Your search keyword '"Microkernel"' showing total 664 results

1. DeHyp a Hardware-Irrelevant BYOD Device Security Enhancement Architecture

Author

Li, Meng, Xiao, Kun, Yang, Ningkang, Luo, Lei, Gui, Shenglin, Filipe, Joaquim, Editorial Board Member, Ghosh, Ashish, Editorial Board Member, Zhou, Lizhu, Editorial Board Member, Gu, Zhaoquan, editor, Zhou, Wanlei, editor, Zhang, Jiawei, editor, Xu, Guandong, editor, and Jia, Yan, editor

Published

2024

2. Is Formal Verification of seL4 Adequate to Address the Key Security Challenges of Kernel Design?

Author

Mina Soltani Siapoush and Jim Alves-Foss

Subjects

Microkernel, seL4, formal methods, correctness verification, Electrical engineering. Electronics. Nuclear engineering, TK1-9971

Abstract

Formal method tools are used in the initial stages of the software development cycle and have advanced to deal with the design difficulties related to ensuring strong cybersecurity and reliability in high-assurance systems. Operating system kernels are the security keystone of most computer systems. Their continuous advances require formal verification that guarantees the accuracy of their functionalities. As the world’s first microkernel to be proven mathematically secure and functionally correct, seL4 has been adopted for use in a range of critical systems, including defense, aerospace, and financial services applications. In spite of the great effort of the seL4 team to present a comprehensive formal verification of the kernels, there are some security aspects of verification that suffer from a limited scope. From an outsider’s perspective, this paper aims to evaluate if seL4 formal verification is adequate to address security requirements and surveys the recent state of the art for seL4 microkernels.

Published

2023

3. Safety Certification with the Open Source Microkernel-Based Operating System L4Re

Author

Lampka, Kai, Thurlby, Joel, Lackorzynski, Adam, Hähnel, Marcus, Goos, Gerhard, Founding Editor, Hartmanis, Juris, Founding Editor, Bertino, Elisa, Editorial Board Member, Gao, Wen, Editorial Board Member, Steffen, Bernhard, Editorial Board Member, Yung, Moti, Editorial Board Member, Trapp, Mario, editor, Saglietti, Francesca, editor, Spisländer, Marc, editor, and Bitsch, Friedemann, editor

Published

2022

4. Secure Trusted Operating System Based on Microkernel Architecture

Author

Li, De Jian, Wang, Hui, Tang, Xiao Ke, Yang, Li Xin, Shen, Chong Fei, Xiao, Kun, Kacprzyk, Janusz, Series Editor, Gomide, Fernando, Advisory Editor, Kaynak, Okyay, Advisory Editor, Liu, Derong, Advisory Editor, Pedrycz, Witold, Advisory Editor, Polycarpou, Marios M., Advisory Editor, Rudas, Imre J., Advisory Editor, Wang, Jun, Advisory Editor, Yang, Xin-She, editor, Sherratt, Simon, editor, Dey, Nilanjan, editor, and Joshi, Amit, editor

Published

2022

5. seL4 Microkernel for Virtualization Use-Cases: Potential Directions towards a Standard VMM.

Author

Matos, Everton de and Ahvenjärvi, Markku

Subjects

VIRTUAL machine systems, TRUST, COMMUNITIES, SECURITY systems

Abstract

Virtualization plays an essential role in providing security to computational systems by isolating execution environments. Many software solutions, called hypervisors, have been proposed to provide virtualization capabilities. However, only a few were designed for being deployed at the edge of the network in devices with fewer computation resources when compared with servers in the Cloud. Among the few lightweight software that can play the hypervisor role, seL4 stands out by providing a small Trusted Computing Base and formally verified components, enhancing its security. Despite today being more than a decade with seL4 microkernel technology, its existing userland and tools are still scarce and not very mature. Over the last few years, the main effort has been to increase the maturity of the kernel itself, and not the tools and applications that can be hosted on top. Therefore, it currently lacks proper support for a full-featured userland Virtual Machine Monitor, and the existing one is quite fragmented. This article discusses the potential directions to a standard VMM by presenting our view of design principles and the feature set needed. This article does not intend to define a standard VMM, we intend to instigate this discussion through the seL4 community. [ABSTRACT FROM AUTHOR]

Published

2022

6. General and Fast Inter-Process Communication via Bypassing Privileged Software.

Author

Mi, Zeyu, Zhuang, Haoqi, Zang, Binyu, and Chen, Haibo

Subjects

*VIRTUAL machine systems, *COMPUTER software, *DESIGN techniques, *ZIRCON

Abstract

IPC (Inter-Process Communication) is a widely used operating system (OS) technique that allows one process to invoke the services of other processes. The IPC participants may share the same OS (internal IPC) or use a separate OS (external IPC). Even though a long line of researches has optimized the performance of IPC, it is still a major factor of the run-time overhead of IPC-intensive applications. Furthermore, there is no one-size-fits-all solution for both internal and external IPC. This paper presents SkyBridge, a general communication technique designed and optimized for both types of IPC. SkyBridge requires no involvement of the privileged software (the kernel or the hypervisor) and enables a process to directly switch to the virtual address space of the target process, regardless of whether they are running on the same OS or not. We have implemented SkyBridge on two microkernels (seL4 and Google Zircon) as well as an open-source serverless hypervisor (Firecracker). The evaluation results show that SkyBridge improves the latency of internal IPC and external IPC by up to 19.6x and 1265.7x, respectively. [ABSTRACT FROM AUTHOR]

Published

2022

7. A Tickless AMP Distributed Core-Based Microkernel for Big Data

Author

Sobh, Karim, El-Kadi, Amr, Kacprzyk, Janusz, Series Editor, Pal, Nikhil R., Advisory Editor, Bello Perez, Rafael, Advisory Editor, Corchado, Emilio S., Advisory Editor, Hagras, Hani, Advisory Editor, Kóczy, László T., Advisory Editor, Kreinovich, Vladik, Advisory Editor, Lin, Chin-Teng, Advisory Editor, Lu, Jie, Advisory Editor, Melin, Patricia, Advisory Editor, Nedjah, Nadia, Advisory Editor, Nguyen, Ngoc Thanh, Advisory Editor, Wang, Jun, Advisory Editor, Arai, Kohei, editor, Bhatia, Rahul, editor, and Kapoor, Supriya, editor

