Maruchi OS kankyo o shiensuru sofutowea oyobi hadowea kino no teian

制度:新 ; 報告番号:甲3534号 ; 学位の種類:博士(工学) ; 授与年月日:2012/2/25 ; 早大学位記番号:新587

Security hardened remote terminal units for SCADA networks.

Remote terminal units (RTUs) are perimeter supervisory control and data acquisition (SCADA) devices that measure and control actual physical devices. Cyber security was largely ignored in SCADA for many years, and the cyber security issues that now face SCADA and DCS, specifically RTU security, are investigated in this research. This dissertation presents a new role based access control model designed specifically for RTUs and process control. The model is developed around the process control specific data element called a point, and point operations. The model includes: assignment constraints that limit the RTU operations that a specific role can be assigned and activation constraints that allow a security administrator to specify conditions when specific RTU roles or RTU permissions cannot be used. RTU enforcement of the new access control model depends on, and is supported by, the protection provided by an RTU\u27s operating system. This dissertation investigates two approaches for using minimal kernels to reduce potential vulnerabilities in RTU protection enforcement and create a security hardened RTU capable of supporting the new RTU access control model. The first approach is to reduce a commercial OS kernel to only those components needed by the RTU, removing any known or unknown vulnerabilities contained in the eliminated code and significantly reducing the size of the kernel. The second approach proposes using a microkernel that supports partitioning as the basis for an RTU specific operating system which isolates network related RTU software, the RTU attack surface, from critical RTU operational software such as control algorithms and analog and digital input and output. In experimental analysis of a prototype hardened RTU connected to real SCADA hardware, a reduction of over 50% was obtained in reducing a 2.4 Linux kernel to run on actual RTU hardware. Functional testing demonstrated that different users were able to carryout assigned tasks with the limited set of permissions provided by the security hardened RTU and a series of simulated insider attacks were prevented by the RTU role based access control system. Analysis of communication times indicated response times would be acceptable for many SCADA and DCS application areas. Investigation of a partitioning microkernel for an RTU identified the L4 microkernel as an excellent candidate. Experimental evaluation of L4 on real hardware found the IPC overhead for simulated critical RTU operations protected by L4 partitioning to be sufficiently small to warrant continued investigation of the approach

An inter-cluster communication facility for lightweight manycore processors in the Nanvix OS

TCC(graduação) - Universidade Federal de Santa Catarina. Centro Tecnológico. Ciências da Computação.Em conjunto com a maior escalabilidade e eficiência energética, os processadores lightweight manycores trouxeram um novo conjunto de desafios no desenvolvimento de software provenientes de suas particularidades arquiteturais. Neste contexto, sistemas operacionais tornam o desenvolvimento de aplicações menos onerosos, menos suscetíveis a erros e mais eficientes. A camada de abstração provida pelos sistemas operacionais suprime as características do hardware sob uma perspectiva simplificada e eficaz. No entanto, parte dos desafios de desenvolvimento encontrados em lightweight manycores deriva diretamente de runtimes e sistemas operacionais existentes, que não lidam completamente com a complexidade arquitetural desses processadores. Acreditamos que sistemas operacionais para a próxima geração de lightweight manycores necessitam ser repensados a partir de seus conceitos básicos considerando as severas restrições arquiteturais. Em particular, as abstrações de comunicação desempenham um papel crucial na escalabilidade e desempenho das aplicações devido à natureza distribuída dos manycores. O objetivo deste trabalho é propor mecanismos de comunicação entre clusters para o processador manycore emergente MPPA-256. Estes mecanismos fazem parte de uma Camada de Abstração de Hardware (HAL) genérica e flexível para lightweight manycores que lida diretamente com os principais problemas encontrados no projeto de um sistema operacional para esses processadores. Sob estes mecanismos, serviços de comunicação também serão propostos para um sistema operacional baseado no modelo microkernel, que busca fornecer um esqueleto básico para as abstrações de comunicação. As contribuições deste trabalho estão inseridas em um contexto de pesquisa mais amplo, que procura investigar a criação de um sistema operacional distribuído baseado em uma abordagem multikernel, denominado Nanvix OS. O Nanvix OS se concentrará em questões de programabilidade e portabilidade através de um sistema operacional compatível com o padrão POSIX para lightweight manycore. Os resultados mostram como algoritmos distribuídos conhecidos podem ser eficientemente suportados pelo Nanvix OS e incentivam melhorias providas pelo uso adequado dos aceleradores de Acesso Direto à Memória (DMA).Jointly with further scalability and energy efficiency, lightweight manycores brought a new set of challenges in software development coming from their architectural particularities. In this context, Operating Systems (OSs) make application development less costly, less error-prone, and more efficient. The abstraction layer provided by OSs suppresses hardware characteristics from a simplified and productive perspective. However, part of the development challenges encountered in lightweight manycores stems from the existing runtimes and OSs, which do not entirely address the complexity of these processors. We believe that OSs for the next generation of lightweight manycores must be redesigned from scratch to cope with their tight architectural constraints. In particular, communication abstractions play a crucial role in application scalability and performance due to the distributed nature of manycores. The purpose of this undergraduate dissertation is to propose an inter-cluster communication facility for the emerging manycore MPPA-256 processor. This facility is part of a generic and flexible Hardware Abstraction Layer (HAL) that deals directly with the key issues encountered in designing an OS for these processors. Above this facility, communication services will also be proposed for an OS based on the microkernel model, which seeks to provide a basic framework for communication abstractions. The contributions of this undergraduate dissertation are embedded in a broader research context that aims to investigate the creation of a distributed OS based on a multikernel approach, called Nanvix OS. Nanvix OS focuses on programmability and portability issues for manycores through a POSIX-compliant OS. The results present how well known distributed algorithms can be efficiently supported by Nanvix OS and encourage improvements provided by the proper use of Direct memory access (DMA) accelerators

