Conferences and supporting programme
Challenges in Virtualizing Safety-Critical Cyber-Physical Systems
The need for security and virtualization capabilities in modern cyber-physical systems is increasing and plays a crucial role in their design. Hardware virtualization achieved by hypervisors established a de-facto solution to partition the computational resources of a computing platform among different application domains. However, while most hypervisors have been conceived to virtualize primary hardware resources, such as CPUs, memories, and I/O devices, they still lack a proper management of other architectural resources (e.g., last level cache, main memory, bus) that are implicitly shared by application domains running upon commercial off-the-shelf (COTS) multicore platforms. Furthermore, due to the increase of software complexity and the exposure of modern systems by means of connectivity infrastructures, security became a fundamental design objective, originating strong functional and reliability requirements that cannot generally be achieved with pure software techniques such as virtualization. Chip makers developed a wide range of solutions for hardware-based support to virtualization on modern multi-core platforms. Thus, common requirements were addressed in different ways by various virtualization solutions. Also, hardware extensions have been developed to realize trusted execution environments (TEEs), which pose new challenges when have to be managed by hypervisors. This paper presents some recent research activities on hypervisors carried out by the ReTiS Lab of the Scuola Superiore Sant'Anna of Pisa and Evidence Srl starting from the requirements of the RETINA Eurostar project. In virtualized environments, it is common to have applications with different levels of criticality sharing data among themselves. In these cases, the requirement must be done without compromising isolations and safety constraints. The problem of providing spatial and temporal isolation between execution domains in a hypervisor running on multicore platforms has mainly been addressed for the CPU only considering the temporal dimension. However, the temporal isolation can be jeopardized by a significant interference introduced by shared resources as the last level cache and the main memory. Such an interference can be mitigated by proper techniques, as cache coloring and memory bandwidth reservations. Furthermore, security issues can be addressed by a dual-hypervisor design to efficiently support software components with different security requirements. The design enables the execution of multiple domains in isolation, where each of them can include both a standard (i.e., non-secure) execution environment and a TEE, with the latter executed upon secure partitions. This paper first shows that a complete virtualization solution capable of dealing with safety-critical systems is not yet available. Then, it proposes promising solutions for some open problems also exploiting supports from modern multicore platforms.
--- Date: 27.02.2018 Time: 5:00 PM - 5:30 PM Location: Conference Counter NCC Ost