Abstract
The advanced functionality requirements of modern embedded and Internet of Things (IoT) devices -- from autonomous vehicles, to city and power-grid management -- are driving an ever-increasing software complexity. At the same time, the pervasive internet connections of these systems necessitate the fundamental design of security into these devices. The isolation of complex features from those that are critical through protection domains is an effective means to constrain the scope of faults and security breaches. Common hardware-provided memory facilities to enforce protection domains through memory access control -- including Memory Management Units (MMUs) usually found in microprocessors, and Memory Protection Units (MPUs) usually found in microcontrollers -- must meet the goals of enabling flexible, efficient and dynamic management of memory, and must enable tight bounds on the worst-case execution of critical code. Unfortunately, current system memory management facilities are ill-prepared to handle this challenge: MMUs that use extensive caches to achieve strong average-case performance suffer from debilitating worst-case and even average-case behavior under hefty interference, while MPUs struggle to provide flexible memory management.
This paper details MxU, a memory protection and allocation abstraction that integrates temporal specifications into the memory management subsystem, to enable portable code to achieve both predictable, tightly-bounded execution and dynamic management across both MMU- and MPU-based systems. We implement MxU in the Composite microkernel, and evaluate its flexibility and predictability over two different architectures: a MPU-based Cortex-M7 microcontroller and a MMU-based Cortex-A9 microprocessor using a suite of modern applications including neural network-based inference, SQLite, and a javascript runtime.
For MMU-based systems, MxU reduces application TLB stall by up to 68.0%. For MPU-based systems, MxU enables flexible dynamic memory management often with application overheads of 1%, increasing to 6.1% under significant interference.
- Micaiah Chisholm, Bryan C. Ward, Namhoon Kim, and James H. Anderson. 2015. Cache sharing and isolation tradeoffs in multicore mixed-criticality systems. In RTSS.Google Scholar
- Abraham A. Clements, Naif Saleh Almakhdhub, Saurabh Bagchi, and Mathias Payer. 2018. ACES: Automatic compartments for embedded systems. In USENIX SEC.Google Scholar
- HighTec EDV-Systeme. 2019. PXROS-HR: https://hightec-rt.com/en/products/real-time-os.html, retrieved 4/12/19.Google Scholar
- Bernhard Egger, Jaejin Lee, and Heonshik Shin. 2008. Scratchpad memory management in a multitasking environment. In EMSOFT.Google Scholar
- Kevin Elphinstone and Gernot Heiser. 2013. From L3 to seL4 what have we learnt in 20 years of L4 microkernels?. In SOSP.Google Scholar
- Emcraft. 2019. ucLinux: https://github.com/EmcraftSystems/linux-emcraft, retrieved 4/12/19.Google Scholar
- Farzad Farshchi, Prathap Kumar Valsan, Renato Mancuso, and Heechul Yun. 2018. Deterministic memory abstraction and supporting multicore system architecture. In ECRTS.Google Scholar
- Phani Kishore Gadepalli, Robert Gifford, Lucas Baier, Michael Kelly, and Gabriel Parmer. 2017. Temporal capabilities: Access control for time. In RTSS.Google Scholar
- Amir H. Hashemi, David R. Kaeli, and Brad Calder. 1997. Efficient procedure mapping using cache line coloring. In PLDI.Google Scholar
- Takuya Ishikawa, Toshikazu Kato, Shinya Honda, and Hiroaki Takada. 2013. Investigation and improvement on the impact of TLB misses in real-time systems. In OSPERT.Google Scholar
- Hyoseung Kim, Arvind Kandhalu, and Ragunathan Rajkumar. 2013. A coordinated approach for practical OS-level cache management in multi-core real-time systems. In ECRTS.Google Scholar
- Tomasz Kloda, Marco Solieri, Renato Mancuso, Nicola Capodieci, Paolo Valente, and Marko Bertogna. 2019. Deterministic memory hierarchy and virtualization for modern multi-core embedded systems. In RTAS.Google Scholar
- Lian Li, Lin Gao, and Jingling Xue. 2005. Memory coloring: A compiler approach for scratchpad memory management. In PACT.Google Scholar
- Renato Mancuso, Roman Dudko, Emiliano Betti, Marco Cesati, Marco Caccamo, and Rodolfo Pellizzoni. 2013. Real-time cache management framework for multi-core architectures. In RTAS.Google Scholar
- Sparsh Mittal. 2016. A survey of techniques for cache locking. ACM Trans. Des. Autom. Electron. Syst.Google Scholar
Digital Library
- Frank Mueller. 1995. Compiler support for software-based cache partitioning. In LCTES.Google Scholar
- Runyu Pan, Gregor Peach, Yuxin Ren, and Gabriel Parmer. 2018. Predictable virtualization on memory protection unit-based microcontrollers. In RTAS.Google Scholar
- Shrinivas Anand Panchamukhi and Frank Mueller. 2015. Providing task isolation via TLB coloring. In RTAS.Google Scholar
- Moinuddin K. Qureshi and Yale N. Patt. 2006. Utility-based cache partitioning: A low-overhead, high-performance, runtime mechanism to partition shared caches. In MICRO.Google Scholar
- Muhammad Refaat Soliman and Rodolfo Pellizzoni. 2017. WCET-driven dynamic data scratchpad management with compiler-directed prefetching. In ECRTS.Google Scholar
- G. E. Suh, L. Rudolph, and S. Devadas. 2004. Dynamic partitioning of shared cache memory. J. Supercomput..Google Scholar
- Vivy Suhendra, Tulika Mitra, Abhik Roychoudhury, and Ting Chen. 2005. WCET centric data allocation to scratchpad memory. In RTSS.Google Scholar
- Qi Wang, Yuxin Ren, Matt Scaperoth, and Gabriel Parmer. 2015. Speck: A kernel for scalable predictability. In RTAS.Google Scholar
- Bryan C. Ward, Jonathan L. Herman, Christopher J. Kenna, and James H. Anderson. 2013. Making shared caches more predictable on multicore platforms. In ECRTS.Google Scholar
- Xiao Zhang, Sandhya Dwarkadas, and Kai Shen. 2009. Towards practical page coloring-based multicore cache management. In EuroSys.Google Scholar
Index Terms
MxU: Towards Predictable, Flexible, and Efficient Memory Access Control for the Secure IoT
Recommendations
Write-aware memory management for hybrid SLC-MLC PCM memory systems
In recent years, phase-change memory (PCM) has generated a great deal of interest because of its byte addressability and non-volatility properties. It is regarded as a good alternative storage medium that can reduce the performance gap between the main ...
MemMON: run-time off-chip detection for memory access violation in embedded systems
SoICT '10: Proceedings of the 1st Symposium on Information and Communication TechnologyTo deploy a memory protection mechanism, it requires CPU support hardware components like Memory Management Unit (MMU) or Memory Protection Unit (MPU). However, in embedded system, most of microcontrollers lack to be equipped these features because they ...
Segment protection for embedded systems using run-time checks
CASES '05: Proceedings of the 2005 international conference on Compilers, architectures and synthesis for embedded systemsThe lack of virtual memory protection is a serious source of unreliability in many embedded systems. Without the segment-level protection it provides, these systems are subject to memory access violations, stemming from programmer error, whose results ...






Comments