GGrantIndex
← Search

CSR: Small: A Separation Kernel for Mixed Criticality Systems

$450,000FY2015CSENSF

Trustees Of Boston University, Boston

Investigators

Abstract

This project will develop a new operating system for mixed criticality embedded systems, such as those found in avionics, automotive, robotics, factory automation and healthcare domains. In mixed criticality systems, there is a combination of application and system components with different safety, importance and timing requirements. For example, in an avionics system, the in-flight entertainment system is considered less critical than that of the flight control system. Security is also a key factor in the design of mixed criticality systems. Security measures should be taken to enforce data confidentiality and system integrity even in the presence of untrusted users. Preventing malicious attacks from compromising the behavior or accessing the data of highly-critical services is an important security concern. A major challenge to mixed criticality systems is the safe, predictable and secure isolation of separate components with different levels of criticality. Less critical tasks should not be allowed to interfere with the timing and otherwise correct operation of mission critical tasks. Safety guarantees should be met to ensure software and hardware failures do not compromise highly critical task operation. Failure of highly critical tasks or services can have devastating consequences. Multi- and many-core processors are being increasingly used in mixed criticality embedded systems, due in part to their power, performance and price benefits. Many such processors also support hardware virtualization, including Intel VT-x, AMD-V and certain ARM Cortex processors. This research project will leverage the combination of multiple cores and hardware virtualization features on emerging processors, to develop a separation kernel for mixed criticality systems. Tasks and services of different criticality levels will be separated into different isolated "sandboxes", each responsible for a collection of hardware processing cores, memory and I/O devices. This work builds on an earlier prototype system, called "Quest-V". Quest-V allows sandboxed services to directly access available resources without involving a heavyweight hypervisor, as is the case in traditional virtual machine systems. Most existing virtual machine systems have been designed for server class computing. So, investigating techniques to build safe, secure and predictable mixed criticality systems on emerging hardware platforms suitable for low-cost embedded computing applications will be an important component of this project. This award will extend Quest-V to support novel real-time fault detection and recovery strategies not be possible with traditional system approaches. We also hope to gain a greater understanding of the hardware features needed to support secure and predictable partitioning of machine resources in mixed criticality systems. The outcomes of this work will lead to a new system design with the potential to have impact on many areas of computing where lives, money and security concerns are at stake.

View original record on NSF Award Search →