Minimizing Event-Handling Latencies in Secure Virtual Machines

06/04/2018
by   Janis Danisevskis, et al.
0

Virtualization, after having found widespread adoption in the server and desktop arena, is poised to change the architecture of embedded systems as well. The benefits afforded by virtualization - enhanced isolation, manageability, flexibility, and security - could be instrumental for developers of embedded systems as an answer to the rampant increase in complexity. While mature desktop and server solutions exist, they cannot be easily reused on embedded systems because of markedly different requirements. Unfortunately, optimizations aimed at throughput, important for servers, often compromise on aspects like predictable real-time behavior, which are crucial to many embedded systems. In a similar vein, the requirements for small trusted computing bases, lightweight inter-VM communication, and small footprints are often not accommodated. This observation suggests that virtual machines for embedded systems should be constructed from scratch with particular attention paid to the specific requirements. In this paper, we set out with a virtual machine designed for security-conscious workloads and describe the steps necessary to achieve good event-handling latencies. That evolution is possible because the underlying microkernel is well suited to satisfy real-time requirements. As the guest system we chose Linux with the PREEMPT_RT configuration, which itself was developed in an effort to bring down event-handling latencies in a general purpose system. Our results indicate that the increase of event-handling latencies of a guest running in a virtual machine does not, compared to native execution, exceed a factor of two.

READ FULL TEXT
research
10/11/2018

T-Visor: A Hypervisor for Mixed Criticality Embedded Real-time System with Hardware Virtualization Support

Recently, embedded systems have not only requirements for hard real-time...
research
06/04/2013

V-BOINC: The Virtualization of BOINC

The Berkeley Open Infrastructure for Network Computing (BOINC) is an ope...
research
09/20/2019

Isolating Real-Time Safety-Critical Embedded Systems via SGX-based Lightweight Virtualization

A promising approach for designing critical embedded systems is based on...
research
04/29/2017

Contego: An Adaptive Framework for Integrating Security Tasks in Real-Time Systems

Embedded real-time systems (RTS) are pervasive. Many modern RTS are expo...
research
11/22/2021

Survey of Control-Flow Integrity Techniques for Embedded and Real-Time Embedded Systems

Computing systems, including real-time embedded systems, are becoming in...
research
09/28/2017

Efficient Convolutional Neural Network For Audio Event Detection

Wireless distributed systems as used in sensor networks, Internet-of-Thi...
research
09/23/2019

SIVSHM: Secure Inter-VM Shared Memory

With wide spread acceptance of virtualization, virtual machines (VMs) fi...

Please sign up or login with your details

Forgot password? Click here to reset