149 research outputs found
seL4 Microkernel for virtualization use-cases: Potential directions towards a standard VMM
Virtualization plays an essential role in providing security to computational
systems by isolating execution environments. Many software solutions, called
hypervisors, have been proposed to provide virtualization capabilities.
However, only a few were designed for being deployed at the edge of the
network, in devices with fewer computation resources when compared with servers
in the Cloud. Among the few lightweight software that can play the hypervisor
role, seL4 stands out by providing a small Trusted Computing Base and formally
verified components, enhancing its security. Despite today being more than a
decade with seL4 microkernel technology, its existing userland and tools are
still scarce and not very mature. Over the last few years, the main effort has
been put into increasing the maturity of the kernel itself and not the tools
and applications that can be hosted on top. Therefore, it currently lacks
proper support for a full-featured userland Virtual Machine Monitor, and the
existing one is quite fragmented. This article discusses the potential
directions to a standard VMM by presenting our view of design principles and
feature set needed. This article does not intend to define a standard VMM, we
intend to instigate this discussion through the seL4 community
A TrustZone-assisted secure silicon on a co-design framework
Dissertação de mestrado em Engenharia Eletrónica Industrial e ComputadoresEmbedded systems were for a long time, single-purpose and closed systems, characterized
by hardware resource constraints and real-time requirements. Nowadays, their functionality is
ever-growing, coupled with an increasing complexity and heterogeneity. Embedded applications
increasingly demand employment of general-purpose operating systems (GPOSs) to handle operator
interfaces and general-purpose computing tasks, while simultaneously ensuring the strict
timing requirements. Virtualization, which enables multiple operating systems (OSs) to run on
top of the same hardware platform, is gaining momentum in the embedded systems arena,
driven by the growing interest in consolidating and isolating multiple and heterogeneous environments.
The penalties incurred by classic virtualization approaches is pushing research towards
hardware-assisted solutions. Among the existing commercial off-the-shelf (COTS) technologies for
virtualization, ARM TrustZone technology is gaining momentum due to the supremacy and lower
cost of TrustZone-enabled processors.
Programmable system-on-chips (SoCs) are becoming leading players in the embedded systems
space, because the combination of a plethora of hard resources with programmable logic
enables the efficient implementation of systems that perfectly fit the heterogeneous nature of
embedded applications. Moreover, novel disruptive approaches make use of field-programmable
gate array (FPGA) technology to enhance virtualization mechanisms.
This master’s thesis proposes a hardware-software co-design framework for easing the economy
of addressing the new generation of embedded systems requirements. ARM TrustZone is
exploited to implement the root-of-trust of a virtualization-based architecture that allows the execution
of a GPOS side-by-side with a real-time OS (RTOS). RTOS services were offloaded to hardware,
so that it could present simultaneous improvements on performance and determinism. Instead
of focusing in a concrete application, the goal is to provide a complete framework, specifically tailored
for Zynq-base devices, that developers can use to accelerate a bunch of distinct applications
across different embedded industries.Os sistemas embebidos foram, durante muitos anos, sistemas com um simples e único
propósito, caracterizados por recursos de hardware limitados e com cariz de tempo real. Hoje
em dia, o número de funcionalidades começa a escalar, assim como o grau de complexidade
e heterogeneidade. As aplicações embebidas exigem cada vez mais o uso de sistemas operativos
(OSs) de uso geral (GPOS) para lidar com interfaces gráficas e tarefas de computação de
propósito geral. Porém, os seus requisitos primordiais de tempo real mantém-se. A virtualização
permite que vários sistemas operativos sejam executados na mesma plataforma de hardware.
Impulsionada pelo crescente interesse em consolidar e isolar ambientes múltiplos e heterogéneos,
a virtualização tem ganho uma crescente relevância no domínio dos sistemas embebidos.
As adversidades que advém das abordagens de virtualização clássicas estão a direcionar estudos
no âmbito de soluções assistidas por hardware. Entre as tecnologias comerciais existentes, a
tecnologia ARM TrustZone está a ganhar muita relevância devido à supremacia e ao menor custo
dos processadores que suportam esta tecnologia.
