CSR: Small: A Separation Kernel for Mixed Criticality Systems

CSR：小型：混合临界系统的分离内核

• 批准号: 1527050
• 负责人: Richard West
• 金额: $ 45万
• 依托单位: Trustees of Boston University
• 依托单位国家: 美国
• 项目类别: Standard Grant
• 财政年份: 2015
• 资助国家: 美国
• 起止时间: 2015-10-01 至 2019-09-30
• 项目状态: 已结题
• 来源: https://www.nsf.gov/awardsearch/showAward?AWD_ID=1527050&HistoricalAwards=false
• 关键词: CSR; Small; Separation; Kernel; Mixed

This project will develop a new operating system for mixed criticality embedded systems, such as those found in avionics, automotive, robotics, factory automation and healthcare domains. In mixed criticality systems, there is a combination of application and system components with different safety, importance and timing requirements. For example, in an avionics system, the in-flight entertainment system is considered less critical than that of the flight control system. Security is also a key factor in the design of mixed criticality systems. Security measures should be taken to enforce data confidentiality and system integrity even in the presence of untrusted users. Preventing malicious attacks from compromising the behavior or accessing the data of highly-critical services is an important security concern. A major challenge to mixed criticality systems is the safe, predictable and secure isolation of separate components with different levels of criticality. Less critical tasks should not be allowed to interfere with the timing and otherwise correct operation of mission critical tasks. Safety guarantees should be met to ensure software and hardware failures do not compromise highly critical task operation. Failure of highly critical tasks or services can have devastating consequences.Multi- and many-core processors are being increasingly used in mixed criticality embedded systems, due in part to their power, performance and price benefits. Many such processors also support hardware virtualization, including Intel VT-x, AMD-V and certain ARM Cortex processors. This research project will leverage the combination of multiple cores and hardware virtualization features on emerging processors, to develop a separation kernel for mixed criticality systems. Tasks and services of different criticality levels will be separated into different isolated "sandboxes", each responsible for a collection of hardware processing cores, memory and I/O devices. This work builds on an earlier prototype system, called "Quest-V". Quest-V allows sandboxed services to directly access available resources without involving a heavyweight hypervisor, as is the case in traditional virtual machine systems. Most existing virtual machine systems have been designed for server class computing. So, investigating techniques to build safe, secure and predictable mixed criticality systems on emerging hardware platforms suitable for low-cost embedded computing applications will be an important component of this project.This award will extend Quest-V to support novel real-time fault detection and recovery strategies not be possible with traditional system approaches. We also hope to gain a greater understanding of the hardware features needed to support secure and predictable partitioning of machine resources in mixed criticality systems. The outcomes of this work will lead to a new system design with the potential to have impact on many areas of computing where lives, money and security concerns are at stake.

该项目将为混合临界嵌入式系统开发一种新的操作系统，例如航空电子、汽车、机器人、工厂自动化和医疗保健领域的嵌入式系统。在混合临界系统中，具有不同安全性、重要性和时序要求的应用程序和系统组件组合在一起。例如，在航空电子系统中，机上娱乐系统被认为不如飞行控制系统重要。在设计混合临界系统时，安全性也是一个关键因素。应该采取安全措施来加强数据机密性和系统完整性，即使在不受信任的用户存在的情况下也是如此。防止恶意攻击危及高度关键服务的行为或访问其数据是一个重要的安全问题。混合临界系统面临的一个主要挑战是对不同临界水平的独立组件进行安全、可预测和可靠的隔离。不应允许不那么关键的任务干扰关键任务的定时和正确操作。应满足安全保证，以确保软件和硬件故障不会危及高度关键的任务操作。高度关键的任务或服务的失败可能会造成毁灭性的后果。多核和多核处理器越来越多地用于混合临界嵌入式系统，部分原因是它们的功率、性能和价格优势。许多这样的处理器还支持硬件虚拟化，包括英特尔VT-x、AMD-V和某些ARM Cortex处理器。该研究项目将利用新兴处理器上的多核和硬件虚拟化特性的组合，为混合临界系统开发分离内核。不同临界级别的任务和服务将被分离到不同的孤立的“沙盒”中，每个沙盒负责硬件处理核心、内存和I/O设备的集合。这项工作建立在早期的原型系统“Quest-V”之上。Quest-V允许沙箱服务直接访问可用资源，而不需要像传统虚拟机系统那样使用重量级管理程序。大多数现有的虚拟机系统都是为服务器级计算而设计的。因此，在适合低成本嵌入式计算应用的新兴硬件平台上，研究构建安全、可靠和可预测的混合临界系统的技术将是这个项目的重要组成部分。该合同将扩展Quest-V，以支持传统系统方法无法实现的新型实时故障检测和恢复策略。我们还希望对支持混合临界系统中机器资源的安全和可预测分区所需的硬件特性有更深入的了解。这项工作的结果将导致一种新的系统设计，它有可能对许多涉及生命、金钱和安全问题的计算领域产生影响。