quest v a secure and predictable system for iot and beyond
play

Quest-V: A Secure and Predictable System for IoT and Beyond - PowerPoint PPT Presentation

Jan 31, 2023 •104 likes •572 views

Quest-V: A Secure and Predictable System for IoT and Beyond Richard West richwest@cs.bu.edu Computer Science Goals Develop system for high-confidence (embedded) systems Mixed criticalities (timeliness and safety) Predictable

  1. Quest-V: A Secure and Predictable System for IoT and Beyond Richard West richwest@cs.bu.edu Computer Science

  2. Goals • Develop system for high-confidence (embedded) systems – Mixed criticalities (timeliness and safety) • Predictable – real-time support • Secure – resistant to component failures & malicious attacks • Self-healing • Online recovery of software component failures 2

  3. Target Applications • Healthcare • Avionics • Automotive • Factory automation • Robotics • Space exploration • Secure/safety-critical domains • Internet-of-Things (IoT) 3

  4. Internet of Things l Number of Internet-connected devices > 12.5 billion in 2010 l World population > 7 billion (2015) l Cisco predicts 50 billion Internet devices by 2020 Challenges: • Secure management of vast quantities of data • Reliable + predictable data exchange b/w “smart” devices 4

  5. In the Beginning...Quest • Initially a “small” RTOS • ~30KB ROM image for uniprocessor version • Page-based address spaces • Threads • Dual-mode kernel-user separation • Real-time Virtual CPU (VCPU) Scheduling • Later SMP support • LAPIC timing FreeRTOS, Linux, Windows, Quest uC/OS-II etc Mac OS X etc 5

  6. From Quest to Quest-V • Quest-V for multi-/many-core processors – Distributed system on a chip – Time as a first-class resource • Cycle-accurate time accountability – Separate sandbox kernels for system components – Memory isolation using h/w-assisted memory virtualization – Also CPU, I/O, cache partitioning • Focus on safety , efficiency , predictability + security 6

  7. Related Work • Existing virtualized solutions for resource partitioning – Wind River Hypervisor, XtratuM, PikeOS, Mentor Graphics Hypervisor – Xen, Oracle PDOMs, IBM LPARs – Muen, (Siemens) Jailhouse 7

  8. Problem Traditional Virtual Machine approaches too expensive – Require traps to VMM (a.k.a. hypervisor) to mux & manage machine resources for multiple guests – e.g., ~1500 clock cycles VM-Enter/Exit on Xeon E5506 Traditional Virtual Machine approaches too memory intensive for embedded systems in areas such as IoT! 8

  9. Traditional Approach (Type 1 VMM) ... VM VM VM VM VM Type 1 VMM / Hypervisor Hardware (CPUs, memory, devices) 9

  10. Quest-V Approach Eliminates hypervisor intervention during normal virtual machine operations ... VM VM VM VM VM Hardware (CPUs, memory, devices) 10

  11. Quest-V Architecture Overview . . . Sandbox M Sandbox 1 Sandbox 2 Communication + Migration VCPU VCPU VCPU VCPU VCPU Sandbox Monitor Monitor Monitor Address Space PCPU(s) PCPU(s) PCPU(s) Thread IO Devices IO Devices IO Devices 11

  12. Memory Partitioning • Guest kernel page tables for GVA-to-GPA translation • EPTs (a.k.a. shadow page tables) for GPA-to- HPA translation – EPTs modifiable only by monitors – Intel VT-x: 1GB address spaces require 12KB EPTs w/ 2MB superpaging 12

  13. Quest-V Memory Partitioning Quest-V Memory Partitioning 13

  14. I/O Partitioning • Device interrupts directed to each sandbox – Use I/O APIC redirection tables – Eliminates monitor from control path • EPTs prevent unauthorized updates to I/O APIC memory area by guest kernels • Port-addressed devices use in/out instructions • VMCS configured to cause monitor trap for specific port addresses • Monitor maintains device "blacklist" for each sandbox – DeviceID + VendorID of restricted PCI devices 14

  15. CPU Partitioning • Scheduling local to each sandbox – partitioned rather than global – avoids monitor intervention • Uses real-time VCPU approach for Quest native kernels [RTAS'11] 15

  16. Predictability l VCPUs for budgeted real-time execution of threads and system events (e.g., interrupts) l Threads mapped to VCPUs l VCPUs mapped to physical cores l Sandbox kernels perform local scheduling on assigned cores l Avoid VM-Exits to Monitor – eliminate cache/ TLB flushes 16

