Mixed-Criticality Support in a High-Assurance, General-Purpose Microkernel
نویسندگان
چکیده
We explore a model for mixed-criticality support in seL4, a high-assurance microkernel designed for real-world use. Specifically we investigate how the seL4 model can be extended without compromising its security properties and its generalpurpose nature, including high average-case performance. The proposed model introduces reservations, with admission control performed at user level, similar to how seL4 handles spatial resources.
منابع مشابه
It's Time: OS Mechanisms for Enforcing Asymmetric Temporal Integrity
Mixed-criticality systems combine real-time components of different levels of criticality, i.e. severity of failure, on the same processor, in order to obtain good resource utilisation. They must guarantee deadlines of highly-critical tasks at the expense of lower-criticality ones in the case of overload. Present operating systems provide inadequate support for this kind of system, which is of ...
متن کاملScheduling-Context Capabilities
Mixed-criticality systems (MCS) combine real-time components of different levels of criticality – i.e. severity of failure – on the same processor, in order to obtain good resource utilisation. They must be able to guarantee deadlines of highly-critical threads without any dependence on less-critical threads. This requires strong temporal isolation, similar to the spatial isolation that is trad...
متن کاملSecure Microkernel Operating Systems
This paper reviews the concepts and mechanisms used to improve security in general purpose operating systems. The evolution from makrokernels to microkernels is illustrated, showing different approaches to achieve not only (more) secure but also practical platforms for legacy software applications. The ultimate method of proving correctness by formal verification is revisited. A real-world mikr...
متن کاملMixed-Criticality Systems based on a CAN Router with Support for Fault Isolation and Selective Fault-Tolerance
In many application domains there is an increasing trend for mixed-criticality systems with functions of different assurance levels on shared computing platforms. Today’s CAN-based platforms do not support the requirements of mixed-criticality systems. A single CAN bus provides low cost, real-time support and flexibility for applications where the communication service is not safety-relevant. F...
متن کاملSafety Assurance Driven Problem Formulation for Mixed-Criticality Scheduling
In 2007, Vestal proposed Mixed-Criticality Scheduling (MCS) to increase utilisation despite imperfect timing evidence. Others have since refined the MCS problem formulation, proposed alternative scheduling approaches, and evaluated their performance. We assess existing MCS problem formulations from a safety assurance perspective and report problems found. Among these is the use of the word ‘cri...
متن کامل