Security and Performance Benefits of Virtualization

Similar documents
IoT It s All About Security

Multicore platform towards automotive safety challenges

Infotainment Solutions. with Open Source and i.mx6. mentor.com/embedded. Andrew Patterson Business Development Director Embedded Automotive

Using a Separation Kernel to Protect against the Remote Exploitation of Unaltered Passenger Vehicles

Smart Antennas and Hypervisor: Enabling Secure Convergence. July 5, 2017

Virtualizaton: One Size Does Not Fit All. Nedeljko Miljevic Product Manager, Automotive Solutions MontaVista Software

Addressing Complexity in Connected & Autonomous Vehicles (and in fact everything else )

Open Source in Automotive Infotainment

Beyond TrustZone PSA Reed Hinkel Senior Manager Embedded Security Market Development

Using a Hypervisor to Manage Multi-OS Systems Cory Bialowas, Product Manager

SIERRAWARE SIERRATEE FOR MIPS OMNISHIELD

HW isolation for automotive environment BoF

New ARMv8-R technology for real-time control in safetyrelated

Presentation's title

BUILDING the VIRtUAL enterprise

A Big Little Hypervisor for IoT Development February 2018

Interaction between AUTOSAR and non-autosar Systems on top of a Hypervisor

The Next Steps in the Evolution of Embedded Processors

SIMPLIFYING THE CAR. Helix chassis. Helix chassis. Helix chassis WIND RIVER HELIX CHASSIS WIND RIVER HELIX DRIVE WIND RIVER HELIX CARSYNC

How to protect Automotive systems with ARM Security Architecture

New Approaches to Connected Device Security

THE RTOS AS THE ENGINE POWERING THE INTERNET OF THINGS

10 th AUTOSAR Open Conference

Communication Patterns in Safety Critical Systems for ADAS & Autonomous Vehicles Thorsten Wilmer Tech AD Berlin, 5. March 2018

Mentor Automotive Save Energy with Embedded Software! Andrew Patterson Presented to CENEX 14 th September 2016

Profiling and Debugging OpenCL Applications with ARM Development Tools. October 2014

Xen Project Automotive and Embedded Overview

Adaptive AUTOSAR Extending the Scope of AUTOSAR-based Embedded Software

Real-Time Systems and Intel take industrial embedded systems to the next level

Growth outside Cell Phone Applications

Live Demo: A New Hardware- Based Approach to Secure the Internet of Things

TRESCCA Trustworthy Embedded Systems for Secure Cloud Computing

EDGE COMPUTING & IOT MAKING IT SECURE AND MANAGEABLE FRANCK ROUX MARKETING MANAGER, NXP JUNE PUBLIC

Designing Security & Trust into Connected Devices

Introduction to Adaptive AUTOSAR. Dheeraj Sharma July 27, 2017

ARM Security Solutions and Numonyx Authenticated Flash

Hypervisor Market Overview. Franz Walkembach. for GENIVI AMM, April 19 th, 2018 (Munich) SYSGO AG Public

ARM processors driving automotive innovation

The Next Steps in the Evolution of ARM Cortex-M

Adaptive AUTOSAR Extending the Scope of AUTOSAR-based Embedded Software

Virtualization Overview

Building High Performance, Power Efficient Cortex and Mali systems with ARM CoreLink. Robert Kaye

Scalable and Flexible Software Platforms for High-Performance ECUs. Christoph Dietachmayr Sr. Engineering Manager, Elektrobit November 8, 2018

Virtual Hardware ECU How to Significantly Increase Your Testing Throughput!

Designing Security & Trust into Connected Devices

The Remote Exploitation of Unaltered Passenger Vehicles Revisited. 20 th October 2016 Mark Pitchford, Technical Manager, EMEA

Safe Multi-Display Cockpit Controller

Making Full use of Emerging ARM-based Heterogeneous Multicore SoCs

i.mx アプリケーション プロセッサ ARM Processor for Automotive Sadeque Hanif Marketing, Microcontrollers External Use

FTF-CON-F0403. An Introduction to Heterogeneous Multiprocessing (ARM Cortex -A + Cortex- M) on Next-Generation i.mx Applications Processors

Market Trends and Challenges in Vehicle Security

Trustzone Security IP for IoT

Designing, developing, debugging ARM Cortex-A and Cortex-M heterogeneous multi-processor systems

Security for Secure IoT: Advanced Architectures for IoT Gateways. Simon Forrest Director of Segment Marketing, Consumer Electronics

Adaptive AUTOSAR. Ready for Next Generation ECUs V

Safety and Security for Automotive using Microkernel Technology

EC H2020 dredbox: Seminar School at INSA Rennes

Beyond TrustZone Security Enclaves Reed Hinkel Senior Manager Embedded Security Market Develop

Beyond TrustZone PSA. Rob Coombs Security Director. Part1 - PSA Tech Seminars Arm Limited

