361 research outputs found
Scheduling policies and system software architectures for mixed-criticality computing
Mixed-criticality model of computation is being increasingly
adopted in timing-sensitive systems. The model not only
ensures that the most critical tasks in a system never fails,
but also aims for better systems resource utilization in normal condition. In this report, we describe the widely used
mixed-criticality task model and fixed-priority scheduling
algorithms for the model in uniprocessors. Because of the
necessity by the mixed-criticality task model and scheduling
policies, isolation, both temporal and spatial, among tasks is
one of the main requirements from the system design point
of view. Different virtualization techniques have been used
to design system software architecture with the goal of isolation. We discuss such a few system software architectures
which are being and can be used for mixed-criticality model
of computation
Secure Virtualization of Latency-Constrained Systems
Virtualization is a mature technology in server and desktop environments where multiple systems are consolidate onto a single physical hardware platform, increasing the utilization of todays multi-core systems as well as saving resources such as energy, space and costs compared to multiple single systems. Looking at embedded environments reveals that many systems use multiple separate computing systems inside, including requirements for real-time and isolation properties. For example, modern high-comfort cars use up to a hundred embedded computing systems. Consolidating such diverse configurations promises to save resources such as energy and weight.
In my work I propose a secure software architecture that allows consolidating multiple embedded software systems with timing constraints. The base of the architecture builds a microkernel-based operating system that supports a variety of different virtualization approaches through a generic interface, supporting hardware-assisted virtualization and paravirtualization as well as multiple architectures. Studying guest systems with latency constraints with regards to virtualization showed that standard techniques such as high-frequency time-slicing are not a viable approach.
Generally, guest systems are a combination of best-effort and real-time work and thus form a mixed-criticality system. Further analysis showed that such systems need to export relevant internal scheduling information to the hypervisor to support multiple guests with latency constraints. I propose a mechanism to export those relevant events that is secure, flexible, has good performance and is easy to use. The thesis concludes with an evaluation covering the virtualization approach on the ARM and x86 architectures and two guest operating systems, Linux and FreeRTOS, as well as evaluating the export mechanism
Mini-NOVA: A Lightweight ARM-based Virtualization Microkernel Supporting Dynamic Partial Reconfiguration
International audienceToday, ARM is becoming the mainstream family of processors in the high-performance embedded systems domain. In this context, adding a run-time reconfigurable FPGA device to the ARM processor into a single chip makes it possible to combine high performance and flexibility. In this paper, we propose a low-complexity design of system virtualization running on the Zynq platform. Virtualization of software and hardware resources are managed by a custom microkernel. The dedicated features to efficiently manage the dynamic partial reconfiguration (DPR) technology are described in details. The performance of the DPR management is evaluated and presented at the end of this paper
Maruchi OS kankyo o shiensuru sofutowea oyobi hadowea kino no teian
制度:新 ; 報告番号:甲3534号 ; 学位の種類:博士(工学) ; 授与年月日:2012/2/25 ; 早大学位記番号:新587
A TrustZone-assisted hypervisor supporting dynamic partial reconfiguration
Dissertação de mestrado em Engenharia Eletrónica Industrial e ComputadoresTraditionally, embedded systems were dedicated single-purpose systems characterised
by hardware resource constraints and real-time requirements. However,
with the growing computing abilities and resources on general purpose platforms,
systems that were formerly divided to provide different functions are now merging
into one System on Chip. One of the solutions that allows the coexistence
of heterogeneous environments on the same hardware platform is virtualization
technology, usually in the form of an hypervisor that manage different instances
of OSes and arbitrate their execution and resource usage, according to the chosen
policy.
ARM TrustZone has been one of the technologies used to implement a virtualization
solution with low overhead and low footprint. µRTZVisor a TrustZoneassisted
hypervisor with a microkernel-like architecture - is a bare-metal embedded
hypervisor that relies on TrustZone hardware to provide the foundation to implement
strong spatial and temporal isolation between multiple guest OSes.
The use of Partial Reconfiguration allows the designer to define partial reconfigurable
regions in the FPGA and reconfigure them during runtime. This allows
the system to have its functionalities changed during runtime using Dynamic Partial
Reconfiguration (DPR), without needing to reconfigure all the FPGA. This
is a major advantage, as it decreases the configuration overhead since partial bitstreams
are smaller than full bitstreams and the reconfiguration time is shorter.
Another advantage is reducing the need for larger logic areas and consequently
reducing their power consumption.
Therefore, a hypervisor that supports DPR brings benefits to the system. Aside
from better FPGA resources usage, another improvement that it brings, is when
critical hardware modules misbehave and the hardware module can be replaced.
It also enables the controlling and changing of hardware accelerators dynamically,
which can be used to meet the guest OSes requests for hardware resources as the
need appears. The propose of this thesis is extending the µRTZVisor to have a
DPR mechanism.Tradicionalmente, os sistemas embebidos eram sistemas dedicados a uma única
tarefa e apenas limitados pelos seus requisitos de tempo real e de hardware. Contudo,
como as plataformas de uso geral têm cada vez mais recursos e capacidade
de processamento, muitos dos sistemas que executavam separadamente, passaram
a apenas um sistema em plataforma recorrendo à tecnologia de virtualização, normalmente
como um hipervisor que é capaz de gerir múltiplos sistemas operativos
arbitrando a sua execução e acesso aos recursos da plataforma de acordo com uma
politica predefinida.