  17. VCPUs in Quest(-V) Address Threads Space Main VCPUs I/O VCPUs PCPUs (Cores) 17

  18. Example VCPU Schedule Example VCPU Schedule 18

  19. Utilization Bound Test • Sandbox with 1 PCPU, n Main VCPUs, and m I/O VCPUs – Ci = Budget Capacity of Vi – Ti = Replenishment Period of Vi – Main VCPU, Vi – Uj = Utilization factor for I/O VCPU, Vj n − 1 m − 1 Ci ( ) n ∑ ∑ ( ) ⋅ Uj + 2 − Uj ≤ n ⋅ 2 − 1 Ti i= 0 j= 0 19

  20. Cache Partitioning • Shared caches controlled using color-aware memory allocator [COLORIS – PACT'14] • Cache occupancy prediction based on h/w performance counters – E' = E + (1-E/C) * m l – E/C * m o – Enhanced with hits + misses [Book Chapter, OSR'11, PACT'10] 20

  21. Linux Front End • For low criticality legacy services • Based on Puppy Linux 3.8.0 • Runs entirely out of RAM including root filesystem • Low-cost paravirtualization – less than 100 lines – Restrict observable memory – Adjust DMA offsets • Grant access to VGA framebuffer + GPU • Quest native SBs tunnel terminal I/O to Linux via shared memory using special drivers 21

  22. Quest-V Linux Screenshot 1 CPU + 512 MB No VMX or EPT flags 22

  23. Quest-V Performance Quest-V Performance 100 Million Page Faults 1 Million fork-exec-exit Calls 23

  24. Quest-V Summary • Separation kernel built from scratch – Distributed system on a chip – Uses (optional) h/w virtualization to partition resources into sandboxes – Protected comms channels b/w sandboxes • Sandboxes can have different criticalities – Linux front-end for less critical legacy services • Sandboxes responsible for local resource management – avoids monitor involvement 24

  25. Proposed Work • Port of Quest to Intel Galileo [Done] • Qduino API [Ongoing] • Port of Quest(-V) to Intel Edison and Minnowboard Max [Started] • IoT Applications: 3D printing / manufacturing, robotics, secure home automation, etc [To Do] • (Secure) Information Flow Analysis [To Do] • Real-time Communication [Ongoing] 25

  26. Quest on Galileo • Porting Quest to the Galileo board: – Added multiboot support back to 32-bit GRUB EFI (GRUB Legacy) – Developed I2C, SPI controller drivers – Developed Cypress GPIO Expander and AD7298 ADC drivers • Original Arduino API Support • New real-time multithreaded Qduino API 26

  27. Qduino • Qduino – Enhanced Arduino API for Quest – Parallel and predictable loop execution – Real-time communication b/w loops – Predictable and efficient interrupt management – Real-time event delivery – Simplifies multithreaded real-time programming 27

  28. Qduino Multi-loop Example • Multiple loop sketch example: loop (1, 40, 100) { /* VCPU: C = 40, T = 100 */ digitalWrite (LED1, HIGH); ... /* Blink LED1 */ } loop (2, 20, 100) { /* VCPU: C = 20, T = 100 */ analogWrite (LED2, brightness); ... /* Change brightness of LED2 */ } setup () { pinMode (LED1, OUTPUT); pinMode (LED2, OUTPUT); } 28

  29. Qduino Organization Sketch ... loop1 loopN Quest Quest ... Native Native App App QDuino Libs User Kernel GPIO Driver VCPU SPI Driver Scheduler I2C Driver x86 SoC Galileo Edison Minnowboard 29

  30. Qduino New APIs Function Signatures Category l loop(loop_id, C, T) Structure l interruptsVcpu(C,T) Interrupt l attachInterruptVcpu(pin,ISR,mode,C,T) l spinlockInit(lock) Spinlock l spinlockLock(lock) l spinlockUnlock(lock) l channelWrite(channel,item) Four-slot l item channelRead(channel) l ringbufInit(buffer,size) Ring buffer l ringbufWrite(buffer,item) l ringbufRead(buffer,item) 30

  31. Qduino Event Handling Sketch Handler pthread_create Real Time Event attachInterrupt User Kernel Main Main Pin State VCPU VCPU Monitoring IO VCPU GPIO Driver Scheduler CPU Core(s) GPIO Expander 31

