skip to main content
research-article

A virtualized separation kernel for mixed criticality systems

Published:01 March 2014Publication History
Skip Abstract Section

Abstract

Multi- and many-core processors are becoming increasingly popular in embedded systems. Many of these processors now feature hardware virtualization capabilities, such as the ARM Cortex A15, and x86 processors with Intel VT-x or AMD-V support. Hardware virtualization offers opportunities to partition physical resources, including processor cores, memory and I/O devices amongst guest virtual machines. Mixed criticality systems and services can then co-exist on the same platform in separate virtual machines. However, traditional virtual machine systems are too expensive because of the costs of trapping into hypervisors to multiplex and manage machine physical resources on behalf of separate guests. For example, hypervisors are needed to schedule separate VMs on physical processor cores. In this paper, we discuss the design of the Quest-V separation kernel, which partitions services of different criticalities in separate virtual machines, or sandboxes. Each sandbox encapsulates a subset of machine physical resources that it manages without requiring intervention of a hypervisor. Moreover, a hypervisor is not needed for normal operation, except to bootstrap the system and establish communication channels between sandboxes.

References

  1. C. B. Watkins, "Integrated Modular Avionics: Managing the allocation of shared intersystem resources," in Proceedings of the 25th Digital Avionics Systems Conference, pp. 1--12, 2006.Google ScholarGoogle Scholar
  2. P. Barham, B. Dragovic, K. Fraser, S. Hand, T. Harris, A. Ho, R. Neugebauer, I. Pratt, and A. Warfield, "Xen and the art of virtualization," in Proceedings of the 19th ACM Symposium on Operating Systems Principles, pp. 164--177, 2003. Google ScholarGoogle ScholarDigital LibraryDigital Library
  3. I. Habib, "Virtualization with KVM," Linux Journal, vol. 2008, no. 166, p. 8, 2008. Google ScholarGoogle ScholarDigital LibraryDigital Library
  4. J. M. Rushby, "Design and verification of secure systems," in Proceedings of the 8th ACM Symposium on Operating Systems Principles, pp. 12--21, 1981. Google ScholarGoogle ScholarDigital LibraryDigital Library
  5. A. Baumann, P. Barham, P.-E. Dagand, T. Harris, R. Isaacs, S. Peter, T. Roscoe, A. Schüpbach, and A. Singhania, "The Multikernel: A new OS architecture for scalable multicore systems," in Proceedings of the 22nd ACM Symposium on Operating Systems Principles, pp. 29--44, 2009. Google ScholarGoogle ScholarDigital LibraryDigital Library
  6. R. West, P. Zaroo, C. A. Waldspurger, and X. Zhang, Multicore Technology: Architecture, Reconfiguration and Modeling, ch. 8. CRC Press, ISBN-10: 1439880638, 2013. Google ScholarGoogle ScholarDigital LibraryDigital Library
  7. J. Liedtke, H. Härtig, and M. Hohmuth, "OS-controlled cache predictability for real-time systems," in the 3rd IEEE Real-time Technology and Applications Symposium, 1997. Google ScholarGoogle ScholarDigital LibraryDigital Library
  8. PCI: http://wiki.osdev.org/PCI.Google ScholarGoogle Scholar
  9. M. Danish, Y. Li, and R. West, "Virtual-CPU scheduling in the Quest operating system," in Proceedings of the 17th Real- Time and Embedded Technology and Applications Symposium, pp. 169--179, 2011. Google ScholarGoogle ScholarDigital LibraryDigital Library
  10. K. Adams and O. Agesen, "A comparison of software and hardware techniques for x86 virtualization," in Proceedings of the 12th Intl. Conf. on Architectural Support for Programming Languages and Operating Systems, pp. 2--13, 2006. Google ScholarGoogle ScholarDigital LibraryDigital Library
  11. G. Banga, P. Druschel, and J. C. Mogul, "Resource Containers: A new facility for resource management in server systems," in Proceedings of the 3rd USENIX Symposium on Operating Systems Design and Implementation, 1999. Google ScholarGoogle ScholarDigital LibraryDigital Library
  12. L. Abeni and G. Buttazzo, "Integrating multimedia applications in hard real-time systems," in Proceedings of the 19th IEEE Real-time Systems Symposium, pp. 4--13, 1998. Google ScholarGoogle ScholarDigital LibraryDigital Library
  13. Z. Deng, J. W. S. Liu, and J. Sun, "A scheme for scheduling hard real-time applications in open system environment," in Proceedings of the 9th Euromicro Workshop on Real-Time Systems, 1997.Google ScholarGoogle Scholar
  14. M. Spuri and G. Buttazzo, "Scheduling aperiodic tasks in dynamic priority systems," Real-Time Systems, vol. 10, pp. 179--210, 1996.Google ScholarGoogle ScholarCross RefCross Ref
  15. B. Sprunt, L. Sha, and J. Lehoczky, "Aperiodic task scheduling for hard real-time systems," Real-Time Systems Journal, vol. 1, no. 1, pp. 27--60, 1989.Google ScholarGoogle ScholarCross RefCross Ref
  16. M. Stanovich, T. P. Baker, A. I. Wang, and M. G. Harbour, "Defects of the POSIX sporadic server and how to correct them," in Proceedings of the 16th IEEE Real-Time and Em- bedded Technology and Applications Symposium, 2010. Google ScholarGoogle ScholarDigital LibraryDigital Library
