Virtualization and hypervisors aid embedded design
Techniques improve security and ease the pain of moving applications
BY ROBERT DAY
LynuxWorks
San Jose, CA
http//www.lnxw.com
Virtualization, hypervisors, and separation kernels have generated considerable buzz in both the enterprise and embedded marketplaces. In the embedded world, many of these technologies have been developed to meet the needs of security-critical military environments, offering certifiable secure systems. However, these same technologies also can play an instrumental role in other environments requiring elements of security, such as those found in the industrial, medical, and financial services areas. What these environments have in common is a need to share some common data, applications, or functions, while leaving other, more critical applications and functions (or data with a higher sensitivity) under virtual lock and key.
The LynxSecure Separation Kernel diagram shows an environment within which multiple operating systems can perform simultaneously without compromising security or reliability.
These technologies can also provide a platform on which engineers can consolidate existing applications onto today’s more powerful processors, reducing the space and cost footprint of any computing system, or can be an aid for moving applications from a system that had no security requirements into a new security-based system.
Virtualization and the separation kernel
Software separation and hardware virtualization technologies work together to enable different applications to run within the same environment, each within its own software partition and with each partition getting access to its own virtual processor to help increase performance of large or complex applications. With the addition of a software hypervisor, software virtualization is now possible, enabling the support of multiple operating systems in their own partitions running on the same physical hardware.
Unlike a traditional security kernel that performs all trusted functions for a secure operating system, the separation kernel’s primary function is to partition system resources, sequester data, and control information flow among the separate partitions. When combined with virtualization technology, such as Intel’s VT hardware, separation kernels offer the high performance required by today’s demanding software applications.
They do this by isolating each virtual instance in a system via hardware protection provided to each partition with its own virtual address. By guaranteeing the availability of resources, such as memory and processor cycles, these systems can ensure that no single software instance can consume the scheduled memory or time resources of other partitions.
While this functionality has already been widely deployed in the military and national security environments and in safety-critical avionics applications, it is gaining ground within the enterprise as well. This provides a hardy foundation for the creation of multilevel systems with advanced security needs, as well as a method for ensuring that individual guest operating systems do not encroach on each other’s operations.
Example application
For example, in a military setting, air force pilots need access to both classified data (such as flight path information, coordinates of potential targets, and communication with ground commander) and unclassified information (such as aircraft performance information, fuel levels, and miles flown). The applications that manage these functions and/or crunch the data run on a single computer system. When the aircraft lands, the maintenance crew will need some of the unclassified information in order to ensure the aircraft is properly prepped for its next flight but the crew must be blocked from accessing any classified mission information.
Rather than granting maintenance crews security clearance or requiring flight crews to remove classified data from systems prior to service, the separation kernel can simply disable access to the classified applications and data when the maintenance crews are logged into the system. This software approach reduces the need for physically separate computer systems to ensure security separation, and hence reduces the size, weight, cost and power of the flight computers.
Hypervisor enables ‘guest’ operating systems
The most recent software virtualization technique is the hypervisor, software that controls how a system’s memory and processing power are shared atop a separation kernel. This virtualization enables any number of “guest” operating systems to run on top of the hypervisor, each in its own separate partition. Originally designed for the mainframe and server environment, hypervisor technology has been moving onto the desktop, and is now becoming available to embedded developers.
Embedded hypervisors allow for traditionally non-real-time operating systems such as Linux or Windows to coexist on the same hardware as a more traditional RTOS. This allows the embedded software developers to partition their systems to have real-time applications running in one partition and traditional desktop application running on top of the another guest OS.
Because the embedded separation kernel and hypervisor are small and efficient, they maintain hard real-time characteristics and determinism for the real-time applications and give the non-real-time applications their own time slice of the processor. By using today’s hardware virtualization or multicore systems, both types of applications show no performance degradation.
Integrated avionics application
A possible application instance for the embedded hypervisor could be in an integrated avionics application. With planes becoming more connected to the outside world, it is very possible that Web-browsing capabilities will be a requirement in the cockpit.
This traditionally would require an additional computer system to make sure that it was separate from the flight control system. By using an embedded hypervisor, the web browser could run in its own secure partition running on a Windows or Linux guest OS, with the hypervisor and separation kernel making sure that any possible threats or faults are contained and hence not affecting the other cockpit systems.
Easing the reuse of legacy applications
While separation kernels were born to serve the stringent needs of the military, with the addition of the hypervisor they can serve useful purposes in the migration of legacy systems. For instance, perhaps a designer needs to change hardware platforms to a more powerful processor.
Using a hypervisor to control a variety of disparate operating systems would enable the direct reuse of existing applications, rather than requiring the costly and time consuming process of rewriting the entire code. This also allows for the addition of new features and applications (even on top of a new OS) to sit next to the legacy applications running on the legacy operating system(s). The embedded hypervisor becomes an enabling technology for future-proofing current embedded systems.
Several established and emerging separation kernel and hypervisor technologies are on the market today, ranging from desktop virtualization, such as the Parallels for Mac that allows consumers to run Windows applications on Mac OS X, to more embedded safety- and security-critical solutions, such as the LynxSecure separation kernel and hypervisor from LynuxWorks.
The server and desktop world is currently well served with hypervisors, but they are generally targeted to very specific hardware platforms and are typically aimed at traditional desktop operating systems. Their size and performance are typically geared toward larger processors (or clusters of processors) and much more memory than the typical embedded system has available, and so their ability to scale to meet the needs of the embedded user is questionable. A true embedded separation kernel with hypervisor capabilities will offer much of the functionality of the desktop solutions, but also support the traditional embedded processors and operating systems, with the memory footprint and real-time characteristics that are required by embedded developers.
Much as the server world has embraced hypervisors with widespread adoption, it is possible that the embedded world might go the same way, as the benefits of reusability of legacy applications, the hardware abstraction, and the ability to run multiple operating systems on a single hardware platform can make for much more efficient embedded software development. ■
For more on virtualization and hypervisors, visit http://electronicproducts-com-develop.go-vip.net/software.asp.
Advertisement
Learn more about LynuxWorks
