Presentation is loading. Please wait.

Presentation is loading. Please wait.

Muen Policy & Toolchain

Published byReynold Perry Modified over 6 years ago

Similar presentations

Presentation on theme: "Muen Policy & Toolchain"— Presentation transcript:

1 Muen Policy & Toolchain
HABEEB P

2 Muen policy A policy is a description of the system running on top of the Muen Separation Kernel. It defines what hardware resources are present, how many active components (called subjects) the system is composed of, how they interact and which system resources they are allowed to access. The policy serves as a static description of a Muen system.

3 Muen policy The following properties are specified by the policy:
Hardware resources Kernel diagnostics device Physical memory regions Events Communication channels Components Subjects Scheduling plans

4 Hardware Resources All available hardware resources of a target machine must be defined in the system policy in order to perform static resource allocation at integration time. Data required by a hardware description includes Amount of available physical memory Number of logical CPUs Hardware device resources

5 Kernel diagnostics device
The Muen SK can be instructed to output debugging information during runtime. The kernel diagnostics device specifies which I/O device the kernel is to use for this purpose.

6 Physical Memory Regions
This part of the policy specifies the physical memory layout of the system. Memory regions are defined by their size, caching, type and address. Muen Policy, Memory Regions

7 Events Subjects can use events to either deliver an interrupt or hand over execution to a target subject. The first kind of event provides a basic notification mechanism and enables the implementation of event-driven services. The second type facilitates suspension of execution of the source subject and switching to the target. Muen Events

8 Communication Channels
Inter-subject communication is represented by channels. These channels represent directed information flows since they have a single writer and possibly multiple readers. Optionally a channel can have an associated notification event . Channels are declared globally and have an unique name to be unambiguous.

9 Communication Channels ..
Muen Channel Example

10 Components A component is a piece of software executed by the SK.
The description of a component specifies, The binary program file logical resources such communication channels Type of the component Muen Components Example

11 Subjects Subjects are instances of components.
A subject specification references a component and maps the declared logical resources to physical resources provided by the system. subjects can specify extra resources such as device and memory mappings

12 Subjects Subjects Example

13 Scheduling plans The Muen SK performs scheduling of subjects in a fixed, cyclic and pre-emptive way according to users specification. Scheduling plans specify in what order subjects are executed on which logical CPU and for how long. A scheduling plan is specified in terms of frames Major Frame Minor Frame

14 Scheduling plans .. Major Frame Minor Frame
Consists of a sequence of minor frames. Minor Frame A minor frame specifies a subject and a precise amount of time. This information is directly applied by the scheduler. Example of Major Frame

15 Example Scheduling Plan
Scheduling plans .. An example of a scheduling plan for multiple logical CPUs Example Scheduling Plan

16 Scheduling plans .. Example Schedule
<scheduling tickRate="10000"> <majorFrame> <cpu id="0"> <minorFrame subject="tau0" ticks="20"/> <minorFrame subject="vt" ticks="50"/> </cpu> <cpu id="1"> <minorFrame subject="nic_linux" ticks="20"/> <minorFrame subject="nic_linux" ticks="100"/> </majorFrame> </scheduling>

17 POLICY FORMAT

18 Policy format The system policy is specified in XML.
To provide abstractions and a compact way for users three different policy formats are used: Source Format Format A Format B

19 Source Format The user-specified policy is written in the source format. Many XML elements and attributes are optional and will be filled in with default values during later steps of the policy compilation process. Kernel is not part of the source format since kernel automatically added by the policy expansion step.

20 Source Format .. XML type specification of System Element in source format

21 Format A Format A is a processed version of the source format
where all includes are resolved. All implicit elements, such as for example automatically generated page table memory regions, are specified. The kernel configuration is also declared as part of format A. The only optional attributes are addresses of physical memory regions.

22 Format A XML type specification of System Element in source format
XML type specification of System Element in format A

23 Format B Format B is equivalent to Format A except that all physical memory regions have a fixed location (i.e. their physical address is set).

24 BUILD PROCESS

25 Build process The build of a system is divided into the following steps: Policy compilation Policy validation Structure generation Image packaging

26 Build process Src: [1]

27 TOOLCHAIN

28 Merger The Merger combines user-provided system policy files into a single XML document. Input System policy in format source, platform specification, hardware description Output System policy in format source (merged)

29 Expander The expander completes the user-provided system policy by creating or deriving additional configuration elements. The Expander performs the following actions: Pre-check the system policy to make sure it is sound Expand channels Expand kernel sections Expand additional subject information Expand profile-specific information Post-check resulting policy

30 Allocator The Allocator is responsible to assign a physical address to all global memory regions. Allocator initializes the physical memory view of the system based on the physical memory blocks specified in the XML hardware section. Reserves memory that is occupied by pre-allocated memory elements (i.e. memory regions with a physical address or device memory). Finally it places all remaining memory regions in physical memory.