Plataformas hibridas, que combinam processadores com lógica programável, estão em crescente
penetração no domínio dos sistemas embebidos pois, disponibilizam um enorme conjunto
de recursos que se adequam perfeitamente à natureza heterogénea dos sistemas atuais. Além
disso, existem soluções recentes que fazem uso da tecnologia de FPGA para melhorar os mecanismos
de virtualização.
Esta dissertação propõe uma framework baseada em hardware-software de modo a cumprir
os requisitos da nova geração de sistemas embebidos. A tecnologia TrustZone é explorada para
implementar uma arquitetura que permite a execução de um GPOS lado-a-lado com um sistemas
operativo de tempo real (RTOS). Os serviços disponibilizados pelo RTOS são migrados
para hardware, para melhorar o desempenho e determinismo do OS. Em vez de focar numa
aplicação concreta, o objetivo é fornecer uma framework especificamente adaptada para dispositivos
baseados em System-on-chips Zynq, de forma a que developers possam usar para acelerar
um vasto número de aplicações distintas em diferentes setores
Applying MILS to multicore avionics systems
The implementation of the Multiple Independent Levels of Security (MILS) software architecture on modern microprocessor architectures has become technically feasible in recent years. This allows MILS-based systems to host applications and data of multiple security classifications concurrently on a uniprocessor platform at affordable cost. In this paper, the potential requirements for the implementation of a separation kernel to support MILS systems on multicore processor architectures will be considered, and the design challenges associated with its potential implementation on the NXP (formerly Freescale) QorIQ™ P4080 multicore processor will be discussed. Finally, the potential use of a MILS Multicore separation kernel in two use cases will be presented - a Cross-Domain System (CDS) network gateway, and a Multi-Level Secure (MLS) Integrated Modular Avionics (IMA) platform
Towards a Trustworthy Thin Terminal for Securing Enterprise Networks
Organizations have many employees that lack the technical knowledge to securely operate their machines. These users may open malicious email attachments/links or install unverified software such as P2P programs. These actions introduce significant risk to an organization\u27s network since they allow attackers to exploit the trust and access given to a client machine. However, system administrators currently lack the control of client machines needed to prevent these security risks. A possible solution to address this issue lies in attestation. With respect to computer science, attestation is the ability of a machine to prove its current state. This capability can be used by client machines to remotely attest to their state, which can be used by other machines in the network when making trust decisions. Previous research in this area has focused on the use of a static root of trust (RoT), requiring the use of a chain of trust over the entire software stack. We would argue this approach is limited in feasibility, because it requires an understanding and evaluation of the all the previous states of a machine. With the use of late launch, a dynamic root of trust introduced in the Trusted Platform Module (TPM) v1.2 specification, the required chain of trust is drastically shortened, minimizing the previous states of a machine that must be evaluated. This reduced chain of trust may allow a dynamic RoT to address the limitations of a static RoT. We are implementing a client terminal service that utilizes late launch to attest to its execution. Further, the minimal functional requirements of the service facilitate strong software verification. The goal in designing this service is not to increase the security of the network, but rather to push the functionality, and therefore the security risks and responsibilities, of client machines to the network€™s servers. In doing so, we create a platform that can more easily be administered by those individuals best equipped to do so with the expectation that this will lead to better security practices. Through the use of late launch and remote attestation in our terminal service, the system administrators have a strong guarantee the clients connecting to their system are secure and can therefore focus their efforts on securing the server architecture. This effectively addresses our motivating problem as it forces user actions to occur under the control of system administrators
Asymmetric Multiprocessing on the ARM Cortex-A9
Asymetrický multiprocessing (AMP) je způsob rozdělování zátěže počítačového systému na heterogenní hardwarové a softwarové prostředí. Tato práce popisuje principy AMP se zaměřením na ARM Cortex--A9 procesor a Altera Cyclone V hardwarovou platformu. Postup tvorby AMP systému založeného na OpenAMP frameworku ukazujícího komunikaci mezi procesorovými jádry, dokumentace a prognóza budoucího vývoje jsou výstupy této práce.Asymmetric multiprocessing (AMP) is a way of distributing computer system load toheterogeneous hardware and software environment. This thesis describes the principles of the AMP focusing on the ARM Cortex--A9 processor and Altera Cyclone V hardware platform. Development of a OpenAMP framework based AMP system showing communication among the processor cores, documentation and future work suggestion are the products of this thesis.
