quest v a secure and predictable system for iot and beyond
play

Quest-V: A Secure and Predictable System for IoT and Beyond Richard - PowerPoint PPT Presentation

Feb 19, 2024 •213 likes •495 views

Quest-V: A Secure and Predictable System for IoT and Beyond Richard West richwest@cs.bu.edu Computer Science Talk Outline Background on embedded single board computers (SBCs) Quest(-V) OS for x86 SBCs Work status Lessons

  1. Quest-V: A Secure and Predictable System for IoT and Beyond Richard West richwest@cs.bu.edu Computer Science

  2. Talk Outline • Background on embedded single board computers (SBCs) • Quest(-V) OS for x86 SBCs • Work status – Lessons learned – Wish list – Impact, papers, etc • Case study: Quest(-V) for web-connected 3D printers • Current & future work • Final words 2

  3. Emerging Multicore SBCs 3

  4. Intel vs ARM SBCs • ARM: Raspberry Pi, Nvidia Jetson TX1/TX2 & many others – Pi 3 Model B: 4 Cortex-A53 cores @ 1.2GHz, 1GB RAM, Broadcom GPU – Nvidia Tegra Xavier (automotive AI): 8 ARM64 CPU & 512 CUDA GPU cores • x86: Joule, Aero, Up Squared, etc – Up Squared: 4 CPU cores (Apollo Lake Atom/Celeron/Pentium), Gen 9 iGPU – Intel Go (automotive): Xeon/Atom CPUs, Arria 10 FPGA hardware accelerators • x86 largely standardized according to PC specs – BIOS/UEFI, ACPI, PCIe – Makes OS development less fragmented for different targets ● Less standardization amongst ARM SoC vendors – Bootloader (e.g., U-boot) loads device trees for board-specific configurations – ACPI not common in ARM embedded systems 4

  5. Potential for Smart Devices 5

  6. Need New Systems • (Embedded) OSes that are: • Timing Predictable • Safe • Fault Tolerant • Secure • Multicore • Mixed-criticality-aware • Enter Quest-V 6

  7. Example Quest-V Automotive System More Critical Less Critical Real-time Real-time Comms Display & Real-time Real-time Display & User Sensor Data Command & External Sensor Data Command & External Processing Control Comms Processing Control Comms V2V, V2I VCPU(s) VCPU(s) Kernel VCPU(s) VCPU(s) Infotainment ... INTERNET Monitor Monitor Monitor Monitor Monitor Monitor Core(s) Core(s) Core(s) Core(s) Core(s) Core(s) Sandboxes on Sandboxes on Hardware multicore multicore Memory Memory Memory Memory Memory Memory ... platform replace platform replace CAN bus nodes I/O Devices I/O Devices I/O Devices CAN bus nodes I/O Devices I/O Devices I/O Devices e.g. Motors, e.g. Cameras, e.g. GPU, e.g. Motors, e.g. Cameras, e.g. GPU, Servos LIDAR NIC Servos LIDAR NIC ... Sandbox 1 Sandbox 2 Sandbox M 7

  8. Work Status • AIM: Insights from Implementing Quest(-V) on Intel SBCs • [Done] Quest running on Galileo, Edison, MinnowMax, Joule & Aero • [Near Completion] Quest-V running on Joule & Aero – [In progress] Quest-V Linux (works on Aero) – [In progress] Drivers for BMM150 (Compass) + BMI160 (IMU) + GPIOs • [Version 1 complete] Qduino API – Includes support for multiple cores – QduinoMC – Tested on 3D printer & now working on UAVs • [In progress] Work with automotive partner (Drako Motors) 8

  9. Lessons Learned • Intel SBCs for “smart” devices – Multiple cores (good for multi-tasking) – VT-x capabilities for security/isolation/fault tolerance – GPIOs for interfacing sensors + actuators – PWMs for motor & servo control – Serial interfaces for device communication – Shared caches + memory bus affects temporal isolation (not good for real-time!) • ARINC 653 requires space-time isolation b/w cores 9

  10. Wish List 1/2 • Temporal isolation b/w cores – Support for cache + bus isolation (way partitioning, page coloring, TDMA bus management?) – Cache-allocation technology (CAT/CMT) available on Xeons but not (yet?) Intel SBCs • Integrated GPU support – Joule, Aero, Skull Canyon are a good start – Needed for vision+AI+deep learning tasks – Edge devices where remote (cloud) processing is impractical 10