Published

2020

8. Boosting Inter-process Communication with Architectural Support.

Author

YUBIN XIA, DONG DU, ZHICHAO HUA, BINYU ZANG, HAIBO CHEN, and HAIBING GUAN

Subjects

*MESSAGE passing (Computer science), *BOOSTING algorithms, *FUCHSIA

Abstract

IPC (inter-process communication) is a critical mechanism for modern OSes, including not only microkernels such as seL4, QNX, and Fuchsia where system functionalities are deployed in user-level processes, but also monolithic kernels like Android where apps frequently communicate with plenty of user-level services. However, existing IPC mechanisms still suffer from long latency. Previous software optimizations of IPC usually cannot bypass the kernel that is responsible for domain switching and message copying/remapping across different address spaces; hardware solutions such as tagged memory or capability replace page tables for isolation, but usually require non-trivial modification to existing software stack to adapt to the new hardware primitives. In this article, we propose a hardware-assisted OS primitive, XPC (Cross Process Call), for effi- cient and secure synchronous IPC. XPC enables direct switch between IPC caller and callee without trapping into the kernel and supports secure message passing across multiple processes without copying. We have implemented a prototype of XPC based on the ARM AArch64 with Gem5 simulator and RISC-V architecture with FPGA boards. The evaluation shows that XPC can reduce IPC call latency from 664 to 21 cycles, 14x-123x improvement on Android Binder (ARM), and improve the performance of real-world applications on microkernels by 1.6x on Sqlite3. [ABSTRACT FROM AUTHOR]

Published

2022

9. Desarrollo de una librería de componentes de alto nivel para Android

Author

Gallego, Antonio-Javier, Universidad de Alicante. Departamento de Lenguajes y Sistemas Informáticos, Galán Pérez, Alejandro, Gallego, Antonio-Javier, Universidad de Alicante. Departamento de Lenguajes y Sistemas Informáticos, and Galán Pérez, Alejandro

Abstract

Para el desarrollo de aplicaciones en Android se proporciona un SDK de bajo nivel que se centra en componentes y herramientas altamente abstractas, con el objetivo de lograr un nivel de configurabilidad elevado. Sin embargo, para la implementación de la mayoría de las aplicaciones simples, esta excesiva abstracción solo conduce a la repetición de código entre aplicaciones y a la necesidad de comprender numerosos aspectos del sistema operativo. Por tanto, el presente proyecto tiene como objetivo la creación de una librería/framework que simplifique el proceso de desarrollo de aplicaciones móviles mediante la reutilización de componentes de alto nivel. Además, como prueba de concepto, se desarrollará una aplicación utilizando los componentes de la librería propuesta.

Published

2024

10. Enabling Hardware Performance Counters for Microkernel-Based Virtualization on Embedded Systems

Author

Deepa Mathew, Bijoy Antony Jose, Jimson Mathew, and Priyadarsan Patra

Subjects

Virtualization, microkernel, embedded systems, PMU, performance, perf, Electrical engineering. Electronics. Nuclear engineering, TK1-9971

Abstract

Virtualization techniques continue to evolve at rapid speed and have now come to find its application in embedded and mobile computing devices. Virtualization improves the utilization of system resources effectively and also enhances security by providing isolated environments to run untrusted applications. There are various approaches to virtualization of embedded systems, from among them, we have chosen microkernel-based virtualization for our analysis due to its low memory requirements and advantages in terms of security. The microkernel selected for our work is the L4/Fiasco microkernel. Most of the modern CPUs consist of Performance Monitoring Unit (PMUs), which have a set of hardware counters that can be configured to monitor events. These hardware performance counters in the PMU block is not accessible from a microkernel-based virtualization environment. Access to PMU from a virtual environment would facilitate profiling with better accuracy and reduced overheads. To get this realized we propose a method to access the hardware performance counters from a microkernel-based virtualization environment. We have used this implementation to analyze the performance of applications in a microkernel-based virtual environment and to compare its performance in a non-virtual environment.

Published

2020

11. Supporting Mixed-domain Mixed-precision Matrix Multiplication within the BLIS Framework.

Author

Zee, Field G. Van, Parikh, Devangi N., and Geijn, Robert A. Van De

Subjects

*MATRIX multiplications, *SOFTWARE frameworks, *LIBRARY software, *LINEAR algebra, *MATRICES (Mathematics)

Abstract

We approach the problem of implementing mixed-datatype support within the general matrix multiplication (gemm) operation of the BLAS-like Library Instantiation Software framework, whereby each matrix operand A, B, and C may be stored as single- or double-precision real or complex values. Another factor of complexity, whereby the matrix product and accumulation are allowed to take place in a precision different from the storage precisions of either A or B, is also discussed. We first break the problem into orthogonal dimensions, considering the mixing of domains separately from mixing precisions. Support for all combinations of matrix operands stored in either the real or complex domain is mapped out by enumerating the cases and describing an implementation approach for each. Supporting all combinations of storage and computation precisions is handled by typecasting the matrices at key stages of the computation—during packing and/or accumulation, as needed. Several optional optimizations are also documented. Performance results gathered on a 56-core Marvell ThunderX2 and a 52-core Intel Xeon Platinum demonstrate that high performance is mostly preserved, with modest slowdowns incurred from unavoidable typecast instructions. The mixed-datatype implementation confirms that combinatorial intractability is avoided, with the framework relying on only two assembly microkernels to implement 128 datatype combinations. [ABSTRACT FROM AUTHOR]

Published

2021

12. ARCHITECTURE AND RELIABILITY OF OPERATING SYSTEMS

Author

Stanislav V. Nazarov and Alexey G. Barsukov

Subjects

Operating systems, architecture, reliability, productivity, microkernel, Electronic computers. Computer science, QA75.5-76.95

Abstract

Progress in the production technology of microprocessors significantly increased reliability and performance of the computer systems hardware. It cannot be told about the corresponding characteristics of the software and its basis – the operating system (OS). Some achievements of program engineering are more modest in this field. Both directions of OS improvement (increasing of productivity and reliability) are connected with the development of effective structures of these systems. OS functional complexity leads to the multiplicity of the structure, which is further enhanced by the specialization of the operating system depending on scope of computer system (complex scientific calculations, real time, information retrieval systems, systems of the automated and automatic control, etc.) The functional complexity of the OS leads to the complexity of its architecture, which is further enhanced by the specialization of the operating system, depending on the computer system application area (complex scientific calculations, real-time, information retrieval systems, automated and automatic control systems, etc.). That fact led to variety of modern OS. It is possible to estimate reliability of different OS structures only as results of long-term field experiment or simulation modeling. However it is most often unacceptable because of time and funds expenses for carrying out such research. This survey attempts to evaluate the reliability of two main OS architectures: large multi-layered modular core and a multiserver (client-server) system. Represented by continuous Markov chains which are explored in the stationary mode on the basis of transition from systems of the differential equations of Kolmogorov to system of the linear algebraic equations, models of these systems are developed.

