425 Hits in 3.5 sec

Improving interrupt response time in a verifiable protected microkernel

Bernard Blackham, Yao Shi, Gernot Heiser
2012 Proceedings of the 7th ACM european conference on Computer Systems - EuroSys '12  
We use the formally-verified seL4 microkernel as a case study and demonstrate that it is possible to achieve reasonable response-time guarantees.  ...  This paper explores how to reduce the worst-case interrupt latency in a (mostly) non-preemptible protected kernel, and still maintain the ability to apply formal methods for analysis.  ...  Acknowledgements Many members of the seL4 team helped to develop the ideas presented in this paper, including Kevin Elphinstone (lead architect), Adrian Danis, Dhammika Elkaduwe, Ben Leslie, Thomas Sewell  ... 
doi:10.1145/2168836.2168869 dblp:conf/eurosys/BlackhamSH12 fatcat:y4cvpfafljhi3m6id4vermmi5q

To preempt or not to preempt, that is the question

Bernard Blackham, Vernon Tang, Gernot Heiser
2012 Proceedings of the Asia-Pacific Workshop on Systems - APSYS '12  
Real-time operating systems (RTOSes) are traditionally designed to be fully preemptible. This improves the average interrupt response time of the system but increases kernel complexity.  ...  While this potentially worsens interrupt response times, we claim that for a protected-mode RTOS, as required for multi-criticality systems, non-preemptible kernels can achieve worst-case latencies comparable  ...  Introduction Hard real-time systems demand predictable worstcase interrupt latencies-their interrupt response times must be both bounded and short enough for the application domain.  ... 
doi:10.1145/2349896.2349904 dblp:conf/apsys/BlackhamTH12 fatcat:zyv635ahtfe7jod4pjhdmvwtpi

Protected hard real-time

Bernard Blackham, Yao Shi, Gernot Heiser
2011 Proceedings of the Second Asia-Pacific Workshop on Systems - APSys '11  
Designing hard real-time systems on a protected OS is often avoided due to the difficulty in predicting its response time.  ...  We contend that a carefully written microkernel providing these mechanisms has the ability to be used in a hard real-time system without overly pessimistic response time guarantees.  ...  In this paper, we investigate seL4's application to hard real-time domains and present the benefits of analysing a formally verified kernel.  ... 
doi:10.1145/2103799.2103801 dblp:conf/apsys/BlackhamSH11 fatcat:mevt4czbebb2tahkv6jtqpw4vi

Mini-NOVA: A Lightweight ARM-based Virtualization Microkernel Supporting Dynamic Partial Reconfiguration

Tian Xia, Jean-Christophe Prevotet, Fabienne Nouvel
2015 2015 IEEE International Parallel and Distributed Processing Symposium Workshop  
In this context, adding a run-time reconfigurable FPGA device to the ARM processor into a single chip makes it possible to combine high performance and flexibility.  ...  In this paper, we propose a low-complexity design of system virtualization running on the Zynq platform. Virtualization of software and hardware resources are managed by a custom microkernel.  ...  It is also an appropriate object to verify and evaluate our system's performance in the real-time domain. In this paper, we paravirtualized uCOS-II real time kernel as a guest OS.  ... 
doi:10.1109/ipdpsw.2015.72 dblp:conf/ipps/XiaPN15 fatcat:e2fxsb6urbeqfavov4yv52efae

Construction of a Highly Dependable Operating System

Jorrit Herder, Herbert Bos, Ben Gras, Philip Homburg, Andrew Tanenbaum
2006 2006 Sixth European Dependable Computing Conference  
run each device driver as a separate user-mode process, encapsulated in a private address space protected by the MMU hardware-just like for ordinary application programs.  ...  In addition, we implemented a POSIX-conformant operating system, MINIX 3, as multiple user-mode servers.  ...  The system can be characterized as a microkernel running a set of verifiably-safe, software-isolated servers.  ... 
doi:10.1109/edcc.2006.7 dblp:conf/edcc/HerderBGHT06 fatcat:b4sdp6nkffhcfphq7cv26w4j2q

