DeepAI AI Chat
Log In Sign Up

Isolating Real-Time Safety-Critical Embedded Systems via SGX-based Lightweight Virtualization

by   Luigi De Simone, et al.
iOS UniParthenope
University of Naples Federico II

A promising approach for designing critical embedded systems is based on virtualization technologies and multi-core platforms. These enable the deployment of both real-time and general-purpose systems with different criticalities in a single host. Integrating virtualization while also meeting the real-time and isolation requirements is non-trivial, and poses significant challenges especially in terms of certification. In recent years, researchers proposed hardware-assisted solutions to face issues coming from virtualization, and recently the use of Operating System (OS) virtualization as a more lightweight approach. Industries are hampered in leveraging this latter type of virtualization despite the clear benefits it introduces, such as reduced overhead, higher scalability, and effortless certification since there is still lack of approaches to address drawbacks. In this position paper, we propose the usage of Intel's CPU security extension, namely SGX, to enable the adoption of enclaves based on unikernel, a flavor of OS-level virtualization, in the context of real-time systems. We present the advantages of leveraging both the SGX isolation and the unikernel features in order to meet the requirements of safety-critical real-time systems and ease the certification process.


On Temporal Isolation Assessment in Virtualized Railway Signaling as a Service Systems

Railway signaling systems provide numerous critical functions at differe...

Look Mum, no VM Exits! (Almost)

Multi-core CPUs are a standard component in many modern embedded systems...

vLibOS: Babysitting OS Evolution with a Virtualized Library OS

Many applications have service requirements that are not easily met by e...

FastCycle: A Message Sharing Framework for Modular Automated Driving Systems

Automated Driving Systems (ADS) have rapidly evolved in recent years and...

Minimizing Event-Handling Latencies in Secure Virtual Machines

Virtualization, after having found widespread adoption in the server and...

SafeTI Traffic Injector Enhancement for Effective Interference Testing in Critical Real-Time Systems

Safety-critical domains, such as automotive, space, and robotics, are ad...

Exploring the Effects of Multicast Communication on DDS Performance

The Data Distribution Service (DDS) is an Object Management Group (OMG) ...