SlideShare a Scribd company logo

A tour of F9 microkernel and BitSec hypervisor

Download as ODP, PDF
Louie Lu
Louie Lu

A brief tour about F9 microkernel and BitSec hypervisor This slide won't covering all aspect about them, but to focus on some point in these two kernel. F9 microkernel repo: https://github.com/f9micro/f9-kernel Impress template from: http://technology.chtsai.org/impress/

Technology
1 of 100
A tour of F9 microkernel and BitSec hypervisorA tour of F9 microkernel and BitSec hypervisor Louie Lu (Louie Lu ( 呂紹榕呂紹榕 ) <louie.lu@hopebaytech.com>) <louie.lu@hopebaytech.com> 11/24 @ ARRC Tainan11/24 @ ARRC Tainan
11/25/16 2 Content
11/25/16 3 From 2nd gen to 3nd gen microkenrel F9 microkernel feature BitSec: 3rd generation IoT Hypervisor
11/25/16 4 From 2nd Gen to 3rd Gen microkernel
11/25/16 5 ● From 2nd gen to 3nd gen microkenrel 2nd Generation microkernel L3 Qualitative improvement of IPC performance 22 times faster then Mach 1993 [Jochen Liedkte] L4 family start from 1995, V2 ABI about L3
11/25/16 6 ● From 2nd gen to 3nd gen microkenrel 2nd Generation microkernel L3 Qualitative improvement of IPC performance 22 times faster then Mach 1993 [Jochen Liedkte] L4 family start from 1995, V2 ABI about L3 Fiasco, the first high level language (C++) and open source L4 microkernel L4Ka::Pistachio, OKL4, from OKLabs
11/25/16 7 ● From 2nd gen to 3nd gen microkenrel 2nd Generation microkernel L3 Qualitative improvement of IPC performance 22 times faster then Mach 1993 [Jochen Liedkte] L4 family start from 1995, V2 ABI about L3 Fiasco, the first high level language (C++) and open source L4 microkernel L4Ka::Pistachio, OKL4, from OKLabs
11/25/16 8 ● From 2nd gen to 3nd gen microkenrel 2nd Generation microkernel Issues about Ad-hoc Global thread name space => covert channel Threads as IPC target => insufficient encapsulation Single kernel memory pool => DOS attack Insufficient delegation of authority
11/25/16 9 ● From 2nd gen to 3nd gen microkenrel 3rd Generation microkernel, focus on... Capability Model Less system calls (seL4 only have 3 syscalls) Clear semantics (Async EndPoint ...etc) Formal Verification
11/25/16 10 ● From 2nd gen to 3nd gen microkenrel Capability Model Cnode, Caps in seL4 fine-graint permission control Less system calls (seL4 only have 3 syscalls) Clear semantics (Async EndPoint ...etc) Formal Verification
11/25/16 11 ● From 2nd gen to 3nd gen microkenrel Capability Model Cnode, Caps in seL4 Less system calls (seL4 only have 3 syscalls) Clear semantics (Async EndPoint ...etc) Formal Verification seL4 [SOSO'09] Verve [PLDI'10] FSCQ [SOSP'15] mCertiKOS ['POPL'15] CoGENT [ASPLOS'16]
11/25/16 12 ● From 2nd gen to 3nd gen microkenrel Formal Verification seL4 [SOSP'09] mCertiKOS [POPL'15] verified sequential kernels
11/25/16 13 ● From 2nd gen to 3nd gen microkenrel Formal Verification Ironcald [OSDI'14] verified software stack
11/25/16 14 ● From 2nd gen to 3nd gen microkenrel Formal Verification FSCQ [SOSP'15] CoGENT [ASPLOS'16] verified sequential file systems
11/25/16 15 ● From 2nd gen to 3nd gen microkenrel Formal Verification – Concurrent Memory kernel ?
11/25/16 16 ● From 2nd gen to 3nd gen microkenrel Formal Verification – Concurrent Memory kernel ? from certikos-osdi16
11/25/16 17 ● From 2nd gen to 3nd gen microkenrel Formal Verification – Concurrent Memory kernel ? from certikos-osdi16
11/25/16 18 ● From 2nd gen to 3nd gen microkenrel Formal Verification – Concurrent Memory kernel ? CertiKOS [OSDI'16] Solve the problem global changes I/O concurrency fine-grained lock liveness compiler cost...
11/25/16 19 ● From 2nd gen to 3nd gen microkenrel The still unsolved problem (From L3 to seL4 20y) Principled, policy-free control of CPU time. Handling of multicore processors in the age of verification.
11/25/16 20 F9 microkernel
11/25/16 21 F9 microkernel Memory Management Debugging Tools The Bug Unsolved problems
11/25/16 22 F9 microkernel Memory Management MPU (Memory Protection Unit) Fpage Address Space