  32. Qduino Temporal Isolation 60 (50,100),2 (70,100),2 (90,100),2 Linux,2 (50,100),4 (70,100),4 (90,100),4 Linux,4 l Foreground loop increments counter during loop period 50 l 2-4 background loops act Counter (x10 4 ) 40 as potential interference, consuming remaining 30 CPU capacity 20 l No temporal isolation or timing guarantees w/ Linux 10 0 100T 200T 300T 400T 500T Time (Periods) 32

  33. Possible Use Cases l Mixed-criticality automotive system l Secure home automation l 3D printer controller l IoT interoperability sandboxing l Secure virtual networks of untrusted devices l Many others... 33

  34. Mixed-Criticality Automotive System More Critical Less Critical Real-time User Real-time Display & Comms Sensor Data Command & External Processing Control Comms Kernel V2V, V2I VCPU(s) VCPU(s) ... Infotainment INTERNET Monitor Monitor Monitor Core(s) Core(s) Core(s) Sandboxes on Hardware multicore Memory Memory Memory ... platform replace I/O Devices I/O Devices I/O Devices CAN bus nodes e.g. Motors, e.g. Cameras, e.g. GPU, Servos LIDAR NIC ... Sandbox 1 Sandbox 2 Sandbox M 34

  35. Secure Home Automation More Secure Less Secure 3 rd Party untrusted services Real-time User Comms Web Server / Sensor Data App “Plugins” Processing Kernel VCPU(s) ... INTERNET Linux Monitor Monitor Core(s) Core(s) Hardware Memory Memory ... I/O Devices I/O Devices e.g. Cameras, e.g. NIC CO+Fire Alarm Sandbox M Sandbox 1 35

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

Quest-V: A Secure and Predictable System for IoT and Beyond Richard West richwest@cs.bu.edu

Quest-V: A Secure and Predictable System for IoT and Beyond Richard West richwest@cs.bu.edu

Quest-V: A Secure and Predictable System for IoT and Beyond Richard West richwest@cs.bu.edu Computer Science Talk Outline Background on embedded single board computers (SBCs) Quest(-V) OS for x86 SBCs Work status Lessons

495 views • 27 slides
Quest(-V): A Secure and Predictable System for Smart IoT Devices Richard West richwest@cs.bu.edu

Quest(-V): A Secure and Predictable System for Smart IoT Devices Richard West richwest@cs.bu.edu

Quest(-V): A Secure and Predictable System for Smart IoT Devices Richard West richwest@cs.bu.edu Computer Science Emerging Smart Devices Need an OS Multiple cores GPIOs PWM Virtualization support Integrated Graphics

547 views • 52 slides
Predictable Communication and Migration in the Quest-V Separation Kernel Ye Li, Richard West,

Predictable Communication and Migration in the Quest-V Separation Kernel Ye Li, Richard West,

Introduction Quest-V Overview Inter-Sandbox Communication Predictable Migration Conclusions Predictable Communication and Migration in the Quest-V Separation Kernel Ye Li, Richard West, Zhuoqun Cheng, Eric Missimer Boston University 1 / 29

870 views • 29 slides
Predictable Latency Adventures in Java Concurrency Martin Thompson - @mjpt777 If a system does

Predictable Latency Adventures in Java Concurrency Martin Thompson - @mjpt777 If a system does

A Quest for Predictable Latency Adventures in Java Concurrency Martin Thompson - @mjpt777 If a system does not respond in a timely manner then it is effectively unavailable 1. Its all about the Blocking 2. What do we mean by Latency 3.

1.33k views • 112 slides
Predictable Latency Adventures in Java Concurrency Martin Thompson - @mjpt777 If a system does

Predictable Latency Adventures in Java Concurrency Martin Thompson - @mjpt777 If a system does

A Quest for Predictable Latency Adventures in Java Concurrency Martin Thompson - @mjpt777 If a system does not respond in a timely manner then it is effectively unavailable 1. Its all about the Blocking 2. What do we mean by Latency 3.

