if Boot Yes Yes Yes DirectX 9 Desktop Camp is and for Mac installed OpenGL 2.0 Parallels No Yes Yes No partially Workstati on PearPC POWER Yes Yes No Yes No Yes (on Hypervis POWER 6- or (PHYP) based systems, requires PowerVM Enterprise Licensing) QEMU Yes Yes Yes [4] Some code Yes done [7]; Also supported with VMGL [6] QEMU w/ Yes Yes Yes Some code Yes kqemu done [7]; Also module supported
  • Comparison of Platform Virtual Machines - Wikipedia

    Comparison of Platform Virtual Machines - Wikipedia

    Comparison of platform virtual machines - Wikipedia... http://en.wikipedia.org/wiki/Comparison_of_platform... Comparison of platform virtual machines From Wikipedia, the free encyclopedia The table below compares basic information about platform virtual machine (VM) packages. Contents 1 General Information 2 More details 3 Features 4 Other emulators 5 See also 6 References 7 External links General Information Name Creator Host CPU Guest CPU Bochs Kevin Lawton any x86, AMD64 CHARON-AXP Stromasys x86 (64 bit) DEC Alphaserver CHARON-VAX Stromasys x86, IA-64 VAX x86, x86-64, SPARC (portable: Contai ners (al so 'Zones') Sun Microsystems (Same as host) not tied to hardware) Dan Aloni helped by other Cooperati ve Li nux x86[1] (Same as parent) developers (1) Denal i University of Washington x86 x86 Peter Veenstra and Sjoerd with DOSBox any x86 community help DOSEMU Community Project x86, AMD64 x86 1 of 15 10/26/2009 12:50 PM Comparison of platform virtual machines - Wikipedia... http://en.wikipedia.org/wiki/Comparison_of_platform... FreeVPS PSoft (http://www.FreeVPS.com) x86, AMD64 compatible ARM, MIPS, M88K GXemul Anders Gavare any PowerPC, SuperH Written by Roger Bowler, Hercul es currently maintained by Jay any z/Architecture Maynard x64 + hardware-assisted Hyper-V Microsoft virtualization (Intel VT or x64,x86 AMD-V) OR1K, MIPS32, ARC600/ARC700, A (can use all OVP OVP Imperas [1] [2] Imperas OVP Tool s x86 (http://www.imperas.com) (http://www.ovpworld compliant models, u can write own to pu OVP APIs) i Core Vi rtual Accounts iCore Software
  • Hypervisors and Realtime Linux

    Hypervisors and Realtime Linux

    Hands-on course , 5 Hypervisors and realtime Linux day(s) Ref : HYP OBJECTIVES Participants At the end of this training you will be able to choose between the different realtime solutions for Linux and to Architects or developers in develop realtime applications based on Linux-RT, Xenomai or a realtime hypervisor architecture. charge of realtime application deployment merging realtime applications and opensource 1) Virtualisation using Linux 3) Overview of realtime architectures with Linux general purpose operating 2) The XEN Hypervisor 4) Realtime Hypervisors system. Pre-requisites Case study Basic knowledge of C The exercises are proposed using skeletons to be completed to allow the student to write a realtime programs development, application and to interface it with Linux. realtime executives and Linux or UNIX. 1) Virtualisation using Linux Next sessions - Overview of virtualization. History. Theory of virtualization. Virtualization types and modes. - The new virtualization helpers in modern CPU, Intel VTX and ARM Trust-zone. - Virtualization gains. Securing a system by diminution of the trusted software base. - Virtualization using Linux. Namespaces and application virtualization. - Overview of QEMU and KVM. Focus on XEN. 2) The XEN Hypervisor - Presentation of the XEN Hypervisor. Installation, commands overview. - Storage management, console, networking with XEN. - CPU virtualization, scheduling, checkpoints and migration. - Limits of the XEN scheduling. Tries to makes XEN realtime. - The XEN Development interface. Workshop Installation and management of the XEN Hypervisor. Implementation of a bare XEN application. Port of an Operating System to XEN. Xen scheduler. 3) Overview of realtime architectures with Linux - Linux realtime evolution. Origin of the problem. - Schedulers, bottom halves and latency.
  • EMC2 Prototyping and Benchmarking of Pikeos-Based and XTRATUM

