tock operating system
play

Tock Operating System Safety without Processes for Embedded Systems - PowerPoint PPT Presentation

Mar 31, 2024 •12 likes •582 views

Tock Operating System Safety without Processes for Embedded Systems 1 Stanford University 2 University of Michigan 3 University of California, Berkeley 1 Amit Levy 1 Brandon Ghena 2 Michael Andersen 3 Brad Campbell 2 Gabe Fierro 3 Pat Pannuto 2

  1. Tock Operating System Safety without Processes for Embedded Systems 1 Stanford University 2 University of Michigan 3 University of California, Berkeley 1 Amit Levy 1 Brandon Ghena 2 Michael Andersen 3 Brad Campbell 2 Gabe Fierro 3 Pat Pannuto 2 Prabal Dutta 2 David Culler 3 Philip Levis 1

  2. 2

  3. Tock Tock is a safe operating system for embedded systems, designed for low resource consumption: • 16 KB -512 KB memory • Sub-1 mA average current draw • Order of millisecond timing constraint (O(10000 cycles)) with a central focus on isolating untrusted components achieved (primarily) by using a safe language to isolate components in the kernel 3

  4. Tock Tock is a safe operating system for embedded systems, designed for low resource consumption: • 16 KB -512 KB memory • Sub-1 mA average current draw • Order of millisecond timing constraint (O(10000 cycles)) with a central focus on isolating untrusted components achieved (primarily) by using a safe language to isolate components in the kernel 3

  5. Tock Tock is a safe operating system for embedded systems, designed for low resource consumption: • 16 KB -512 KB memory • Sub-1 mA average current draw • Order of millisecond timing constraint (O(10000 cycles)) with a central focus on isolating untrusted components achieved (primarily) by using a safe language to isolate components in the kernel 3

  6. Tock Tock is a safe operating system for embedded systems, designed for low resource consumption: • 16 KB -512 KB memory • Sub-1 mA average current draw • Order of millisecond timing constraint (O(10000 cycles)) with a central focus on isolating untrusted components achieved (primarily) by using a safe language to isolate components in the kernel 3

  7. Tock Tock is a safe operating system for embedded systems, designed for low resource consumption: • 16 KB -512 KB memory • Sub-1 mA average current draw • Order of millisecond timing constraint (O(10000 cycles)) with a central focus on isolating untrusted components achieved (primarily) by using a safe language to isolate components in the kernel 3

  8. Embedded ”operating systems” exist (TinyOS, FreeRTOS, Arduino, etc) But they’re not operating systems like you’re used to: No strict separation between a kernel, drivers and applications. No mechanism for isolating components from each other The ”OS” is basically a library Think Ruby on Rails for your defibrilator 4

  9. Embedded ”operating systems” exist (TinyOS, FreeRTOS, Arduino, etc) But they’re not operating systems like you’re used to: No strict separation between a kernel, drivers and applications. No mechanism for isolating components from each other The ”OS” is basically a library Think Ruby on Rails for your defibrilator 4

  10. Embedded ”operating systems” exist (TinyOS, FreeRTOS, Arduino, etc) But they’re not operating systems like you’re used to: No strict separation between a kernel, drivers and applications. No mechanism for isolating components from each other The ”OS” is basically a library Think Ruby on Rails for your defibrilator 4

  11. Embedded ”operating systems” exist (TinyOS, FreeRTOS, Arduino, etc) But they’re not operating systems like you’re used to: No strict separation between a kernel, drivers and applications. No mechanism for isolating components from each other The ”OS” is basically a library Think Ruby on Rails for your defibrilator 4

  12. Embedded ”operating systems” exist (TinyOS, FreeRTOS, Arduino, etc) But they’re not operating systems like you’re used to: No strict separation between a kernel, drivers and applications. No mechanism for isolating components from each other The ”OS” is basically a library Think Ruby on Rails for your defibrilator 4

  13. Embedded ”operating systems” exist (TinyOS, FreeRTOS, Arduino, etc) But they’re not operating systems like you’re used to: No strict separation between a kernel, drivers and applications. No mechanism for isolating components from each other The ”OS” is basically a library Think Ruby on Rails for your defibrilator 4

  14. How do we build embedded systems? 5

  15. 1. Build a platform • MCU • Radio • Sensors • Actuators Each platform is a unique snowflake 6

  16. 1. Build a platform • MCU • Radio • Sensors • Actuators Each platform is a unique snowflake 6

  17. 2. Choose an ”OS” • Arduino • TinyOS • FreeRTOS 7

  18. 3. Pull in drivers for the platform • Bluetooth driver from Nordic • 802.15.4 driver from Thingsquare • Temperature sensor driver from Adafruit 8