Operating System Support for Redundant Multithreading

Failing hardware is a fact and trends in microprocessor design indicate that the fraction of hardware suffering from permanent and transient faults will continue to increase in future chip generations. Researchers proposed various solutions to this issue with different downsides: Specialized hardware components make hardware more expensive in production and consume additional energy at runtime. Fault-tolerant algorithms and libraries enforce specific programming models on the developer. Compiler-based fault tolerance requires the source code for all applications to be available for recompilation. In this thesis I present ASTEROID, an operating system architecture that integrates applications with different reliability needs. ASTEROID is built on top of the L4/Fiasco.OC microkernel and extends the system with Romain, an operating system service that transparently replicates user applications. Romain supports single- and multi-threaded applications without requiring access to the application's source code. Romain replicates applications and their resources completely and thereby does not rely on hardware extensions, such as ECC-protected memory. In my thesis I describe how to efficiently implement replication as a form of redundant multithreading in software. I develop mechanisms to manage replica resources and to make multi-threaded programs behave deterministically for replication. I furthermore present an approach to handle applications that use shared-memory channels with other programs. My evaluation shows that Romain provides 100% error detection and more than 99.6% error correction for single-bit flips in memory and general-purpose registers. At the same time, Romain's execution time overhead is below 14% for single-threaded applications running in triple-modular redundant mode. The last part of my thesis acknowledges that software-implemented fault tolerance methods often rely on the correct functioning of a certain set of hardware and software components, the Reliable Computing Base (RCB). I introduce the concept of the RCB and discuss what constitutes the RCB of the ASTEROID system and other fault tolerance mechanisms. Thereafter I show three case studies that evaluate approaches to protecting RCB components and thereby aim to achieve a software stack that is fully protected against hardware errors

Single system image: A survey

Single system image is a computing paradigm where a number of distributed computing resources are aggregated and presented via an interface that maintains the illusion of interaction with a single system. This approach encompasses decades of research using a broad variety of techniques at varying levels of abstraction, from custom hardware and distributed hypervisors to specialized operating system kernels and user-level tools. Existing classification schemes for SSI technologies are reviewed, and an updated classification scheme is proposed. A survey of implementation techniques is provided along with relevant examples. Notable deployments are examined and insights gained from hands-on experience are summarized. Issues affecting the adoption of kernel-level SSI are identified and discussed in the context of technology adoption literature

Operating System Kernels on Multi-core Architectures

Operating System (OS) kernels have been under research and development for decades, mainly assuming single processor and distributed hardware systems. With the recent rise of multi-core chips that may incorporate a network on chip (NoC), new challenges have appeared that were not considered before. Given that a complete multi-core system that works on a single system on chip (SoC) is now the normal case, different cores on a single SoC may share other physical resources and data. This new sharing scheme on a SoC affects crucial aspects of an overall system like correctness, performance, predictability, scalability and security. Both hardware and OSs to flexibly cooperate in order to provide solutions for such challenges. SoC mimics the internet somehow now, with different cores acting as computer nodes, and the network medium is given in an advanced digital fabrics like buses or NoCs, that are a current research area. However, OSs are still assuming some (hardware) features like single physical memory and memory sharing for inter-process communication, page-based protection, cache operations, even when evolving from uniprocessor to multi-core processors. Such features not only may degrade performance and other system aspects, but also some of them make no sense for a multi-core SoC, and introduce some barriers and limitations. While new OS research is considering different kernel designs to cope up with multi-core systems, they are still limited by the current commercial hardware architectures. The objective of this thesis is to assess different kernel designs and implementations on multi-core hardware architectures. Part of the contributions of the thesis is porting RTEMS (RTOS) and seL4 microkernel to Epiphany and RISC-V hardware architectures respectively, trading-off the design and implementation decisions. This hands-on experience gave a better understanding of the real-world challenges regarding kernel designs and implementations