Published

2018

13. IMPLEMENTING HIGH-PERFORMANCE COMPLEX MATRIX MULTIPLICATION VIA THE 1M METHOD.

Author

VAN ZEE, FIELD G.

Subjects

*MATRIX multiplications, *COMPLEX matrices, *LINEAR algebra, *MATRICES (Mathematics), *ALGORITHMS

Abstract

Almost all efforts to optimize high-performance matrix-matrix multiplication have been focused on the case where matrices contain real elements. The community's collective assumption appears to have been that the techniques and methods developed for the real domain carry over directly to the complex domain. As a result, implementors have mostly overlooked a class of methods that compute complex matrix multiplication using only real matrix products. This is the second in a series of articles that investigate these so-called induced methods. In the previous article, we found that algorithms based on the more generally applicable of the two methods--the 4M method--lead to implementations that, for various reasons, often underperform their real domain counterparts. To overcome these limitations, we derive a superior 1M method for expressing complex matrix multiplication, one which addresses virtually all of the shortcomings inherent in 4M. Implementations are developed within the BLIS framework, and testing on microarchitectures by three vendors confirms that the 1M method yields performance that is generally competitive with solutions based on conventionally implemented complex kernels, sometimes even outperforming vendor libraries. [ABSTRACT FROM AUTHOR]

Published

2020

14. Spunky, a Genode kernel in Ada/SPARK.

Author

Stein, Martin

Subjects

*ROOMS

Abstract

This article introduces the Spunky microkernel project recently presented at the 10th Ada Developer Room at FOSDEM 2020 [3]. The Spunky project aims for providing a kernel for the Genode OS framework written in Ada that may subsequently be transferred to SPARK to enable automated proving of fundamental kernel aspects. [ABSTRACT FROM AUTHOR]

Published

2020

15. Fast Interprocess Communication Algorithm in Microkernel.

Author

Xinghai Peng, Kun Xiao, Yun Li, Lirong Chen, and Wen Zhang

Subjects

ALGORITHMS, DATA security

Abstract

Since most of the system services of the microkernel run in user space, the user process needs to request these services through the kernel's communication mechanism. Therefore, the frequency and amount of IPC (inter-process communication) in the microkernel is much higher than those in the monolithic kernel, causing the performance of the microkernel to be poor. In this paper, two exchange-based IPC algorithms are proposed to optimize the communication algorithm based on the replication mode, which is commonly used in the microkernel. One is based on the exchange of physical pages of MMU (memory management unit), and the other is based on the exchange of segment base addresses of MMU. These two exchange algorithms can achieve efficient transmission while keeping the independent address space to ensure the correctness and security of the transmitted data, greatly improving the efficiency of communication in the microkernel. [ABSTRACT FROM AUTHOR]

Published

2020

16. A Secure Operating System Architecture Based on Linux against Communication Offense with Root Exploit for Unmanned Aerial Vehicles.

Author

KwangMin Koo, Woo-yeob Lee, Sung-Ryung Cho, and Inwhee Joe

Abstract

This paper proposes an operating system architecture for unmanned aerial vehicle (UAV), which is secure against root exploit, resilient to connection loss resulting in the control loss, and able to utilize common applications used in Linux. The Linux-based UAVs are exposed to root exploit. On the other hand, the microkernel-based UAVs are not able to use the common applications utilized in Linux, even though which is secure against root exploit. For this reason, the proposed architecture uses a virtualized microkernel on the Linux operating system to isolate communication roles and prevent root exploit. As a result, the suggested Operating system is secure against root exploit and is able to utilize the common applications at the same time. [ABSTRACT FROM AUTHOR]

Published

2020

17. Fuchsia OS-A Threat to Android

Author

Singh, Taranjeet and Bhardwaj, Rishabh

Published

2019

18. Policy-Based Implicit Attestation for Microkernel-Based Virtualized Systems

Author

Wagner, Steffen, Eckert, Claudia, Hutchison, David, Series editor, Kanade, Takeo, Series editor, Kittler, Josef, Series editor, Kleinberg, Jon M., Series editor, Mattern, Friedemann, Series editor, Mitchell, John C., Series editor, Naor, Moni, Series editor, Pandu Rangan, C., Series editor, Steffen, Bernhard, Series editor, Terzopoulos, Demetri, Series editor, Tygar, Doug, Series editor, Weikum, Gerhard, Series editor, Bishop, Matt, editor, and Nascimento, Anderson C A, editor

Published

2016

19. Specifying and Verifying Concurrent C Programs with TLA+

Author

Methni, Amira, Lemerre, Matthieu, Ben Hedia, Belgacem, Haddad, Serge, Barkaoui, Kamel, Artho, Cyrille, editor, and Ölveczky, Peter Csaba, editor

Published

2015

20. On Cache Timing Attacks Considering Multi-core Aspects in Virtualized Embedded Systems

Author

Weiß, Michael, Weggenmann, Benjamin, August, Moritz, Sigl, Georg, Hutchison, David, Series editor, Kanade, Takeo, Series editor, Kittler, Josef, Series editor, Kleinberg, Jon M., Series editor, Mattern, Friedemann, Series editor, Mitchell, John C., Series editor, Naor, Moni, Series editor, Pandu Rangan, C., Series editor, Steffen, Bernhard, Series editor, Terzopoulos, Demetri, Series editor, Tygar, Doug, Series editor, Weikum, Gerhard, Series editor, Yung, Moti, editor, Zhu, Liehuang, editor, and Yang, Yanjiang, editor

Published

2015

21. Firmware Stacks for Embedded Systems

Author

Sun, Jiming, Jones, Marc, Reinauer, Stefan, Zimmer, Vincent, Sun, Jiming, Jones, Marc, Reinauer, Stefan, and Zimmer, Vincent

Published

2015

22. Research on Microkernel-based Power Dedicated Secure Operating System.

Author

Chen, Jun, Liu, Wei, Lv, Xiaoliang, Ji, Deliang, Shi, Jia, and Li, Bo

Abstract

Industrial security situation is increasingly serious; operating system security is an important basis for the entire information security. In the industrial security systems, industrial control terminal at the operating system level, lack of a comprehensive security system, unable to adapt to the security situation under the new situation. To effectively solve the above problems, self-controlled safety technology operating system research was critical needed. In the industrial operating system security, operating system security kernel integrity is an important guarantee. Based on NARIsecOS, this paper proposed kernel integrity protection program, and part of the work carried out formal verification. Secure operating system can bring the following goodness: 1) Trojan virus immunity, and against hacker attacks; 2) Greatly reduce the zero-day vulnerabilities; 3) Decentralized management, effectively circumvent a dominant right; 4) Enhance industrial endpoint security protection. [ABSTRACT FROM AUTHOR]

Published

2019

23. For Safety and Security Reasons: The Cost of Component-Isolation in IoT

Author

Zuepke Alexander, Beckmann Kai, Zoor Andreas, and Kroeger Reinhold

Subjects

component-isolation, microkernel, partitioning, iot, Transportation engineering, TA1001-1280

Abstract

The current development trend of Internet of Things (IoT) aims for a tighter integration of mobile and stationary devices via various networks. This includes communication of vehicles to roadside infrastructure (V2I), as well as intelligent sensors / actors in Logistics and smart home environments.