Porting sloth system to FreeRTOS for ARM Multicore
Dissertação de mestrado integrado em Engenharia Eletrónica Industrial e ComputadoresThe microprocessor industry is in the midst of a dramatic transformation. Up
until recently, to boost microprocessors’ performance it was solely relied on increasing
clock frequency. Nowadays, however, the power consumption requirements,
coupled with the growing consumer demand, made the industry shift their
focus from singlecore to multicore solutions, which offer an increase in performance,
without a proportional increase in power consumption. The embedded
systems field is no exception and the trend to use multicore solutions has been
rising substantially in the last few years.
Managing control flow is one of the core responsibilities of an operating system.
Bearing this in mind, operating systems suffer from the existence of a bifid
priority space, dictated by the co-existence of synchronous threads, managed by
kernel scheduler, and asynchronous interrupt handlers, scheduled by hardware.
This induces a well-identified problem, termed rate-monotonic priority inversion.
Regarding safety-critical real-time systems, where time and determinism play a
critical role, the inherent possibility of delayed execution of real-time threads by
hardware interrupts with semantically lower priority can have catastrophic consequences
to human life.
Within this context, this dissertation presents the extension of a previous ’inhouse’
project, by proposing the implementation of a unified priority space approach
(Sloth) in a multicore environment. To accomplish this, it is proposed
the offloading of the scheduling decisions and synchronization mechanisms to a
Commercial Off-The-Shelf (COTS) hardware interrupt controller (removing the
need for a software scheduler) on an ARM Cortex-A9 MPCore platform.A indústria de microprocessores está envolta numa transformação dramática.
Até recentemente, para impulsionar a performance, a indústria dependia somente
do aumento gradual da frequência de relógio. Atualmente, os requisitos de consumo
energético, conjugados com as crescentes exigências do consumidor, levaram a
indústria a mudar o seu foco de soluções singlecore para soluções multicore. Estas
oferecem um aumento substancial de performance, sem o proporcional aumento
de consumo energético, característico das arquiteturas singlecore. Os sistemas
embebidos não são excepção e a tendência para a utilização de soluções multicore
tem aumentado substancialmente nos últimos anos.
Uma das principais responsabilidades de um sistema operativo é a gestão do
fluxo de controlo. Neste contexto, os sistemas operativos sofrem da existência de
um espaço de prioridades bifurcado, caracterizado pela existência de tarefas, geridas
pelo escalonador do kernel (software) e de interrupções, escalonadas por hardware.
Introduz-se, assim, um problema bem identificado na comunidade científica,
denominado rate-monotonic priority inversion. Em sistemas de tempo real, em
que a segurança assume um papel fulcral e onde a performance e o determinismo
são essenciais, a possibilidade da execução de tarefas de elevada prioridade ser
atrasada, por interrupções de hardware com prioridade semântica inferior, pode
ter consequências catastróficas para a vida humana.
Neste sentido, esta dissertação apresenta a extensão de um trabalho anterior,
propondo a implementação de um espaço de prioridades unificado (Sloth),
num ambiente multicore. Assim sendo, é proposto o offloading do escalonador e
mecanismos de sincronização para o controlador de interrupções (hardware) numa
plataforma ARM Cortex-A9 MPCore
lLTZVisor: a lightweight TrustZone-assisted hypervisor for low-end ARM devices
Dissertação de mestrado em Engenharia Eletrónica Industrial e ComputadoresVirtualization is a well-established technology in the server and desktop space
and has recently been spreading across different embedded industries. Facing
multiple challenges derived by the advent of the Internet of Things (IoT) era,
these industries are driven by an upgrowing interest in consolidating and isolating
multiple environments with mixed-criticality features, to address the complex IoT
application landscape. Even though this is true for majority mid- to high-end
embedded applications, low-end systems still present little to no solutions proposed
so far.
TrustZone technology, designed by ARM to improve security on its processors,
was adopted really well in the embedded market. As such, the research community
became active in exploring other TrustZone’s capacities for isolation, like
an alternative form of system virtualization. The lightweight TrustZone-assisted
hypervisor (LTZVisor), that mainly targets the consolidation of mixed-criticality
systems on the same hardware platform, is one design example that takes advantage
of TrustZone technology for ARM application processors. With the recent
introduction of this technology to the new generation of ARM microcontrollers, an
opportunity to expand this breakthrough form of virtualization to low-end devices
arose.
This work proposes the development of the lLTZVisor hypervisor, a refactored
LTZVisor version that aims to provide strong isolation on resource-constrained
devices, while achieving a low-memory footprint, determinism and high efficiency.
The key for this is to implement a minimal, reliable, secure and predictable virtualization
layer, supported by the TrustZone technology present on the newest
generation of ARM microcontrollers (Cortex-M23/33).Virtualização é uma tecnologia já bem estabelecida no âmbito de servidores e
computadores pessoais que recentemente tem vindo a espalhar-se através de várias
indústrias de sistemas embebidos. Face aos desafios provenientes do surgimento
da era Internet of Things (IoT), estas indústrias são guiadas pelo crescimento
do interesse em consolidar e isolar múltiplos sistemas com diferentes níveis de
criticidade, para atender ao atual e complexo cenário aplicativo IoT. Apesar de
isto se aplicar à maioria de aplicações embebidas de média e alta gama, sistemas
de baixa gama apresentam-se ainda com poucas soluções propostas.
A tecnologia TrustZone, desenvolvida pela ARM de forma a melhorar a segurança
nos seus processadores, foi adoptada muito bem pelo mercado dos sistemas embebidos.
Como tal, a comunidade científica começou a explorar outras aplicações
da tecnologia TrustZone para isolamento, como uma forma alternativa de virtualização
de sistemas. O "lightweight TrustZone-assisted hypervisor (LTZVisor)",
que tem sobretudo como fim a consolidação de sistemas de criticidade mista na
mesma plataforma de hardware, é um exemplo que tira vantagem da tecnologia
TrustZone para os processadores ARM de alta gama. Com a recente introdução
desta tecnologia para a nova geração de microcontroladores ARM, surgiu uma
oportunidade para expandir esta forma inovadora de virtualização para dispositivos
de baixa gama.
Este trabalho propõe o desenvolvimento do hipervisor lLTZVisor, uma versão
reestruturada do LTZVisor que visa em proporcionar um forte isolamento em dispositivos
com recursos restritos, simultâneamente atingindo um baixo footprint de
memória, determinismo e alta eficiência. A chave para isto está na implementação
de uma camada de virtualização mínima, fiável, segura e previsível, potencializada
pela tecnologia TrustZone presente na mais recente geração de microcontroladores
ARM (Cortex-M23/33)
Service Level Agreement Driven Adaptive Resource Management For Web Applications on Heterogeneous Compute Clouds
Cloud computing is an emerging topic in the field of parallel and distributed computing. Many IT giants such as IBM, Sun, Amazon, Google, and Microsoft are promoting and offering various storage and compute clouds. Clouds provide services such as high performance computing, storage, and application hosting. Cloud providers are expected to ensure Quality of Service (QoS) through a Service Level Agreement (SLA) between the provider and the consumer. In this research, I develop a heterogeneous testbed compute cloud and investigate adaptive management of resources for Web applications to satisfy a SLA that enforces specific response time requirements. I develop a system on top of EUCALYTPUS framework that actively monitors the response time of the compute resources assign to a Web application and dynamically allocates the resources required by the application to satisfy the specific response time requirements
- …