58 research outputs found
Secure and safe virtualization-based framework for embedded systems development
Tese de Doutoramento - Programa Doutoral em Engenharia Electrónica e de Computadores (PDEEC)The Internet of Things (IoT) is here. Billions of smart, connected devices are proliferating
at rapid pace in our key infrastructures, generating, processing and exchanging
vast amounts of security-critical and privacy-sensitive data. This strong connectivity
of IoT environments demands for a holistic, end-to-end security approach, addressing
security and privacy risks across different abstraction levels: device, communications,
cloud, and lifecycle managment.
Security at the device level is being misconstrued as the addition of features in a
late stage of the system development. Several software-based approaches such as
microkernels, and virtualization have been used, but it is proven, per se, they fail in
providing the desired security level. As a step towards the correct operation of these
devices, it is imperative to extend them with new security-oriented technologies
which guarantee security from the outset.
This thesis aims to conceive and design a novel security and safety architecture
for virtualized systems by 1) evaluating which technologies are key enablers for
scalable and secure virtualization, 2) designing and implementing a fully-featured
virtualization environment providing hardware isolation 3) investigating which "hard
entities" can extend virtualization to guarantee the security requirements dictated by
confidentiality, integrity, and availability, and 4) simplifying system configurability
and integration through a design ecosystem supported by a domain-specific language.
The developed artefacts demonstrate: 1) why ARM TrustZone is nowadays a reference
technology for security, 2) how TrustZone can be adequately exploited for
virtualization in different use-cases, 3) why the secure boot process, trusted execution
environment and other hardware trust anchors are essential to establish and
guarantee a complete root and chain of trust, and 4) how a domain-specific language
enables easy design, integration and customization of a secure virtualized
system assisted by the above mentioned building blocks.Vivemos na era da Internet das Coisas (IoT). Biliões de dispositivos inteligentes
começam a proliferar nas nossas infraestruturas chave, levando ao processamento
de avolumadas quantidades de dados privados e sensíveis. Esta forte conectividade
inerente ao conceito IoT necessita de uma abordagem holística, em que os riscos
de privacidade e segurança são abordados nas diferentes camadas de abstração:
dispositivo, comunicações, nuvem e ciclo de vida.
A segurança ao nível dos dispositivos tem sido erradamente assegurada pela inclusão
de funcionalidades numa fase tardia do desenvolvimento. Têm sido utilizadas diversas
abordagens de software, incluindo a virtualização, mas está provado que estas
não conseguem garantir o nível de segurança desejado. De forma a garantir a correta
operação dos dispositivos, é fundamental complementar os mesmos com novas tecnologias
que promovem a segurança desde os primeiros estágios de desenvolvimento.
Esta tese propõe, assim, o desenvolvimento de uma solução arquitetural inovadora
para sistemas virtualizados seguros, contemplando 1) a avaliação de tecnologias
chave que promovam tal realização, 2) a implementação de uma solução de virtualização
garantindo isolamento por hardware, 3) a identificação de componentes
que integrados permitirão complementar a virtualização para garantir os requisitos
de segurança, e 4) a simplificação do processo de configuração e integração da solução
através de um ecossistema suportado por uma linguagem de domínio específico.