Dynamic management of multiple operating systems in an embedded multi-core environment

Modernit sulautetut laitteet, kuten älypuhelimet, ovat kasvaneet monimutkaisiksi tietokonejärjestelmiksi, jotka tarjoavat samaan aikaan niin rikasta käyttäjäkokemusta kuin reaaliaikaista suorituskykyä alemman tason laitteille, kuten kameralle tai radiolle. Kilpailu sulautettujen järjestelmien markkinoilla on kovaa, etenkin loppukäyttäjille myytävissä mobiililaitteissa, mikä johtaa tarpeeseen vähentää laitteiden valmistuskustannuksia vaikuttamatta laitteen suorituskykyyn. Pöytäkoneiden markkinoilla jo pitkään tapahtunut siirtyminen moniydinsuorittimen käyttöön on viime aikoina alkanut tapahtua myös sulautetuissa järjestelmissä, joiden haasteena on jatkuvasti kasvava vaatimustaso suorituskyvylle ja toisaalta taas tiukat rajoitukset energiankäytölle. Moniydinsuorittimista ei kuitenkaan saada toivottua suorituskyvyn lisäystä, jos ohjelmistokehitystä jatketaan vanhoilla, yksiydinsuorittimille tarkoitettuilla toimintatavoilla. Tässä työssä esitellään systeemitason ratkaisu moniydinprosessorien rinnakkaisen laskentavoiman tehokkaaseen käyttöön. Työssä kehitettiin ratkaisu nimeltä DynOS SPUMONE, jonka perustana on käyttää kevyttä virtualisointikerrosta ajamaan samanaikaisesti eri käyttöjärjestelmiä moniydinprosessorin eri ytimillä tarpeen mukaan. Ideana on ajaa tarvittaessa reaaliaikaista suorituskykyä vaativat ohjelmat omalla ytimellään käyttäen reaaliaikakäyttöjärjestelmää. Ratkaisua voitaisiin käyttää säästämään sulautettujen laitteiden valmistuskuluissa poistamalla nykyisen tarpeen käyttää erillisiä piirejä ajamaan reaaliaikasovelluksia. Työssä kehitettiin myös DynOS SPUMONE:en perustuva prototyyppi, joka verifikoitiin ja arvioitiin. Työn tulokset osoittavat DynOS SPUMONE:en pohjautuvien ratkaisujen olevan toteutettavissa erittäin kohtuullisin suunnittelukustannuksin ilman mainittavaa vaikutusta systeemin reaaliaikaiseen suorituskykyyn.Modern embedded devices, such as smartphones, have grown into complex computer systems that provide a rich set of functionality for their users while still maintaining real-time responsiveness for their low level functions such as radio communication or camera control. The embedded market is very competitive, especially in end-user mobile devices, making it desirable to reduce manufacturing costs without compromising device performance wherever possible. The ever-growing user demand for more computing-intensive applications coupled with tight energy budgets has led the embedded manufacturers to seek performance gains from multi-core architectures, much like their desktop counterparts. However, multi-core architectures have little to provide in performance gains when used with applications developed with traditional software design methods that are aimed at single-core archictures. This thesis presents a system-level solution for e_ectively using the parallel computing power of multi-core processors. DynOS SPUMONE, a concept of using a light weight virtualization layer to dynamically dispatch di_erent OSes on di_erent cores, was developed. The concept is to run real-time tasks, such as device control for peripherals, on real-time capable operating systems running on dedicated cores only when they are actually needed. This could be used to eliminate separate physical chips on the device, which would reduce manufacturing costs. A prototype implementation of DynOS SPUMONE was built, veri_ed and evaluated. The results show that the DynOS SPUMONE concept is realizable with reasonable engineering costs and without significant drops in real-time performance

Predictable migration and communication in the Quest-V multikernal

Quest-V is a system we have been developing from the ground up, with objectives focusing on safety, predictability and efficiency. It is designed to work on emerging multicore processors with hardware virtualization support. Quest-V is implemented as a ``distributed system on a chip'' and comprises multiple sandbox kernels. Sandbox kernels are isolated from one another in separate regions of physical memory, having access to a subset of processing cores and I/O devices. This partitioning prevents system failures in one sandbox affecting the operation of other sandboxes. Shared memory channels managed by system monitors enable inter-sandbox communication. The distributed nature of Quest-V means each sandbox has a separate physical clock, with all event timings being managed by per-core local timers. Each sandbox is responsible for its own scheduling and I/O management, without requiring intervention of a hypervisor. In this paper, we formulate bounds on inter-sandbox communication in the absence of a global scheduler or global system clock. We also describe how address space migration between sandboxes can be guaranteed without violating service constraints. Experimental results on a working system show the conditions under which Quest-V performs real-time communication and migration.National Science Foundation (1117025