Real-Time Cache Management for Multi-Core Virtualization

Virtual Open Systems (VOSyS)

Designing Security & Trust into Connected Devices

AArch64 Virtualization

How to Introduce Virtualization in AGL? Objectives, Plans and Targets for AGL EG-VIRT

Towards Converged SmartNIC Architecture for Bare Metal & Public Clouds. Layong (Larry) Luo, Tencent TEG August 8, 2018

TRENDS IN SECURE MULTICORE EMBEDDED SYSTEMS

Software Driven Verification at SoC Level. Perspec System Verifier Overview

Trusted Platform Modules Automotive applications and differentiation from HSM

EMC2. Prototyping and Benchmarking of PikeOS-based and XTRATUM-based systems on LEON4x4

RazorMotion - The next level of development and evaluation is here. Highly automated driving platform for development and evaluation

In the Driver s Seat

Using a Certified Hypervisor to Secure V2X communication

Cortex-A75 and Cortex-A55 DynamIQ processors Powering applications from mobile to autonomous driving

BOSCH CASE STUDY. How Bosch Has Benefited from GENIVI Adoption

A Secure Update Architecture for High Assurance Mixed-Criticality System Don Kuzhiyelil Dr. Sergey Tverdyshev SYSGO AG

IoT Market: Three Classes of Devices

10 th AUTOSAR Open Conference

Java Embedded on ARM

Xen Automotive Hypervisor Automotive Linux Summit 1-2 July, Tokyo

Xen on ARM. Stefano Stabellini

Heterogeneous Software Architecture with OpenAMP

Hardware assisted Virtualization in Embedded

Merging Enterprise Applications with Docker* Container Technology

Advanced IP solutions enabling the autonomous driving revolution

mbed OS Update Sam Grove Technical Lead, mbed OS June 2017 ARM 2017

Connect Vehicles: A Security Throwback

Compute solutions for mass deployment of autonomy

A unified multicore programming model

Enabling a Richer Multimedia Experience with GPU Compute. Roberto Mijat Visual Computing Marketing Manager

Architecture concepts in Body Control Modules

IBM Bluemix compute capabilities IBM Corporation

Multicore Computing and the Cloud Optimizing Systems with Virtualization

Copyright 2011, Oracle and/or its affiliates. All rights reserved.

Next Generation of IVI Systems: Android Automotive. Klaus Lindemann, Manager HMI August 23, 2018

Build your own Cloud on Christof Westhues

1000BASE-T1 from Standard to Series Production

Beyond TrustZone Part 1 - PSA

Implementing debug. and trace access. through functional I/O. Alvin Yang Staff FAE. Arm Tech Symposia Arm Limited

Silver Bullet of Virtualization. Challenges and Concerns. May 27, 2013 v1.0

Strato and Strato OS. Justin Zhang Senior Applications Engineering Manager. Your new weapon for verification challenge. Nov 2017

Transcription:

Security and Performance Benefits of Virtualization Felix Baum mentor.com/embedded Android is a trademark of Google Inc. Use of this trademark is subject to Google Permissions. Linux is the registered trademark of Linus Torvalds in the U.S. and other countries.

Homogeneous Multicore is not new! 2 mentor.com/embedded

Neither is Heterogeneous Multicore! 3 mentor.com/embedded

The World is More Connected 4 mentor.com/embedded

Connectivity includes Cars This isn t just an evolution of technology-enabled, connected vehicles. This goes beyond self-driving cars. And it s more than a simple sensor-network: This is the era of smart mobility an Internet of Cars. Thilo Koslowski Vice President, Distinguished Analyst Automotive practice at Gartner Inc. Source: http://www.wired.com/opinion/2013/01/forget-the-internet-of-things-here-comes-the-internet-of-cars/ 5 mentor.com/embedded

Security 6 mentor.com/embedded

Shorter Cycles 7 mentor.com/embedded

Increasing Vehicle Complexity Up to 65 million lines of code, 30 million for the multimedia system 25-200 microprocessors Recent high-end luxury car ECU connections: 10 for FlexRay, 73 for CAN and 61 for LIN Base vehicles employ 1,376 wires with a total length of 2,474 meters. A fully optioned vehicle requires 2,385 wires, with a total length of 4,293 meters. 500 LEDs are deployed, no light bulbs Source: The Hansen Report on Automotive Electronics, July/August 2013 100 motors in the interior 8 mentor.com/embedded

ARM Embedded Processors 9 mentor.com/embedded

SoCs Rapidly Changing, Functionality Increases Rapid Production Change 10 mentor.com/embedded

Linux As in many markets the adoption and use of Linux is accelerating in the automotive domain, including for In-vehicle infotainment Cluster Advanced Driver Assistance Functions 11 mentor.com/embedded