Os artefactos desenvolvidos demonstram: 1) o porquê da tecnologia ARM TrustZone
ser uma tecnologia de referência para a segurança, 2) a efetividade desta tecnologia
quando utilizada em diferentes domínios, 3) o porquê do processo seguro de inicialização,
juntamente com um ambiente de execução seguro e outros componentes de
hardware, serem essenciais para estabelecer uma cadeia de confiança, e 4) a viabilidade
em utilizar uma linguagem de um domínio específico para configurar e integrar
um ambiente virtualizado suportado pelos artefactos supramencionados
Modeling of embedded software on MDA platform models
This study proposes the use of abstract software models in order to meet the diversity of embedded platforms. A UML 2.0 Profile for Modeling Application and Platform of Embedded Software (called PROAPES) is proposed. Such profile is intended to generically describe the services provided by a system platform that makes use of an RTOS. In addition, this study presents a Model Transformation (MT) based on the PROAPES profile, named MT-PROAPES. In this way, MT-PROAPES uses a Platform Model (PM), created on the basis of the proposed profile (PROAPES), and performs a transformation named Platform Independent Model (PIM)-behavior into Platform Specific Model (PSM)-behavior. Thus, the generation of reusable model transformations that are adaptable to different platform models is possibleFacultad de Informátic
Rétro-ingénierie des plateformes pour le déploiement des applications temps réel
This Work deals with te defintion of a new methodology called DRIM for the development of real-time embedded systems following the Model-Driven development paradigm.Les travaux présentés dans cette thèse s’inscrivent dans le cadre du développement logiciel des systèmes temps réel embarqués. Nous définissons dans ce travail une méthodologie nommée DRIM (Design Refinement toward Implementation Methodology). Cetteméthodologie permet de guider le déploiement des applications temps réel sur différentssystèmes d’exploitation temps réel (RTOS) en suivant la ligne de l’Ingénierie Dirigée parles Modèles (IDM) et en assurant le respect des contraintes de temps après le déploiement.L’automatisation de la méthodologie DRIM montre sa capacité à détecter les descriptionsnon-implémentables de l’application, réalisées au niveau conception, pour un RTOS donné,ce qui présente l’avantage de réduire le temps de mise sur le marché (time-to-market) d’unepart et de guider l’utilisateur pour un choix approprié du RTOS cible d’autre part
Porting sloth system to FreeRTOS for ARM Multicore
Dissertação de mestrado integrado em Engenharia Eletrónica Industrial e ComputadoresThe microprocessor industry is in the midst of a dramatic transformation. Up
until recently, to boost microprocessors’ performance it was solely relied on increasing
clock frequency. Nowadays, however, the power consumption requirements,
coupled with the growing consumer demand, made the industry shift their
focus from singlecore to multicore solutions, which offer an increase in performance,
without a proportional increase in power consumption. The embedded
systems field is no exception and the trend to use multicore solutions has been
rising substantially in the last few years.
Managing control flow is one of the core responsibilities of an operating system.
Bearing this in mind, operating systems suffer from the existence of a bifid
priority space, dictated by the co-existence of synchronous threads, managed by
kernel scheduler, and asynchronous interrupt handlers, scheduled by hardware.
This induces a well-identified problem, termed rate-monotonic priority inversion.
Regarding safety-critical real-time systems, where time and determinism play a
critical role, the inherent possibility of delayed execution of real-time threads by
hardware interrupts with semantically lower priority can have catastrophic consequences
to human life.
Within this context, this dissertation presents the extension of a previous ’inhouse’
project, by proposing the implementation of a unified priority space approach
(Sloth) in a multicore environment. To accomplish this, it is proposed
the offloading of the scheduling decisions and synchronization mechanisms to a
Commercial Off-The-Shelf (COTS) hardware interrupt controller (removing the
need for a software scheduler) on an ARM Cortex-A9 MPCore platform.A indústria de microprocessores está envolta numa transformação dramática.
Até recentemente, para impulsionar a performance, a indústria dependia somente
do aumento gradual da frequência de relógio. Atualmente, os requisitos de consumo
energético, conjugados com as crescentes exigências do consumidor, levaram a
indústria a mudar o seu foco de soluções singlecore para soluções multicore. Estas
oferecem um aumento substancial de performance, sem o proporcional aumento
de consumo energético, característico das arquiteturas singlecore. Os sistemas
embebidos não são excepção e a tendência para a utilização de soluções multicore
tem aumentado substancialmente nos últimos anos.
Uma das principais responsabilidades de um sistema operativo é a gestão do
fluxo de controlo. Neste contexto, os sistemas operativos sofrem da existência de
um espaço de prioridades bifurcado, caracterizado pela existência de tarefas, geridas
pelo escalonador do kernel (software) e de interrupções, escalonadas por hardware.
Introduz-se, assim, um problema bem identificado na comunidade científica,
denominado rate-monotonic priority inversion. Em sistemas de tempo real, em
que a segurança assume um papel fulcral e onde a performance e o determinismo
são essenciais, a possibilidade da execução de tarefas de elevada prioridade ser
atrasada, por interrupções de hardware com prioridade semântica inferior, pode
ter consequências catastróficas para a vida humana.