31 Validator The Validator performs additional checks that go beyond the basic restrictions imposed by the XML schema validation. Currently over 90 checks are performed. Examples of checks include: Assert that memory regions do not overlap Assert that no subject has access to system or kernel memory Assert that scheduling plan major frames have the same length on each CPU

32 Structure Generators These tools do not change the policy and use it read-only. Generate some structures by using policy file. Some Example structures include: Page tables I/O bitmaps for subjects MSR Bitmaps Linux Zero Pages

33 Page Tables Generate page tables for kernel(s) and subjects.
These page tables are used to grant access to physical memory according to the virtual memory layout of the subject. An IA32-e page table is generated for each kernel running on a logical, active CPU. Depending on the subject profile either native 64- bit IA32-e or Extended Page Tables (EPT) are generated.

34 Packer The Packer tool assembles the final system image by first allocating a memory buffer which is initialized with zero. The size of the buffer is large enough to hold the complete system image, which consists of all file- backed memory regions specified in the policy: Kernel binary Kernel page tables I/O bitmaps Subject binaries Subject page tables ..

35 References [1]. Muen – Toolchain , Reto Buerki ,Adrian-Ken Rueegsegger, February 22, 2016 [2]. Muen - An x86/64 Separation Kernel for High Assurance Reto Buerki, Adrian-Ken Rueegsegger August 29, 2013

36 THANK YOU

Download ppt "Muen Policy & Toolchain"

Similar presentations

Network II.5 simulator ..

Network II.5 simulator ..
Chapter 3 Process Description and Control

Chapter 3 Process Description and Control
Program Development Tools The GNU (GNU’s Not Unix) Toolchain The GNU toolchain has played a vital role in the development of the Linux kernel, BSD, and.

Program Development Tools The GNU (GNU’s Not Unix) Toolchain The GNU toolchain has played a vital role in the development of the Linux kernel, BSD, and.
MODERN OPERATING SYSTEMS Third Edition ANDREW S. TANENBAUM Chapter 3 Memory Management Tanenbaum, Modern Operating Systems 3 e, (c) 2008 Prentice-Hall,

MODERN OPERATING SYSTEMS Third Edition ANDREW S. TANENBAUM Chapter 3 Memory Management Tanenbaum, Modern Operating Systems 3 e, (c) 2008 Prentice-Hall,
CMPT 300: Operating Systems I Dr. Mohamed Hefeeda

CMPT 300: Operating Systems I Dr. Mohamed Hefeeda
11/13/01CS-550 Presentation - Overview of Microsoft disk operating system. 1 An Overview of Microsoft Disk Operating System.

11/13/01CS-550 Presentation - Overview of Microsoft disk operating system. 1 An Overview of Microsoft Disk Operating System.
Introduction to Kernel

Introduction to Kernel
Home: www.cse.dmu.ac.uk/~pkang Phones OFF Please Unix Kernel Parminder Singh Kang Home: www.cse.dmu.ac.uk/~pkang Email: pkang@dmu.ac.uk.

Home: Phones OFF Please Unix Kernel Parminder Singh Kang Home:
Chapter 13 Embedded Systems

Chapter 13 Embedded Systems
Translation Buffers (TLB’s)

Translation Buffers (TLB’s)
Memory Management 1 CS502 Spring 2006 Memory Management CS-502 Spring 2006.

Memory Management 1 CS502 Spring 2006 Memory Management CS-502 Spring 2006.
CS-3013 & CS-502, Summer 2006 Memory Management1 CS-3013 & CS-502 Summer 2006.

CS-3013 & CS-502, Summer 2006 Memory Management1 CS-3013 & CS-502 Summer 2006.
MEMORY MANAGEMENT By KUNAL KADAKIA RISHIT SHAH. Memory Memory is a large array of words or bytes, each with its own address. It is a repository of quickly.

MEMORY MANAGEMENT By KUNAL KADAKIA RISHIT SHAH. Memory Memory is a large array of words or bytes, each with its own address. It is a repository of quickly.
Processes and Resources

Processes and Resources
Using Two Queues. Using Multiple Queues Suspended Processes Processor is faster than I/O so all processes could be waiting for I/O Processor is faster.

Using Two Queues. Using Multiple Queues Suspended Processes Processor is faster than I/O so all processes could be waiting for I/O Processor is faster.
Software Development and Software Loading in Embedded Systems.

Software Development and Software Loading in Embedded Systems.
Copyright Arshi Khan1 System Programming Instructor Arshi Khan.

Copyright Arshi Khan1 System Programming Instructor Arshi Khan.
An Introduction to Software Architecture

An Introduction to Software Architecture
Eric Keller, Evan Green Princeton University PRESTO 2008 8/22/08 Virtualizing the Data Plane Through Source Code Merging.

Eric Keller, Evan Green Princeton University PRESTO /22/08 Virtualizing the Data Plane Through Source Code Merging.
Three fundamental concepts in computer security: Reference Monitors: An access control concept that refers to an abstract machine that mediates all accesses.

Three fundamental concepts in computer security: Reference Monitors: An access control concept that refers to an abstract machine that mediates all accesses.

Similar presentations

Ads by Google