Embedded Systems are becoming more complex, and real-time applications are required to execute alongside other applications. Virtualization emerged as a solution for this problem, since allows the coexistence of different operating systems on the same platform. Thus, tackling different requirements with lower financial costs and complexity (Zampiva, Moratelli, & Hessel, 2015). In these systems, concurrent OSes may need to communicate, and for that different IPC mechanisms already exist.

Security is a huge concern when it comes to embedded systems intended to meet high level requirements. A hypervisor should be capable of efficiently separate all its running OSes, so that an existing vulnerability in one of them does not expose the others that are concurrently operating. Also, it should be able to mitigate the number possibilities in which the system could be compromised.

Traditional TCP/IP could be used to communicate between coresident VMs, which include doing some unnecessary package processing on the network stack. This could be avoided by the usage of shared memory mechanisms(Ren et al., 2013). To make the latter implementation reliable, some requirements regarding security and performance should be specified during the design stage. Per example, in terms of performance, choosing the implementation layer in the software stack, as well as the level of transparency desired(Ren et al., 2013); in security, the level of separation desired for resources (which also influence performance), or concerns regarding data integrity(Gebhardt & Tomlinson, 2010).

As systems get more complex and extensive, problems related to its configurability, scalability and interoperability may arise. Modeling tools fitted with generative capabilities and enriched with semantic technology appear to be a very profitable solution. These tools enable easy system’s configuration, allowing to manipulate existing trade-offs for testing purposes, as well as different systems’ generation.

This work aims at the development of a secure IPC mechanism, more specifically a shared memory mechanism. This may include the implementation of additional modules to secure its functional structures. All subsystems’ implementations should be modelled using a semantically enriched modeling DSL, which should allow the subsystems’ integration in a complex hypervisor implementation, through the use of semantic extensions. In this case, the implemented shared memory mechanism should be integrated in the TZVisor’s implementation. This work also aims at the collaboration in the development of the referred DSL

References:

Gebhardt, C., & Tomlinson, A. (2010). Challenges for Inter Virtual Machine Communication, (September), 0–17.

Ren, Y. I., Liu, L., Zhang, Q. I., Wu, Q., Guan, J., Kong, J., & Dai, H. (2013). Shared-Memory Optimizations for Inter Virtual Machine.

Zampiva, S., Moratelli, C., & Hessel, F. (2015). A hypervisor approach with real-time support to the MIPS M5150 processor. Proceedings - International Symposium on Quality Electronic Design, ISQED, 2015–April, 495–501. https://doi.org/10.1109/ISQED.2015.7085475