Femto-Containers: Lightweight Virtualization and Fault Isolation For Small Software Functions on Low-Power IoT Microcontrollers

10/07/2022
by   Koen Zandberg, et al.
0

Low-power operating system runtimes used on IoT microcontrollers typically provide rudimentary APIs, basic connectivity and, sometimes, a (secure) firmware update mechanism. In contrast, on less constrained hardware, networked software has entered the age of serverless, microservices and agility. With a view to bridge this gap, in the paper we design Femto-Containers, a new middleware runtime which can be embedded on heterogeneous low-power IoT devices. Femto-Containers enable the secure deployment, execution and isolation of small virtual software functions on low-power IoT devices, over the network. We implement Femto-Containers, and provide integration in RIOT, a popular open source IoT operating system. We then evaluate the performance of our implementation, which was formally verified for fault-isolation, guaranteeing that RIOT is shielded from logic loaded and executed in a Femto-Container. Our experiments on various popular microcontroller architectures (Arm Cortex-M, ESP32 and RISC-V) show that Femto-Containers offer an attractive trade-off in terms of memory footprint overhead, energy consumption, and security

READ FULL TEXT

page 1

page 2

page 3

page 4

research
06/10/2021

Femto-Containers: DevOps on Microcontrollers with Lightweight Virtualization Isolation for IoT Software Modules

Development, deployment and maintenance of networked software has been r...
research
11/24/2020

Minimal Virtual Machines on IoT Microcontrollers: The Case of Berkeley Packet Filters with rBPF

Virtual machines (VM) are widely used to host and isolate software modul...
research
11/24/2020

Low-Power IoT Communication Security: On the Performance of DTLS and TLS 1.3

Similarly to elsewhere on the Internet, practical security in the Intern...
research
06/26/2023

U-TOE: Universal TinyML On-board Evaluation Toolkit for Low-Power IoT

Results from the TinyML community demonstrate that, it is possible to ex...
research
01/11/2023

From MMU to MPU: adaptation of the Pip kernel to constrained devices

This article presents a hardware-based memory isolation solution for con...
research
07/15/2022

Securing name resolution in the IoT: DNS over CoAP

In this paper, we present the design, implementation, and analysis of DN...
research
05/26/2022

Embedded System Evolution in IoT System Development Based on MAPE-K Loop Mechanism

Embedded systems including IoT devices are designed for specialized func...

Please sign up or login with your details

Forgot password? Click here to reset