Published

2016

24. A Cache Timing Attack on AES in Virtualization Environments

Author

Weiß, Michael, Heinz, Benedikt, Stumpf, Frederic, Hutchison, David, editor, Kanade, Takeo, editor, Kittler, Josef, editor, Kleinberg, Jon M., editor, Mattern, Friedemann, editor, Mitchell, John C., editor, Naor, Moni, editor, Nierstrasz, Oscar, editor, Pandu Rangan, C., editor, Steffen, Bernhard, editor, Sudan, Madhu, editor, Terzopoulos, Demetri, editor, Tygar, Doug, editor, Vardi, Moshe Y., editor, Weikum, Gerhard, editor, and Keromytis, Angelos D., editor

Published

2012

25. A Secure System Architecture for Measuring Instruments in Legal Metrology

Author

Daniel Peters, Michael Peter, Jean-Pierre Seifert, and Florian Thiel

Subjects

legal metrology, secure system architecture, WELMEC, Measuring Instruments Directive (MID), microkernel, virtualization, hypervisor, software integrity, Electronic computers. Computer science, QA75.5-76.95

Abstract

Embedded systems show the tendency of becoming more and more connected. This fact combined with the trend towards the Internet of Things, from which measuring instruments are not immune (e.g., smart meters), lets one assume that security in measuring instruments will inevitably play an important role soon. Additionally, measuring instruments have adopted general-purpose operating systems to offer the user a broader functionality that is not necessarily restricted towards measurement alone. In this paper, a flexible software system architecture is presented that addresses these challenges within the framework of essential requirements laid down in the Measuring Instruments Directive of the European Union. This system architecture tries to eliminate the risks general-purpose operating systems have by wrapping them, together with dedicated applications, in secure sandboxes, while supervising the communication between the essential parts and the outside world.

Published

2015

26. Design and Overhead Estimation of Device Driver Process

Author

Nomura, Yusuke, Okamoto, Kouta, Gotoh, Yusuke, Nomura, Yoshinari, Taniguchi, Hideo, Yokoyama, Kazutoshi, Maruyama, Katsumi, Hutchison, David, editor, Kanade, Takeo, editor, Kittler, Josef, editor, Kleinberg, Jon M., editor, Mattern, Friedemann, editor, Mitchell, John C., editor, Naor, Moni, editor, Nierstrasz, Oscar, editor, Pandu Rangan, C., editor, Steffen, Bernhard, editor, Sudan, Madhu, editor, Terzopoulos, Demetri, editor, Tygar, Doug, editor, Vardi, Moshe Y., editor, Weikum, Gerhard, editor, Taniar, David, editor, Gervasi, Osvaldo, editor, Murgante, Beniamino, editor, Pardede, Eric, editor, and Apduhan, Bernady O., editor

Published

2010

27. A Solution to Make Trusted Execution Environment More Trustworthy.

Author

Xiao Kun and Luo Lei

Subjects

DATA security, COMPUTER networks, DATA encryption, DATA protection

Abstract

Trusted Execution Environment is an execution environment that resides in connected devices and ensures that sensitive data are stored, processed, and protected isolated from general-purpose OS such as Android. The TrustZone TEE solution can achieve a medium protection level with comparatively low cost, so it is widely used. However, related researches show that the TrustZone TEE solution has security defects; for example, hardware isolation provided by TrustZone is insufficient. In this paper, we propose a security enhancement scheme based on TEE. According to the existing problems in the TrustZone TEE scheme, a corresponding protection mechanism is established to fully enhance the reliability of connected devices. In our scheme, TEE is used alongside other security technology such as secure elements and microkernel and kernel real-time protection to provide multi-layered defense mechanisms. In our scheme, we introduce a security element as the root of trust (ROT) of connected devices. The secure element is used to store sensitive data such as the first-stage bootloader, various secret keys, and the certificate of the second-stage bootloader. The secure element is also used to execute sensitive operations such as encryption and decryption. [ABSTRACT FROM AUTHOR]

Published

2018

28. Power-Efficient Microkernel of Embedded Operating System on Chip

Author

Chen, Tianzhou, Hu, Wei, Lian, Yi, Hutchison, David, editor, Kanade, Takeo, editor, Kittler, Josef, editor, Kleinberg, Jon M., editor, Mattern, Friedemann, editor, Mitchell, John C., editor, Naor, Moni, editor, Nierstrasz, Oscar, editor, Pandu Rangan, C., editor, Steffen, Bernhard, editor, Sudan, Madhu, editor, Terzopoulos, Demetri, editor, Tygar, Dough, editor, Vardi, Moshe Y., editor, Weikum, Gerhard, editor, Jesshope, Chris, editor, and Egan, Colin, editor

Published

2006

29. A Comprehensive Study of Kernel (Issues and Concepts) in Different Operating Systems

Author

Karwan Jameel Merceedi, Hajar Maseeh Yasin, Zainab Salih Ageed, Mohammed A. M. Sadeeq, Subhi R. M. Zeebaree, Rizgar R. Zebari, Ibrahim Mahmood Ibrahim, and HayfaaSubhi Malallah

Subjects

Computer science, Kernel (statistics), Operating system, General Medicine, Microkernel, computer.software_genre, computer

Abstract

Various operating systems (OS) with numerous functions and features have appeared over time. As a result, they know how each OS has been implemented guides users' decisions on configuring the OS on their machines. Consequently, a comparative study of different operating systems is needed to provide specifics on the same and variance in novel types of OS to address their flaws. This paper's center of attention is the visual operating system based on the OS features and their limitations and strengths by contrasting iOS, Android, Mac, Windows, and Linux operating systems. Linux, Android, and Windows 10 are more stable, more compatible, and more reliable operating systems. Linux, Android, and Windows are popular enough to become user-friendly, unlike other OSs, and make more application programs. The firewalls in Mac OS X and Windows 10 are built-in. The most popular platforms are Android and Windows, specifically the novelist versions. It is because they are low-cost, dependable, compatible, safe, and easy to use. Furthermore, modern developments in issues resulting from the advent of emerging technology and the growth of the cell phone introduced many features such as high-speed processors, massive memory, multitasking, high-resolution displays, functional telecommunication hardware, and so on.