  11. Wish List 2/2 • Simplified VT-x support – Basic memory partitioning b/w sandboxes • Tagged memory regions for confidentiality + integrity on secure information flows between sandboxes • H/W-assisted port-based I/O interposition – To prevent sandbox discovery/access to unauthorized devices 11

  12. Impact • IEEE RTAS 2017 (QduinoMC) – Outstanding paper, best student paper • ACM TOCS Journal 2016 (Quest-V) • IEEE RTSS 2016 (MARACAS) • IEEE RTSS 2015 (Qduino) • ECRTS 2016 (Quest Mixed-Criticality Scheduling) • Quest-V is being adopted by Drako Motors as part of DriveOS • Mercury Systems shortlisted Quest-V as the only academic system to meet their first phase requirements for a separation kernel • Quest-V well known in real-time research community 12

  13. Case Study: Quest(-V) Web- Web-connected 3D Printer Connected 3D Printer Remote Job Submission Local Slicing Correctness Verifjcatjon Print

  14. Printrbot Simple Metal Motor Motor Controller Extruder Motor Microprocessor Atmel AVR, 8 bit, 20 MHz Web Server SRAM 8 KB I/O UART, SPI, I2C, PWM, GPIO

  15. Custom Controller Custom Controller RAMPS shield Opportunity for x86-based 3D printer controller with wireless web server capabilities Companion Analog Circuits MinnowMAX

  16. Marlin Firmware Marlin Firmware Motor Timer1 Interrupt Main G-code loop Interpret Motor Data Variable Period Read Motor G-code Stepper Translate to motor rotatjon Timer2 8ms Period Interrupt Temp Temperature Adjust Control fan & Extruder PID output heater PID Temperature

  17. Marlin on Linux Marlin on Linux Original Marlin Linux Port Main loop + interrupts handlers Multjple threads Timer interrupts Periodic nanosleep AVR I/O instructjons Intel MRAA IoT library lightupd + spooler Jituer of the extruder, when submittjng relatjvely large fjles Is this bad? Why? lightupd Marlin Spooler Spooler Linux MinnowMAX

  18. The Timing Problem The Timing problem γ d H L T T T

  19. 10 kHz Pulse Train 10kHz Pulse Train struct timespec period = {. tv_sec = 0 , . tv_nsec = 100000 }; while ( 1 ) { nanosleep (& period , NULL); /* sleep for 100 us */ mraa_gpio_write ( GPIO6 , HIGH ); /* write 1 to gpio6 */ mraa_gpio_write ( GPIO6 , LOW ); /* write 0 to gpio6 */ } Frequency Period Theoretjcal 10 kHz 100000 ns Linux 7.91 kHz 100000 ns + 26422 ns Unstable Original PrintrBoard 9.96 kHz 100000 ns + 401 ns

  20. 10 kHz Pulse Train 10kHz Pulse Train (Linux) struct timespec period = {. tv_sec = 0 , . tv_nsec = 100000 }; while ( 1 ) { nanosleep (& period , NULL); /* sleep for 100 us */ mraa_gpio_write ( GPIO6 , HIGH ); /* write 1 to gpio6 */ mraa_gpio_write ( GPIO6 , LOW ); /* write 0 to gpio6 */ } 9.2% 29.3% 2.2% 3.9% 40.1% 15.7% hrtjmer Kernel Scheduler Crossing framework GPIO gpiolib sysfs framework Driver framework Lack of API with low and predictable overheads

  21. QduinoMC QduinoMC Goals Design Easy to use Simple APIs based on Arduino Easy to port existjng Arduino programs Multjthread loops Leverage multjple cores Pinning loops to cores Interrupt routjng Allow QoS specifjcatjon Loop budget and period Low I/O access overhead User-level I/O access loop (loopID, budget, period, [coreID]) noInterrupts (device, coreID) noTimer (coreID) interruptsVcpu (device, budget, period, [coreID]) digitalWrite () / digitalRead ()

  22. Marlin on QduinoMC Marlin on QduinoMC loop (1, 10, 100, 1), loop (2, 30, 100, 0), loop (3, 1, 80, 0) interruptsVCPU (I2C, 10ms, 100ms), interruptsVCPU (NIC, 10ms, 100ms) noTimer (1), noInterrupts (ALL, 1) Added Web server / Spooler

