Real-time control for multicore needs to rethink trust in the OS: Page 2 of 4

November 22, 2018 //By John Blevins
Real-time control for multicore needs to rethink trust in the OS
OS architecture is insufficiently secure by design in the context of modern multicore processors. A new approach is needed that looks beyond security and into complex system design for security, safety, and complex consolidated system architectures.

Some hackers use side-channel attacks, which in some cases, like Meltdown and Spectre, use multicore optimization hardware design errors to gain access to memory directly and take data without privilege. This shows that our hardware is at the limits of its stable capability for secure system development—or is it? Have the processor designers foreseen these issues and facilitated software developers with the ability to mitigate and address these issues through solid secure design principles? The answer is yes, but it requires the adoption of some new technologies available on multicores and administered in ways that address both the preceding challenges and not at the level of the OS.

These issues have been recognized first in market sectors where security is as much a safety issue as it is a data-confidentiality concern. When lives are on the line—and the associated lawsuits—it focuses the mind. Without cybersecurity by design, a connected system can’t possibly be certifiably safe. Two sectors lead the charge in finding solutions to this issue, so that they can safely and cost-effectively adopt multicore and realize their SWaP and legacy code reuse objectives: automotive and avionics. In addition, the emerging market of “air mobility” (flying cars and Personal Air Vehicles) is waking up to these requirements, too.

In automotive, they have evolved Autosar to Adaptive Autosar so that a greater numbers of applications from a wider pool of OS system capabilities can be utilized and integrated safely into the car. In avionics, there’s a shift to a second generation of IMA (integrated modular avionics) with the objective of being able to adopt multicore for SWaP objectives, while realizing integration onto a single core means greater cybersecurity requirements. Physical isolation in federated units is no longer an asset available to the system architect, but perhaps the multicore designers provide the tools to deliver the equivalent?

Design category: 

Vous êtes certain ?

Si vous désactivez les cookies, vous ne pouvez plus naviguer sur le site.

Vous allez être rediriger vers Google.