Neste sentido, esta dissertação apresenta a extensão de um trabalho anterior,
propondo a implementação de um espaço de prioridades unificado (Sloth),
num ambiente multicore. Assim sendo, é proposto o offloading do escalonador e
mecanismos de sincronização para o controlador de interrupções (hardware) numa
plataforma ARM Cortex-A9 MPCore
Evaluation of the parallel computational capabilities of embedded platforms for critical systems
Modern critical systems need higher performance which cannot be delivered by the simple architectures used so far. Latest embedded architectures feature multi-cores and GPUs, which can be used to satisfy this need. In this thesis we parallelise relevant applications from multiple critical domains represented in the GPU4S benchmark suite, and perform a comparison of the parallel capabilities of candidate platforms for use in critical systems. In particular, we port the open source GPU4S Bench benchmarking suite in the OpenMP programming model, and we benchmark the candidate embedded heterogeneous multi-core platforms of the H2020 UP2DATE project, NVIDIA TX2, NVIDIA Xavier and Xilinx Zynq Ultrascale+, in order to drive the selection of the research platform which will be used in the next phases of the project. Our result indicate that in terms of CPU and GPU performance, the NVIDIA Xavier is the highest performing platform
Deploying RIOT operating system on a reconfigurable Internet of Things end-device
Dissertação de mestrado integrado em Engenharia Eletrónica Industrial e ComputadoresThe Internet of Everything (IoE) is enabling the connection of an infinity of
physical objects to the Internet, and has the potential to connect every single
existing object in the world. This empowers a market with endless opportunities
where the big players are forecasting, by 2020, more than 50 billion connected
devices, representing an 8 trillion USD market.
The IoE is a broad concept that comprises several technological areas and will
certainly, include more in the future. Some of those already existing fields are the
Internet of Energy related with the connectivity of electrical power grids, Internet
of Medical Things (IoMT), for instance, enables patient monitoring, Internet of
Industrial Things (IoIT), which is dedicated to industrial plants, and the Internet
of Things (IoT) that focus on the connection of everyday objects (e.g. home
appliances, wearables, transports, buildings, etc.) to the Internet.
The diversity of scenarios where IoT can be deployed, and consequently the
different constraints associated to each device, leads to a heterogeneous network
composed by several communication technologies and protocols co-existing on the
same physical space. Therefore, the key requirements of an IoT network are
the connectivity and the interoperability between devices. Such requirement is
achieved by the adoption of standard protocols and a well-defined lightweight network
stack. Due to the adoption of a standard network stack, the data processed
and transmitted between devices tends to increase. Because most of the devices
connected are resource constrained, i.e., low memory, low processing capabilities,
available energy, the communication can severally decrease the device’s performance.
Hereupon, to tackle such issues without sacrificing other important requirements,
this dissertation aims to deploy an operating system (OS) for IoT, the
RIOT-OS, while providing a study on how network-related tasks can benefit from
hardware accelerators (deployed on reconfigurable technology), specially designed
to process and filter packets received by an IoT device.O conceito Internet of Everything (IoE) permite a conexão de uma infinidade
de objetos à Internet e tem o potencial de conectar todos os objetos existentes no
mundo. Favorecendo assim o aparecimento de novos mercados e infinitas possibilidades,
em que os grandes intervenientes destes mercados preveem até 2020 a
conexão de mais de 50 mil milhões de dispositivos, representando um mercado de
8 mil milhões de dólares.
IoE é um amplo conceito que inclui várias áreas tecnológicas e irá certamente
incluir mais no futuro. Algumas das áreas já existentes são: a Internet of Energy
relacionada com a conexão de redes de transporte e distribuição de energia à
Internet; Internet of Medical Things (IoMT), que possibilita a monotorização de
pacientes; Internet of Industrial Things (IoIT), dedicada a instalações industriais
e a Internet of Things (IoT), que foca na conexão de objetos do dia-a-dia (e.g.
eletrodomésticos, wearables, transportes, edifícios, etc.) à Internet.
A diversidade de cenários à qual IoT pode ser aplicado, e consequentemente,
as diferentes restrições aplicadas a cada dispositivo, levam à criação de uma rede
heterogénea composto por diversas tecnologias de comunicação e protocolos a coexistir
no mesmo espaço físico. Desta forma, os requisitos chave aplicados às redes
IoT são a conectividade e interoperabilidade entre dispositivos. Estes requisitos
são atingidos com a adoção de protocolos standard e pilhas de comunicação bem
definidas. Com a adoção de pilhas de comunicação standard, a informação processada
e transmitida entre dispostos tende a aumentar. Visto que a maioria dos
dispositivos conectados possuem escaços recursos, i.e., memória reduzida, baixa
capacidade de processamento, pouca energia disponível, o aumento da capacidade
de comunicação pode degradar o desempenho destes dispositivos.