Timing Analysis of a Protected Operating System Kernel

Bernard Blackham, Yao Shi, Sudipta Chattopadhyay, Abhik Roychoudhury, Gernot Heiser
2011 2011 IEEE 32nd Real-Time Systems Symposium  
As a result, hard real-time systems are usually developed without memory protection, perhaps utilizing a lightweight real-time executive to provide OS abstractions.  ...  Operating systems offering virtual memory and protected address spaces have been an elusive target of static worst-case execution time (WCET) analysis.  ...  A. Contribution This paper presents the first full interrupt-response-time analysis of an OS kernel providing full virtual memory and memory protection.  ... 
doi:10.1109/rtss.2011.38 dblp:conf/rtss/BlackhamSCRH11 fatcat:mvejlztgrvbcljy25xewg756pe

HYDRA: HYbrid Design for Remote Attestation (Using a Formally Verified Microkernel) [article]

Karim ElDefrawy, Norrathep Rattanavipanon, Gene Tsudik
2017 arXiv   pre-print
Building upon a formally verified software component increases confidence in security of the overall design of HYDRA and its implementation.  ...  HYDRA obtains these properties by using the formally verified seL4 microkernel. (Until now, this was only attainable with purely hardware-based designs.)  ...  V erif yRequest (lines 3 to 9) is responsible for verifying an attestation request and whether it has been recently generated by an authorized verifier.  ... 
arXiv:1703.02688v2 fatcat:wuggtxvwbvfghbgentun6hr2di


Matthias Lange, Steffen Liebergeld, Adam Lackorzynski, Alexander Warg, Michael Peter
2011 Proceedings of the 1st ACM workshop on Security and privacy in smartphones and mobile devices - SPSM '11  
It is based on a state-of-the-art microkernel that ensures isolation between the virtual machine and secure applications.  ...  In this work we present a generic operating system framework that does away with the need for such hardware extensions. We encapsulate the original smartphone operating system in a virtual machine.  ...  Interrupts are modeled using IPC. Scheduling is implemented in the kernel and is responsible for dispatching a thread that is ready to run.  ... 
doi:10.1145/2046614.2046623 dblp:conf/ccs/LangeLLWP11 fatcat:ybnqzm4vojf2xil227deqwqlky

Increasing the trustworthiness of commodity hardware through software

Kevin Elphinstone, Yanyan Shen
2013 2013 43rd Annual IEEE/IFIP International Conference on Dependable Systems and Networks (DSN)  
This paper discusses improving the trustworthiness of commodity hardware to enable a verified microkernel to be used in some situations previously needing separate computers.  ...  Advances in formal software verification has produced an operating system that is guaranteed mathematically to be correct and enforce access isolation.  ...  Our work aims to explore how to increase the trustworthiness of commercial off-the-shelf (COTS) hardware in order to deploy a verified microkernel in application domains which require both high security  ... 
doi:10.1109/dsn.2013.6575328 dblp:conf/dsn/ElphinstoneS13 fatcat:2uvav7y6h5djbipmlmgy7ip6jy

VTOS: Research on Methodology of "Light-Weight" Formal Design and Verification for Microkernel OS [chapter]

Zhenjiang Qian, Hao Huang, Fangmin Song
2013 Lecture Notes in Computer Science  
In this paper, we present a "light-weight" formal method of design and verification for OS.  ...  Using the rigorous formal methods to verify the correctness of the operating systems is a recognized method.  ...  The microkernel handles the process scheduling, responsible for state transitions of the processes in ready, running, and blocking.  ... 
doi:10.1007/978-3-319-02726-5_2 fatcat:3h7a27w4bbd4hevgj76jsxpiky