  19. 4. Build application(s) on top 9

  20. 5. Optimize for !security Often modifications to the whole stack to get better performance and energy consumption 10

  21. Embedded systems are a lot like other systems i.e. built from reusable components 11

  22. Embedded systems are a lot like other systems i.e. built from reusable components 11

  23. This is a recipe for disaster Mixing code from various sources + No isolation mechanisms + Optimizing for performance = Bugs, exploits, meyham 12

  24. This is a recipe for disaster Mixing code from various sources + No isolation mechanisms + Optimizing for performance = Bugs, exploits, meyham 12

  25. This is a recipe for disaster Mixing code from various sources + No isolation mechanisms + Optimizing for performance = Bugs, exploits, meyham 12

  26. This is a recipe for disaster Mixing code from various sources + No isolation mechanisms + Optimizing for performance = Bugs, exploits, meyham 12

  27. Reusing components is a GOOD thing! • Less engineering effort • Fewer bugs overall • Better interoperability • Don’t roll your own crypto • ... 13

  28. What happens when there is a bug? 14

  29. Isolation in operating systems Typically achieved with a thread/process-like abstraction: • Servers in microkernels • SIPs in Singularity • HiStar, Docker, etc... • Hails, Aeolus, etc... 15

  30. Isolation in operating systems Typically achieved with a thread/process-like abstraction: • Servers in microkernels • SIPs in Singularity • HiStar, Docker, etc... • Hails, Aeolus, etc... 15

  31. Why processes? Provides isolation Provides concurrency and parallelism Convenient to enforce using hardware or language 16

  32. Why processes? Provides isolation Provides concurrency and parallelism Convenient to enforce using hardware or language 16

  33. Why processes? Provides isolation Provides concurrency and parallelism Convenient to enforce using hardware or language 16

  34. Why not processes? Each process needs its own stack and heap. Internal fragmentation : preallocate maximum memory for each process External fragmentation : dynamically allocate blocks Interaction between components requires communication (message passing, RPC...) 17

  35. Why not processes? Each process needs its own stack and heap. Internal fragmentation : preallocate maximum memory for each process External fragmentation : dynamically allocate blocks Interaction between components requires communication (message passing, RPC...) 17

  36. Why not processes? Each process needs its own stack and heap. Internal fragmentation : preallocate maximum memory for each process External fragmentation : dynamically allocate blocks Interaction between components requires communication (message passing, RPC...) 17

  37. Why not processes? Each process needs its own stack and heap. Internal fragmentation : preallocate maximum memory for each process External fragmentation : dynamically allocate blocks Interaction between components requires communication (message passing, RPC...) 17

  38. Tradeoff granularity for resources 18

  39. What if we give up concurrency? main sendPacket sendByte waitDone waitRxRead readByte parsePacket We can isolate components, but we can’t meet timing requirements 19

  40. What if we give up concurrency? main sendPacket sendByte waitDone waitRxRead readByte parsePacket We can isolate components, but we can’t meet timing requirements 19

  41. Tock is for resource-constrained devices Microcontrollers often have as little as 16 KB of memory Timing constraints on the order of a few thousand cycles (apprx 1 ms ) 20

  42. Tock is for resource-constrained devices Microcontrollers often have as little as 16 KB of memory Timing constraints on the order of a few thousand cycles (apprx 1 ms ) 20

  43. Challenge : How do we isolate concurrent components without incurring a memory/performance overhead for each component? Key idea : Use a single-threaded event system and isolate using language mechanisms • Module bounderies • Strong encapsulation (hidden constructors) • etc... 21

  44. Challenge : How do we isolate concurrent components without incurring a memory/performance overhead for each component? Key idea : Use a single-threaded event system and isolate using language mechanisms • Module bounderies • Strong encapsulation (hidden constructors) • etc... 21

  45. Tock Design An event system: • Enqueue all hardware interrupts • Never block on I/O, instead separate into events • Deliver results to higher layers through callbacks Built in Rust: type-safe with no runtime a ”zero-cost” abstractions Rust manages memory using affine types (ownership) instead of garbage collection 22

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

Tock: A Secure Operating System for Microcontrollers Limitations of Microcontroller Sofware

Tock: A Secure Operating System for Microcontrollers Limitations of Microcontroller Sofware

Amit Levy SITP Retreat, June 22, 2018 Tock: A Secure Operating System for Microcontrollers Limitations of Microcontroller Sofware Low memory: ~64 kB RAM No virtual memory Cant use Linux! No isolation USB authentication