Posto isto, para lidar com estes problemas e sem sacrificar outros requisitos importantes,
esta dissertação pretende fazer o porting de um sistema operativo IoT,
o RIOT, para uma solução reconfigurável, o CUTE mote. O principal objetivo
consiste na realização de um estudo sobre os benefícios que as tarefas relacionadas
com as camadas de rede podem ter ao serem executadas em hardware via aceleradores
dedicados. Estes aceleradores são especialmente projetados para processar
e filtrar pacotes de dados provenientes de uma interface radio em redes IoT periféricas
A knowledge based reengineering approach via ontology and description logic.
Traditional software reengineering often involves a great deal of manual effort by software maintainers. This is time consuming and error prone. Due to the knowledge intensive properties of software reengineering, a knowledge-based solution is proposed in this thesis to semi-automate some of this manual effort. This thesis aims to explore the principle research question: “How can software systems be described by knowledge representation techniques in order to semi-automate the manual effort in software reengineering?”
The underlying research procedure of this thesis is scientific method, which consists of: observation, proposition, test and conclusion. Ontology and description logic are employed to model and represent the knowledge in different software systems, which is integrated with domain knowledge. Model transformation is used to support ontology development. Description logic is used to implement ontology mapping algorithms, in which the problem of detecting semantic relationships is converted into the problem of deducing the satisfiability of logical formulae. Operating system ontology has been built with a top-down approach, and it was deployed to support platform specific software migration [132] and portable software development [18]. Data-dominant software ontology has been built via a bottom-up approach, and it was deployed to support program comprehension [131] and modularisation [130].
This thesis suggests that software systems can be represented by ontology and description logic. Consequently, it will help in semi-automating some of the manual tasks in software reengineering. However, there are also limitations: bottom-up ontology development may sacrifice some complexity of systems; top-down ontology development may become time consuming and complicated. In terms of future work, a greater number of diverse software system categories could be involved and different software system knowledge could be explored
Recommended from our members
Capability Memory Protection for Embedded Systems
This dissertation explores the use of capability security hardware and software in real-time and latency-sensitive embedded systems, to address existing memory safety and task isolation problems as well as providing new means to design a secure and scalable real-time system.
In addition, this dissertation looks into how practical and high-performance temporal memory safety can be achieved under a capability architecture.
State-of-the-art memory protection schemes for embedded systems typically present limited and inflexible solutions to memory protection and isolation, and fail to scale as embedded devices become more capable and ubiquitous.
I investigate whether a capability architecture is able to provide new angles to address memory safety issues in an embedded scenario.
Previous CHERI capability research focuses on 64-bit architectures in UNIX operating systems, which does not translate to typical 32-bit embedded processors with low-latency and real-time requirements.
I propose and implement the CHERI CC-64 encoding and the CHERI-64 coprocessor to construct a feasible capability-enabled 32-bit CPU.
In addition, I implement a real-time kernel for embedded systems atop CHERI-64.
On this hardware and software platform, I focus on exploring scalable task isolation and fine-grained memory protection enabled by capabilities in a single flat physical address space, which are otherwise difficult or impossible to achieve via state-of-the-art approaches.
Later, I present the evaluation of the hardware implementation and the software run-time overhead and real-time performance.
Even with capability support, CHERI-64 as well as other CHERI processors still expose major attack surfaces through temporal vulnerabilities like use-after-free.
A naive approach that sweeps memory to invalidate stale capabilities is inefficient and incurs significant cycle overhead and DRAM traffic.
To make sweeping revocation feasible, I introduce new architectural mechanisms and micro-architectural optimisations to substantially reduce the cost of memory sweeping and capability revocation.
Another factor of the cost is the frequency of memory sweeping.
I explore tradeoffs of memory allocator designs that use quarantine buffers and shadow space tags to prevent frequent unnecessary sweeping.
The evaluation shows that the optimisations and new allocator designs reduce the cost of capability sweeping revocation by orders of magnitude, making it already practical for most applications to adopt temporal safety under CHERI.CSC Cambridge Scholarshi
ARMor: fully verified software fault isolation
ManuscriptWe have designed and implemented ARMor, a system that uses software fault isolation (SFI) to sandbox application code running on small embedded processors. Sandboxing can be used to protect components such as the RTOS and critical control loops from other, less-trusted components. ARMor guarantees memory safety and control flow integrity; it works by rewriting a binary to put a check in front of every potentially dangerous operation. We formally and automatically verify that an ARMored application respects the SFI safety properties using the HOL theorem prover. Thus, ARMor provides strong isolation guarantees and has an exceptionally small trusted computing base-there is no trusted compiler, binary rewriter, verifier, or operating system
- …