Published

2021

30. μRTZVisor: A Secure and Safe Real-Time Hypervisor.

Author

Martins, José, Alves, João, Cabral, Jorge, Tavares, Adriano, and Pinto, Sandro

Subjects

VIRTUAL machine systems, COMPUTER operating systems, SOFTWARE engineering, ELECTRONICS, COMPUTER systems

Abstract

Virtualization has been deployed as a key enabling technology for coping with the ever growing complexity and heterogeneity of modern computing systems. However, on its own, classical virtualization is a poor match for modern endpoint embedded system requirements such as safety, security and real-time, which are our main target. Microkernel-based approaches to virtualization have been shown to bridge the gap between traditional and embedded virtualization. This notwithstanding, existent microkernel-based solutions follow a highly para-virtualized approach, which inherently requires a significant software engineering effort to adapt guest operating systems (OSes) to run as userland components. In this paper, we present mRTZVisor as a new TrustZone-assisted hypervisor that distinguishes itself from state-of-the-art TrustZone solutions by implementing a microkernel-like architecture while following an object-oriented approach. Contrarily to existing microkernel-based solutions, mRTZVisor is able to run nearly unmodified guest OSes, while, contrarily to existing TrustZone-assisted solutions, it provides a high degree of functionality and configurability, placing strong emphasis on the real-time support. Our hypervisor was deployed and evaluated on a Xilinx Zynq-based platform. Experiments demonstrate that the hypervisor presents a small trusted computing base size (approximately 60KB), and a performance overhead of less than 2% for a 10 ms guest-switching rate. [ABSTRACT FROM AUTHOR]

Published

2017

31. A microkernel architecture for constraint programming.

Author

Michel, L. and Van Hentenryck, P.

Abstract

This paper presents a microkernel architecture for constraint programming organized around a small number of core functionalities and minimal interfaces. The architecture contrasts with the monolithic nature of many implementations. With this design, variables, domains and constraints all remain external to the microkernel which isolates the propagation logic and event protocols from the modeling constructions. The Objective-CP search blends the control primitives of the host language with search combinators in a completely transparent and fully compositional way, delivering a natural search procedure in which one can use native constructions and tools such as debuggers. Empirical results indicate that the software engineering benefits are not incompatible with runtime efficiency. [ABSTRACT FROM AUTHOR]

Published

2017

32. Architecture of the Formally-Verified Distributed Ledger System InnoChain

Author

Leonid Al'bertovich Merkin-Janson, Ruslan Maratovich Rezin, and Nikolay Konstantinovich Vasilyev

Subjects

Correctness, sel4, Computer science, Information technology, 0102 computer and information sciences, 02 engineering and technology, T58.5-58.64, computer.software_genre, 01 natural sciences, distributed ledger systems, cakeml, 010201 computation theory & mathematics, Virtual machine, 020204 information systems, 0202 electrical engineering, electronic engineering, information engineering, Operating system, Dependability, hol4, Compiler, Microkernel, formal verification, Software architecture, computer, Formal verification, Machine code

Abstract

In this paper we consider the software architecture of InnoChain, a distributed ledger system (DLS) with 5 levels of formal verification, including a formally-verified underlying operating system (OS). The objective of this architecture is to achieve a higher level of DLS dependability compared to more traditional software architectures and quality assurance (QA) methods. The architecture of InnoChain includes (1) a programming language for smart contracts which is a domain-specific language with formal semantics embedded into CakeML, which is a functional language ofthe ML family; this allows us to carry out formal verification of smart contracts' correctness properties using higher-order logic systems, such as HOL4; (2) trusted compilation of smart contracts into the machine code using the verified compiler available for CakeML, rather than relying on a virtual machine for execution of smart contracts; (3) using CakeML for implementation of InnoChain node functionality which allows for formal verification of code correctness and trusted compilation into the machine code; (4) formal verification of the consensus protocol used InnoChain, namely HotStuff BFT; (5) using seL4, a formally-verified microkernel, as the underlying OS for InnoChain instead of more traditional general-purpose OSes such as Linux. The proposed verified architecture will allow InnoChain to be used in mission-critical applications, such as the decentralized Aircraft Fuelling Control System which is currently under development for JSC Aeroflot, the Russian national air carrier.

Published

2020

33. Simplified Method for Session Coordination Using Multi-level QOS Specification and Translation

Author

Nishio, Nobuhiko, Tokuda, Hideyuki, Campbell, Andrew T., editor, and Nahrstedt, Klara, editor

Published

1997

34. FlexOS

Author

Hugo Lefeuvre

Subjects

Flexibility (engineering), Computer science, business.industry, computer.software_genre, Porting, Software, Specialization (functional), Operating system, Leverage (statistics), State (computer science), Isolation (database systems), Microkernel, business, computer

Abstract

Modern operating systems are tightly coupled to a specific isolation approach and safety mechanism. At design time, the isolation strategy is set in stone and rarely revisited later, due to prohibitive costs. This lack of flexibility hurts specialization, makes it hard to leverage new software/hardware isolation technologies, and makes the OS less resilient to attacks targeting the isolation mechanism. To address these issues we have developed FlexOS, a novel libOS approach that decouples isolation properties from the OS design. Depending on the configuration, the same FlexOS code can mimic a microkernel with multiple address-spaces, a single-address-space OS with Intel MPK compartments, or many other OS isolation approaches.In this paper, we summarize the current state of FlexOS and present two main research avenues that we aim to explore next: automated porting to make OS safety property specialization really easy, and support for CHERI hardware capabilities to better showcase FlexOS’ potential.

Published

2021

35. seL4 Microkernel for Virtualization Use-Cases: Potential Directions towards a Standard VMM

Author

Everton de Matos and Markku Ahvenjärvi

Subjects

FOS: Computer and information sciences, Computer Science - Operating Systems, hypervisor, microkernel, seL4, virtualization, virtual machine monitor, Computer Science - Cryptography and Security, Operating Systems (cs.OS), Computer Networks and Communications, Hardware and Architecture, Control and Systems Engineering, Signal Processing, Electrical and Electronic Engineering, Cryptography and Security (cs.CR)

Abstract

Virtualization plays an essential role in providing security to computational systems by isolating execution environments. Many software solutions, called hypervisors, have been proposed to provide virtualization capabilities. However, only a few were designed for being deployed at the edge of the network in devices with fewer computation resources when compared with servers in the Cloud. Among the few lightweight software that can play the hypervisor role, seL4 stands out by providing a small Trusted Computing Base and formally verified components, enhancing its security. Despite today being more than a decade with seL4 microkernel technology, its existing userland and tools are still scarce and not very mature. Over the last few years, the main effort has been to increase the maturity of the kernel itself, and not the tools and applications that can be hosted on top. Therefore, it currently lacks proper support for a full-featured userland Virtual Machine Monitor, and the existing one is quite fragmented. This article discusses the potential directions to a standard VMM by presenting our view of design principles and the feature set needed. This article does not intend to define a standard VMM, we intend to instigate this discussion through the seL4 community.

