Abstract
Multi- and many-core processors are becoming increasingly popular in embedded systems. Many of these processors now feature hardware virtualization capabilities, such as the ARM Cortex A15, and x86 processors with Intel VT-x or AMD-V support. Hardware virtualization offers opportunities to partition physical resources, including processor cores, memory and I/O devices amongst guest virtual machines. Mixed criticality systems and services can then co-exist on the same platform in separate virtual machines. However, traditional virtual machine systems are too expensive because of the costs of trapping into hypervisors to multiplex and manage machine physical resources on behalf of separate guests. For example, hypervisors are needed to schedule separate VMs on physical processor cores. In this paper, we discuss the design of the Quest-V separation kernel, which partitions services of different criticalities in separate virtual machines, or sandboxes. Each sandbox encapsulates a subset of machine physical resources that it manages without requiring intervention of a hypervisor. Moreover, a hypervisor is not needed for normal operation, except to bootstrap the system and establish communication channels between sandboxes.
- C. B. Watkins, "Integrated Modular Avionics: Managing the allocation of shared intersystem resources," in Proceedings of the 25th Digital Avionics Systems Conference, pp. 1--12, 2006.Google Scholar
- P. Barham, B. Dragovic, K. Fraser, S. Hand, T. Harris, A. Ho, R. Neugebauer, I. Pratt, and A. Warfield, "Xen and the art of virtualization," in Proceedings of the 19th ACM Symposium on Operating Systems Principles, pp. 164--177, 2003. Google Scholar
Digital Library
- I. Habib, "Virtualization with KVM," Linux Journal, vol. 2008, no. 166, p. 8, 2008. Google Scholar
Digital Library
- J. M. Rushby, "Design and verification of secure systems," in Proceedings of the 8th ACM Symposium on Operating Systems Principles, pp. 12--21, 1981. Google Scholar
Digital Library
- A. Baumann, P. Barham, P.-E. Dagand, T. Harris, R. Isaacs, S. Peter, T. Roscoe, A. Schüpbach, and A. Singhania, "The Multikernel: A new OS architecture for scalable multicore systems," in Proceedings of the 22nd ACM Symposium on Operating Systems Principles, pp. 29--44, 2009. Google Scholar
Digital Library
- R. West, P. Zaroo, C. A. Waldspurger, and X. Zhang, Multicore Technology: Architecture, Reconfiguration and Modeling, ch. 8. CRC Press, ISBN-10: 1439880638, 2013. Google Scholar
Digital Library
- J. Liedtke, H. Härtig, and M. Hohmuth, "OS-controlled cache predictability for real-time systems," in the 3rd IEEE Real-time Technology and Applications Symposium, 1997. Google Scholar
Digital Library
- PCI: http://wiki.osdev.org/PCI.Google Scholar
- M. Danish, Y. Li, and R. West, "Virtual-CPU scheduling in the Quest operating system," in Proceedings of the 17th Real- Time and Embedded Technology and Applications Symposium, pp. 169--179, 2011. Google Scholar
Digital Library
- K. Adams and O. Agesen, "A comparison of software and hardware techniques for x86 virtualization," in Proceedings of the 12th Intl. Conf. on Architectural Support for Programming Languages and Operating Systems, pp. 2--13, 2006. Google Scholar
Digital Library
- G. Banga, P. Druschel, and J. C. Mogul, "Resource Containers: A new facility for resource management in server systems," in Proceedings of the 3rd USENIX Symposium on Operating Systems Design and Implementation, 1999. Google Scholar
Digital Library
- L. Abeni and G. Buttazzo, "Integrating multimedia applications in hard real-time systems," in Proceedings of the 19th IEEE Real-time Systems Symposium, pp. 4--13, 1998. Google Scholar
Digital Library
- Z. Deng, J. W. S. Liu, and J. Sun, "A scheme for scheduling hard real-time applications in open system environment," in Proceedings of the 9th Euromicro Workshop on Real-Time Systems, 1997.Google Scholar
- M. Spuri and G. Buttazzo, "Scheduling aperiodic tasks in dynamic priority systems," Real-Time Systems, vol. 10, pp. 179--210, 1996.Google Scholar
Cross Ref
- B. Sprunt, L. Sha, and J. Lehoczky, "Aperiodic task scheduling for hard real-time systems," Real-Time Systems Journal, vol. 1, no. 1, pp. 27--60, 1989.Google Scholar
Cross Ref
- M. Stanovich, T. P. Baker, A. I. Wang, and M. G. Harbour, "Defects of the POSIX sporadic server and how to correct them," in Proceedings of the 16th IEEE Real-Time and Em- bedded Technology and Applications Symposium, 2010. Google Scholar
Digital Library
- AUTOSAR: AUTomotive Open System ARchitecture - http://www.autosar.org.Google Scholar
- "Puppy Linux." http://www.puppylinux.org.Google Scholar
- R. Russell, "Virtio: Towards a de-facto standard for virtual I/O devices," SIGOPS Operating Systems Review, vol. 42, no. 5, pp. 95--103, 2008. Google Scholar
Digital Library