1.69k views • 116 slides
Quest-V a Virtualized Multikernel Richard West richwest@cs.bu.edu Ye Li, Eric Missimer

Quest-V a Virtualized Multikernel Richard West richwest@cs.bu.edu Ye Li, Eric Missimer

Quest-V a Virtualized Multikernel Richard West richwest@cs.bu.edu Ye Li, Eric Missimer {liye, missimer}@cs.bu.edu Computer Science Goals Develop system for high-confidence (embedded) systems Predictable real-time support

992 views • 55 slides
The Quest-V Separation Kernel Richard West richwest@cs.bu.edu Computer Science Goals

The Quest-V Separation Kernel Richard West richwest@cs.bu.edu Computer Science Goals

The Quest-V Separation Kernel Richard West richwest@cs.bu.edu Computer Science Goals Develop system for high-confidence (embedded) systems Mixed criticalities (timeliness and safety) Predictable real-time support

547 views • 41 slides
Quest A Journey in Space and Time Richard West richwest@cs.bu.edu Computer Science Goals

Quest A Journey in Space and Time Richard West richwest@cs.bu.edu Computer Science Goals

Quest A Journey in Space and Time Richard West richwest@cs.bu.edu Computer Science Goals Develop system for high-confidence (embedded) systems Mixed criticalities (timeliness and safety) Predictable real-time support

703 views • 47 slides
MAJOR VARIATION (MaV) - 17 types of MaV excluding MaV-3 & MaV-4 - Quest 2 system : online

MAJOR VARIATION (MaV) - 17 types of MaV excluding MaV-3 & MaV-4 - Quest 2 system : online

MAJOR VARIATION (MaV) - 17 types of MaV excluding MaV-3 & MaV-4 - Quest 2 system : online submission - Quest 3 system : manual submission - ASEAN Guideline On Stability Study Of Drug Product : Annexe 5 - Objective, packaging, batch size,

376 views • 33 slides
Secure Coprocessor What is Secure coprocessor: Robust. (A system that is not easily or is

Secure Coprocessor What is Secure coprocessor: Robust. (A system that is not easily or is

Secure Coprocessor What is Secure coprocessor: Robust. (A system that is not easily or is not wholly affected by a bug in one aspect of it. ) General-purpose computational environments. Secure temper responsive physical package.

366 views • 14 slides
The Quest for design closure The Quest for design closure Olivier Coudert Monterey Design System

The Quest for design closure The Quest for design closure Olivier Coudert Monterey Design System

Part IV Part IV The Quest for design closure The Quest for design closure Olivier Coudert Monterey Design System ASP-DAC 2001, tutorial 3 ASP-DAC'01 Olivier Coudert IV-1 DSM Dilemma SOC DSM Time to market Higher resistance Abstraction

774 views • 66 slides
The Quest OS for Real-Time Computing Richard West richwest@cs.bu.edu Computer Science Emerging

The Quest OS for Real-Time Computing Richard West richwest@cs.bu.edu Computer Science Emerging

The Quest OS for Real-Time Computing Richard West richwest@cs.bu.edu Computer Science Emerging Smart Devices 2 Goals High-confidence (embedded) systems Mixed criticalities timeliness and safety Predictable

635 views • 51 slides
Mutable Protection Domains: Towards a Component-based System for Dependable and Predictable

Mutable Protection Domains: Towards a Component-based System for Dependable and Predictable

Mutable Protection Domains: Towards a Component-based System for Dependable and Predictable Computing Gabriel Parmer and Richard West Computer Science Deparment Boston University Boston, MA 02215 { gabep1, richwest } @cs.bu.edu December 6,

831 views • 33 slides
Virtual-CPU Scheduling in the Quest Operating System Matt Danish, Ye Li and Richard West

Virtual-CPU Scheduling in the Quest Operating System Matt Danish, Ye Li and Richard West

Virtual-CPU Scheduling in the Quest Operating System Matt Danish, Ye Li and Richard West Contact: richwest@cs.bu.edu Computer Science Goals Develop system with improved predictability Integrated management of tasks & I/O events

787 views • 19 slides
Quantification of Uncertainty in Extreme Scale Computations (QUEST) www.quest-scidac.org H. Najm

Quantification of Uncertainty in Extreme Scale Computations (QUEST) www.quest-scidac.org H. Najm

Intro QUEST Technical Progress Closure Quantification of Uncertainty in Extreme Scale Computations (QUEST) www.quest-scidac.org H. Najm 1 , B. Debusschere 1 , M. Eldred 1 , R. Ghanem 2 , O. Ghattas 3 , R. Moser 3 , E. Prudencio 3 , D. Higdon 4