  23. 10 kHz Pulse Train Again 10kHz Pulse Train...Again void setup ( ) { pinMode ( GPIO6 , OUTPUT ); noInterrupts ( ALL , 1 ); noTimer ( 1 ); } void loop ( 1 , 100 , 100 , 1 ) { delayBusyNanoseconds ( 100000 ); digitalWrite ( GPIO6 , 1 ); digitalWrite ( GPIO6 , 0 ); } Frequency Period Theoretjcal 10 kHz 100000 ns QduinoMC 9.569 kHz 100000 ns + 4504 ns Stable Linux 7.91 kHz 100000 ns + 26422 ns Original PrintrBoard 9.96 kHz 100000 ns + 401 ns

  24. Test Object Test Object Higher quality Faster printjng 10% code size reductjon Intuitjve and clear code structure

  25. Quest-V DroneOS for Intel Aero More Critical Less Critical Comms Realsense/ROS Realsense/ROS & & User Telemetry Telemetry Cleanflight/iNav Flight Control: Cleanflight/iNav Flight Control: Services Services Condition-aware adaptive sensor fusion Condition-aware adaptive sensor fusion (App missions) (App missions) & PID loop rate & PID loop rate Kernel ... INTERNET ... VCPU(s) VCPU(s) VCPU(s) Linux Linux VCPU(s) Monitor Monitor Monitor Monitor Cores 1-3 Core 4 Cores 1-3 Core 4 MAVLink Telemetry, MAVLink Telemetry, Hardware Cloud-reactive Memory Memory Cloud-reactive Memory Memory ... processing & control processing & control (Digital Twinning) (Digital Twinning) ESC, Motors, IMU,GPS, Camera(s), ESC, Motors, IMU,GPS, Camera(s), Barometer, I2C, SPI GPU, NIC Barometer, I2C, SPI GPU, NIC 25

  26. Quest-V DriveOS for Skull Canyon Real-Time Display & Real-Time Display & Torque vectoring, External Torque vectoring, External Battery Mgmt Comms Battery Mgmt Comms CAN V2V, V2I Concentrator Infotainment Monitor Monitor Monitor Monitor Core(s) Core(s) Core(s) Core(s) Memory Memory Memory Memory I/O Devices I/O Devices USB I/F, USB I/F, e.g. GPU, e.g. GPU, CAN, DAQ CAN, DAQ Working with Drako Motors to NIC NIC use Quest-V for a vehicle OS 26

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

Quest-V: A Secure and Predictable System for IoT and Beyond Richard West richwest@cs.bu.edu

Quest-V: A Secure and Predictable System for IoT and Beyond Richard West richwest@cs.bu.edu

Quest-V: A Secure and Predictable System for IoT and Beyond Richard West richwest@cs.bu.edu Computer Science Goals Develop system for high-confidence (embedded) systems Mixed criticalities (timeliness and safety) Predictable

572 views • 45 slides
Quest(-V): A Secure and Predictable System for Smart IoT Devices Richard West richwest@cs.bu.edu

Quest(-V): A Secure and Predictable System for Smart IoT Devices Richard West richwest@cs.bu.edu

Quest(-V): A Secure and Predictable System for Smart IoT Devices Richard West richwest@cs.bu.edu Computer Science Emerging Smart Devices Need an OS Multiple cores GPIOs PWM Virtualization support Integrated Graphics

547 views • 52 slides
Predictable Communication and Migration in the Quest-V Separation Kernel Ye Li, Richard West,

Predictable Communication and Migration in the Quest-V Separation Kernel Ye Li, Richard West,

Introduction Quest-V Overview Inter-Sandbox Communication Predictable Migration Conclusions Predictable Communication and Migration in the Quest-V Separation Kernel Ye Li, Richard West, Zhuoqun Cheng, Eric Missimer Boston University 1 / 29

870 views • 29 slides
Predictable Latency Adventures in Java Concurrency Martin Thompson - @mjpt777 If a system does

Predictable Latency Adventures in Java Concurrency Martin Thompson - @mjpt777 If a system does

A Quest for Predictable Latency Adventures in Java Concurrency Martin Thompson - @mjpt777 If a system does not respond in a timely manner then it is effectively unavailable 1. Its all about the Blocking 2. What do we mean by Latency 3.

1.33k views • 112 slides
Predictable Latency Adventures in Java Concurrency Martin Thompson - @mjpt777 If a system does

Predictable Latency Adventures in Java Concurrency Martin Thompson - @mjpt777 If a system does

A Quest for Predictable Latency Adventures in Java Concurrency Martin Thompson - @mjpt777 If a system does not respond in a timely manner then it is effectively unavailable 1. Its all about the Blocking 2. What do we mean by Latency 3.