11/25/16 23 F9 microkernel - MPU Protected Memory System Architecture (PMSAv7) ARMv7-M supports PMSAv7 MPU Support 8 memory region for setting Provide access premission control Provide memory execute setting
11/25/16 24 F9 microkernel - MPU MPU Register MPU_TYPE - Type Register MPU_CTRL - Control Regiser MPU_RNR - Region Number Register MPU_RBAR - Region Base Address Register MPU_RASR - Region Attribute and Size Register
11/25/16 25 F9 microkernel - MPU MPU – Region Number Register Select the region to read or write affect with RBAR, RASR
11/25/16 26 F9 microkernel - MPU MPU – Region Base Address Register Setting base address of the region Setting region is valid or not Setting which region to writes So you may just change this value without RNR
11/25/16 27 F9 microkernel - MPU MPU – Region Attribute and Size Register
11/25/16 28 F9 microkernel - MPU MPU region size Can only set region size with 2 ** n
11/25/16 29 F9 microkernel - MPU MPU Attribute eXecute Never access permissions (user (unprivileged) and privileged) cache policy device type and cacheability
11/25/16 30 F9 microkernel - MPU MPU Attribute eXecute Never access permissions (user (unprivileged) and privileged) cache policy device type and cacheability
11/25/16 31 F9 microkernel - MPU MPU Attribute eXecute Never access permissions (user (unprivileged) and privileged) cache policy device type and cacheability
11/25/16 32 F9 microkernel - MPU MPU – mpu_setup_region
11/25/16 33 F9 microkernel - Fpage Fpage fundamental element for address space
11/25/16 34 F9 microkernel - Fpage Fpage fundamental element for address space
11/25/16 35 F9 microkernel - Fpage Fpage fundamental element for address space assign_fpage map_fpage unmap_fpage split_fpage
11/25/16 36 F9 microkernel - Fpage Fpage fundamental element for address space assign_fpage map_fpage unmap_fpage split_fpage
11/25/16 37 F9 microkernel - Fpage Fpage fundamental element for address space assign_fpage map_fpage unmap_fpage split_fpage
11/25/16 38 F9 microkernel - Fpage Fpage fundamental element for address space assign_fpage map_fpage unmap_fpage split_fpage
11/25/16 39 F9 microkernel – Address Space Address Space (as) Construct by fpage list Contain one thread's fpage information 5 API
11/25/16 40 F9 microkenrel – Address Space Address Space API as_t *as_create(uint32_t as_spaceid); void as_destroy(as_t *as); void as_setup_mpu(as_t *as, memptr_t sp, memptr_t pc, memptr_t stack_base, size_t stack_size); void as_map_user(as_t *as); void as_map_ktext(as_t *as);
11/25/16 41 F9 microkenrel – Address Space Address Space API as_t *as_create(uint32_t as_spaceid); call by:
11/25/16 42 F9 microkenrel – Address Space Address Space API as_t *as_create(uint32_t as_spaceid); code:
11/25/16 43 F9 microkenrel – Address Space Address Space API void as_map_user(as_t *as); Map user text, data and hardware device memory void as_map_ktext(as_t *as); Map kernel text, data
11/25/16 44 F9 microkenrel – Address Space Address Space API void as_setup_mpu(as_t *as, memptr_t sp, memptr_t pc, memptr_t stack_base, size_t stack_size);
11/25/16 45 F9 microkenrel – Address Space Address Space API as_setup_mpu protect stack fpages first then PC always-mapped fpages other
11/25/16 46 F9 microkernel – Memory management System calls are provided to manage address spaces: Grant: The memory page is granted to a new user and cannot be used anymore by its former user. Map: This implements shared memory – the memory page is passed to another task but can be used by both tasks. Flush: The memory page that has been mapped to other users will be flushed out of their address space.
11/25/16 47 F9 microkernel – Memory management System calls are provided to manage address spaces: Grant: The memory page is granted to a new user and cannot be used anymore by its former user. Map: This implements shared memory – the memory page is passed to another task but can be used by both tasks. Flush: The memory page that has been mapped to other users will be flushed out of their address space.
