Assuring APEX with a versatile Rust API

Abstract

Hypervisors have become fundamental to Integrated Modular Avionics (IMA), by offering several benefits during development, certification, and operation. Unfortunately, requiring per-seat licensing, many hypervisors do not integrate well with DevOps practices. APEX -- ARINC 653 standardizes a portable interface to common functionality of different hypervisors. However, like for all safety critical software, detailed knowledge of the standard and careful testing are required. Especially, with ARINC 653 not preventing unsafe misuse of its API. The Rust programming language is designed to provide strong safety guarantees using zero-cost abstractions. In this paper, we present apex-rs, a safe and ergonomic API to the APEX interface, and apex-linux, a DevOps-friendly hypervisor that utilizes features of the Linux kernel to provide a low complexity APEX implementation