CSR: Small: A Separation Kernel for Mixed Criticality Systems

CSR：小型：混合临界系统的分离内核

• 批准号: 1527050
• 负责人: Richard West
• 金额: $ 45万
• 依托单位: Trustees of Boston University
• 依托单位国家: 美国
• 项目类别: Standard Grant
• 财政年份: 2015
• 资助国家: 美国
• 起止时间: 2015-10-01 至 2019-09-30
• 项目状态: 已结题
• 来源: https://www.nsf.gov/awardsearch/showAward?AWD_ID=1527050&HistoricalAwards=false
• 关键词: CSR; Small; Separation; Kernel; Mixed

This project will develop a new operating system for mixed criticality embedded systems, such as those found in avionics, automotive, robotics, factory automation and healthcare domains. In mixed criticality systems, there is a combination of application and system components with different safety, importance and timing requirements. For example, in an avionics system, the in-flight entertainment system is considered less critical than that of the flight control system. Security is also a key factor in the design of mixed criticality systems. Security measures should be taken to enforce data confidentiality and system integrity even in the presence of untrusted users. Preventing malicious attacks from compromising the behavior or accessing the data of highly-critical services is an important security concern. A major challenge to mixed criticality systems is the safe, predictable and secure isolation of separate components with different levels of criticality. Less critical tasks should not be allowed to interfere with the timing and otherwise correct operation of mission critical tasks. Safety guarantees should be met to ensure software and hardware failures do not compromise highly critical task operation. Failure of highly critical tasks or services can have devastating consequences.Multi- and many-core processors are being increasingly used in mixed criticality embedded systems, due in part to their power, performance and price benefits. Many such processors also support hardware virtualization, including Intel VT-x, AMD-V and certain ARM Cortex processors. This research project will leverage the combination of multiple cores and hardware virtualization features on emerging processors, to develop a separation kernel for mixed criticality systems. Tasks and services of different criticality levels will be separated into different isolated "sandboxes", each responsible for a collection of hardware processing cores, memory and I/O devices. This work builds on an earlier prototype system, called "Quest-V". Quest-V allows sandboxed services to directly access available resources without involving a heavyweight hypervisor, as is the case in traditional virtual machine systems. Most existing virtual machine systems have been designed for server class computing. So, investigating techniques to build safe, secure and predictable mixed criticality systems on emerging hardware platforms suitable for low-cost embedded computing applications will be an important component of this project.This award will extend Quest-V to support novel real-time fault detection and recovery strategies not be possible with traditional system approaches. We also hope to gain a greater understanding of the hardware features needed to support secure and predictable partitioning of machine resources in mixed criticality systems. The outcomes of this work will lead to a new system design with the potential to have impact on many areas of computing where lives, money and security concerns are at stake.

该项目将开发一个新的操作系统，用于混合临界嵌入式系统，例如航空电子，汽车，机器人技术，工厂自动化和医疗保健领域的操作系统。在混合临界系统中，应用程序和系统组件的组合具有不同的安全性，重要性和时机要求。例如，在航空电子系统中，机上娱乐系统被认为不如飞行控制系统关键。安全性也是混合临界系统设计的关键因素。 即使在不受信任的用户的存在下，也应采取安全措施来执行数据机密性和系统完整性。防止恶意攻击损害行为或访问高度关键服务的数据是一个重要的安全问题。混合批判性系统的一个主要挑战是对具有不同临界水平的单独组件的安全，可预测和安全的隔离。不应允许较少关键的任务干扰任务关键任务的时间和其他正确操作。应满足安全保证，以确保软件和硬件故障不会损害高度关键的任务操作。高度关键任务或服务的失败可能会带来毁灭性的后果。多核处理器越来越多地用于混合临界嵌入式系统，部分原因是它们的功率，性能和价格优势。许多这样的处理器还支持硬件虚拟化，包括Intel VT-X，AMD-V和某些ARM皮层处理器。 该研究项目将利用新兴处理器上多个核心和硬件虚拟化功能的组合，以开发用于混合关键系统的分离内核。不同临界级别的任务和服务将分为不同的孤立的“沙盒”，每个人都负责硬件处理内核，内存和I/O设备的集合。这项工作建立在较早的原型系统上，称为“ Quest-V”。 QUEST-V允许沙盒服务直接访问可用资源，而无需重量级管理程序，就像传统的虚拟机系统一样。大多数现有的虚拟机系统都是为服务器类计算设计的。因此，调查技术在适合低成本嵌入式计算应用程序的新兴硬件平台上建立安全，安全和可预测的混合关键系统将是该项目的重要组成部分。该奖项将扩展QUEST-V，以支持新颖的实时故障检测和恢复策略，而不可能通过传统的系统方法进行。我们还希望对支持混合批判性系统中机器资源的安全和可预测的分区所需的硬件功能有更深入的了解。这项工作的结果将导致一种新的系统设计，并有可能影响许多计算领域的生活，金钱和安全问题受到威胁。