research-article

A virtualized separation kernel for mixed criticality systems

Authors:

Eric MissimerAuthors Info & Claims

ACM SIGPLAN Notices, Volume 49, Issue 7

Pages 201 - 212

https://doi.org/10.1145/2674025.2576206

Published: 01 March 2014 Publication History

Abstract

Multi- and many-core processors are becoming increasingly popular in embedded systems. Many of these processors now feature hardware virtualization capabilities, such as the ARM Cortex A15, and x86 processors with Intel VT-x or AMD-V support. Hardware virtualization offers opportunities to partition physical resources, including processor cores, memory and I/O devices amongst guest virtual machines. Mixed criticality systems and services can then co-exist on the same platform in separate virtual machines. However, traditional virtual machine systems are too expensive because of the costs of trapping into hypervisors to multiplex and manage machine physical resources on behalf of separate guests. For example, hypervisors are needed to schedule separate VMs on physical processor cores. In this paper, we discuss the design of the Quest-V separation kernel, which partitions services of different criticalities in separate virtual machines, or sandboxes. Each sandbox encapsulates a subset of machine physical resources that it manages without requiring intervention of a hypervisor. Moreover, a hypervisor is not needed for normal operation, except to bootstrap the system and establish communication channels between sandboxes.

References

[1]

C. B. Watkins, "Integrated Modular Avionics: Managing the allocation of shared intersystem resources," in Proceedings of the 25th Digital Avionics Systems Conference, pp. 1--12, 2006.

[2]

P. Barham, B. Dragovic, K. Fraser, S. Hand, T. Harris, A. Ho, R. Neugebauer, I. Pratt, and A. Warfield, "Xen and the art of virtualization," in Proceedings of the 19th ACM Symposium on Operating Systems Principles, pp. 164--177, 2003.

Digital Library

[3]

I. Habib, "Virtualization with KVM," Linux Journal, vol. 2008, no. 166, p. 8, 2008.

Digital Library

[4]

J. M. Rushby, "Design and verification of secure systems," in Proceedings of the 8th ACM Symposium on Operating Systems Principles, pp. 12--21, 1981.

Digital Library

[5]

A. Baumann, P. Barham, P.-E. Dagand, T. Harris, R. Isaacs, S. Peter, T. Roscoe, A. Schüpbach, and A. Singhania, "The Multikernel: A new OS architecture for scalable multicore systems," in Proceedings of the 22nd ACM Symposium on Operating Systems Principles, pp. 29--44, 2009.

Digital Library

[6]

R. West, P. Zaroo, C. A. Waldspurger, and X. Zhang, Multicore Technology: Architecture, Reconfiguration and Modeling, ch. 8. CRC Press, ISBN-10: 1439880638, 2013.

Digital Library

[7]

J. Liedtke, H. Härtig, and M. Hohmuth, "OS-controlled cache predictability for real-time systems," in the 3rd IEEE Real-time Technology and Applications Symposium, 1997.

Digital Library

[8]

PCI: http://wiki.osdev.org/PCI.

[9]

M. Danish, Y. Li, and R. West, "Virtual-CPU scheduling in the Quest operating system," in Proceedings of the 17th Real- Time and Embedded Technology and Applications Symposium, pp. 169--179, 2011.

Digital Library

[10]

K. Adams and O. Agesen, "A comparison of software and hardware techniques for x86 virtualization," in Proceedings of the 12th Intl. Conf. on Architectural Support for Programming Languages and Operating Systems, pp. 2--13, 2006.

Digital Library

[11]

G. Banga, P. Druschel, and J. C. Mogul, "Resource Containers: A new facility for resource management in server systems," in Proceedings of the 3rd USENIX Symposium on Operating Systems Design and Implementation, 1999.

Digital Library

[12]

L. Abeni and G. Buttazzo, "Integrating multimedia applications in hard real-time systems," in Proceedings of the 19th IEEE Real-time Systems Symposium, pp. 4--13, 1998.

Digital Library

[13]

Z. Deng, J. W. S. Liu, and J. Sun, "A scheme for scheduling hard real-time applications in open system environment," in Proceedings of the 9th Euromicro Workshop on Real-Time Systems, 1997.

[14]

M. Spuri and G. Buttazzo, "Scheduling aperiodic tasks in dynamic priority systems," Real-Time Systems, vol. 10, pp. 179--210, 1996.

[15]

B. Sprunt, L. Sha, and J. Lehoczky, "Aperiodic task scheduling for hard real-time systems," Real-Time Systems Journal, vol. 1, no. 1, pp. 27--60, 1989.

[16]

M. Stanovich, T. P. Baker, A. I. Wang, and M. G. Harbour, "Defects of the POSIX sporadic server and how to correct them," in Proceedings of the 16th IEEE Real-Time and Em- bedded Technology and Applications Symposium, 2010.

Digital Library

[17]

AUTOSAR: AUTomotive Open System ARchitecture - http://www.autosar.org.

[18]

"Puppy Linux." http://www.puppylinux.org.

[19]

R. Russell, "Virtio: Towards a de-facto standard for virtual I/O devices," SIGOPS Operating Systems Review, vol. 42, no. 5, pp. 95--103, 2008.

Digital Library

[20]

A. Menon, J. R. Santos, Y. Turner, G. J. Janakiraman, and W. Zwaenepoel, "Diagnosing performance overheads in the Xen virtual machine environment," in Proceedings of the 1st ACM/USENIX international conference on Virtual execution environments, pp. 13--23, 2005.

Digital Library

[21]

C. L. Liu and J. W. Layland, "Scheduling algorithms for multiprogramming in a hard-real-time environment," Journal of the ACM, vol. 20, no. 1, pp. 46--61, 1973.

Digital Library

[22]

A. Crespo, I. Ripoll, and M. Masmano, "Partitioned embedded architecture based on hypervisor: The XtratuM approach.," in the European Dependable Computing Conference, pp. 67--72, 2010.

Digital Library

[23]

"LynxSecure Embedded Hypervisor and Separation Kernel." http://www.lynuxworks.com/virtualization/hypervisor.php.

[24]

"SYSGO PikeOS." http://www.sysgo.com/products/pikeosrtos-and-virtualization-concept.

[25]

G. Klein, K. Elphinstone, G. Heiser, J. Andronick, D. Cock, P. Derrin, D. Elkaduwe, K. Engelhardt, R. Kolanski, M. Norrish, T. Sewell, H. Tuch, and S. Winwood, "seL4: Formal verification of an OS kernel," in the 22nd ACM Symposium on Operating Systems Principles, pp. 207--220, 2009.

Digital Library

[26]

A. Gordon, N. Amit, N. Har'El, M. Ben-Yehuda, A. Landau, A. Schuster, and D. Tsafrir, "ELI: Bare-metal performance for I/O virtualization," in Proceedings of the 17th Intl. Conf. on Architectural Support for Programming Languages and Operating Systems, pp. 411--422, 2012.

Digital Library

[27]

J. Szefer, E. Keller, R. B. Lee, and J. Rexford, "Eliminating the hypervisor attack surface for a more secure cloud," in Proceedings of the 18th ACM Conference on Computer and Communications Security, pp. 401--412, 2011.

Digital Library

[28]

A. Belay, A. Bittau, A. Mashtizadeh, D. Terei, D. Mazieres, and C. Kozyrakis, "Dune: Safe user-level access to privileged CPU features," in the 10th USENIX conference on Operating Systems Design and Implementation, pp. 335--348, 2012.

Digital Library

[29]

R. Nikolaev and G. Back, "VirtuOS: An operating systemwith kernel virtualization," in the 24th ACM Symposium on Operating Systems Principles, pp. 116--132, 2013.

Digital Library

[30]

D. Wentzlaff and A. Agarwal, "Factored operating systems (FOS): The case for a scalable operating system for multi-cores," SIGOPS Operating Systems Review, vol. 43, pp. 76--85, 2009.

Digital Library

[31]

S. Boyd-Wickizer, H. Chen, R. Chen, Y. Mao, M. F. Kaashoek, R. Morris, A. Pesterev, L. Stein, M. Wu, Y. hua Dai, Y. Zhang, and Z. Zhang, "Corey: An operating system for many cores," in the 8th USENIX Symposium on Operating Systems Design and Implementation, pp. 43--57, 2008.

