Yuki Kinebuchi

SPUMONE: Lightweight CPU Virtualization Layer for Embedded Systems

Recently, the engineering cost of embedded systems is rapidly increasing due to growing sophistication of services. To deal with the problem, hybrid operating system environments have been proposed. This enables to run a RTOS and a general purpose OS concurrently and to reuse software resources on both of them. This approach is efficient in reducing engineering costs. We reconfigured the requirement for these hybrid operating system environment and build a new architecture which fulfills these requirements by using virtualization techniques. Our system provides the facilities to build multiple operating system environment easily. There are two contributions in our systems. One is that the modification cost of the guest OS is small. The second contribution is improvement in system availability by enabling guest OS to reboot independently. Although we used virtualization layer to construct a hybrid operating system environment, the performance overhead is considering small. Therefor our approach is very practical and efficient for recent sophisticated embedded systems.

Constructing a multi-OS platform with minimal engineering cost

Constructing an embedded device with a real-time and a general-purpose operating system has attracted attention as a promising approach to let the device balance real-time responsiveness and rich functionalities. This paper introduces our methodology for constructing such multi-OS platform with minimal engineering cost by assuming asymmetric OS combinations unique to embedded systems. Our methodology consists of two parts. One is a simple hypervisor for multiplexing resources to be shared between operating systems. The other is modifying operating systems to allow them to be aware of each other. We constructed an experimental system executing TOPPERS and Linux simultaneously on a hardware equipped with an SH-4A processor. The modification to each operating system kernel limited to a few dozen lines of code and do not introduce any overhead that would compromise real-time responsiveness or system throughput.

Task Grain Scheduling for Hypervisor-Based Embedded System

The emergence of functional embedded systems such as cell-phones and digital appliances brought up a new issue, building a system supporting both real-time and rich services. One of the solutions is leveraging a hypervisor to integrate an RTOS and a commodity OS into a single device. However, this approach induces the limitation of application deployment; all the high priority tasks should reside in the RTOS. In this paper, we propose a task grain scheduling for a real-time hypervisor, which enables a flexible application deployment between an RTOS and a commodity OS. We constructed a prototype system with an existing hypervisor, an RTOS, and a commodity OS. We measured some basic overheads, and fixed some tasks which were missing their deadlines using the task grain scheduling to meet their deadlines. The overheads were small and the task grain scheduling achieved a flexible real-time scheduling for the hypervisor based system.

Temporal and spatial isolation in a virtualization layer for multi-core processor based information appliances

A virtualization layer makes it possible to compose multiple functionalities on a multi-core processor with minimum modifications of OS kernels and applications. A multi-core processor is a good candidate to compose various software independently developed for dedicated processors into one multi-core processor to reduce both the hardware and development cost. In this paper, we present SPUMONE, which is a virtualization layer suitable for developing multi-core processor based-information appliances.

Monitoring Integrity Using Limited Local Memory

System integrity monitors, such as rootkit detectors, rely critically on the ability to fetch and inspect pages containing code and data of a target system under study. To avoid being infected by malicious or compromised targets, state-of-the-art system integrity monitors rely on virtualization technology to set up a tamper-proof execution environment. Consequently, the virtualization infrastructure is part of the trusted computing base. However, modern virtual machine monitors are complex entities, with large code bases that are difficult to verify. In this paper, we present a new machine architecture called limited local memory (LLM), which we use to set up an alternative tamper-proof execution environment for system integrity monitors. This architecture builds upon recent trends in multicore chip design to equip each processing core with access to a small, private memory area. We show that the features of the LLM architecture, combined with a novel secure paging mechanism, suffice to bootstrap a tamper-proof execution environment without support for hardware virtualization. We demonstrate the utility of this architecture by building a rootkit detector that leverages the key features of LLM. This rootkit detector can safely inspect a target operating system without itself becoming the victim of infection.

Composition kernel: a multi-core processor virtualization layer for rich functional smart products

Future ambient intelligence environments will embed powerful multi-core processors to compose various functionalities into a smaller number of hardware components. This makes the maintainability of intelligent environments better because it is not easy to manage massively distributed processors. A composition kernel makes it possible to compose multiple functionalities on a multi-core processor with the minimum modification of OS kernels and applications. A multi-core processor is a good candidate to compose various software developed independently for dedicated processors into one multi-core processor to reduce both the hardware and development cost. In this paper, we present SPUMONE which is a composition kernel for developing future smart products.

A Lightweight Monitoring Service for Multi-core Embedded Systems

The recent increase in complexity and functionality in embedded systems makes them more vulnerable to rootkit-type attacks, raising the need for integrity management systems. However, as of today there is no such system that can guarantee the system’s safety while matching the low-resource, real-time and multi-core requirements of embedded systems. In this paper, we present a Virtual Machine Monitor (VMM)based monitoring service for embedded systems that checks the actual kernel data against a safe data specification. However, due to the VMM and multi-core nature of the system, the guest OS can be preempted at any time, leading to the checking of potentially inconsistent states. We evaluated two approaches to solve this problem: detecting such invalid states by checking specific kernel data, and detecting system calls using the VMM.

Using Virtual CPU Migration to Solve the Lock Holder Preemption Problem in a Multicore Processor-Based Virtualization Layer for Embedded Systems

When a real-time OS (RTOS) and a symmetric multiprocessing general purpose OS (SMP GPOS) are executed on the same multicore processor, there is a possibility to cause the lock holder preemption (LHP) problem, which is a well known problem of the sources of the performance degradation on an SMP GPOS. The problem occurs when a kernel mode thread holding a lock in a SMP GPOS is preempted by other OSes if these OSes share the same physical core. The existing solution does not take into account real-time responsiveness so it is not suitable to use in embedded systems. The paper proposes two new techniques to avoid the LHP problem for ensuring both the real-time responsiveness of real-time OS and the high throughput of SMP GPOS. The new proposed techniques have been implemented on our virtualization layer called SPUMONE, and we measured the results showing that the proposed new techniques reduce the LHP problem without degrading the real-time responsiveness.

A Light-Weighted Virtualization Layer for Multicore Processor-Based Rich Functional Embedded Systems

In this paper, we introduce a lightweight processor abstraction layer named SPUMONE. SPUMONE provides virtual CPUs for respective guest OSes, and schedules them according to their priorities. In a typical case, SPUMONE schedules Linux with a low priority and an RTOS with a high priority. We first discuss why the traditional virtual machine monitor design is not appropriate for embedded systems, and how the features of SPUMONE allow us to design modern complex embedded systems with less efforts. Then, we describe two features of SPUMONE for the real-time resource management. SPUMONE also offers a novel mechanism to protect a critical component from malicious programs injected into the GPOS kernel.

Towards an Open Dependable Operating System

This paper introduces a new dependable operating system project, called DEOS, started in 2006, and scheduled to continue for six years. In this project, a safety extension mechanism called P-Bus is to be designed, and implemented in the Linux kernel so that a future dependability attribute is implemented with P-Bus. A hardware abstraction layer, called SPUMONE, is introduced so that a light-weight operating system, called ArcOS, and a monitoring service on top of ArcOS monitors the Linux kernel to provide a safety-net for the Linux kernel. New dependability metrics are being designed to enable developers and users to decide which hardware or software solution meets their dependability requirements, and thus can be used.