11/25/16 48 F9 microkernel – Memory management System calls are provided to manage address spaces: Grant: The memory page is granted to a new user and cannot be used anymore by its former user. Map: This implements shared memory – the memory page is passed to another task but can be used by both tasks. (as_map_user/ktext) Flush: The memory page that has been mapped to other users will be flushed out of their address space.
11/25/16 49 F9 microkernel – Memory management System calls are provided to manage address spaces: Grant: The memory page is granted to a new user and cannot be used anymore by its former user. Map: This implements shared memory – the memory page is passed to another task but can be used by both tasks. Flush: The memory page that has been mapped to other users will be flushed out of their address space. (unmap_fpage)
11/25/16 50 F9 microkernel – Memory management Recursive Address Space: Initial address space controlled by first process. Controls all available memory Other address spaces empty at boot In F9 microkernel, root thread was the init address space holder
11/25/16 51 F9 microkernel – Memory management Recursive Address Space: Initial address space controlled by first process. Controls all available memory Other address spaces empty at boot In F9 microkernel, root thread was the init address space holder Other processes (threads) obtain memory pages from first or from their other processes that got page from parent
11/25/16 52 F9 microkernel – Memory management Recursive Address Space: Initial address space controlled by first process. Controls all available memory Other address spaces empty at boot In F9 microkernel, root thread was the init address space holder Other processes (threads) obtain memory pages from first or from their other processes that got page from parent
11/25/16 53 F9 microkernel – Memory management Recursive Address Space: Initial address space controlled by first process. Controls all available memory Other address spaces empty at boot In F9 microkernel, root thread was the init address space holder Other processes (threads) obtain memory pages from first or from their other processes that got page from parent
11/25/16 54 F9 microkernel Debugging Tools kdb kproble openocd + gdb
11/25/16 55 F9 microkernel – Debugging Tools KDB In-kernel debugger is built and run at boot by default support multiple useful command easy to adding new command
11/25/16 56 F9 microkernel – Debugging Tools KDB In-kernel debugger is built and run at boot by default support multiple useful command
11/25/16 57 F9 microkernel – Debugging Tools kprobe Linux-style kprobe support banding by symbol name
11/25/16 58 F9 microkernel – Debugging Tools openocd + gdb Powerful then st-util useful command: http://openocd.org/doc/html/General-Commands.html
11/25/16 59 F9 microkernel – Debugging Tools openocd + gdb Powerful then st-util useful command: http://openocd.org/doc/html/General-Commands.html
11/25/16 60 F9 microkernel – Debugging Tools openocd + gdb useful command: http://openocd.org/doc/html/General-Commands.html memory access mdw / mdh / mdb – Display contents of address addr mww / mwh /mwb – Writes the specified value at addr
11/25/16 61 F9 microkernel – Debugging Tools openocd + gdb useful command: http://openocd.org/doc/html/General-Commands.html memory access mdw / mdh / mdb – Display contents of address addr mww / mwh /mwb – Writes the specified value at addr access register value reg – dump all register value reg [number | name] [value] – just OP
11/25/16 62 F9 microkernel – The Bug The Bug Really matter one
11/25/16 63 F9 microkernel – The Bug The Bug Really matter one Adding new feature for l4test (a test suite from pisachio) IPC testing via Local destination Id
11/25/16 64 F9 microkernel – The Bug The Bug Really matter one Adding new feature for l4test (a test suite from pisachio) IPC testing via Local destination Id