A tecnologia TrustZone da ARM tem sido uma das soluções implementadas
sem ter grande impacto na performance dos sistemas operativos. µRTZVisor é um
dos hipervisores baseados na TrustZone para implementar um isolamento espacial
e temporal entre múltiplos sistemas operativos, sendo que defere de outras uma
vez que é de arquitectura microkernel.
O uso de Reconfiguração Parcial Dinâmica (RPD) permite ao designer definir
várias regiões reconfiguráveis no FPGA que podem ser dinamicamente reconfiguradas
durante o período de execução. Esta é uma grande vantagem, porque reduz
os tempos de reconfiguração de módulos reconfiguráveis uma vez que os seus bitstreams
são mais pequenos que bitstreams para a plataforma toda. A tecnologia
também permite que nos FPGAs não sejam necessárias áreas lógicas tão grandes,
o que também reduz o consumo de energia da plataforma.
Um hipervisor que suporte RPD traz grandes benefícios para o sistema, nomeadamente
melhor uso dos recursos de FPGA, implementação de aceleradores em
hardware dinamicamente reconfiguráveis, e tratamento de falhas no hardware. Se
houverem módulos que estejam a demonstrar comportamentos inesperados estes
podem ser reconfigurados. O uso de aceleradores reconfiguráveis permite que o
hardware seja adaptável conforme a necessidade destes pelos diferentes sistemas
operativos. A proposta desta dissertação é então estender o µRTZVisor para ter
a capacidade de usar módulos reconfiguráveis por RPD
Hardware IPC for a TrustZone-assisted Hypervisor
Dissertação de mestrado em Engenharia Eletrónica Industrial e ComputadoresIn this modern era ruled by technology and the IoT (Internet of Things),
embedded systems have an ubiquitous presence in our daily lives. Although they
do differ from each other in their functionalities and end-purpose, they all share the
same basic requirements: safety and security. Whether in a non-critical system
such as a smartphone, or a critical one, like an electronic control unit of any
modern vehicle, these requirements must always be fulfilled in order to accomplish
a reliable and trust-worthy system.
One well-established technology to address this problem is virtualization. It
provides isolation by encapsulating each subsystem in separate Virtual-Machines
(VMs), while also enabling the sharing of hardware resources. However, these
isolated subsystems may still need to communicate with each other. Inter-Process
Communication is present in most OSes’ stacks, representing a crucial part of
it, which allows, through a myriad of different mechanisms, communication be-
tween tasks. In a virtualized system, Inter-Partition Communication mechanisms
implement the communication between the different subsystems referenced above.
TrustZone technology has been in the forefront of hardware-assisted security
and it has been explored for virtualization purposes, since natively it provides sep-
aration between two execution worlds while enforcing, by design, different privi-
lege to these execution worlds. LTZVisor, an open-source lightweight TrustZone-
assisted hypervisor, emerged as a way of providing a platform for exploring how
TrustZone can be exploited to assist virtualization. Its IPC mechanism, TZ-
VirtIO, constitutes a standard virtual I/O approach for achieving communication
between the OSes, but some overhead is caused by the introduction of the mech-
anism. Hardware-based solutions are yet to be explored with this solution, which
could bring performance and security benefits while diminishing overhead.
Attending the reasons mentioned above, hTZ-VirtIO was developed as a way
to explore the offloading of the software-based communication mechanism of the
LTZVisor to hardware-based mechanisms.Atualmente, onde a tecnologia e a Internet das Coisas (IoT) dominam a so-
ciedade, os sistemas embebidos são omnipresentes no nosso dia-a-dia, e embora
possam diferir entre as funcionalidades e objetivos finais, todos partilham os mes-
mos requisitos básicos. Seja um sistema não crítico, como um smartphone, ou
um sistema crítico, como uma unidade de controlo de um veículo moderno, estes
requisitos devem ser cumpridos de maneira a se obter um sistema confiável.
Uma tecnologia bem estabelecida para resolver este problema é a virtualiza-
ção. Esta abordagem providencia isolamento através do encapsulamento de sub-
sistemas em máquinas virtuais separadas, além de permitir a partilha de recursos
de hardware. No entanto, estes subsistemas isolados podem ter a necessidade de
comunicar entre si. Comunicação entre tarefas está presente na maioria das pilhas
de software de qualquer sistema e representa uma parte crucial dos mesmos. Num
sistema virtualizado, os mecanismos de comunicação entre-partições implementam
a comunicação entre os diferentes subsistemas mencionados acima.
A tecnologia TrustZone tem estado na vanguarda da segurança assistida por
hardware, e tem sido explorada na implementação de sistemas virtualizados, visto
que permite nativamente a separação entre dois mundos de execução, e impondo
ao mesmo tempo, por design, privilégios diferentes a esses mundos de execução. O
LTZVisor, um hypervisor em código-aberto de baixo overhead assistido por Trust-
Zone, surgiu como uma forma de fornecer uma plataforma que permite a explo-
ração da TrustZone como tecnologia de assistência a virtualização. O TZ-VirtIO,
mecanismo de comunicação do LTZVisor, constitui uma abordagem padrão de
E/S virtuais, para permitir comunicação entre os sistemas operativos. No entanto,
a introdução deste mecanismo provoca sobrecarga sobre o hypervisor. Soluções
baseadas em hardware para o TZ-VirtIO ainda não foram exploradas, e podem
trazer benefícios de desempenho e segurança, e diminuir a sobrecarga.
Atendendo às razões mencionadas acima, o hTZ-VirtIO foi desenvolvido como
uma maneira de explorar a migração do mecanismo de comunicação baseado em
software do LTZVisor para mecanismos baseados em hardware
- …