Towards a Resilient Operating System for Wireless Sensor Networks

Similar documents
Contiki a Lightweight and Flexible Operating System for Tiny Networked Sensors

Adding Preemption to TinyOS

Y-THREADS: SUPPORTING CONCURRENCY IN WIRELESS SENSOR NETWORKS

Data-flow Analysis for Interruptdriven Microcontroller Software

Last 2 Classes: Introduction to Operating Systems & C++ tutorial. Today: OS and Computer Architecture

Operating Systems CMPSCI 377 Spring Mark Corner University of Massachusetts Amherst

System Architecture Directions for Networked Sensors[1]

NanoRK. EECE 494 Sathish Gopalakrishnan

0x1A Great Papers in Computer Security

Operating Systems. Operating System Structure. Lecture 2 Michael O Boyle

Notos: Efficient Emulation of Wireless Sensor Networks with Binary-to-Source Translation

CS5460: Operating Systems

Safely and Efficiently Multiprogramming a 64kB Computer

Chapter 13: I/O Systems

CS 5460/6460 Operating Systems

Static Analysis of Embedded C

Initial Evaluation of a User-Level Device Driver Framework

Multitasking. Embedded Systems

Lecture 4: Mechanism of process execution. Mythili Vutukuru IIT Bombay

TinyOS. Lecture Overview. UC Berkeley Family of Motes. Mica2 and Mica2Dot. MTS300CA Sensor Board. Programming Board (MIB510) 1.

AUTOBEST: A United AUTOSAR-OS And ARINC 653 Kernel. Alexander Züpke, Marc Bommert, Daniel Lohmann

Common Computer-System and OS Structures

NanoQplus : A Multi-Threaded Operating System with Memory Protection Mechanism for WSNs

Introduction. CS3026 Operating Systems Lecture 01

Programming Sensor Networks

Interfacing Java-DSP with Sensor Motes

Operating System. Operating System Overview. Structure of a Computer System. Structure of a Computer System. Structure of a Computer System

Embedded Systems. 5. Operating Systems. Lothar Thiele. Computer Engineering and Networks Laboratory

Confinement (Running Untrusted Programs)

Architectural Support for Operating Systems

Computer Science. ! Other approaches:! Special systems designed for extensibility

ZiLOG Real-Time Kernel Version 1.2.0

Secure Virtual Architecture. John Criswell University of Illinois at Urbana- Champaign

CSE 306/506 Operating Systems Threads. YoungMin Kwon

Stackless Preemptive Threads for TinyOS

CS 471 Operating Systems. Yue Cheng. George Mason University Fall 2017

Syscalls, exceptions, and interrupts, oh my!

Predictable Interrupt Management and Scheduling in the Composite Component-based System

Processes. Johan Montelius KTH

nesc Prof. Chenyang Lu How should network msg be handled? Too much memory for buffering and threads

ACM SOSP 99 paper by Zuberi et al.

System Architecture Directions for Networked Sensors. Jason Hill et. al. A Presentation by Dhyanesh Narayanan MS, CS (Systems)

A process. the stack

Integrating Concurrency Control and Energy Management in Device Drivers. Chenyang Lu

Today s Topics. u Thread implementation. l Non-preemptive versus preemptive threads. l Kernel vs. user threads

Lec 22: Interrupts. Kavita Bala CS 3410, Fall 2008 Computer Science Cornell University. Announcements

* What are the different states for a task in an OS?

ECE 477 Digital Systems Senior Design Project. Module 10 Embedded Software Development

The Operating System Machine Level

A program execution is memory safe so long as memory access errors never occur:

Introduction and Overview

SPIN Operating System

Introduction to Programming Motes

What You Corrupt Is Not What You Crash: Challenges in Fuzzing Embedded Devices

CS 318 Principles of Operating Systems

Embedded Systems Dr. Santanu Chaudhury Department of Electrical Engineering Indian Institution of Technology, IIT Delhi

OS and Computer Architecture. Chapter 3: Operating-System Structures. Common System Components. Process Management

High Reliability Systems. Lloyd Moore, President

Separating Access Control Policy, Enforcement, and Functionality in Extensible Systems. Robert Grimm University of Washington

Processes Prof. James L. Frankel Harvard University. Version of 6:16 PM 10-Feb-2017 Copyright 2017, 2015 James L. Frankel. All rights reserved.

An Experimental Comparison of Event Driven and Multi-Threaded Sensor Node Operating Systems

Process Scheduling Queues

CSC 774 Advanced Network Security

Practical Java Card bytecode compression 1

Threads Implementation. Jo, Heeseung

EMERALDS: a small-memory real-time microkernel

Contiki - a Lightweight and Flexible Operating System for Tiny Networked Sensors

Zilog Real-Time Kernel

CSE 153 Design of Operating Systems Fall 18

Today s Topics. u Thread implementation. l Non-preemptive versus preemptive threads. l Kernel vs. user threads

Computer Systems II. First Two Major Computer System Evolution Steps

Capriccio: Scalable Threads for Internet Services

Page 1. Stuff. Last Time. Today. Safety-Critical Systems MISRA-C. Terminology. Interrupts Inline assembly Intrinsics