Digital Library

[32]

J. Chapin, M. Rosenblum, S. Devine, T. Lahiri, D. Teodosiu, and A. Gupta, "Hive: Fault containment for shared-memory multiprocessors," in Proceedings of the 15th ACM Symposium on Operating Systems Principles, pp. 12--25, 1995.

Digital Library

[33]

E. Bugnion, S. Devine, and M. Rosenblum, "Disco: Running commodity operating systems on scalable multiprocessors," in Proceedings of the 16th ACM Symposium on Operating Systems Principles, pp. 143--156, 1997.

Digital Library

[34]

D. Abramson, J. Jackson, S. Muthrasanallur, G. Neiger, G. Regnier, R. Sankaran, I. Schoinas, R. Uhlig, B. Vembu, and J. Wiegert, "Intel virtualization technology for directed I/O," Intel Technology Journal, vol. 10, pp. 179--192, August 2006.

[35]

R. Wojtczuk and J. Rutkowska, "Following the white rabbit: Software attacks against Intel VT-d technology," April 2011. Inivisible Things Lab.

Cited By

Martins JPinto S(2023)Shedding Light on Static Partitioning Hypervisors for Arm-based Mixed-Criticality Systems2023 IEEE 29th Real-Time and Embedded Technology and Applications Symposium (RTAS)10.1109/RTAS58335.2023.00011(40-53)Online publication date: May-2023
https://doi.org/10.1109/RTAS58335.2023.00011
Vetter JFanguede JChappuis KRaho D(2018)VOSYSVirtualNet: Low-latency Inter-world Network Channel for Mixed-Criticality Systems2018 IEEE 13th International Symposium on Industrial Embedded Systems (SIES)10.1109/SIES.2018.8442097(1-9)Online publication date: Jun-2018
https://doi.org/10.1109/SIES.2018.8442097
Li HXu MLi CLu CGill CPhan LLee ISokolsky O(2018)Multi-Mode Virtualization for Soft Real-Time Systems2018 IEEE Real-Time and Embedded Technology and Applications Symposium (RTAS)10.1109/RTAS.2018.00022(117-128)Online publication date: Apr-2018
https://doi.org/10.1109/RTAS.2018.00022
Show More Cited By

Index Terms

A virtualized separation kernel for mixed criticality systems
1. Software and its engineering
  1. Software creation and management
    1. Designing software
  2. Software organization and properties
    1. Contextual software domains
      1. Operating systems

Recommendations

A Virtualized Separation Kernel for Mixed-Criticality Systems

Multi- and many-core processors are becoming increasingly popular in embedded systems. Many of these processors now feature hardware virtualization capabilities, as found on the ARM Cortex A15 and x86 architectures with Intel VT-x or AMD-V support. ...
A virtualized separation kernel for mixed criticality systems
VEE '14: Proceedings of the 10th ACM SIGPLAN/SIGOPS international conference on Virtual execution environments

Multi- and many-core processors are becoming increasingly popular in embedded systems. Many of these processors now feature hardware virtualization capabilities, such as the ARM Cortex A15, and x86 processors with Intel VT-x or AMD-V support. Hardware ...
Accelerating critical OS services in virtualized systems with flexible micro-sliced cores
EuroSys '18: Proceedings of the Thirteenth EuroSys Conference

Consolidating multiple virtual machines into a single server has been widely adopted in cloud computing to improve system utilization. However, the sharing of physical CPUs among virtual machines in consolidated systems poses a new challenge in ...

Comments

Information & Contributors

Information

Published In

cover image ACM SIGPLAN Notices

ACM SIGPLAN Notices Volume 49, Issue 7

VEE '14

July 2014

222 pages

ISSN:0362-1340

EISSN:1558-1160

DOI:10.1145/2674025

Editors:
Mark W. Bailey
Hamilton College, Clinton, NY
,
Rajeev Balasubramonian
University of Utah
,
Al Davis
University of Utah
,
Sarita Adve
University of Illinois at Urbana-Champ

Issue’s Table of Contents

VEE '14: Proceedings of the 10th ACM SIGPLAN/SIGOPS international conference on Virtual execution environments
March 2014
236 pages
ISBN:9781450327640
DOI:10.1145/2576195
General Chair:
Martin Hirzel
IBM Research
,
Program Chairs:
Erez Petrank
Technion
,
Dan Tsafrir
Technion

Copyright © 2014 ACM.

Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than the author(s) must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected].

Publisher

Association for Computing Machinery

New York, NY, United States

Publication History

Published: 01 March 2014

Published in SIGPLAN Volume 49, Issue 7

Check for updates

Author Tags

Qualifiers

Research-article

Contributors

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

13
Total Citations
View Citations
489
Total Downloads

Downloads (Last 12 months)17
Downloads (Last 6 weeks)1

Reflects downloads up to 22 Sep 2024

Other Metrics

View Author Metrics

Citations

Cited By

Martins JPinto S(2023)Shedding Light on Static Partitioning Hypervisors for Arm-based Mixed-Criticality Systems2023 IEEE 29th Real-Time and Embedded Technology and Applications Symposium (RTAS)10.1109/RTAS58335.2023.00011(40-53)Online publication date: May-2023
https://doi.org/10.1109/RTAS58335.2023.00011
Vetter JFanguede JChappuis KRaho D(2018)VOSYSVirtualNet: Low-latency Inter-world Network Channel for Mixed-Criticality Systems2018 IEEE 13th International Symposium on Industrial Embedded Systems (SIES)10.1109/SIES.2018.8442097(1-9)Online publication date: Jun-2018
https://doi.org/10.1109/SIES.2018.8442097
Li HXu MLi CLu CGill CPhan LLee ISokolsky O(2018)Multi-Mode Virtualization for Soft Real-Time Systems2018 IEEE Real-Time and Embedded Technology and Applications Symposium (RTAS)10.1109/RTAS.2018.00022(117-128)Online publication date: Apr-2018
https://doi.org/10.1109/RTAS.2018.00022
Farrukh AWest R(2023)FlyOS: rethinking integrated modular avionics for autonomous multicoptersReal-Time Systems10.1007/s11241-023-09399-w59:2(256-301)Online publication date: 23-May-2023
https://doi.org/10.1007/s11241-023-09399-w
Schirmeier HBorchert CHoffmann MDietrich CMartens AKapitza RLohmann DSpinczyk O(2020)Dependability Aspects in Configurable Embedded Operating SystemsDependable Embedded Systems10.1007/978-3-030-52017-5_4(85-116)Online publication date: 10-Dec-2020
https://doi.org/10.1007/978-3-030-52017-5_4
Lim YKim H(2019)Cache-Aware Real-Time Virtualization for Clustered Multi-Core PlatformsIEEE Access10.1109/ACCESS.2019.29398597(128628-128640)Online publication date: 2019
https://doi.org/10.1109/ACCESS.2019.2939859
Kim HRajkumar R(2017)Predictable Shared Cache Management for Multi-Core Real-Time VirtualizationACM Transactions on Embedded Computing Systems10.1145/309294617:1(1-27)Online publication date: 6-Dec-2017
https://dl.acm.org/doi/10.1145/3092946
Kim HRajkumar R(2016)Real-time cache management for multi-core virtualizationProceedings of the 13th International Conference on Embedded Software10.1145/2968478.2968480(1-10)Online publication date: 1-Oct-2016
https://dl.acm.org/doi/10.1145/2968478.2968480
Missimer EMissimer KWest R(2016)Mixed-Criticality Scheduling with I/O2016 28th Euromicro Conference on Real-Time Systems (ECRTS)10.1109/ECRTS.2016.13(120-130)Online publication date: Jul-2016
https://doi.org/10.1109/ECRTS.2016.13
Shimada TYashiro TKoshizuka NSakamura K(2015)A real-time hypervisor for embedded systems with hardware virtualization support2015 TRON Symposium (TRONSHOW)10.1109/TRONSHOW.2014.7396874(1-7)Online publication date: Dec-2015
https://doi.org/10.1109/TRONSHOW.2014.7396874
Show More Cited By

View Options

Get Access

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Full Access

Get this Publication

View options

PDF

View or Download as a PDF file.

eReader

View online with eReader.

Media

Figures

Other

Tables

View Issue’s Table of Contents