skip to main content
research-article
Public Access

MxU: Towards Predictable, Flexible, and Efficient Memory Access Control for the Secure IoT

Published:08 October 2019Publication History
Skip Abstract Section

Abstract

The advanced functionality requirements of modern embedded and Internet of Things (IoT) devices -- from autonomous vehicles, to city and power-grid management -- are driving an ever-increasing software complexity. At the same time, the pervasive internet connections of these systems necessitate the fundamental design of security into these devices. The isolation of complex features from those that are critical through protection domains is an effective means to constrain the scope of faults and security breaches. Common hardware-provided memory facilities to enforce protection domains through memory access control -- including Memory Management Units (MMUs) usually found in microprocessors, and Memory Protection Units (MPUs) usually found in microcontrollers -- must meet the goals of enabling flexible, efficient and dynamic management of memory, and must enable tight bounds on the worst-case execution of critical code. Unfortunately, current system memory management facilities are ill-prepared to handle this challenge: MMUs that use extensive caches to achieve strong average-case performance suffer from debilitating worst-case and even average-case behavior under hefty interference, while MPUs struggle to provide flexible memory management.

This paper details MxU, a memory protection and allocation abstraction that integrates temporal specifications into the memory management subsystem, to enable portable code to achieve both predictable, tightly-bounded execution and dynamic management across both MMU- and MPU-based systems. We implement MxU in the Composite microkernel, and evaluate its flexibility and predictability over two different architectures: a MPU-based Cortex-M7 microcontroller and a MMU-based Cortex-A9 microprocessor using a suite of modern applications including neural network-based inference, SQLite, and a javascript runtime.

For MMU-based systems, MxU reduces application TLB stall by up to 68.0%. For MPU-based systems, MxU enables flexible dynamic memory management often with application overheads of 1%, increasing to 6.1% under significant interference.