1.69k views • 116 slides
Quest-V a Virtualized Multikernel Richard West richwest@cs.bu.edu Ye Li, Eric Missimer

Quest-V a Virtualized Multikernel Richard West richwest@cs.bu.edu Ye Li, Eric Missimer

Quest-V a Virtualized Multikernel Richard West richwest@cs.bu.edu Ye Li, Eric Missimer {liye, missimer}@cs.bu.edu Computer Science Goals Develop system for high-confidence (embedded) systems Predictable real-time support

992 views • 55 slides
The Quest-V Separation Kernel Richard West richwest@cs.bu.edu Computer Science Goals

The Quest-V Separation Kernel Richard West richwest@cs.bu.edu Computer Science Goals

The Quest-V Separation Kernel Richard West richwest@cs.bu.edu Computer Science Goals Develop system for high-confidence (embedded) systems Mixed criticalities (timeliness and safety) Predictable real-time support

547 views • 41 slides
Quest A Journey in Space and Time Richard West richwest@cs.bu.edu Computer Science Goals

Quest A Journey in Space and Time Richard West richwest@cs.bu.edu Computer Science Goals

Quest A Journey in Space and Time Richard West richwest@cs.bu.edu Computer Science Goals Develop system for high-confidence (embedded) systems Mixed criticalities (timeliness and safety) Predictable real-time support

703 views • 47 slides
MAJOR VARIATION (MaV) - 17 types of MaV excluding MaV-3 & MaV-4 - Quest 2 system : online

MAJOR VARIATION (MaV) - 17 types of MaV excluding MaV-3 & MaV-4 - Quest 2 system : online

MAJOR VARIATION (MaV) - 17 types of MaV excluding MaV-3 & MaV-4 - Quest 2 system : online submission - Quest 3 system : manual submission - ASEAN Guideline On Stability Study Of Drug Product : Annexe 5 - Objective, packaging, batch size,

376 views • 33 slides
Secure Coprocessor What is Secure coprocessor: Robust. (A system that is not easily or is

Secure Coprocessor What is Secure coprocessor: Robust. (A system that is not easily or is

Secure Coprocessor What is Secure coprocessor: Robust. (A system that is not easily or is not wholly affected by a bug in one aspect of it. ) General-purpose computational environments. Secure temper responsive physical package.

366 views • 14 slides
The Quest for design closure The Quest for design closure Olivier Coudert Monterey Design System

The Quest for design closure The Quest for design closure Olivier Coudert Monterey Design System

Part IV Part IV The Quest for design closure The Quest for design closure Olivier Coudert Monterey Design System ASP-DAC 2001, tutorial 3 ASP-DAC'01 Olivier Coudert IV-1 DSM Dilemma SOC DSM Time to market Higher resistance Abstraction

774 views • 66 slides
The Quest OS for Real-Time Computing Richard West richwest@cs.bu.edu Computer Science Emerging

The Quest OS for Real-Time Computing Richard West richwest@cs.bu.edu Computer Science Emerging

The Quest OS for Real-Time Computing Richard West richwest@cs.bu.edu Computer Science Emerging Smart Devices 2 Goals High-confidence (embedded) systems Mixed criticalities timeliness and safety Predictable

635 views • 51 slides
Mutable Protection Domains: Towards a Component-based System for Dependable and Predictable

Mutable Protection Domains: Towards a Component-based System for Dependable and Predictable

Mutable Protection Domains: Towards a Component-based System for Dependable and Predictable Computing Gabriel Parmer and Richard West Computer Science Deparment Boston University Boston, MA 02215 { gabep1, richwest } @cs.bu.edu December 6,

831 views • 33 slides
Virtual-CPU Scheduling in the Quest Operating System Matt Danish, Ye Li and Richard West

Virtual-CPU Scheduling in the Quest Operating System Matt Danish, Ye Li and Richard West

Virtual-CPU Scheduling in the Quest Operating System Matt Danish, Ye Li and Richard West Contact: richwest@cs.bu.edu Computer Science Goals Develop system with improved predictability Integrated management of tasks & I/O events

787 views • 19 slides
Quantification of Uncertainty in Extreme Scale Computations (QUEST) www.quest-scidac.org H. Najm

Quantification of Uncertainty in Extreme Scale Computations (QUEST) www.quest-scidac.org H. Najm

