Real-time control for multicore needs to rethink trust in the OS: Page 4 of 4

November 22, 2018 //By John Blevins
Real-time control for multicore needs to rethink trust in the OS
OS architecture is insufficiently secure by design in the context of modern multicore processors. A new approach is needed that looks beyond security and into complex system design for security, safety, and complex consolidated system architectures.

Multi-pronged approach

In the end, the solution should address several factors:

  • Fully utilize the capabilities provided to us by multicore processor providers.
  • Limit the impact of privilege escalation to stay within the application platform environment that failed to withstand the hacker
  • Provide a platform capability immune to privilege escalation
  • Most importantly, deliver the hardware-supported module (OS, bare-metal application or service, or unikernel) for the secure separation these multicores provide us.

This solution is not an OS, nor even a micro-kernel—it’s a separation kernel hypervisor, where the word “kernel” merely reflects the well-understood need to support the development of securely isolated system services, as well as hosted guest OSs. A separation kernel hypervisor is a small purpose-built security layer (no OS inside) that utilizes hardware virtualization instructions to enable virtualized modules (OSs, RTOSs, bare-metal apps) to run securely on top with dedicated, securely separated hardware resources.

Keep using your favorite OS or legacy for application development, but secure it up with virtualized separation when running on multicore.

About the author:

John Blevins is Director of Products at Lynx Software Technologies.

This article was first published in Electronic Design - www.electronicdesign.com

Design category: 

Vous êtes certain ?

Si vous désactivez les cookies, vous ne pouvez plus naviguer sur le site.

Vous allez être rediriger vers Google.