References

  1. Micaiah Chisholm, Bryan C. Ward, Namhoon Kim, and James H. Anderson. 2015. Cache sharing and isolation tradeoffs in multicore mixed-criticality systems. In RTSS.Google ScholarGoogle Scholar
  2. Abraham A. Clements, Naif Saleh Almakhdhub, Saurabh Bagchi, and Mathias Payer. 2018. ACES: Automatic compartments for embedded systems. In USENIX SEC.Google ScholarGoogle Scholar
  3. HighTec EDV-Systeme. 2019. PXROS-HR: https://hightec-rt.com/en/products/real-time-os.html, retrieved 4/12/19.Google ScholarGoogle Scholar
  4. Bernhard Egger, Jaejin Lee, and Heonshik Shin. 2008. Scratchpad memory management in a multitasking environment. In EMSOFT.Google ScholarGoogle Scholar
  5. Kevin Elphinstone and Gernot Heiser. 2013. From L3 to seL4 what have we learnt in 20 years of L4 microkernels?. In SOSP.Google ScholarGoogle Scholar
  6. Emcraft. 2019. ucLinux: https://github.com/EmcraftSystems/linux-emcraft, retrieved 4/12/19.Google ScholarGoogle Scholar
  7. Farzad Farshchi, Prathap Kumar Valsan, Renato Mancuso, and Heechul Yun. 2018. Deterministic memory abstraction and supporting multicore system architecture. In ECRTS.Google ScholarGoogle Scholar
  8. Phani Kishore Gadepalli, Robert Gifford, Lucas Baier, Michael Kelly, and Gabriel Parmer. 2017. Temporal capabilities: Access control for time. In RTSS.Google ScholarGoogle Scholar
  9. Amir H. Hashemi, David R. Kaeli, and Brad Calder. 1997. Efficient procedure mapping using cache line coloring. In PLDI.Google ScholarGoogle Scholar
  10. Takuya Ishikawa, Toshikazu Kato, Shinya Honda, and Hiroaki Takada. 2013. Investigation and improvement on the impact of TLB misses in real-time systems. In OSPERT.Google ScholarGoogle Scholar
  11. Hyoseung Kim, Arvind Kandhalu, and Ragunathan Rajkumar. 2013. A coordinated approach for practical OS-level cache management in multi-core real-time systems. In ECRTS.Google ScholarGoogle Scholar
  12. Tomasz Kloda, Marco Solieri, Renato Mancuso, Nicola Capodieci, Paolo Valente, and Marko Bertogna. 2019. Deterministic memory hierarchy and virtualization for modern multi-core embedded systems. In RTAS.Google ScholarGoogle Scholar
  13. Lian Li, Lin Gao, and Jingling Xue. 2005. Memory coloring: A compiler approach for scratchpad memory management. In PACT.Google ScholarGoogle Scholar
  14. Renato Mancuso, Roman Dudko, Emiliano Betti, Marco Cesati, Marco Caccamo, and Rodolfo Pellizzoni. 2013. Real-time cache management framework for multi-core architectures. In RTAS.Google ScholarGoogle Scholar
  15. Sparsh Mittal. 2016. A survey of techniques for cache locking. ACM Trans. Des. Autom. Electron. Syst.Google ScholarGoogle ScholarDigital LibraryDigital Library
  16. Frank Mueller. 1995. Compiler support for software-based cache partitioning. In LCTES.Google ScholarGoogle Scholar
  17. Runyu Pan, Gregor Peach, Yuxin Ren, and Gabriel Parmer. 2018. Predictable virtualization on memory protection unit-based microcontrollers. In RTAS.Google ScholarGoogle Scholar
  18. Shrinivas Anand Panchamukhi and Frank Mueller. 2015. Providing task isolation via TLB coloring. In RTAS.Google ScholarGoogle Scholar
  19. Moinuddin K. Qureshi and Yale N. Patt. 2006. Utility-based cache partitioning: A low-overhead, high-performance, runtime mechanism to partition shared caches. In MICRO.Google ScholarGoogle Scholar
  20. Muhammad Refaat Soliman and Rodolfo Pellizzoni. 2017. WCET-driven dynamic data scratchpad management with compiler-directed prefetching. In ECRTS.Google ScholarGoogle Scholar
  21. G. E. Suh, L. Rudolph, and S. Devadas. 2004. Dynamic partitioning of shared cache memory. J. Supercomput..Google ScholarGoogle Scholar
  22. Vivy Suhendra, Tulika Mitra, Abhik Roychoudhury, and Ting Chen. 2005. WCET centric data allocation to scratchpad memory. In RTSS.Google ScholarGoogle Scholar
  23. Qi Wang, Yuxin Ren, Matt Scaperoth, and Gabriel Parmer. 2015. Speck: A kernel for scalable predictability. In RTAS.Google ScholarGoogle Scholar
  24. Bryan C. Ward, Jonathan L. Herman, Christopher J. Kenna, and James H. Anderson. 2013. Making shared caches more predictable on multicore platforms. In ECRTS.Google ScholarGoogle Scholar
  25. Xiao Zhang, Sandhya Dwarkadas, and Kai Shen. 2009. Towards practical page coloring-based multicore cache management. In EuroSys.Google ScholarGoogle Scholar

Index Terms

  1. MxU: Towards Predictable, Flexible, and Efficient Memory Access Control for the Secure IoT

        Recommendations

        Comments

        Login options

        Check if you have access through your login credentials or your institution to get full access on this article.

        Sign in

        Full Access

        • Published in

          cover image ACM Transactions on Embedded Computing Systems
          ACM Transactions on Embedded Computing Systems  Volume 18, Issue 5s
          Special Issue ESWEEK 2019, CASES 2019, CODES+ISSS 2019 and EMSOFT 2019
          October 2019
          1423 pages
          ISSN:1539-9087
          EISSN:1558-3465
          DOI:10.1145/3365919
          Issue’s Table of Contents

          Copyright © 2019 ACM

          Publisher

          Association for Computing Machinery

          New York, NY, United States

          Publication History

          • Published: 8 October 2019
          • Accepted: 1 July 2019
          • Revised: 1 June 2019
          • Received: 1 April 2019
          Published in tecs Volume 18, Issue 5s

          Permissions

          Request permissions about this article.

          Request Permissions

          Check for updates

          Qualifiers

          • research-article
          • Research
          • Refereed

        PDF Format

        View or Download as a PDF file.

        PDF

        eReader

        View online with eReader.

        eReader

        HTML Format

        View this article in HTML Format .

        View HTML Format
        About Cookies On This Site

        We use cookies to ensure that we give you the best experience on our website.

        Learn more

        Got it!