11/25/16 65 F9 microkernel – The Bug The Bug Really matter one Adding new feature for l4test (a test suite from pisachio) IPC testing via Local destination Id
11/25/16 66 F9 microkernel – The Bug The Bug Really matter one Adding new feature for l4test (a test suite from pisachio) IPC testing via Local destination Id
11/25/16 67 F9 microkernel – The Bug The Bug - Sender
11/25/16 68 F9 microkernel – The Bug The Bug - Reciver
11/25/16 69 F9 microkernel – The Bug The Bug
11/25/16 70 F9 microkernel – The Bug The Bug
11/25/16 71 F9 microkernel – Unsolved problems Unsolved problems Time-slice schedule User space busy loop hang system POSIX layer support
11/25/16 72 BitSec
11/25/16 73 BitSec BitSec is...... BitSec is a microkernel intended for high-reliability embedded applications on ARMv7-M architecture processors, such as the Cortex-M4. BitSec is a third-generation microkernel. Its design is heavily inspired by EROS/KeyKOS, MINIX 3, and the L4 family, particularly seL4.
11/25/16 74 BitSec BitSec, like other third-generation microkernel Focuses on minimality and security, Expresses all authority through explicit capabilities, Moves other mechanisms with security implications outside the kernel, Blurs the line between a traditional microkernel and a hypervisor, and Targets a very small kernel codebase (in BitSec’s case, less than 2500 sloccount lines of code).
11/25/16 75 BitSec BitSec, like other third-generation microkernel Focuses on minimality and security, Expresses all authority through explicit capabilities, Moves other mechanisms with security implications outside the kernel, Blurs the line between a traditional microkernel and a hypervisor, and Targets a very small kernel codebase (in BitSec’s case, less than 2500 sloccount lines of code).
11/25/16 76 BitSec BitSec is not... A complete operating system
11/25/16 77 BitSec BitSec is not... A complete operating system By analogy: putting the Linux kernel on a computer doesn’t allow one to run Firefox. Linux is only a kernel; there’s a whole lot of operating system that must be added to make a complete system. This is even more true of BitSec than of Linux, because BitSec’s design is so minimal. Like other third- generation microkernels, BitSec doesn’t even include hardware drivers in the kernel.
11/25/16 78 BitSec BitSec is not... A complete operating system
11/25/16 79 BitSec BitSec is not... A complete operating system By analogy: putting the Linux kernel on a computer doesn’t allow one to run Firefox. Linux is only a kernel; there’s a whole lot of operating system that must be added to make a complete system. This is even more true of BitSec than of Linux, because BitSec’s design is so minimal. Like other third- generation microkernels, BitSec doesn’t even include hardware drivers in the kernel.
11/25/16 80 BitSec - Key BitSec capability: Key Conceptually, Key combines A reference to a kernel object A set of operations on that object that the key enables
11/25/16 81 BitSec - Key BitSec capability: Key Implementation, a key is a kernel data structure built from three part A brand, which distinguishes kines of keys to particular object from one another A generation, which distinguishes keys to successive objects, created in the same location, from one another. A pointer to a kernel object.
11/25/16 82 BitSec - Key BitSec capability: Key struct
11/25/16 83 BitSec - Key BitSec capability: Key struct keys can be freely copied but not directly created mint the key from object table
11/25/16 84 BitSec - Key BitSec capability: Key Brands 64 bit value chosen when the key was create (minted) indelible, cannot be alter except by minting a new key program cannot discover the brand of keys they hold when a key is copied, the copies bear the same brand