Intro QUEST Technical Progress Closure Quantification of Uncertainty in Extreme Scale Computations (QUEST) www.quest-scidac.org H. Najm 1 , B. Debusschere 1 , M. Eldred 1 , R. Ghanem 2 , O. Ghattas 3 , R. Moser 3 , E. Prudencio 3 , D. Higdon 4

510 views • 28 slides
Michigan Questionnaire c ga Quest o a e Documentation System (MQDS): A U A Users

Michigan Questionnaire c ga Quest o a e Documentation System (MQDS): A U A Users

Michigan Questionnaire c ga Quest o a e Documentation System (MQDS): A U A Users Perspective P i Heidi Guyer, Gina-Qian Cheung The 11th International Blaise Conference Annapolis, Maryland September 2007 MQDS Background MQDS

418 views • 25 slides
Chemical Thermodynamics Joule-Thompson Expansion Joule-Thompson expansion depends on non-ideal

Chemical Thermodynamics Joule-Thompson Expansion Joule-Thompson expansion depends on non-ideal

Chemical Thermodynamics Joule-Thompson Expansion Joule-Thompson expansion depends on non-ideal characteristics of gases. Compare NH 3 and He in a Joule-Thompson expansion for P 1 =100 bar to P 2 =1 bar at an initial temperature of 260

490 views • 9 slides
Unit 4: Energy and power. Direct current circuits. Joule heating. Discharging process of a

Unit 4: Energy and power. Direct current circuits. Joule heating. Discharging process of a

Unit 4: Energy and power. Direct current circuits. Joule heating. Discharging process of a capacitor. DC circuits. Linear generator and receptor. Difference in potential between two points in a circuit. Pouillets law. Joule

183 views • 16 slides
Class 23: Work and kinetic energy (Cont) Acceleration by chain rule (1D) If we know the

Class 23: Work and kinetic energy (Cont) Acceleration by chain rule (1D) If we know the

Class 23: Work and kinetic energy (Cont) Acceleration by chain rule (1D) If we know the velocity as a function of time, we can differentiate it w.r.t. time and find out how the acceleration depends on time: dv x a dt However, very often

530 views • 10 slides
Energy-agility : A New Grid-centric Metric for Evaluating System Performance Supreeth Subramanya,

Energy-agility : A New Grid-centric Metric for Evaluating System Performance Supreeth Subramanya,

Energy-agility : A New Grid-centric Metric for Evaluating System Performance Supreeth Subramanya, Zain Mustafa, David Irwin, Prashant Shenoy Electrical and Computer Engineering University of Massachusetts Amherst Rethinking Energy-efficiency

343 views • 10 slides
Thinking Like a Chemist About Electrochemistry III Potential, Free Energy & K UNIT 8 DAY 5

Thinking Like a Chemist About Electrochemistry III Potential, Free Energy & K UNIT 8 DAY 5

Thinking Like a Chemist About Electrochemistry III Potential, Free Energy & K UNIT 8 DAY 5 What are we going to learn today? Determine Voltage in Electrochemical Cells Containing Different Concentrations of Reactants Relationship between

340 views • 13 slides
Explicit Loop Specialization & Polymorphic Hardware Specialization Christopher Batten and

Explicit Loop Specialization & Polymorphic Hardware Specialization Christopher Batten and

Explicit Loop Specialization & Polymorphic Hardware Specialization Christopher Batten and Zhiru Zhang Computer Systems Laboratory School of Electrical and Computer Engineering Cornell University June 2015 Explicit Loop Specialization

363 views • 10 slides
How is Light Made? How is Light Made? Can be considered as EITHER particles ( photons ) or as

How is Light Made? How is Light Made? Can be considered as EITHER particles ( photons ) or as

Review: Electromagnetic (EM) Radiation Review: Electromagnetic (EM) Radiation EM radiation: regularly varying electric & magnetic fields can transport energy over vast distances. Wave-Particle Duality of EM radiation: How

248 views • 6 slides
HW1 Graded Ready in your pendaflexes If you forget to include his name, e-mail Brandon.

HW1 Graded Ready in your pendaflexes If you forget to include his name, e-mail Brandon.

HW1 Graded Ready in your pendaflexes If you forget to include his name, e-mail Brandon. Average: 92 Good job overall! Race Conditions Unit of energy Watt vs. Joule micro Joule vs. milli Joule Pop loop end

299 views • 4 slides

More recommend