510 views • 28 slides
Michigan Questionnaire c ga Quest o a e Documentation System (MQDS): A U A Users

Michigan Questionnaire c ga Quest o a e Documentation System (MQDS): A U A Users

Michigan Questionnaire c ga Quest o a e Documentation System (MQDS): A U A Users Perspective P i Heidi Guyer, Gina-Qian Cheung The 11th International Blaise Conference Annapolis, Maryland September 2007 MQDS Background MQDS

418 views • 25 slides
Welcome to London, Ontario Welcome to London, Ontario A Few Facts & Figures. . . A Few Facts

Welcome to London, Ontario Welcome to London, Ontario A Few Facts & Figures. . . A Few Facts

Welcome from the Welcome from the Ontario Recycler Workshop Ontario Recycler Workshop City of London City of London Thursday, November 24 Jay Stanford, Director, 9:30 a.m. to 3:30 p.m. Environmental Programs & Solid Waste 1 2

554 views • 43 slides
Interactive Visual Analysis of Multi-faceted Scientific Data Johannes Kehrer Visualization

Interactive Visual Analysis of Multi-faceted Scientific Data Johannes Kehrer Visualization

Interactive Visual Analysis of Multi-faceted Scientific Data Johannes Kehrer Visualization Group, Dept. of Informatics University of Bergen, Norway www.ii.UiB.no/vis Motivation Increasing amounts of scientific data time-dependent

572 views • 41 slides
Diesel Fleet Retrofits in the US DG Environment Urban Captive Fleet/ Air Quality Workshop

Diesel Fleet Retrofits in the US DG Environment Urban Captive Fleet/ Air Quality Workshop

Diesel Fleet Retrofits in the US DG Environment Urban Captive Fleet/ Air Quality Workshop David Marshall 14 January 2005 Clean Air Task Force The Clean Air Task Force (CATF) is a nonprofit organization dedicated to restoring clean air

513 views • 15 slides
and Information & Communication Technology www.westcoastclimateforum.com Tuesday, May 3,

and Information & Communication Technology www.westcoastclimateforum.com Tuesday, May 3,

Climate Friendly Purchasing Toolkit Diesel Fuel and Information & Communication Technology www.westcoastclimateforum.com Tuesday, May 3, 2016 West Coast Climate and Materials Management Forum The West Coast Climate and Materials

879 views • 46 slides
CPU Scheduling - II System Calls Virtual Machines Tevfik Ko ar University at Buffalo

CPU Scheduling - II System Calls Virtual Machines Tevfik Ko ar University at Buffalo

CSE 421/521 - Operating Systems Roadmap Fall 2011 Multilevel Feedback Queues Estimating CPU bursts Lecture - VI CPU Scheduling - II System Calls Virtual Machines Tevfik Ko ar University at Buffalo September 15 th , 2011

442 views • 5 slides
EECS 678: Introduction to Operating Systems Heechul Yun 1 About Me Heechul Yun, Assistant

EECS 678: Introduction to Operating Systems Heechul Yun 1 About Me Heechul Yun, Assistant

EECS 678: Introduction to Operating Systems Heechul Yun 1 About Me Heechul Yun, Assistant Prof., Dept. of EECS Office: 3040 Eaton, 236 Nichols Email: heechul.yun@ku.edu Research Areas Operating systems and architecture

889 views • 55 slides
Tech in the Town 4IR and local government: opportunities, risks and next steps for policymakers

Tech in the Town 4IR and local government: opportunities, risks and next steps for policymakers

Tech in the Town 4IR and local government: opportunities, risks and next steps for policymakers July 2019 Scott Corfe, Research Director, SMF 1 Overview What are the opportunities for local government from 4IR technologies? What are

259 views • 23 slides
A CASE STUDY IN LARGE SCALE LEAN-AGILE ADOPTION Chris Berridge Maersk Line About Maersk Line

A CASE STUDY IN LARGE SCALE LEAN-AGILE ADOPTION Chris Berridge Maersk Line About Maersk Line

A CASE STUDY IN LARGE SCALE LEAN-AGILE ADOPTION Chris Berridge Maersk Line About Maersk Line Worlds largest container fleet Truely global business 325 offices in 125 countries 25.000 employees (7,600 seafarers) 14.5% world

397 views • 38 slides

More recommend