Presented By, Bhargavi Konduru

 Nowadays, most electronic appliances have computing capabilities that run on embedded operating system (OS) kernels, which provide basic execution primitives that can be commonly used by many appliances.  The recent emergence of digital appliances requires more advancde features, such as networking and GUI, which dramatically complicates the appliances’ software systems and increases their code size.  Networked systems need to be prepared for attacks through the internet.

 Users software systems must be more robust than ordinary personal computer systems.  Building such large, complex, and robust software systems on embedded kernels with the absence of a protection domain is very difficult as software bugs can cause system malfunction, data corruption, security breaches, or even system destruction.  To reduce the problem of the attacks a new system architecture is proposed in this paper.

 A system architecture that co-locates multiple embedded operating systems on a microkernel is proposed.  It employs a microkernel to provide protected execution environment for the existing embedded kernels that have no protection mechanism.  No need to run the existing software on different operating systems as the same protection domain is shared.  As the micro kernel supports multiple protected execution environments, we can run multiple instances along with the applications.

 System reinforces reliability and security, as the applications and servers can be decoupled to different protection domains.  The microkernel performs the scheduling of embedded kernel instances.  Here a system is developed that consists of a TL4 microkernel and a μITRON kernel.

 It enables the provision of protected domains without affecting the compatibility of the kernel APIs by employing a microkernel.  It can achieve maximum reusability of the existing software resources including embedded OS kernels and their applications.  It enables the schedulability analysis of real-time tasks on an embedded OS kernel.  These features can protect the existing software resources, maintain the software quality, and save costs.

 To accommodate large and complex software systems, new kernels that support protection domains have been created.  But this is considered as a drawback as there will be compatibility issues.  The architecture proposed in this paper enables the reuse of the current kernel, by co-locating multiple kernels on a micro kernel.  The proposed architecture incorporates the hierarchical CPU scheduling to handle the multiple independent instances of a real time kernel.

 It consists of TL4 microkernel, the multiple instances of a μITRON kernel.  Multiple applications can run within a single instance of a μITRON kernel.  Applications can access services provided by servers through server proxies.  Only TL4 microkernel executes in the privileged mode directly on top of hardware. It provides protection domains, threads, and IPC.  The misbehaviors of applications do not cause data destruction in servers protection domains as different protection domains are allocated for applications and servers.

 It can effectively utilize multiple protection domains.  Mainly a protection domain should be dedicated to personal data file services in order to isolate personal data files from any illegal access.  Network services are isolated in another protection domain since a network subsystem is the most likely an entry point for a system to be compromised.  Local device servers implement the drivers of devices shared by applications and the other services

 We can make system consume less resources by using protection domain.  It is desirable to dedicate a protection domain to an application program when it is not trusted or it needs to be installed from the internet.  Another use of protection domain is for debugging, as it is usually difficult to find bugs that share the same domain.  Out of range memory references can be easily detected.

 TL4 microkernel is based on L4 μ-kernel and is enhanced to enable the execution of multiple μITRON kernel instances.  TL4 microkernel inherits L4 μ-kernel’s simple abstractions, that include threads, protection domains, memory pages, and IPC.  Here TL4 microkernel’s execution entities are referred as threads and μITRON kernel’s execution entities are referred to as tasks or applications.

 A μITRON kernel is a simple embedded real-time kernel that provides real-time tasks, synchronization and communication mechanisms and device drivers.  It is divided in to 3 parts Machine Independent Part Machine dependent part Processor Emulator

 To maximize the reusability and minimize the modifications, a layer called processor emulator is introduced that emulates the hardware and encapsulates the differences from the hardware.  The processor emulator deals with interrupts, time management, scheduling events, and the idle state.  Controlling Interrupts: Interrupts are disabled by setting a flag and enabled by a message notification.  Time Management: Here we need to consider the scheduling of the timer interrupt emulation threads for those kernel instances.

 Dealing with external scheduling events: It happens when an interrupt occurs and a higher priority task wakes up.  Dealing with Idle State: When all tasks are blocked and there is no task to run in a ITRON kernel, the kernel falls into the idle state. Here the main execution thread needs to block in order to avoid disturbing the other instances execution.

 Enhancements:  Scheduler: Here the scheduler determines which thread to run as each instance has a thread queue that maintains runnable threads of the instance.  Scheduling of Interrupt Emulation Threads: It has three States. The instance is running The instance is runnable but not running The instance is not runnable

 As the implementation of the system is finished and described let us see the evaluation of the system.  Memory Footprints: It shows the memory sizes consumed to run a single instance of μITRON kernel on TL4 microkernel.  The memory footprint of a μITRON kernel instance on TL4 microkernel is 63KB, which is slightly smaller than the original μITRON kernel.

 Invocation Latencies: Latencies from the software entry point of interrupt are measured.  They are measured by considering two tasks Application task 1 and Application task 2.  Latency values are measured for both cases of μITRON kernel on TL4kernel and μITRONkernel on hardware.  The results show that the μITRONkernel on TL4 kernel outperforms the μITRONkernel on the hardware.

 Here the authors proposed an alternative approach to introduce protected domains to the existing embedded systems.  This approach employs a microkernel to provide protected execution environments for the existing embedded kernels.  It can achieve the maximum reusability of the existing software resources including embedded OS kernels and their applications.  Future work includes creating more realistic and practical setup, and more accurate system and its evaluation.

 G. Bollella and K. Jeffay. Support for Real-Time Computing within General Purpose Operating Systems - Supporting Co-Resident Operating Systems. In Proceedings of the 1st IEEE Real-Time Technology and Applications Symposium, May  R. J. Creasy. The Origin of the VM/370 Time-Sharing System. IBM Journal of Research and Development, 25 (5),  R. P. Goldberg. Survey of Virtual Machine Research. IEEE Computer Magazine, pages 34–45, June  G. W. Dunlap, S. T. King, S. Cinar, M. Basrai, P. M. Chen. ReVirt: EnablingIntrusion Analysis through Virtual-Machine Logging and Replay.In Proceedings of the 2002 Symposium on Operating Systems Design and Implementation, December  T. Garfinkel and M. Rosenblum. A Virtual Machine Introspection BasedArchitecture for Intrusion Detection. In Proceedings of the Internet Society’s 2003 Symposium on Network and Distributed System Security, February  S. T. King, G. W. Dunlap, and P. M. Chen. Operating System Support for Virtual Machines. In Proceedings of the 2003 Annual USENIX Technical Conference, June  J. Sugerman, G. Venkitachalam, and B. H. Lim. Virtualizing I/O Devices on VMware Workstation’s Hosted Virtual Machine Monitor. In Proceedings of 2001 USENIX Annual Technical Conference,  H. Takada ed. μITRON4.0 Specification. TRON Association, (In Japanese)  H. Takada ed. μITRON4.0/PX Specification: Protection MechanismExtension to μITRON4.0 Specification. TRON Association Version Up WG, (In Japanese)