11/25/16 85 BitSec - Key BitSec capability: Key keys can be freely copied but not directly created mint the key from object table program can only perform three operations on a key Copy the key into a different key register Send a message to the object designated by the key Receive a message from the object designated by the key
11/25/16 86 BitSec - Key BitSec capability: Key keys can be freely copied but not directly created mint the key from object table program can not do following without holding addi auth Determine the kind of kernel object designated by a key Determine if two keys designate the same kernel object Determine if two keys give the same rights on their designated objects
11/25/16 87 BitSec - Key BitSec capability: Key keys can be freely copied but not directly created mint the key from object table program can not do following without holding addi auth Determine the kind of kernel object designated by a key Determine if two keys designate the same kernel object Determine if two keys give the same rights on their designated objects
11/25/16 88 BitSec - Key BitSec capability: Key Generations and Revocation used to provide efficient revocation When program invokes a key kernel compares the key's generation to a object generation If two match, proceeds normally If not match, object has been invalidated
11/25/16 89 BitSec - Key BitSec capability: Key Generations and Revocation used to provide efficient revocation When program invokes a key kernel compares the key's generation to a object generation If two match, proceeds normally If not match, object has been invalidated
11/25/16 90 BitSec – Object Oriented BitSec design: Object Oriented Using c++11 standard Every resource and service that the system can see in the kernel is represented as an objectbundling together state and operations on that state.
11/25/16 91 BitSec – Object Oriented BitSec design: Object Oriented Using c++11 standard Every resource and service that the system can see in the kernel is represented as an objectbundling together state and operations on that state. For example: the Keys
11/25/16 92 BitSec – Object Oriented BitSec design: Object Oriented Every resource and service that the system can see in the kernel is represented as an objectbundling together state and operations on that state. For example: the Keys
11/25/16 93 BitSec – Object Oriented BitSec design: Object Oriented Using c++11 standard Every resource and service that the system can see in the kernel is represented as an objectbundling together state and operations on that state. For example: the Keys
11/25/16 94 BitSec – Object Oriented BitSec design: Object Oriented Using c++11 standard Every resource and service that the system can see in the kernel is represented as an objectbundling together state and operations on that state. For example: the Keys And can be usable from C
11/25/16 95 BitSec – Object Oriented BitSec design: Object Oriented And can be usable from C BitSec is implemented in C++11, but was designed to be usable from legacy languages suchas C and assembler. As FreeRTOS/BitSec is entirely C (and C90 at that), this seems to have worked.
11/25/16 96 BitSec – Future work BitSec future work Enhancement of the build systems porting guest OS to BitSec (FreeRTOS, Linux, or maybe from stratch) Formal Verify by CoGENT Adding network stack ?
11/25/16 97 F9 / BitSec Demoon stm32f429
11/25/16 98 A tour of F9 microkernel and BitSec hypervisor Q&A
11/25/16 99 A tour of F9 microkernel and BitSec hypervisor Thanks
11/25/16 100 References CertiKOS: An Extensible Architecture for Building Certified Concurrent OS Kernels http://flint.cs.yale.edu/certikos/publications/certikos-osdi16.pdf F9 microkernel & ARM hypervisor https://hackmd.io/s/r16AUMbJe F9: A secure microkernel for MMUless embedded systems https://github.com/grapherd/f9-report F9: A secure and Efficient Microkernel Built for Deeply Embedded Systems http://www.slideshare.net/jserv/f9-microkernel Technical Report on the BitSec Kernel OpenOCD general command http://openocd.org/doc/html/General-Commands.html

Recommended

F9: A Secure and Efficient Microkernel Built for Deeply Embedded Systems
F9: A Secure and Efficient Microkernel Built for Deeply Embedded SystemsF9: A Secure and Efficient Microkernel Built for Deeply Embedded Systems
F9: A Secure and Efficient Microkernel Built for Deeply Embedded SystemsNational Cheng Kung University
 
Implement Runtime Environments for HSA using LLVM
Implement Runtime Environments for HSA using LLVMImplement Runtime Environments for HSA using LLVM
Implement Runtime Environments for HSA using LLVMNational Cheng Kung University
 
Priority Inversion on Mars
Priority Inversion on MarsPriority Inversion on Mars
Priority Inversion on MarsNational Cheng Kung University
 
From L3 to seL4: What have we learnt in 20 years of L4 microkernels
From L3 to seL4: What have we learnt in 20 years of L4 microkernelsFrom L3 to seL4: What have we learnt in 20 years of L4 microkernels
From L3 to seL4: What have we learnt in 20 years of L4 microkernelsmicrokerneldude
 
Xvisor: embedded and lightweight hypervisor
Xvisor: embedded and lightweight hypervisorXvisor: embedded and lightweight hypervisor
Xvisor: embedded and lightweight hypervisorNational Cheng Kung University
 
Construct an Efficient and Secure Microkernel for IoT
Construct an Efficient and Secure Microkernel for IoTConstruct an Efficient and Secure Microkernel for IoT
Construct an Efficient and Secure Microkernel for IoTNational Cheng Kung University
 
Embedded Virtualization applied in Mobile Devices
Embedded Virtualization applied in Mobile DevicesEmbedded Virtualization applied in Mobile Devices
Embedded Virtualization applied in Mobile DevicesNational Cheng Kung University
 
Microkernel-based operating system development
Microkernel-based operating system developmentMicrokernel-based operating system development
Microkernel-based operating system developmentSenko Rašić
 

Recommended

F9: A Secure and Efficient Microkernel Built for Deeply Embedded Systems
F9: A Secure and Efficient Microkernel Built for Deeply Embedded SystemsF9: A Secure and Efficient Microkernel Built for Deeply Embedded Systems
F9: A Secure and Efficient Microkernel Built for Deeply Embedded SystemsNational Cheng Kung University
 
Implement Runtime Environments for HSA using LLVM
Implement Runtime Environments for HSA using LLVMImplement Runtime Environments for HSA using LLVM
Implement Runtime Environments for HSA using LLVMNational Cheng Kung University
 
Priority Inversion on Mars
Priority Inversion on MarsPriority Inversion on Mars
Priority Inversion on MarsNational Cheng Kung University
 
From L3 to seL4: What have we learnt in 20 years of L4 microkernels
From L3 to seL4: What have we learnt in 20 years of L4 microkernelsFrom L3 to seL4: What have we learnt in 20 years of L4 microkernels
From L3 to seL4: What have we learnt in 20 years of L4 microkernelsmicrokerneldude
 
Xvisor: embedded and lightweight hypervisor
Xvisor: embedded and lightweight hypervisorXvisor: embedded and lightweight hypervisor
Xvisor: embedded and lightweight hypervisorNational Cheng Kung University
 
Construct an Efficient and Secure Microkernel for IoT
Construct an Efficient and Secure Microkernel for IoTConstruct an Efficient and Secure Microkernel for IoT
Construct an Efficient and Secure Microkernel for IoTNational Cheng Kung University
 
Embedded Virtualization applied in Mobile Devices
Embedded Virtualization applied in Mobile DevicesEmbedded Virtualization applied in Mobile Devices
Embedded Virtualization applied in Mobile DevicesNational Cheng Kung University
 
Microkernel-based operating system development
Microkernel-based operating system developmentMicrokernel-based operating system development
Microkernel-based operating system developmentSenko Rašić
 
Unix v6 Internals
Unix v6 InternalsUnix v6 Internals
Unix v6 InternalsNational Cheng Kung University
 
Making Linux do Hard Real-time
Making Linux do Hard Real-timeMaking Linux do Hard Real-time
Making Linux do Hard Real-timeNational Cheng Kung University
 
L4 Microkernel :: Design Overview
L4 Microkernel :: Design OverviewL4 Microkernel :: Design Overview
L4 Microkernel :: Design OverviewNational Cheng Kung University
 
seL4 intro
seL4 introseL4 intro
seL4 intromicrokerneldude
 
Introduction to Microkernels
Introduction to MicrokernelsIntroduction to Microkernels
Introduction to MicrokernelsVasily Sartakov
 
Microkernel
MicrokernelMicrokernel
Microkerneltushart324
 
Microkernel Evolution
Microkernel EvolutionMicrokernel Evolution
Microkernel EvolutionNational Cheng Kung University
 
Embedded Hypervisor for ARM
Embedded Hypervisor for ARMEmbedded Hypervisor for ARM
Embedded Hypervisor for ARMNational Cheng Kung University
 