1.11k views • 55 slides
HIERARCHICAL CLUSTERING OF MESSAGE FLOWS IN A MULTICAST DATA DISSEMINATION SYSTEM Yoav Tock, Nir

HIERARCHICAL CLUSTERING OF MESSAGE FLOWS IN A MULTICAST DATA DISSEMINATION SYSTEM Yoav Tock, Nir

HIERARCHICAL CLUSTERING OF MESSAGE FLOWS IN A MULTICAST DATA DISSEMINATION SYSTEM Yoav Tock, Nir Naaman, Avi Harpaz, Gidon Gershinsky IBM Haifa Research Laboratory Mount Carmel, Haifa 31905, Israel { tock,naaman,harpaz,gidon } @il.ibm.com

291 views • 7 slides
Chapter 3: Operating-System Structures System Components Operating System Services

Chapter 3: Operating-System Structures System Components Operating System Services

Chapter 3: Operating-System Structures System Components Operating System Services System Calls System Programs System Structure Virtual Machines System Design and Implementation System Generation Operating System

981 views • 39 slides
Chapter 3: Operating-System Structures System Components Operating System Services

Chapter 3: Operating-System Structures System Components Operating System Services

Chapter 3: Operating-System Structures System Components Operating System Services System Calls System Programs System Structure Virtual Machines System Design and Implementation System Generation Operating System

588 views • 20 slides
Module 3: Operating-System Structures System Components Operating System Services

Module 3: Operating-System Structures System Components Operating System Services

Module 3: Operating-System Structures System Components Operating System Services System Calls System Programs System Structure Virtual Machines System Design and Implementation System Generation Silberschatz and

714 views • 35 slides
Module 3: Operating-System Structures System Components Operating-System Services

Module 3: Operating-System Structures System Components Operating-System Services

' $ Module 3: Operating-System Structures System Components Operating-System Services System Calls System Programs System Structure Virtual Machines System Design and Implementation System Generation & %

589 views • 13 slides
A better picture Many applications Application One Operating System System calls Operating

A better picture Many applications Application One Operating System System calls Operating

Introduction Operating Systems Spring 2003 OS Spring03 What is Operating System? It is a program! It is the first piece of software to run after boot It coordinates the execution of all other software User programs It

306 views • 12 slides
Operating System Overview Chapter 2 1 Operating System A program that controls the

Operating System Overview Chapter 2 1 Operating System A program that controls the

Operating System Overview Chapter 2 1 Operating System A program that controls the execution of application programs An interface between applications and hardware 2 1 Operating System Objectives Convenience Makes the

719 views • 33 slides
T AKING S TOCK OF THE S ELF - R EGULATION E XPERIMENT : T HE P AST

T AKING S TOCK OF THE S ELF - R EGULATION E XPERIMENT : T HE P AST

T AKING S TOCK OF THE S ELF - R EGULATION E XPERIMENT : T HE P AST , P RESENT AND F UTURE OF THE P LATFORM ON D IET , P HYSICAL A CTIVITY AND THE EU A LCOHOL AND H

179 views • 4 slides
Compiling occam to C with Tock Adam Sampson ats@offog.org University of Kent

Compiling occam to C with Tock Adam Sampson ats@offog.org University of Kent

Compiling occam to C with Tock Adam Sampson ats@offog.org University of Kent http://www.cs.kent.ac.uk/ Compiling occam to C with Tock p. 1 Introduction We do most of our work with occam- Big new project starting in a couple of

369 views • 22 slides
The Operating System Computer Literacy1 Lecture 6 02/10/08 Topics Firmware Operating

The Operating System Computer Literacy1 Lecture 6 02/10/08 Topics Firmware Operating

The Operating System Computer Literacy1 Lecture 6 02/10/08 Topics Firmware Operating System Applications and Plug-ins Examples for Operating Systems Function of Operating System Virtual Memory Bootstrapping GUI

482 views • 12 slides
Operating System Overview Chapter 2 Operating System A program that controls the execution

Operating System Overview Chapter 2 Operating System A program that controls the execution

1 Operating System Overview Chapter 2 Operating System A program that controls the execution of application programs An interface between applications and hardware 2 Operating System Objectives Convenience Makes the

758 views • 65 slides
Introduction Outline What is an operating system? History of operating systems

Introduction Outline What is an operating system? History of operating systems

Introduction Outline What is an operating system? History of operating systems Where does the operating system fjt in a computing system? User mode and kernel mode What are the general operating system functions? 1 What is

450 views • 26 slides
What is an operating system? "Peterson and Silbershatz" "We can view an operating

What is an operating system? "Peterson and Silbershatz" "We can view an operating

Operating Systems slide 1 gaius What is an operating system? "Peterson and Silbershatz" "We can view an operating system as a resource allocator. A computer system has many resources (hardware and software) that may be required

1.2k views • 56 slides
The Unix Operating System SE 101 Spiros Mancoridis What is an OS? An operating system (OS) is

The Unix Operating System SE 101 Spiros Mancoridis What is an OS? An operating system (OS) is

The Unix Operating System SE 101 Spiros Mancoridis What is an OS? An operating system (OS) is software that manages the resources of a computer Like most managers, the OS aims to manage its resources in a safe and efficient way Examples of

848 views • 50 slides
What is an Operating System? Three views of an operating system Application View: what services

What is an Operating System? Three views of an operating system Application View: what services

Intro 1 What is an Operating System? Three views of an operating system Application View: what services does it provide? System View: what problems does it solve? Implementation View: how is it built? An operating system is part cop, part

546 views • 7 slides
Architecture-Neutral Operating System Components Daniel Lohmann Department of Computer Science

Architecture-Neutral Operating System Components Daniel Lohmann Department of Computer Science

Architecture-Neutral Operating System Components Daniel Lohmann Department of Computer Science IV Distributed Systems and Operating Systems Friedrich-Alexander University Erlangen-Nuremberg http://www4.informatik.uni-erlangen.de/~lohmann

375 views • 12 slides
Module 22: The Linux System History Design Principles Kernel Modules Process

Module 22: The Linux System History Design Principles Kernel Modules Process

' $ Module 22: The Linux System History Design Principles Kernel Modules Process Management Scheduling Memory Management File Systems Input and Output Interprocess Communication Network Structure & %

828 views • 53 slides
Synchronization OS Lecture 3 UdS/TUKL WS 2015 MPI-SWS 1 Announcements 1. First assignment out

Synchronization OS Lecture 3 UdS/TUKL WS 2015 MPI-SWS 1 Announcements 1. First assignment out

Synchronization OS Lecture 3 UdS/TUKL WS 2015 MPI-SWS 1 Announcements 1. First assignment out today. Start working on it early. http://courses.mpi-sws.org/os-ws15/ 2. Send email to course mailing list if you are still looking for a

1.22k views • 80 slides
CS 134: Operating Systems System Calls 1 / 20 Overview CS34 Overview 2013-05-19 The

CS 134: Operating Systems System Calls 1 / 20 Overview CS34 Overview 2013-05-19 The

CS34 2013-05-19 CS 134: Operating Systems System Calls CS 134: Operating Systems System Calls 1 / 20 Overview CS34 Overview 2013-05-19 The Processor Status Word Protection Types of Protection Overview Memory Protection System Calls

726 views • 20 slides
OS Structures Tevfik Ko ! ar University at Buffalo September 1 st , 2011 1 Roadmap OS

OS Structures Tevfik Ko ! ar University at Buffalo September 1 st , 2011 1 Roadmap OS

CSE 421/521 - Operating Systems Fall 2011 Lecture - II OS Structures Tevfik Ko ! ar University at Buffalo September 1 st , 2011 1 Roadmap OS Design and Implementation Different Design Approaches Major OS Components ! Processes !

479 views • 21 slides
Tales of the Tail Hardware, OS, and Application-level Sources of Tail Latency Jialin Li, Naveen

Tales of the Tail Hardware, OS, and Application-level Sources of Tail Latency Jialin Li, Naveen

Tales of the Tail Hardware, OS, and Application-level Sources of Tail Latency Jialin Li, Naveen Kr. Sharma , Dan R. K. Ports and Steven D. Gribble February 2, 2015 1 Introduction What is Tail Latency? What is Tail Latency? 2 Introduction

1.01k views • 73 slides
Time Frequency Analysis Overview Introduction and Motivation Introduction and motivation r x (

Time Frequency Analysis Overview Introduction and Motivation Introduction and motivation r x (

Time Frequency Analysis Overview Introduction and Motivation Introduction and motivation r x ( , n ) = E [ x ( n ) x ( n ) ] for m m Windowed estimates as filter banks R x (e j , n ) = r x ( , n )

336 views • 16 slides
MECIR Toby Lasserson April 2016 Trusted evidence. Informed decisions. Better health. Session

MECIR Toby Lasserson April 2016 Trusted evidence. Informed decisions. Better health. Session

MECIR Toby Lasserson April 2016 Trusted evidence. Informed decisions. Better health. Session overview MECIR: brief history CEU review screening & use of MECIR MECIR 2.0 MECIR standards Developed from existing Handbook guidance MECIR

665 views • 31 slides

More recommend