Eliminating Stack Overflow by Abstract Interpretation

Using the MPU with an RTOS to Enhance System Safety and Security

2 nd Half. Memory management Disk management Network and Security Virtual machine

I/O Systems. Amir H. Payberah. Amirkabir University of Technology (Tehran Polytechnic)

Memory Protection. Philip W. L. Fong. CPSC 525/625 (Winter 2018) Department of Computer Science University of Calgary Calgary, Alberta, Canada

Versatile Stack Management for Multitasking Sensor Networks

Threads and Concurrency

Threads and Concurrency

Hardware OS & OS- Application interface

Computer Systems A Programmer s Perspective 1 (Beta Draft)

Memory and Energy Optimization Strategies for Multithreaded Operating System on the Resource-Constrained Wireless Sensor Node

Memory Management. Disclaimer: some slides are adopted from book authors slides with permission 1

CSE 153 Design of Operating Systems

Buffer overflow background

Region-based Memory Management. Advanced Operating Systems Lecture 10

Peripheral State Persistence and Interrupt Management For Transiently Powered Systems

MPLAB Harmony Compatibility Worksheet

A VIRTUALLAB APPROACH FOR WIRELESS SENSOR MOTES AND WIRELESS SENSOR NETWORKS

Synchronization I. Jo, Heeseung

EECS 3221 Operating System Fundamentals

OS Extensibility: SPIN and Exokernels. Robert Grimm New York University

System Call. Preview. System Call. System Call. System Call 9/7/2018

EECS 3221 Operating System Fundamentals

Fall 2017 :: CSE 306. Introduction to. Virtual Memory. Nima Honarmand (Based on slides by Prof. Andrea Arpaci-Dusseau)

Processes and Threads Implementation

Software-Based Memory Protection In Sensor Nodes

AC OB S. Multi-threaded FW framework (OS) for embedded ARM systems Torsten Jaekel, June 2014

Transcription:

Towards a Resilient Operating System for Wireless Sensor Networks Hyoseung Kim Hojung Cha Yonsei University, Korea 2006. 6. 1. Hyoseung Kim hskim@cs.yonsei.ac.kr

Motivation (1) Problems: Application errors on sensor networks Diverse hardware devices Cooperate with large number of nodes Unattended operation for long-time Kernel data corruption Kernel code execution Hardware control faults Kernel fail & sensor node crash No way to recover from system failure Crashed sensor node is useless in the field System safety like general purpose OS needed! Mobile Embedded System Lab., Yonsei University 2

Motivation (2) Popular sensor nodes: Telos / Mica MoteIV Telos Rev. B TI MSP430 8Mhz 10Kb RAM, 60Kb ROM CrossBow Mica2, MicaZ ATmega128L 8Mhz 4Kb RAM, 128Kb ROM No MMU, privileged mode, and exceptions Current sensor network systems Sensor operating systems Virtual machine TinyOS SOS MANTIS Maté No system safety mechanism Mobile Embedded System Lab., Yonsei University 3

Towards Resilient Sensor Networks Ensure system safety at the operating system level Applications : we cannot write the code safely all the time Sensor node hardware : does not easily detect application errors Objectives Provide error-safe mechanism on resource-constrained sensor devices Do not require any hardware supports Do not require users to learn new programming language semantics Mobile Embedded System Lab., Yonsei University 4

Previous Work SFI (Software Fault Isolation) Requires MMU for segmentation and stack safety Designed for fixed-length instruction architecture Proof-carrying Code The automatic policy generator does not exist Programming language approaches Cyclone, Control-C, Cuckoo Users should be aware of the different usages of pointer/array Requires hardware supports for stack safety - T. Jim, G. Morrisett, D. Grossman, M. Hicks, J. Cheney, and Y. Wang, Cyclone: A safe dialect of C, Proc. of the 2002 USENIX Annual Technical Conference, June 2002. - D. Dhurjati, S. Kowshik, V. Adve, and C. Lattner. Memory safety without runtime checks or garbage collection, Proc. of Languages, Compilers and Tools for Embedded Systems, 2003. - G. R. Wahbe, West, C. Necula, and S. G. Lucco, Proof-carrying T. Wong, T. E. Cuckoo: Anderson, code, a and Proc. Language S. L. of Graham, the for 24th Implementing ACM Software-based SIGPLAN-SIGACT Memory fault and isolation, Symposium Thread-safe Proc. on of System Principles the 14th Service, ACM of Programming Symposium Proc. of Languages International Operating (POPL'97), Conference System Principles 1997. on Programming (SOSP'93), Languages 1993. and Compilers, 2005. Mobile Embedded System Lab., Yonsei University 5

RETOS Architecture Resilient, Expandable, and Threaded Operating System static kernel dynamic kernel user space Mobile Embedded System Lab., Yonsei University 6

RETOS Architecture Resilient, Expandable, and Threaded Operating System static kernel dynamic kernel user space Mobile Embedded System Lab., Yonsei University 7

RETOS Architecture Resilient, Expandable, and Threaded Operating System static kernel dynamic kernel user space Mobile Embedded System Lab., Yonsei University 8

Ensuring System Safety Principle Dual Mode operation & static/dynamic code checking Mobile Embedded System Lab., Yonsei University 9

Dual Mode Operation Why dual-mode is needed? Static/dynamic code checking evaluates if the application modifies data or issues code in its allocated data Preemption would invoke problems (ex) Thread_A is preempted by Thread_B Stack... Code checking considers it legal Thread_B has access rights to this area Kernel/user separation is required Mobile Embedded System Lab., Yonsei University 10

Static/Dynamic Code Checking Use data and code area within application itself Restrict direct hardware resource manipulation Application Source Code Assembly Code Dynamic Checks Insertion Binary Code Static Code Checking Trusted Application Code Assembly Code Trusted Application Code Mobile Embedded System Lab., Yonsei University 11

Implementation RETOS implemented on TI MSP430 F1611 8MHz core clock, 10Kb RAM, 48Kb Flash ROM Current version: 0.92 (May 24 2006) Peripheral supports 2.4Ghz RF Module (Chipcon 2420) Ultrasound, Humidity, and Light sensors Applications: MPT (Multi-Party Object Tracking) Mobile Embedded System Lab., Yonsei University 12

Functionality Test (1) Classify safety domain into four parts: Stack / Data safety Code safety Hardware safety Stack and data area Control flow Immediate hardware control Hardware safety Disable interrupt DINT(); Detected by Static check Flash ROM writing (memory mapped registers) FCTL1 = FWKEY+WRT; Detected by Static check Stack safety General/Mutual recursive call void foo() { foo(); } void foo() { bar(); } void bar() { foo(); } Detected by Dynamic check Mobile Embedded System Lab., Yonsei University 13

Functionality Test (2) Data safety Directly addressed pointers int *tmp = 0x400; *tmp = 1; Detected by Static check Illegal array indexing /* array in heap area */ int array[10]; for(i = 10; i > 0; i--) { array[i-100] = i; } Detected by Dynamic check Code safety Directly addressed function call void (*func)(void) = 0x1000; func(); Detected by Static check Corrupted return address (Buffer overflow) void func() { int array[5], i; } for(i = 0; i < 10; i++) array[i] = 0; Detected by Dynamic check Mobile Embedded System Lab., Yonsei University 14

Overhead Analysis (1) Execution time running in user mode Programs, which require more memory access than complex arithmetic calculations, shows larger overhead 386566 394624 cycles/sec Computation based 40326 40508 1056 1096 4704 5010 24815 26176 Memory access based 1243 1347 58723 62688 Mobile Embedded System Lab., Yonsei University 15

Overhead Analysis (2) Application code size comparison Code size increased, independent of application type Applications are inherently small in size, separated from kernel 8726 10046 bytes 614 682 774 835 902 1004 946 1014 478 510 1436 1610 Mobile Embedded System Lab., Yonsei University 16

Overhead Analysis (3) Dual mode operation Single mode (cycles) Dual mode (cycles) Overhead (cycles) system call (led toggle) 264 302 38 system call (radio packet send) 352 384 32 timer interrupt (invoked in kernel) 728 728 0 timer interrupt (invoked in user) 728 760 32 Summary Computational overhead & larger code size are inevitable to provide system safety in sensor node platform However, they are considered as a fair trade-off compared to a system failure Mobile Embedded System Lab., Yonsei University 17

Conclusions Safety mechanism for wireless sensor networks Separate errant application from the kernel, Kernel never die Automatically recover from serious errors Useful in the real, large-scale sensor networks Current status RETOS is being developed in our research group Being ported to other processors (AVR) Application-Centric Networking Framework for Wireless Sensor Networks Mobiquitous 2006, San Jose, July 17-21 Mobile Embedded System Lab., Yonsei University 18

Questions Mobile Embedded System Lab., Yonsei University 19

WatchdogTimer Not easy to recognize and handle problems such as: Memory access beyond the application area Immediate hardware control Watchdog timer simply makes the system be restarted One errant application can stop all other applications Disturbance of long-term operations of sensor applications Mobile Embedded System Lab., Yonsei University 20

Multithread vs. Event-driven Concurrency for computation based applications Run-to-completion vs. preemptive time-sliced thread Poor software structure on event-driven model One conceptual function split into multiple functions F () F1 () I/O done I/O F2 () Loss of control structures / local variables Simplified synchronization methods on thread model Like atomic operation in nesc Mobile Embedded System Lab., Yonsei University 21

Limitations Library codes We assume the libraries always operate safely In real situation: If a user passes an invalid address to memcpy()? Make wrapper functions that checks address parameters Divide by zero Hardware multiplier/divider equipped processor : instruction level checking Emulated : library level checking Intentionally skips the code checking sequences User authentication on code updating would be required Mobile Embedded System Lab., Yonsei University 22

Sensor OS Comparison System Safety Light-weight Programming Programming (kernel-user separation) dynamic reprogramming Model Language TinyOS No No Event-driven nesc SOS No Yes Event-driven Standard C MANTIS No No Preemptive Multithreading Standard C RETOS Yes Yes Preemptive Multithreading Standard C Mobile Embedded System Lab., Yonsei University 23

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback