Design Con 2015

Embedded Systems Security - Part 3: Hypervisors and system virtualization

David Kleidermacher and Mike Kleidermacher -February 19, 2013

Editor's Note: Embedded Systems Security aims for a comprehensive, systems view of security: hardware, platform software (such as operating systems and hypervisors), software development process, data protection protocols (both networking and storage), and cryptography. In this excerpt, the authors offer an in-depth look at the role of the operating system in secure embedded systems. In part 1, the authors offer an in-depth look at the role of the operating system in secure embedded systems. In part 2, the authors discuss how an OS provides access control for ensuring process security. In this installment, the authors examine the use of hypervisors in implementing system virtualization. In part 4, the authors review the security pitfalls and trends in embedded I/O virtualization.

Adapted from "Embedded Systems Security" by David Kleidermacher and Mike Kleidermacher (Newnes)

2.6 Hypervisors and System Virtualization
The operating system has long played a critical role in embedded systems. A prime historical purpose of the operating system is to simplify the life of electronic product developers, freeing them to focus on differentiation. The operating system fulfills this mission by abstracting the hardware resources - RAM and storage, connectivity peripherals such as USB and Ethernet, and human interface devices such as touchscreens. The abstraction is presented to the developer in the form of convenient APIs and mechanisms for interacting with the hardware and managing application workloads. The operating system is coupled with a development environment - compilers, debuggers, editors, performance analyzers, and so on - that help engineers build their powerful applications quickly and to take maximum advantage of the operating system.

Of course, this environment has grown dramatically up the stack. Instead of just providing a TCP/IP stack, an embedded operating system must sometimes provide a full suite of application-level protocols and services such as FTP and web servers. Instead of a simple graphics library, the operating system may need to provide sophisticated multimedia audio and 3D-graphics frameworks. Furthermore, as embedded Systems-on-Chip (SoCs) become more capable, application and real-time workloads are being consolidated. The example discussed briefly in Chapter 1 of an automotive infotainment system integrating rear-view camera capability is representative of this trend: the operating system must provide a powerful applications environment while responding instantly to real-time events and protecting sensitive communications interfaces from corruption.

Because of its central role, the operating system has sometimes been the battleground between electronics manufacturers who aim not only to differentiate but also to protect the uniqueness of and investment in their innovations. The smartphone market is an obvious example: silicon vendors, consumer electronics manufacturers, and service providers at all levels want to control that human-machine interface, which acts as the portal for revenue, loyalty, and brand recognition.

The trend toward consolidation has posed a significant challenge to embedded operating system suppliers who must navigate the myriad of stacks, interfaces, standards, and software packages. This complexity has also fueled a trend toward open source models to reap the benefits of a massive, distributed developer base. Linux is the primary success story. However, while Linux has succeeded in gaining dramatic market share, it has also suffered from tremendous fragmentation. What embedded systems developers have realized is that they must customize and extend Linux to be able to obtain differentiation and platform control. In essence, these Linux-based efforts have become the new do-it-yourself proprietary operating system for a collection of stakeholders.

The key problem is that the typical operating system abstractions - files, devices, network communication, graphics, and threads - have begun to reach their limit of utility. Application developers and electronics suppliers who become too dependent on one operating system abstraction environment can find themselves in dire straights if the operating system fails to meet emerging requirements, runs into licensing or IP rights headwinds, or is simply surpassed by another operating system in the market.

Next: Title-1

Loading comments...

Write a Comment

To comment please Log In