  17. AUTOSAR: AUTomotive Open System ARchitecture - http://www.autosar.org.Google ScholarGoogle Scholar
  18. "Puppy Linux." http://www.puppylinux.org.Google ScholarGoogle Scholar
  19. R. Russell, "Virtio: Towards a de-facto standard for virtual I/O devices," SIGOPS Operating Systems Review, vol. 42, no. 5, pp. 95--103, 2008. Google ScholarGoogle ScholarDigital LibraryDigital Library
  20. A. Menon, J. R. Santos, Y. Turner, G. J. Janakiraman, and W. Zwaenepoel, "Diagnosing performance overheads in the Xen virtual machine environment," in Proceedings of the 1st ACM/USENIX international conference on Virtual execution environments, pp. 13--23, 2005. Google ScholarGoogle ScholarDigital LibraryDigital Library
  21. C. L. Liu and J. W. Layland, "Scheduling algorithms for multiprogramming in a hard-real-time environment," Journal of the ACM, vol. 20, no. 1, pp. 46--61, 1973. Google ScholarGoogle ScholarDigital LibraryDigital Library
  22. A. Crespo, I. Ripoll, and M. Masmano, "Partitioned embedded architecture based on hypervisor: The XtratuM approach.," in the European Dependable Computing Conference, pp. 67--72, 2010. Google ScholarGoogle ScholarDigital LibraryDigital Library
  23. "LynxSecure Embedded Hypervisor and Separation Kernel." http://www.lynuxworks.com/virtualization/hypervisor.php.Google ScholarGoogle Scholar
  24. "SYSGO PikeOS." http://www.sysgo.com/products/pikeosrtos-and-virtualization-concept.Google ScholarGoogle Scholar
  25. G. Klein, K. Elphinstone, G. Heiser, J. Andronick, D. Cock, P. Derrin, D. Elkaduwe, K. Engelhardt, R. Kolanski, M. Norrish, T. Sewell, H. Tuch, and S. Winwood, "seL4: Formal verification of an OS kernel," in the 22nd ACM Symposium on Operating Systems Principles, pp. 207--220, 2009. Google ScholarGoogle ScholarDigital LibraryDigital Library
  26. A. Gordon, N. Amit, N. Har'El, M. Ben-Yehuda, A. Landau, A. Schuster, and D. Tsafrir, "ELI: Bare-metal performance for I/O virtualization," in Proceedings of the 17th Intl. Conf. on Architectural Support for Programming Languages and Operating Systems, pp. 411--422, 2012. Google ScholarGoogle ScholarDigital LibraryDigital Library
  27. J. Szefer, E. Keller, R. B. Lee, and J. Rexford, "Eliminating the hypervisor attack surface for a more secure cloud," in Proceedings of the 18th ACM Conference on Computer and Communications Security, pp. 401--412, 2011. Google ScholarGoogle ScholarDigital LibraryDigital Library
  28. A. Belay, A. Bittau, A. Mashtizadeh, D. Terei, D. Mazieres, and C. Kozyrakis, "Dune: Safe user-level access to privileged CPU features," in the 10th USENIX conference on Operating Systems Design and Implementation, pp. 335--348, 2012. Google ScholarGoogle ScholarDigital LibraryDigital Library
  29. R. Nikolaev and G. Back, "VirtuOS: An operating systemwith kernel virtualization," in the 24th ACM Symposium on Operating Systems Principles, pp. 116--132, 2013. Google ScholarGoogle ScholarDigital LibraryDigital Library
  30. D. Wentzlaff and A. Agarwal, "Factored operating systems (FOS): The case for a scalable operating system for multi-cores," SIGOPS Operating Systems Review, vol. 43, pp. 76--85, 2009. Google ScholarGoogle ScholarDigital LibraryDigital Library
  31. S. Boyd-Wickizer, H. Chen, R. Chen, Y. Mao, M. F. Kaashoek, R. Morris, A. Pesterev, L. Stein, M. Wu, Y. hua Dai, Y. Zhang, and Z. Zhang, "Corey: An operating system for many cores," in the 8th USENIX Symposium on Operating Systems Design and Implementation, pp. 43--57, 2008. Google ScholarGoogle ScholarDigital LibraryDigital Library
  32. J. Chapin, M. Rosenblum, S. Devine, T. Lahiri, D. Teodosiu, and A. Gupta, "Hive: Fault containment for shared-memory multiprocessors," in Proceedings of the 15th ACM Symposium on Operating Systems Principles, pp. 12--25, 1995. Google ScholarGoogle ScholarDigital LibraryDigital Library
  33. E. Bugnion, S. Devine, and M. Rosenblum, "Disco: Running commodity operating systems on scalable multiprocessors," in Proceedings of the 16th ACM Symposium on Operating Systems Principles, pp. 143--156, 1997. Google ScholarGoogle ScholarDigital LibraryDigital Library
  34. D. Abramson, J. Jackson, S. Muthrasanallur, G. Neiger, G. Regnier, R. Sankaran, I. Schoinas, R. Uhlig, B. Vembu, and J. Wiegert, "Intel virtualization technology for directed I/O," Intel Technology Journal, vol. 10, pp. 179--192, August 2006.Google ScholarGoogle ScholarCross RefCross Ref
  35. R. Wojtczuk and J. Rutkowska, "Following the white rabbit: Software attacks against Intel VT-d technology," April 2011. Inivisible Things Lab.Google ScholarGoogle Scholar

Index Terms

  1. A virtualized separation kernel for mixed criticality systems

      Recommendations

      Comments

      Login options

      Check if you have access through your login credentials or your institution to get full access on this article.

      Sign in

      Full Access

      PDF Format

      View or Download as a PDF file.

      PDF

      eReader

      View online with eReader.

      eReader
      About Cookies On This Site

      We use cookies to ensure that we give you the best experience on our website.

      Learn more

      Got it!