Biblio

Safety-critical systems require resiliency against both cyberattacks and environmental faults. Researches have shown that microkernels can isolate components and limit the capabilities of would-be attackers by confining the attack in the component that it is initiated in. This limits the propagation of faults to sensitive components in the system. Nonetheless, the isolation mechanism in microkernels is not fully investigated for its resiliency against hardware faults. This paper investigates whether microkernels provide protection against hardware faults and, if so, to what extent quantitatively. This work is part of an effort in establishing an overlap between security and reliability with the goal of maximizing both while minimizing their impact on performance. In this work, transient faults are emulated on the seL4 microkernel and Linux kernel using debugger-induced bit flips across random timestamps in benchmark applications. Results show differences in the frequency and final outcome of fault to error manifestation in the seL4 environment compared to the Linux environment, including a reduction in silent data corruptions.

As Internet of Things(IOT) devices become intelli-gent, more powerful computing capability is required. Multi-core processors are widely used in IoT devices because they provide more powerful computing capability while ensuring low power consumption. Therefore, it requires the operating system on IoT devices to support and optimize the scheduling algorithm for multi-core processors. Nowadays, microkernel-based operating systems, such as QNX Neutrino RTOS and HUAWEI Harmony OS, are widely used in IoT devices because of their real-time and security feature. However, research on multi-core scheduling for microkernel operating systems is relatively limited, especially for load balancing mechanisms. Related research is still mainly focused on the traditional monolithic operating systems, such as Linux. Therefore, this paper proposes a low-latency, high- performance, and high real-time centralized global dynamic multi-core load balancing method for the microkernel operating system. It has been implemented and tested on our own microkernel operating system named Mginkgo. The test results show that when there is load imbalance in the system, load balancing can be performed automatically so that all processors in the system can try to achieve the maximum throughput and resource utilization. And the latency brought by load balancing to the system is very low, about 4882 cycles (about 6.164us) triggered by new task creation and about 6596 cycles (about 8.328us) triggered by timing. In addition, we also tested the improvement of system throughput and CPU utilization. The results show that load balancing can improve the CPU utilization by 20% under the preset case, while the CPU utilization occupied by load balancing is negligibly low, about 0.0082%.

The operating system is extremely important for both "Made in China 2025" and ubiquitous electric power Internet of Things. By investigating of five key requirements for ubiquitous electric power Internet of Things at the OS level (performance, ecosystem, information security, functional security, developer framework), this paper introduces the intelligent NARI microkernel Operating System and its innovative schemes. It is implemented with microkernel architecture based on the trusted computing. Some technologies such as process based fine-grained real-time scheduling algorithm, sigma0 efficient message channel and service process binding in multicore are applied to improve system performance. For better ecological expansion, POSIX standard API is compatible, Linux container, embedded virtualization and intelligent interconnection technology are supported. Native process sandbox and mimicry defense are considered for security mechanism design. Multi-level exception handling and multidimensional partition isolation are adopted to provide High Reliability. Theorem-assisted proof tools based on Isabelle/HOL is used to verify the design and implementation of NARI microkernel OS. Developer framework including tools, kit and specification is discussed when developing both system software and user software on this IoT OS.

This paper introduces quarantine, a new security primitive for an operating system to use in order to protect information and isolate malicious behavior. Quarantine's core feature is the ability to fork a protection domain on-the-fly to isolate a specific principal's execution of untrusted code without risk of a compromise spreading. Forking enables the OS to ensure service continuity by permitting even high-risk operations to proceed, albeit subject to greater scrutiny and constraints. Quarantine even partitions executing threads that share resources into isolated protection domains. We discuss the design and implementation of quarantine within the LockDown OS, a security-focused evolution of the Composite component-based microkernel OS. Initial performance results for quarantine show that about 98% of the overhead comes from the cost of copying memory to the new protection domain.