Published

2022

36. An Enhanced Microkernel for the Design of Location Based Services (LBS) using Free Open Source Software (FOSS).

Author

Shang ZHANG, Ming XIAO, and Feng Tao LIU

Subjects

OPEN source software, GEOGRAPHIC information systems, CLOUD computing

Abstract

In this paper a software model called Resource Loading Manager (RLM) for Location Based Services (LBS) is designed using Free and Open Source Software (FOSS). Geographical Information System (GIS) always play an integral role in information systems, but it comes with technology problem, such as low efficiency ,less flexible, no redundancy of existing GIS application configuration which have high entry cost. The aim of this paper is to presents a lightweight, efficient and scalable microkernel plug-in geospatial information application system and its implementation method for GIS in microkernel design and practice. Through the RLM efficient allocation of geographic information resources and security management could be achieved. Using existing cloud computing technology, GIS of spatial public service will impact the ordinary way of life, bring enormous business opportunities. [ABSTRACT FROM AUTHOR]

Published

2016

37. XEOS para el desarrollo de software base de sistemas embebidos.

Author

Millo-Sénchez, Reinier, Paz-Rodríguez, Waldo, Gallardo-Segura, Alexy, and López-León, Humberto

Published

2016

38. Scale and Performance in a Filesystem Semi-Microkernel

Author

Yifan Dai, Jing Liu, Anthony Rebello, Andrea C. Arpaci-Dusseau, Chenhao Ye, Remzi H. Arpaci-Dusseau, and Sudarsun Kannan

Subjects

Dynamic scaling, Computer science, Scale (chemistry), ext4, Scalability, Data_FILES, Operating system, Microkernel, inode, Data structure, computer.software_genre, Throughput (business), computer

Abstract

We present uFS, a user-level filesystem semi-microkernel. uFS takes advantage of a high-performance storage development kit to realize a fully-functional, crash-consistent, highly-scalable filesystem, with relative developer ease. uFS delivers scalable high performance with a number of novel techniques: careful partitioning of in-memory and on-disk data structures to enable concurrent access without locking, inode migration for balancing load across filesystem threads, and a dynamic scaling algorithm for determining the number of filesystem threads to serve the current workload. Through measurements, we show that uFS has good base performance and excellent scalability; for example, uFS delivers nearly twice the throughput of ext4 for LevelDB on YCSB workloads.

Published

2021

39. Micro-CLK

Author

Yauhen Klimiankou

Subjects

Inter-process communication, Software_OPERATINGSYSTEMS, Hardware_MEMORYSTRUCTURES, Computer science, Asynchronous communication, Research community, Message passing, Operating system, Microkernel, Overall performance, computer.software_genre, computer, Bottleneck

Abstract

Inter-process communication (IPC) has always been the "Achilles heel" of microkernels, determining their overall performance. The entire history of microkernel development is tightly coupled to the debates about IPC, its efficiency, and the bottleneck it creates. The microkernel research community has consistently viewed the idea of message passing as the fundamental foundation of the microkernel, which is considered linked to its design inextricably. We are revising the place of IPC in the microkernel-based multi-server operating system design. We argue that communication can and potentially should be moved out to the userspace making microkernel the first tier resource manager solely. We describe a novel approach to out-of-kernel asynchronous messaging in multi-server microkernel OS and provide preliminary evaluation results to show its benefits.

Published

2021

40. Formal Verification of a Mandatory Integrity Control Model for the KasperskyOS Operating System

Subjects

Trusted computing base, restrict, Computer science, Process (engineering), Distributed computing, Control (management), Active components, General Earth and Planetary Sciences, Microkernel, General Environmental Science

Abstract

Models of mandatory integrity control in operating systems usually restrict accesses of active components of a system to passive ones and represent the accesses directly. This is suitable in case of monolithic operating systems whose components that provide access to resources are part of the trusted computing base. However, due to the sheer complexity of such components, it is extremely nontrivial to prove such a model to be adequate to the real system. KasperskyOS is a microkernel operating system that organizes access to resources via components that are not necessarily part of the trusted computing base. KasperskyOS implements a specifically developed mandatory integrity control model that takes such components into account. This paper formalizes the model and describes the process of automated proof of the model’s properties. For formalization, we use the Event-B language. We clarify parts specific to Event-B to make our presentation accessible to professionals familiar with discrete mathematics but not necessarily with Event-B. We reflect on the proof experience obtained in the Rodin platform.

Published

2020

41. A Mandatory Integrity Control Model for the KasperskyOS Operating System

Subjects

Resource (project management), Trusted computing base, restrict, Computer science, Distributed computing, General Earth and Planetary Sciences, Specification language, Microkernel, Object (computer science), Security policy, Representation (mathematics), General Environmental Science

Abstract

Existing models of mandatory integrity control in operating systems restrict accesses of active components of a system to passive ones and represent the accesses directly: subjects get read or write access to objects. Such a representation can be used in modeling of monolithic operating systems whose components that provide access to resources are part of the trusted computing base. However, the implementation of these components is extremely complex. Therefore, it is arduous to prove the absence of bugs (vulnerabilities) in them. In other words, proving such a model to be adequate to the real system is nontrivial and often left unsolved. This article presents a mandatory integrity control model for a microkernel operating system called KasperskyOS. Microkernel organization of the system allows us to minimize the trusted computing base to include only the microkernel and a limited number of other components. Parts of the system that provide resource access are generally considered untrusted. Even if some of them are erroneous, the operating system can still provide particular security guarantees. To prove that by means of a model, we introduce the notion of object drivers as intermediaries in operations on objects. We define the requirements that object drivers must satisfy. We also add the means for analysis of the consequences of violations of the requirements. We state and prove that the model either preserves integrity if all active components satisfy the requirements, or restricts the negative impact if some of the components are compromised. Correct implementation of the model guarantees that compromised components will not affect components with higher or incomparable integrity levels. We describe a policy specification language developed in accordance with the model. We provide an example of using it to describe a security policy that ensures a correct update of a system operated by KasperskyOS.

Published

2020

42. MxU

Author

Runyu Pan and Gabriel Parmer

Subjects

business.industry, Computer science, Translation lookaside buffer, Programming complexity, 0211 other engineering and technologies, Access control, 02 engineering and technology, law.invention, Microcontroller, Microprocessor, Memory management, Hardware and Architecture, law, Embedded system, Microkernel, business, Software, 021106 design practice & management, Memory protection

Abstract

The advanced functionality requirements of modern embedded and Internet of Things (IoT) devices -- from autonomous vehicles, to city and power-grid management -- are driving an ever-increasing software complexity. At the same time, the pervasive internet connections of these systems necessitate the fundamental design of security into these devices. The isolation of complex features from those that are critical through protection domains is an effective means to constrain the scope of faults and security breaches. Common hardware-provided memory facilities to enforce protection domains through memory access control -- including Memory Management Units (MMUs) usually found in microprocessors, and Memory Protection Units (MPUs) usually found in microcontrollers -- must meet the goals of enabling flexible, efficient and dynamic management of memory , and must enable tight bounds on the worst-case execution of critical code. Unfortunately, current system memory management facilities are ill-prepared to handle this challenge: MMUs that use extensive caches to achieve strong average-case performance suffer from debilitating worst-case and even average-case behavior under hefty interference, while MPUs struggle to provide flexible memory management. This paper details MxU, a memory protection and allocation abstraction that integrates temporal specifications into the memory management subsystem, to enable portable code to achieve both predictable, tightly-bounded execution and dynamic management across both MMU- and MPU-based systems. We implement MxU in the Composite microkernel, and evaluate its flexibility and predictability over two different architectures: a MPU-based Cortex-M7 microcontroller and a MMU-based Cortex-A9 microprocessor using a suite of modern applications including neural network-based inference, SQLite, and a javascript runtime. For MMU-based systems, MxU reduces application TLB stall by up to 68.0%. For MPU-based systems, MxU enables flexible dynamic memory management often with application overheads of 1%, increasing to 6.1% under significant interference.

Published

2019

43. Performance Analysis of Microkernel Based Virtualization Techniques on Embedded Systems

Author

Bijoy A. Jose, Deepa Mathew, and Priyadarsan Patra

Subjects

Computer science, business.industry, Embedded system, Microkernel, Electrical and Electronic Engineering, Virtualization, computer.software_genre, business, computer

Published

2019

44. Model-driven development for the seL4 microkernel using the HAMR framework.

Author

Belt, Jason, Hatcliff, John, Robby, Shackleton, John, Carciofini, Jim, Carpenter, Todd, Mercer, Eric, Amundson, Isaac, Babar, Junaid, Cofer, Darren, Hardin, David, Hoech, Karl, Slind, Konrad, Kuz, Ihor, and Mcleod, Kent

Subjects

*FLIGHT control systems, *SYSTEMS engineering, *CYBERTERRORISM, *ENGINEERING mathematics, *ENGINEERING models

Abstract

Verified microkernels such as seL4 provide trustworthy foundations for safety- and security-critical systems. However, their full potential remains unrealized due, in part, to the lack of application development environments that help engineers integrate the microkernel's configuration and hosting of application code with modeling, analysis, and verification tools that address broader aspects of the development lifecycle. This paper presents a model-driven tool chain for the seL4 microkernel based on the open source High Assurance Modeling and Rapid engineering (HAMR) code generation framework for the Architecture and Analysis Definition Language (AADL). We describe how the semantics of AADL communication and threading can be realized in terms of the access primitives and strong spatial and temporal partitioning mechanisms provided by seL4. For AADL users, seL4 provides a high-assurance platform with formally verified enforcement of component boundaries and communication pathways. For seL4 users, AADL provides high-level abstractions for developing seL4 applications, along with an ecosystem of system engineering and analysis tools. We illustrate the framework by applying a model-based development environment for increasing resiliency against cyber attacks to an unmanned aircraft flight control system. [ABSTRACT FROM AUTHOR]

Published

2023

45. Protection of Microkernel Environment L4Re from Stack-smashed Attacks

Author

Vasily Andreevich Sartakov and Alexander Sergeevich Tarasikov

Subjects

microkernel, operating systems security, stack protection, Information technology, T58.5-58.64, Information theory, Q350-390

Abstract

Microkernel-based operating systems provide high level of protection due to the strong isolation of components, small size of Trusted Computing Base and execution of drivers in user space. At the same time, such systems are vulnerable to a stack overflow attacks, because these attacks exploit the hardware features of the platform, such as shared memory space for data and code. Modern architectures, such as AMD64 and ARM, provide opportunities to counteract attacks at the hardware level by disallowing memory allocation for storing executable stack and heap, but this protection mechanism requires additional support from the operating system. This paper presents memory management, program execution model and IPC mechanism of microkernel Fiasco.OC and environment L4Re from nonexecution memory support point of view.

Published

2014

46. Cyber Attacks Against SDN Controllers And Protecting The Control Plane With A Formally Verified Microkernel

Author

Holmberg, Olof and Holmberg, Olof

Abstract

Software-Defined Networking (SDN) is a technology that is increasing in popularity. However, with increased prevalence comes increased opportunity to exploit vulnerabilities that exist within the technology. In this thesis, several attack vectors that can be used to attack SDN controllers were identified through a literature review. Among these vectors there is one that is concerned with the vulnerabilities present on the host of the SDN controller. One promising method that could be used to mitigate this attack vector is to deploy the SDN controller on a microkernel. The microkernel chosen in this thesis is the formally verified microkernel seL4®. This thesis investigate the possible ways of deploying an SDN controller on seL4. A deployment of an SDN controller is also performed in this thesis in order to assess the difficulties and possible performance tradeoffs present in adapting an SDN controller for seL4. The deployment of the SDN controller uses seL4’s virtualization capabilities and leaves the majority of the controller running in a virtual machine on seL4. A small part of the controller is moved to a separate and isolated component in order to showcase how the isolation capabilities of seL4 can be utilized. The performances of the unmodified and the modified controller are then compared. A significant increase in execution time when communicating between the VM and the separate component was discovered. However, such increases may also be attributed to dynamic binary translation used when simulating seL4 using QEMU. Thus, properly quantifying these overheads would require a different setup, either without simulation or with hardware-assisted virtualization.

Published

2021

47. Towards attack-tolerant trusted execution environments : Secure remote attestation in the presence of side channels

Author

Crone, Max and Crone, Max

Abstract

In recent years, trusted execution environments (TEEs) have seen increasing deployment in computing devices to protect security-critical software from run-time attacks and provide isolation from an untrustworthy operating system (OS). A trusted party verifies the software that runs in a TEE using remote attestation procedures. However, the publication of transient execution attacks such as Spectre and Meltdown revealed fundamental weaknesses in many TEE architectures, including Intel Software Guard Exentsions (SGX) and Arm TrustZone. These attacks can extract cryptographic secrets, thereby compromising the integrity of the remote attestation procedure. In this work, we design and develop a TEE architecture that provides remote attestation integrity protection even when confidentiality of the TEE is compromised. We use the formally verified seL4 microkernel to build the TEE, which ensures strong isolation and integrity. We offload cryptographic operations to a secure co-processor that does not share any vulnerable microarchitectural hardware units with the main processor, to protect against transient execution attacks. Our design guarantees integrity of the remote attestation procedure. It can be extended to leverage co-processors from Google and Apple, for wide-scale deployment on mobile devices., Under de senaste åren används betrodda exekveringsmiljöer (TEE) allt mera i datorutrustning för att skydda säkerhetskritisk programvara från attacker och för att isolera dem från ett opålitligt operativsystem. En betrodd part verifierar programvaran som körs i en TEE med hjälp av fjärrattestering. Nyliga mikroarkitekturella anfall, t.ex. Spectre och Meltdown, har dock visat grundläggande svagheter i många TEE-arkitekturer, inklusive Intel SGX och Arm TrustZone. Dessa attacker kan avslöja kryptografiska hemligheter och därmed äventyra integriteten av fjärrattestning. I det här arbetet utvecklar vi en arkitektur för en betrodd exekveringsmiljö (TEE) som ger integritetsskydd genom fjärrattestering även när TEE:s konfidentialitet äventyras. Vi använder den formellt verifierade seL4-mikrokärnan för att bygga TEE:n som garanterar stark isolering och integritet. För att skydda kryptografiska operationer, overför vi dem till en säker samprocessor som inte delar någon sårbar mikroarkitektur med huvudprocessorn. Vår arktektur garanterar fjärrattesteringens integritet och kan utnyttja medprocessorer från Google och Apple för att användas i stor skala på mobila enheter.

Published

2021

48. Efficiently Recovering Stateful System Components of Multi-server Microkernels

Author

Binyu Zang, Wentai Li, Jinyu Gu, and Nian Liu

Subjects

Service (systems architecture), Software_OPERATINGSYSTEMS, Stateful firewall, Computer science, Server, Overhead (engineering), Operating system, Fault tolerance, Microkernel, Fault (power engineering), computer.software_genre, computer, Fault detection and isolation

Abstract

Microkernel OSes provide OS services through mutually-isolated system servers running in different user processes, which brings stronger fault isolation than monolithic OSes. Nevertheless, considering the fault recovery capability of system servers, most existing microkernel OSes usually do no more than restarting a fault server, which will cause a server to lose all its running states and then may affect all the applications relying on it. In this paper, we present a mechanism named TxIPC that can efficiently recover stateful system servers on microkernel OSes. Since a system server provides the service by inter-process communication (IPC), TxIPC makes it fault resilient by handling each IPC in a transaction-like manner. Specifically, if a fault happens in a server (during one IPC handling procedure), TxIPC aborts all the updates made by the IPC and thus recovers the server from that fault. Evaluations show that TxIPC can enable servers to recover from 99.8% (injected) faults with 3%-45 % performance overhead on application benchmarks, which significantly outperforms existing counterparts.

Published

2021

49. Méthodologie pour la spécification et la vérification de besoins haut niveau avec MetAcsl

Author

Pascale Le Gall, Louis Rilling, Nikolai Kosmatov, Virgile Prevosto, Virgile Robles, Département Ingénierie Logiciels et Systèmes (DILS), Laboratoire d'Intégration des Systèmes et des Technologies (LIST), Direction de Recherche Technologique (CEA) (DRT (CEA)), Commissariat à l'énergie atomique et aux énergies alternatives (CEA)-Commissariat à l'énergie atomique et aux énergies alternatives (CEA)-Direction de Recherche Technologique (CEA) (DRT (CEA)), Commissariat à l'énergie atomique et aux énergies alternatives (CEA)-Commissariat à l'énergie atomique et aux énergies alternatives (CEA)-Université Paris-Saclay, Thales Research and Technology [Palaiseau], THALES, DGA Maîtrise de l'information (DGA.MI), Direction générale de l'Armement (DGA), Mathématiques et Informatique pour la Complexité et les Systèmes (MICS), CentraleSupélec-Université Paris-Saclay, IEEE TCSE, SIGSOFT, Laboratoire d'Intégration des Systèmes et des Technologies (LIST (CEA)), and THALES [France]

Subjects

Computer science, business.industry, Scale (chemistry), [INFO.INFO-SE]Computer Science [cs]/Software Engineering [cs.SE], computer.software_genre, Software, Data integrity, Code (cryptography), Use case, Plug-in, Microkernel, Software engineering, business, Formal verification, computer

Abstract

International audience; Specification and formal verification of high-level properties (such as security properties, like data integrity or confidentiality) over a large software product remains an important challenge for the industrial practice. Recent work introduced METACSL, a plugin of the FRAMA-C verification platform, that allows the user to specify high-level properties, called HIgh-Level ACSL REquirements or HILARE, for C programs and transform them into assertions that can then be verified by classic deductive verification. This paper presents a methodology of specification and verification of a wide range of high-level properties with METACSL and illustrates it on several examples. The goal is to provide verification practitioners with detailed methodological guidelines for common patterns of properties in order to facilitate their everyday work and to avoid some frequent pitfalls. The illustrating examples are inspired by very usual kinds of properties and illustrated on two use cases. One of them-on the real-life code of the bootloader module of the secure storage device Wookey-was fully verified using the described approach, demonstrating its capacity to scale to real-life code. The other one-on a microkernel of an OS-was added to illustrate other common properties, where the description of the system was intentionally left very generic.

Published

2021

50. A Basic Microkernel for the RISC-V Instruction Set Architecture

Author

Benjamin William Mezger, Cesar Albenes Zeferino, Fabrício Bortoluzzi, Paulo Roberto Oliveira Valim, and Douglas Rossi de Melo

Subjects

Instruction set, Computer science, RISC-V, Operating system, Microkernel, computer.software_genre, computer

Abstract

Computer processors provide an abstract model known as theinstruction set architecture, which serves as an interface betweenthe available hardware and the software. Application developersneed to communicate with these types of hardware, and having tolearn each computer specification is difficult and time-consuming.Operating systems provide an abstraction towards the availablecomputer hardware and user software. They manage computerresources to enable application programmers to communicate withthe available hardware. This work introduces an academic-orientedoperating system for the RISC-V architecture, a de facto instructionset architecture standard, and compares the solution with othersmall operating systems using the same architecture. As the maincontribution, this work provides an extensible operating system tointroduce students to operating system development.

Published

2021