Software technologies for future embedded and ubiquitous systems

6th IFIP WG 10.2 International Workshop, SEUS 2008, Anacarpi, Capri Island, Italy, October 1-3, 2008 Proceeding

Secure Virtualization of Latency-Constrained Systems

Virtualization is a mature technology in server and desktop environments where multiple systems are consolidate onto a single physical hardware platform, increasing the utilization of todays multi-core systems as well as saving resources such as energy, space and costs compared to multiple single systems. Looking at embedded environments reveals that many systems use multiple separate computing systems inside, including requirements for real-time and isolation properties. For example, modern high-comfort cars use up to a hundred embedded computing systems. Consolidating such diverse configurations promises to save resources such as energy and weight. In my work I propose a secure software architecture that allows consolidating multiple embedded software systems with timing constraints. The base of the architecture builds a microkernel-based operating system that supports a variety of different virtualization approaches through a generic interface, supporting hardware-assisted virtualization and paravirtualization as well as multiple architectures. Studying guest systems with latency constraints with regards to virtualization showed that standard techniques such as high-frequency time-slicing are not a viable approach. Generally, guest systems are a combination of best-effort and real-time work and thus form a mixed-criticality system. Further analysis showed that such systems need to export relevant internal scheduling information to the hypervisor to support multiple guests with latency constraints. I propose a mechanism to export those relevant events that is secure, flexible, has good performance and is easy to use. The thesis concludes with an evaluation covering the virtualization approach on the ARM and x86 architectures and two guest operating systems, Linux and FreeRTOS, as well as evaluating the export mechanism

The protection of banking customers from the risks of mobile payments in Saudi Arabia

Demand for mobile payment (m-payment) services is transforming the banking payment system in unprecedented ways and at a growing rate. These developments raise unique concerns and risks which must be managed by the adoption of an appropriate regulatory framework if this 'Fintech' innovation is to offer a net social and economic benefit. This work will draw on Western and Islamic consumer protection literature to analyse how Saudi Arabian law at present protects consumers when it comes to m-payments, particularly unauthorised mobile payment transactions and consumer data in order to maintain privacy and protect them against breaches of their privacy. In so doing, the research seeks to make an original contribution to the Saudi Arabian legal system in the presently under-researched areas of both consumer protection and m-payment services. It will be demonstrated that the Saudi Arabian legal provisions are inadequate and fall short of the requirements of Sharia law in many respects: Consumer protection is insufficient and is not appropriately targeted to address the specific, unique risks raised by m-payment services. At the same time, restrictive legislation designed in the context of traditional banking has created a hostile regulatory environment which has failed to stimulate innovation and growth within this potentially promising sector. With a view to proposing a model for reform of Saudi regulation, the United Kingdom ('UK') legal system will be scrutinised to assess whether lessons can be learnt in providing greater protection to customers in a Saudi Arabian context while remaining Sharia compliant. The UK is a valuable selection as a comparator as it has succeeded in balancing these objectives to a significant extent, achieving greater consumer protection than is currently available in Saudi Arabia ('SA') without compromising the strength and freedom of the market. There are also strong parallels between the two societies particularly in respect of openness to Fintech innovation. It will be proposed that the UK law provides a positive example of how this systematic defect in the regulation of m-payments can be remedied, in addition to more specific illustrations of provisions and policies which can aid in balancing the demands of consumer protection and market development. Recommendations are made as to how these can be usefully incorporated into a broader reform of the Saudi regulatory regime