    EMC2 Prototyping and Benchmarking of Pikeos-Based and XTRATUM

    EMC2 Prototyping and Benchmarking of PikeOS-based and XTRATUM-based systems on LEON4x4 Introduction . Multi-core architectures will be adopted in the next generations of avionics and aerospace systems. Integrated Modular Avionics (IMA): mixed-criticality . Key requirement: spatial and temporal isolation . Virtualization appears to be a promising technique to implement robust software architectures in multi-core avionics platforms. Goal: exploiting virtualization in the prototyping of a multi-core test platform for the aerospace domain. This is a first attempt to exploit paravirtualization on Cobham-Gaisler LEON4, the European Space Agency Next Generation Microprocessor (NGMP). © 2015, Thales Alenia Space Reference Application Test Software (Test input, Application Stack: . Scenario: various analysis and (Telemetry, benchmarking) file transfers) levels of criticality and REFERENCE SOFTWARE dependability both at DEMO PLATFORM software and hardware level JTAG SPACEWIRE PERIPHERAL TARGET DEVICE 1 TEST SERIAL MULTICORE . Requirements: CONSOLE PROCESSING ETHERNET PLATFORM SPACEWIRE PERIPHERAL reliability, robustness. DEVICE 2 Overall objectives: . Implementation and analysis of a typical mixed-critical aerospace application over a next-gen multicore platform . Assessment and analysis of virtualization technologies (isolation) . Comparison of different hypervisors (robustness, self-healing) © 2015, Thales Alenia Space Platform & Tools The target hardware identified is a quad-core architecture based on the Gaisler SPARC-V8 LEON4 processor (ESA’s Next Generation MicroProcessor). Two different hypervisors, SYSGO PikeOS and FentISS XtratuM, have been considered for the implementation of the reference application on selected multicore platform. PikeOS is a platform providing RTOS, type I hypervisor and paravirtualization functionalities. XtratuM is an open-source, bare metal hypervisor targeting real- time systems and implementing the paravirtualization principle.
  • Use of Xtratum in an Automotive Application (*)

    Use of Xtratum in an Automotive Application (*)

    Use of XtratuM in an Automotive Application (*) J. S´anchez , S. Peir´o, A. Crespo, J. Sim´o, M. Masmano, P. Balbastre Instituto de Automatica e Informatica Industrial Universidad Politecnica de Valencia, Spain jsanchez,mmasmano,speiro @ai2.upv.es, jsimo,acrespo,patricia disca.upv.es { } { } Abstract the paravirtualization technique, which means that Virtualization is playing a key role in many of software running on top of it must be modified in today software systems. At first used mainly to order to interact with the hypervisor and not with improve resource utilization, this technology is ex- the underlying hardware. Therefore, virtualization panding and has reached the market of embedded support cannot be limited to creating virtual ma- systems. In this scope, XtratuM o↵ers a virtual- chines but it has to be extended to provide support ization solution capable of running mixed-purpose for any run-time environment wanted to be run over applications. This paper presents the key contribu- XtratuM. tions to the OVERSEE project, whose architecture depends on the availability of this technology. This project has the goal of o↵ering an appropriate in- frastructure for the information technology systems of the upcoming smart vehicles. 1 Introduction The OVERSEE project [2] aims to provide a de- pendable and secure infrastructure for the execu- tion of mixed criticality applications on automotive systems. To meet this challenge, an architecture Figure 1: OVERSEE architecture overview. based on virtualization has been selected. XtratuM [1] o↵ers an ideal foundation for enforcing a strong Ultimately, this project has pushed forward the level of isolation, both temporal and spatial, thus cloud of available facilities in order to face the de- ensuring that vehicle functionality and safety can- sign of a XtratuM-based system.
  • Partitioned System with Xtratum on Powerpc

    Partitioned System with Xtratum on Powerpc

    Tesina de M´asteren Autom´aticae Inform´aticaIndustrial Partitioned System with XtratuM on PowerPC Author: Rui Zhou Advisor: Prof. Alfons Crespo i Lorente December 2009 Contents 1. Introduction1 1.1. MILS......................................2 1.2. ARINC 653..................................3 1.3. PikeOS.....................................6 1.4. ADEOS....................................7 2. Overview of XtratuM 11 2.1. Virtualization and Hypervisor........................ 11 2.2. XtratuM.................................... 12 3. Overview of PowerPC 16 3.1. POWER.................................... 16 3.2. PowerPC.................................... 17 3.3. PowerPC in Safety-critical.......................... 19 4. Main PowerPC Drivers to Virtualize 20 4.1. Processors................................... 20 4.2. Timer..................................... 21 4.3. Interrupt.................................... 23 4.4. Memory.................................... 24 5. Porting Implementation 25 5.1. Hypercall................................... 26 5.2. Timer..................................... 27 5.3. Interrupt.................................... 28 5.4. Memory.................................... 31 5.5. Partition.................................... 32 6. Benchmark 34 7. Conclusions and Future Work 38 Abstract Nowadays, the diversity of embedded applications has been developed into a new stage with the availability of various new high-performance processors and low cost on-chip memory. As the result of these new advances in hardware, there is a