Memory Peripherals A Solution Approach: Virtualization Embedded hypervisors High performance, e.g. runtime and boot time Strong isolation Highly robust Hypervisor Security Strong isolation and containment of guests Secure critical information and software Widespread use of open source software Embedded Linux gaining widespread adoption System robustness allowed by separation IP protection provided through system partitioning RTOS RTOS SW Stack 1 SW Stack 2 Hypervisor CPU Core CPU Core CPU Core CPU Core RTOS Bare-Metal 12 mentor.com/embedded

Virtualization: oversubscription Apps Linux App RTOS App BME Mem vdev Mem Dev Mem Dev Hypervisor CPU CPU Devices Memory When more guests need to run than cores available 13 mentor.com/embedded

Virtualization: consolidation Apps Apps Apps Apps Linux Linux Linux Android Mem vdev Mem vdev Apps Apps Mem vdev Mem vdev Linux RTOS/BM Mem vdev Mem vdev Hypervisor Hypervisor CPU CPU CPU CPU Devices Memory Hypervisor CPU CPU CPU CPU Devices Memory CPU CPU CPU CPU Devices Memory Reliably run multiple of the same or different guests 14 mentor.com/embedded

Virtualization: robustness and security Apps Apps Apps Apps Apps Apps Apps Apps Linux, RTOS, Bare Metal Linux, RTOS, Bare Metal Devices Memory Devices Memory Hypervisor Trusted Execution Environment CPU CPU CPU CPU Devices Memory Devices Memory Increase reliability of the existing software by enabling virtualization, security and separation capabilities of the hardware 15 mentor.com/embedded

Security via ARM TrustZone ARM TrustZone can be thought of as a hardware-based solution that can be used to define a subset of the SoC for access by software. Software that is designated as Secure World software has access to ALL of the SoC, while software that is designated as Normal World can access only those HW elements that are defined as Non-Secure. Security can be further enhanced via Trusted boot Security through separation 16 mentor.com/embedded

ARM TrustZone worlds Apps App App Apps App App LINUX RTOS DRM LINUX RTOS DRM Mem vdev Mem Dev Mem Dev Mem vdev Mem Dev Mem Dev Hypervisor Hypervisor CPU CPU CPU CPU CPU CPU CPU CPU Devices Memory Devices Memory Device A Device B Memory Memory Device A Device B Memory Memory Normal World Secure World 17 mentor.com/embedded

ARM TrustZone example Software that runs in the Normal World is assumed to be flawed from a safety and security perspective. This software is expected to contain bugs, exploits, hacks, faults, or irregularities that could expose sensitive information or functions. Secure World applications have complete access to the hardware and resources that are associated with both worlds. TrustZone does nothing to improve the safety or security of the Trusted software itself which must be explicitly tested and independently validated. 1 2 3 4 5 6 7 8 9 * 0 # Secure Element (SecurCore) 18 mentor.com/embedded

Virtualization uses in automotive Security and Robustness Isolation of critical software from the rest of the code and reducing the burden of testing and re-certification Licensing and IP Separation Partitioning of the software with incompatible licensing terms and protecting of proprietary IP from open source licensing terms Software Reuse Upgrade path from an RTOS based device to the one that incorporate Linux, allowing to leverage Linux software ecosystem while preserving legacy investment Real Time Performance Devices that take advantage of Linux ecosystem and wealth of existing functionality could benefit from real time responsiveness of BM guest Fast Startup Starting VMs in a particular order would help with staged boot process 19 mentor.com/embedded

Automotive Virtualization Requirements Type 1 (bare metal) hypervisor Sub 10K LOC code base Exploit hardware virtualization extensions for security and efficiency Hypervisor with a Security focus Strong isolation and containment of guests Secure critical information & software (TrustZone support and Trusted Execution Environment implementation) Multi-Core and Multi-Guest enabled Multicore Capable: Single VM on a multiple cores Multiple VMs on a single or multiple cores Combine UP and SMP guests 20 mentor.com/embedded

Automotive Virtualization Requirements Hardware Support ARM Cortex A9: i.mx6 reference platform ARM Cortex A15: OMAP5 and J6 reference platforms Flexible Scheduling Dedicate guests to cores or time-slice core for multiple VMs Extensive Device Model Flexibility & Performance Directly-assign devices for performance - GPUs, NICs Virtual device model to share device between VMs - Ethernet and Serial Guest Support GENIVI compliant YOCTO based Linux distribution Android RTOS Bare-Metal environment Configurations Linux - Linux, Linux -Android, Linux - BME, BME 21 mentor.com/embedded

Summary Security and Separation Exposure via many connectivity options increases attack surfaces and jeopardizes reliable system function. Highly integrated systems need separation and protection of the sensitive data. Performance Highly integrated systems need separation and protection of the sensitive data. Widespread use of Linux and other Open Source Software Ecosystems of applications offer in-vehicle consumer demanded experiences. Protection of software license rights. Separation, Security and Performance are increasingly important for the embedded systems driven to a large extent by the Intelligent and Open Devices in vehicles and the Internet of Things 22 mentor.com/embedded

Q & A 23 mentor.com/embedded

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback