Towards a trustZone-assisted hypervisor for real-time embedded systems

Virtualization technology starts becoming more and more widespread in the embedded space. The penalties incurred by standard software-based virtualization is pushing research towards hardware-assisted solutions. Among the existing commercial off-the-shelf technologies for secure virtualization, ARM TrustZone is attracting particular attention. However, it is often seen with some scepticism due to the dual-OS limitation of existing state-of-the-art solutions. This letter presents the implementation of a TrustZone-based hypervisor for real-time embedded systems, which allows multiple RTOS partitions on the same hardware platform. The results demonstrate that virtualization overhead is less than 2 percent for a 10 milliseconds guest-switching rate, and the system remains deterministic. This work goes beyond related work by implementing a TrustZone-assisted solution that allows the execution of an arbitrary number of guest OSes while providing the foundation to drive next generation of secure virtualization solutions for resource-constrained embedded devices.This work has been supported by COMPETE: POCI-01-0145- FEDER-007043 and FCT – Fundação para a Ciência e Tecnologia – (grant SFRH/BD/91530/2012 and UID/CEC/00319/2013)

Self Diagnostics and Isolation Mechanisms for Mixed Criticality Systems

Virtualization is a technology that is frequently employed in computers and servers to provide isolation for execution environments, and to support the execution of multiple Operating Systems (OS) on the same hardware platform. In the embedded systems´ world, virtualization has been a rising trend, essentially because it offers an isolation mechanism that provides hardware manufacturer´ independence and it avoids obsolescence issues. The isolation mechanism supports safety and security measures, and assists in the certification of safety-critical systems. Virtualization offers improved performances, better transparency, portability and interoperability by integrating hardware and software resources, and also networking services into one computing entity. It makes the integration process of Mixed Criticality Systems (MCS) easier. For industries, FieldProgrammable Gate Arrays (FPGAs) hardware solutions provide the needed level of flexibility and performance. In this paper, a Self-test application is integrated in the hardware and also in the software level. The importance of self-test applications for Instrumentation and Control (I&C) systems will be discussed in the context of virtualization. For this implementation a type 1 hypervisor called Xtratum is used. An analysis of inter-partition communication channels´ performance will be provided including the implications multicore approaches will have on communication. The novelty of this work is to study the isolation impact multicore approaches can have on inter-partitions communications in Xtratum. Another novel aspect is the implementation of a self-test application in the hypervisor and the board as well

Arm TrustZone: evaluating the diversity of the memory subsystem

Dissertação de mestrado em Engenharia Eletrónica Industrial e ComputadoresThe diversification of the embedded market has led the once single-purpose built embedded device to become a broader concept that can accommodate more general-purpose solutions, by widening its hardware and software resources. A huge diversity in system resources and requirements has boosted the investigation around virtualization technology, which is becoming prevalent in the embedded systems domain, allowing timing and spatial sharing of hardware and software resources between specialized subsystems. As strict timing demands imposed in realtime virtualized systems must be met, coupled with a small margin for the penalties incurred by conventional software-based virtualization, resort to hardware-assisted solutions has become indispensable. Although not a virtualization but security-oriented technology, Arm TrustZone is seen by many as a reliable hardware-based virtualization alternative, with the low cost and high spread of TrustZone-enabled processors standing as strong arguments for its acceptance. But, since Trust- Zone only dictates the hardware infrastructure foundations, providing SoC designers with a range of components that can fulfil specific functions, several key-components and subsystems of this technology are implementation defined. This approach may hinder a system designer’s work, as it may impair and make the portability of system software a lot more complicated. As such, this thesis proposes to examine how different manufacturers choose to work with the TrustZone architecture, and how the changes introduced by this technology may affect the security and performance of TrustZone-assisted virtualization solutions, in order to scale back those major constraints. It identifies the main properties that impact the creation and execution of system software and points into what may be the most beneficial approaches for developing and using TrustZone-assisted hardware and software.A recente metamorfose na área dos sistemas embebidos transformou estes dispositivos, outrora concebidos com um único e simples propósito, num aglomerado de subsistemas prontos para integrar soluções mais flexíveis. Este aumento de recursos e de requisitos dos sistemas potenciou a investigação em soluções de virtualização dos mesmos, permitindo uma partilha simultânea de recursos de hardware e software entre os vários subsistemas. A proliferação destas soluções neste domínio, onde os tempos de execução têm de ser respeitados e a segurança é um ponto-chave, tem levado à adoção de técnicas de virtualização assistidas por hardware. Uma tecnologia que tem vindo a ser utilizada para este fim é a Arm TrustZone, apesar de inicialmente ter sido desenvolvida como uma tecnologia de proteção, dado a sua maior presença em placas de médio e baixo custo quando comparada a outras tecnologias. Infelizmente, dado que a TrustZone apenas fornece diretrizes base sobre as quais os fabricantes podem contruir os seus sistemas, as especificações da tecnologia divergem de fabricante para fabricante, ou até entre produtos com a mesma origem. Aliada à geral escassez de informação sobre esta tecnologia, esta característica pode trazer problemas para a criação e portabilidade de software de sistema dependente desta tecnologia. Como tal, a presente tese propõe examinar, de uma forma sistematizada, de que forma diferentes fabricantes escolhem implementar sistemas baseados na arquitetura TrustZone e em que medida as mudanças introduzidas por esta tecnologia podem afetar a segurança e desempenho de soluções de virtualização baseadas na mesma. São identificadas as principais características que podem influenciar a criação e execução de software de sistema e potenciais medidas para diminuir o seu impacto, assim como boas práticas a seguir no desenvolvimento na utilização de software e hardware baseados na TrustZone