A Scalable Physical Memory Allocation Scheme for L4 Microkernel

Chen Tian, Daniel Waddington, Jilong Kuang
2012 2012 IEEE 36th Annual Computer Software and Applications Conference  
In this work, we first study the scalability issue of the PMA implementation in L4 microkernels, and propose our solution in the context of Fiasco.OC, a state-of-the-art L4 microkernel implementation.  ...  Finally, we conduct experiments to verify the scalability result of our solution. The experiment is conducted on a 48-core AMD magny-cours server.  ...  Finally, we conducted a set of experiments on a 48-core machine to verify the scalability results of the per-core PMA design in L4 microkernel.  ... 
doi:10.1109/compsac.2012.85 dblp:conf/compsac/TianWK12 fatcat:kjtzwy2pdfhwhlkm33skmrn6ou

Microkernel Mechanisms for Improving the Trustworthiness of Commodity Hardware

Yanyan Shen, Kevin Elphinstone
2015 2015 11th European Dependable Computing Conference (EDCC)  
We take advantage of the functional correctness and isolation guarantee provided by the formally verified seL4 microkernel and hardware redundancy provided by multicore processors, design the redundant  ...  Compared with other software-based error detection approaches, the distinguishing feature of RCoE is that the microkernel and device drivers are also included in redundant coexecution, significantly extending  ...  The main theme of the thesis is to address the need by improving the formally verified seL4 microkernel with self-checking capabilities.  ... 
doi:10.1109/edcc.2015.16 dblp:conf/edcc/ShenE15 fatcat:xq65e72x7zcnjbbmrwpgebqnxa

Towards availability and real-time guarantees for protected module architectures

Jo Van Bulck, Job Noorman, Jan Tobias Mühlberg, Frank Piessens
2016 Companion Proceedings of the 15th International Conference on Modularity - MODULARITY Companion 2016  
This paper reports on our work-in-progress towards extending a protected module architecture for small microprocessors with availability and real-time guarantees.  ...  Protected Module Architectures are a new brand of security architectures whose main objective is to support the secure isolated execution of software modules with a minimal Trusted Computing Base (TCB)  ...  On the other hand, the complete seL4 microkernel [9] has been formally verified, in-cluding worst-case execution times, which makes it a suitable and trustworthy alternative for virtual memory architectures  ... 
doi:10.1145/2892664.2892693 dblp:conf/aosd/BulckNMP16 fatcat:un3yanhgibhjpe7br4mkzp763y

A Secure System Architecture for Measuring Instruments in Legal Metrology

Daniel Peters, Michael Peter, Jean-Pierre Seifert, Florian Thiel
2015 Computers  
In this paper, a flexible software system architecture is presented that addresses these challenges within the framework of essential requirements laid down in the Measuring Instruments Directive of the  ...  Additionally, measuring instruments have adopted general-purpose operating systems to offer the user a broader functionality that is not necessarily restricted towards measurement alone.  ...  In our framework, some VMs, e.g., the Connection Manager that is responsible for redirecting interrupts, can be split into more than one window of execution.  ... 
doi:10.3390/computers4020061 fatcat:rhpmka55mzewnllp3ijvwxd6rm

Achieving Software Security for Measuring Instruments under Legal Control

Daniel Peters, Ulrich Grottker, Florian Thiel, Michael Peter, Jean-Pierre Seifert
2014 Position Papers of the 2014 Federated Conference on Computer Science and Information Systems  
In recent years measuring instruments have adopted general-purpose operating systems to offer the user a broader functionality that is not necessarily restricted towards measurement alone.  ...  The system architecture is based on a modular design assuring correct collaboration between modules by encapsulating them in different virtual machines and supervising their communication.  ...  In our framework some VMs, e.g. the Connection Manager that is responsible for redirecting interrupts, could be split into more than one window of execution.  ... 
doi:10.15439/2014f460 dblp:conf/fedcsis/PetersGTPS14 fatcat:ia3646a3wjff7dx6bnwifnhem4
« Previous Showing results 1 — 15 out of 425 results