Koen Zandberg
ABSTRACT
Low-power operating system runtimes used on IoT microcontrollers typically provide rudimentary APIs, basic connectivity and, sometimes, a (secure) firmware update mechanism. In contrast, on less constrained hardware, networked software has entered the age of serverless, microservices and agility. With a view to bridge this gap, in the paper we design Femto-Containers, a new middleware runtime which can be embedded on heterogeneous low-power IoT devices. Femto-Containers enable the secure deployment, execution and isolation of small virtual software functions on low-power IoT devices, over the network. We implement Femto-Containers, and provide integration in RIOT, a popular open source IoT operating system. We then evaluate the performance of our implementation, which was formally verified for fault-isolation, guaranteeing that RIOT is shielded from logic loaded and executed in a Femto-Container. Our experiments on various popular micro-controller architectures (Arm Cortex-M, ESP32 and RISC-V) show that Femto-Containers offer an attractive trade-off in terms of memory footprint overhead, energy consumption, and security.
Supplemental Material
Available for Download
zip
p161-zandberg.zip (32.1 MB)
Supplemental material.
- Cedric Adjih, Emmanuel Baccelli, Eric Fleury, Gaetan Harter, Nathalie Mitton, Thomas Noel, Roger Pissard-Gibollet, Frederic Saint-Marcel, Guillaume Schreiner, Julien Vandaele, et al. 2015. FIT IoT-LAB: A large scale open experimental IoT testbed. In 2015 IEEE 2nd World Forum on Internet of Things (WF-IoT). IEEE, 459--464.Google Scholar
- Alexandru Agache, Marc Brooker, Alexandra Iordache, Anthony Liguori, Rolf Neugebauer, Phil Piwonka, and Diana-Maria Popa. 2020. Firecracker: Lightweight Virtualization for Serverless Applications. In 17th USENIX Symposium on Networked Systems Design and Implementation (NSDI 20). USENIX Association, Santa Clara, CA, 419--434. https://www.usenix.org/conference/nsdi20/presentation/agacheGoogle Scholar
- Andrew W. Appel, Robert Dockins, Aquinas Hobor, Lennart Beringer, Josiah Dodds, Gordon Stewart, Sandrine Blazy, and Xavier Leroy. 2014. Program logics for certified compilers. Cambridge University Press.Google ScholarDigital Library
- Emmanuel Baccelli, Joerg Doerr, Shinji Kikuchi, Francisco Acosta Padilla, Kaspar Schleiser, and Ian Thomas. 2018. Scripting over-the-air: towards containers on low-end devices in the internet of things. In 2018 IEEE International Conference on Pervasive Computing and Communications Workshops (PerCom Workshops). IEEE, Athens, Greece, 504--507.Google ScholarCross Ref
- Emmanuel Baccelli, Cenk Gündoğan, Oliver Hahm, Peter Kietzmann, Martine S Lenders, Hauke Petersen, Kaspar Schleiser, Thomas C Schmidt, and Matthias Wählisch. 2018. RIOT: An open source operating system for low-end embedded devices in the IoT. IEEE Internet of Things Journal 5, 6 (2018), 4428--4440.Google ScholarCross Ref
- R. Barry. 2022. FreeRTOS, a FREE open source RTOS for small embedded real time systems. http://www.freertos.org.Google Scholar
- Len Bass, Ingo Weber, and Liming Zhu. 2015. DevOps: A software architect's perspective. Addison-Wesley Professional, Boston, MA, USA.Google ScholarDigital Library
- Henk Birkholz Brendan Moran, Hannes Tschofenig and Koen Zandberg. 2021. CBOR-based Firmware Manifest Serialisation Format for the Software Updates for Internet of Things (SUIT) Manifest. Internet-Draft draft-ietf-suit-manifest-16. Internet Engineering Task Force. https://datatracker.ietf.org/doc/html/draft-ietf-suit-manifest-16 Work in Progress.Google Scholar
- Niels Brouwers et al. 2009. Darjeeling, a Feature-Rich VM for the Resource Poor. In ACM SenSys. Association for Computing Machinery, New York, NY, USA, 169--182. Google ScholarDigital Library
- Bytecode Alliance. 2020. WebAssembly Micro Runtime (WAMR). https://github.com/bytecodealliance/wasm-micro-runtime.Google Scholar
- Matt Fleming. 2017. A Thorough Introduction to eBPF. https://lwn.net/Articles/740157/Google Scholar
- Geoffrey C Fox, Vatche Ishakian, Vinod Muthusamy, and Aleksander Slominski. 2017. Status of serverless computing and function-as-a-service (faas) in industry and research. (2017). arXiv:arXiv:1708.08028 Google ScholarCross Ref
- Gareth George, Fatih Bakir, Rich Wolski, and Chandra Krintz. 2020. Nanolambda: Implementing functions as a service at all resource scales for the internet of things.. In 2020 IEEE/ACM Symposium on Edge Computing (SEC). IEEE, Virtual Event, Online, 220--231.Google ScholarCross Ref
- Andreas Haas et al. 2017. Bringing the web up to speed with WebAssembly. In Proceedings of the 38th ACM SIGPLAN Conference on Programming Language Design and Implementation. Association for Computing Machinery, New York, NY, USA, 185--200.Google Scholar
- Oliver Hahm, Emmanuel Baccelli, Hauke Petersen, and Nicolas Tsiftes. 2015. Operating Systems for Low-end Devices in the Internet of Things: a Survey. IEEE Internet of Things Journal 3, 5 (2015), 720--734.Google ScholarCross Ref
- Taylor Hardin, Ryan Scott, Patrick Proctor, Josiah Hester, Jacob Sorber, and David Kotz. 2018. Application Memory Isolation on Ultra-Low-Power MCUs. In 2018 USENIX Annual Technical Conference (USENIX ATC 18). USENIX Association, Boston, MA, 127--132.Google Scholar
- Yi He, Zhenhua Zou, Kun Sun, Zhuotao Liu, Ke Xu, Qian Wang, Chao Shen, Zhi Wang, and Qi Li. 2022. RapidPatch: Firmware Hotpatching for Real-Time Embedded Devices. In 31st USENIX Security Symposium (USENIX Security 22). USENIX Association, Boston, MA, 2225--2242.Google Scholar
- Huston Collins. 2020. Why TinyML is a giant opportunity. VentureBeat. https://venturebeat.com/2020/01/11/why-tinyml-is-a-giant-opportunity/Google Scholar
- Narjes Jomaa, Paolo Torrini, David Nowak, Gilles Grimaud, and Samuel Hym. 2018. Proof-Oriented Design of a Separation Kernel with Minimal Trusted Computing Base. In 18th International Workshop on Automated Verification of Critical Systems (AVOCS 2018), Vol. 76. Electronic Communications of the EASST Open Access Journal, Oxford, United Kingdom, 0--20.Google Scholar
- Yoonseok Ko, Tamara Rezk, and Manuel Serrano. 2021. SecureJS Compiler: Portable Memory Isolation in JavaScript. In SAC 2021-The 36th ACM/SIGAPP Symposium On Applied Computing. Association for Computing Machinery, New York, NY, USA, 1265--1274. Google ScholarDigital Library
- Koen Zandberg. 2022-05. Femto-Containers CoAP sensor value handler. https://anonymous.4open.science/r/middleware2022-femtocontainers-BB19/snippets/counter_fetch_gcoap.c.Google Scholar
- Koen Zandberg. 2022-05. Femto-Containers RIOT Implementation. https://github.com/future-proof-iot/middleware2022-femtocontainers/tree/main/femto-containers.Google Scholar
- Koen Zandberg. 2022-05. Femto-Containers sensor readout application. https://anonymous.4open.science/r/middleware2022-femtocontainers-BB19/snippets/sensor_process.c.Google Scholar
- Xavier Leroy. 2009. Formal verification of a realistic compiler. Commun. ACM 52, 7 (July 2009), 107--115. Google ScholarDigital Library
- Philip Alexander Levis and David E. Culler. 2002. Maté: a tiny virtual machine for sensor networks. In Proceedings of the 10th International Conference on Architectural Support for Programming Languages and Operating Systems (ASPLOS-X), San Jose, California, USA, October 5--9, 2002, Kourosh Gharachorloo and David A. Wood (Eds.). ACM Press, New York, NY, USA, 85--95.Google ScholarDigital Library
- Amit Levy et al. 2017. Multiprogramming a 64kB Computer Safely and Efficiently. In ACM SOSP. Association for Computing Machinery, New York, NY, USA, 234--251. Google ScholarDigital Library
- George Robotics Limited. 2022. MicroPython. https://micropython.org/.Google Scholar
- Steven McCanne and Van Jacobson. 1993. The BSD Packet Filter: A New Architecture for User-level Packet Capture. In USENIX, Vol. 46. USENIX Association, San Diego, CA, 2.Google Scholar
- Roberto Morabito, Vittorio Cozzolino, Aaron Yi Ding, Nicklas Beijar, and Jorg Ott. 2018. Consolidate IoT edge computing with lightweight virtualization. IEEE network 32, 1 (2018), 102--111.Google Scholar
- Brendan Moran, Milosch Meriac, Hannes Tschofenig, and David Brown. 2021. A firmware update architecture for internet of things devices. RFC 9019. RFC Editor. https://www.rfc-editor.org/rfc/rfc9019.txtGoogle Scholar
- Oracle. 2019. Java Card 3.1. https://www.oracle.com/java/technologies/java-card-tech.html.Google Scholar
- Sandro Pinto and Nuno Santos. 2019. Demystifying Arm TrustZone: A Comprehensive Survey. ACM Computing Surveys (CSUR) 51, 6 (2019), 1--36.Google ScholarDigital Library
- A. Pnueli, M. Siegel, and E. Singerman. 1998. Translation validation. In Tools and Algorithms for the Construction and Analysis of Systems, Gerhard Goos, Juris Hartmanis, Jan van Leeuwen, and Bernhard Steffen (Eds.). Vol. 1384. Springer Berlin Heidelberg, Berlin, Heidelberg, 151--166. Series Title: Lecture Notes in Computer Science. Google ScholarCross Ref
- Yuxin Ren, Guyue Liu, Vlad Nitu, Wenyuan Shao, Riley Kennedy, Gabriel Parmer, Timothy Wood, and Alain Tchana. 2020. Fine-Grained Isolation for Scalable, Dynamic, Multi-tenant Edge Clouds. In USENIX. USENIX Association, Boston, MA, USA, 927--942.Google Scholar
- Volodymyr Shymanskyy. 2020-10. WASM3: A high Performance WebAssembly Interpreter Written in C. https://github.com/wasm3/wasm3.Google Scholar
- Ian Thomas, Shinji Kikuchi, Emmanuel Baccelli, Kaspar Schleiser, Joerg Doerr, and Andreas Morgenstern. 2018. Design and Implementation of a Platform for Hyperconnected Cyber Physical Systems. Internet of Things 3 (2018), 69--81.Google ScholarCross Ref
- Shenghao Yuan, Frédéric Besson, Jean-Pierre Talpin, Samuel Hym, Koen Zandberg, and Emmanuel Baccelli. 2022. End-to-End Mechanized Proof of an eBPF Virtual Machine for Micro-controllers. In International Conference on Computer Aided Verification. Springer, Haifa, Israel, 293--316.Google ScholarDigital Library
- Shenghao Yuan, Frédéric Besson, Jean-Pierre Talpin, Samuel Hym, Koen Zandberg, and Emmanuel Baccelli. 2022-09. CertFC artifact. https://github.com/future-proof-iot/CertFC/tree/MIDDLEWARE22.Google Scholar
- Koen Zandberg and Emmanuel Baccelli. 2020. Minimal Virtual Machines on IoT Microcontrollers: The Case of Berkeley Packet Filters with rBPF. In 2020 9th IFIP International Conference on Performance Evaluation and Modeling in Wireless Networks (PEMWN). IEEE, Berlin / Virtual, Germany, 1--6.Google ScholarCross Ref
- Koen Zandberg, Kaspar Schleiser, Francisco Acosta, Hannes Tschofenig, and Emmanuel Baccelli. 2019. Secure firmware updates for constrained iot devices using open standards: A reality check. IEEE Access 7 (2019), 71907--71920.Google ScholarCross Ref
Index Terms
Femto-containers: lightweight virtualization and fault isolation for small software functions on low-power IoT microcontrollers
Recommendations
SPLM: Security Protection of Live Virtual Machine Migration in Cloud Computing
SCC '16: Proceedings of the 4th ACM International Workshop on Security in Cloud ComputingVirtual machine live migration technology, as an important support for cloud computing, has become a central issue in recent years. The virtual machines' runtime environment is migrated from the original physical server to another physical server, ...
A performance comparison of linux containers and virtual machines using Docker and KVM
AbstractVirtualization is a foundational element of cloud computing. Since cloud computing is slower than a native system, this study analyzes ways to improve performance. We compared the performance of Docker and Kernel-based virtual machine (KVM). KVM ...
Internet of Things security
The Internet of things (IoT) has recently become an important research topic because it integrates various sensors and objects to communicate directly with one another without human intervention. The requirements for the large-scale deployment of the ...
Comments