CapeVM: A Safe and Fast Virtual Machine for Resource-Constrained Internet-of-Things Devices
| Title | CapeVM: A Safe and Fast Virtual Machine for Resource-Constrained Internet-of-Things Devices |
| Publication Type | Conference Paper |
| Year of Publication | 2018 |
| Authors | Reijers, Niels, Shih, Chi-Sheng |
| Conference Name | Proceedings of the 16th ACM Conference on Embedded Networked Sensor Systems |
| Publisher | ACM |
| Conference Location | New York, NY, USA |
| ISBN Number | 978-1-4503-5952-8 |
| Keywords | ahead-of-time compilers, Collaboration, fault isolation, Human Behavior, human factors, Metrics, Performance, policy-based governance, pubcrawl, resilience, Resiliency, Safe Coding, Safety, sandbox, sensor nodes, virtual machines |
| Abstract | This paper presents CapeVM, a sensor node virtual machine aimed at delivering both high performance and a sandboxed execution environment that ensures malicious code cannot corrupt the VM's internal state or perform actions not allowed by the VM. CapeVM uses Ahead-of-Time compilation and introduces a range of optimisations to eliminate most of the overhead present in previous work on sensor node AOT compilers. A sandboxed execution environment is guaranteed by a set of checks. The structured nature of the VM's instruction set allows the VM to perform most checks at load time, reducing the need for expensive run-time checks compared to native code approaches. While some overhead from using a VM and adding sandbox checks cannot be avoided, CapeVM's optimisations reduce this overhead dramatically. We evaluate CapeVM using a set of IoT applications and show this results in a performance just 2.1x slower than unsandboxed native code. Thus, CapeVM combines the desirable properties ofexisting work on both sandboxed execution and virtual machines for sensor nodes, with significantly improved performance. |
| URL | https://dl.acm.org/citation.cfm?doid=3274783.3274842 |
| DOI | 10.1145/3274783.3274842 |
| Citation Key | reijers_capevm:_2018 |