- A. Menon, J. R. Santos, Y. Turner, G. J. Janakiraman, and W. Zwaenepoel, "Diagnosing performance overheads in the Xen virtual machine environment," in Proceedings of the 1st ACM/USENIX international conference on Virtual execution environments, pp. 13--23, 2005. Google Scholar
Digital Library
- C. L. Liu and J. W. Layland, "Scheduling algorithms for multiprogramming in a hard-real-time environment," Journal of the ACM, vol. 20, no. 1, pp. 46--61, 1973. Google Scholar
Digital Library
- A. Crespo, I. Ripoll, and M. Masmano, "Partitioned embedded architecture based on hypervisor: The XtratuM approach.," in the European Dependable Computing Conference, pp. 67--72, 2010. Google Scholar
Digital Library
- "LynxSecure Embedded Hypervisor and Separation Kernel." http://www.lynuxworks.com/virtualization/hypervisor.php.Google Scholar
- "SYSGO PikeOS." http://www.sysgo.com/products/pikeosrtos-and-virtualization-concept.Google Scholar
- G. Klein, K. Elphinstone, G. Heiser, J. Andronick, D. Cock, P. Derrin, D. Elkaduwe, K. Engelhardt, R. Kolanski, M. Norrish, T. Sewell, H. Tuch, and S. Winwood, "seL4: Formal verification of an OS kernel," in the 22nd ACM Symposium on Operating Systems Principles, pp. 207--220, 2009. Google Scholar
Digital Library
- A. Gordon, N. Amit, N. Har'El, M. Ben-Yehuda, A. Landau, A. Schuster, and D. Tsafrir, "ELI: Bare-metal performance for I/O virtualization," in Proceedings of the 17th Intl. Conf. on Architectural Support for Programming Languages and Operating Systems, pp. 411--422, 2012. Google Scholar
Digital Library
- J. Szefer, E. Keller, R. B. Lee, and J. Rexford, "Eliminating the hypervisor attack surface for a more secure cloud," in Proceedings of the 18th ACM Conference on Computer and Communications Security, pp. 401--412, 2011. Google Scholar
Digital Library
- A. Belay, A. Bittau, A. Mashtizadeh, D. Terei, D. Mazieres, and C. Kozyrakis, "Dune: Safe user-level access to privileged CPU features," in the 10th USENIX conference on Operating Systems Design and Implementation, pp. 335--348, 2012. Google Scholar
Digital Library
- R. Nikolaev and G. Back, "VirtuOS: An operating systemwith kernel virtualization," in the 24th ACM Symposium on Operating Systems Principles, pp. 116--132, 2013. Google Scholar
Digital Library
- D. Wentzlaff and A. Agarwal, "Factored operating systems (FOS): The case for a scalable operating system for multi-cores," SIGOPS Operating Systems Review, vol. 43, pp. 76--85, 2009. Google Scholar
Digital Library
- S. Boyd-Wickizer, H. Chen, R. Chen, Y. Mao, M. F. Kaashoek, R. Morris, A. Pesterev, L. Stein, M. Wu, Y. hua Dai, Y. Zhang, and Z. Zhang, "Corey: An operating system for many cores," in the 8th USENIX Symposium on Operating Systems Design and Implementation, pp. 43--57, 2008. Google Scholar
Digital Library
- J. Chapin, M. Rosenblum, S. Devine, T. Lahiri, D. Teodosiu, and A. Gupta, "Hive: Fault containment for shared-memory multiprocessors," in Proceedings of the 15th ACM Symposium on Operating Systems Principles, pp. 12--25, 1995. Google Scholar
Digital Library
- E. Bugnion, S. Devine, and M. Rosenblum, "Disco: Running commodity operating systems on scalable multiprocessors," in Proceedings of the 16th ACM Symposium on Operating Systems Principles, pp. 143--156, 1997. Google Scholar
Digital Library
- D. Abramson, J. Jackson, S. Muthrasanallur, G. Neiger, G. Regnier, R. Sankaran, I. Schoinas, R. Uhlig, B. Vembu, and J. Wiegert, "Intel virtualization technology for directed I/O," Intel Technology Journal, vol. 10, pp. 179--192, August 2006.Google Scholar
Cross Ref
- R. Wojtczuk and J. Rutkowska, "Following the white rabbit: Software attacks against Intel VT-d technology," April 2011. Inivisible Things Lab.Google Scholar
Index Terms
A virtualized separation kernel for mixed criticality systems
Recommendations
A Virtualized Separation Kernel for Mixed-Criticality Systems
Multi- and many-core processors are becoming increasingly popular in embedded systems. Many of these processors now feature hardware virtualization capabilities, as found on the ARM Cortex A15 and x86 architectures with Intel VT-x or AMD-V support. ...
A virtualized separation kernel for mixed criticality systems
VEE '14: Proceedings of the 10th ACM SIGPLAN/SIGOPS international conference on Virtual execution environmentsMulti- and many-core processors are becoming increasingly popular in embedded systems. Many of these processors now feature hardware virtualization capabilities, such as the ARM Cortex A15, and x86 processors with Intel VT-x or AMD-V support. Hardware ...
Accelerating critical OS services in virtualized systems with flexible micro-sliced cores
EuroSys '18: Proceedings of the Thirteenth EuroSys ConferenceConsolidating multiple virtual machines into a single server has been widely adopted in cloud computing to improve system utilization. However, the sharing of physical CPUs among virtual machines in consolidated systems poses a new challenge in ...







Comments