Type of Embedded core
Type of Embedded core Type of Embedded core
Type of Embedded core mukul bhardwaj
 
Hints for L4 Microkernel
Hints for L4 MicrokernelHints for L4 Microkernel
Hints for L4 MicrokernelNational Cheng Kung University
 
Faults inside System Software
Faults inside System SoftwareFaults inside System Software
Faults inside System SoftwareNational Cheng Kung University
 
olibc: Another C Library optimized for Embedded Linux
olibc: Another C Library optimized for Embedded Linuxolibc: Another C Library optimized for Embedded Linux
olibc: Another C Library optimized for Embedded LinuxNational Cheng Kung University
 
Kernel
KernelKernel
KernelAbu Azzam
 
MIcrokernel
MIcrokernelMIcrokernel
MIcrokernelAbu Azzam
 
Linux Internals - Interview essentials - 1.0
Linux Internals - Interview essentials - 1.0Linux Internals - Interview essentials - 1.0
Linux Internals - Interview essentials - 1.0Emertxe Information Technologies Pvt Ltd
 
Mastering Real-time Linux
Mastering Real-time LinuxMastering Real-time Linux
Mastering Real-time LinuxJean-François Deverge
 
Nanokernel
NanokernelNanokernel
NanokernelAbu Azzam
 
Advanced Components on Top of L4Re
Advanced Components on Top of L4ReAdvanced Components on Top of L4Re
Advanced Components on Top of L4ReVasily Sartakov
 
Linux Internals - Interview essentials 3.0
Linux Internals - Interview essentials 3.0Linux Internals - Interview essentials 3.0
Linux Internals - Interview essentials 3.0Emertxe Information Technologies Pvt Ltd
 
Memory management in vx works
Memory management in vx worksMemory management in vx works
Memory management in vx worksDhan V Sagar
 
ARMv7-M MPU (Memory Protection Unit) XN example
ARMv7-M MPU (Memory Protection Unit) XN exampleARMv7-M MPU (Memory Protection Unit) XN example
ARMv7-M MPU (Memory Protection Unit) XN exampleLouie Lu
 
B2 b marketing
B2 b marketing B2 b marketing
B2 b marketing Sananda Sengupta
 

More Related Content

What's hot

Introduction to Microkernels
Introduction to MicrokernelsIntroduction to Microkernels
Introduction to MicrokernelsVasily Sartakov
 
Type of Embedded core
Type of Embedded core Type of Embedded core
Type of Embedded core mukul bhardwaj
 
Advanced Components on Top of L4Re
Advanced Components on Top of L4ReAdvanced Components on Top of L4Re
Advanced Components on Top of L4ReVasily Sartakov
 
Memory management in vx works
Memory management in vx worksMemory management in vx works
Memory management in vx worksDhan V Sagar
 

What's hot (20)

Unix v6 Internals
Unix v6 InternalsUnix v6 Internals
Unix v6 Internals
 
Making Linux do Hard Real-time
Making Linux do Hard Real-timeMaking Linux do Hard Real-time
Making Linux do Hard Real-time
 
L4 Microkernel :: Design Overview
L4 Microkernel :: Design OverviewL4 Microkernel :: Design Overview
L4 Microkernel :: Design Overview
 
seL4 intro
seL4 introseL4 intro
seL4 intro
 
Introduction to Microkernels
Introduction to MicrokernelsIntroduction to Microkernels
Introduction to Microkernels
 
Microkernel
MicrokernelMicrokernel
Microkernel
 
Microkernel Evolution
Microkernel EvolutionMicrokernel Evolution
Microkernel Evolution
 
Embedded Hypervisor for ARM
Embedded Hypervisor for ARMEmbedded Hypervisor for ARM
Embedded Hypervisor for ARM
 
Type of Embedded core
Type of Embedded core Type of Embedded core
Type of Embedded core
 
Hints for L4 Microkernel
Hints for L4 MicrokernelHints for L4 Microkernel
Hints for L4 Microkernel
 
Faults inside System Software
Faults inside System SoftwareFaults inside System Software
Faults inside System Software
 
olibc: Another C Library optimized for Embedded Linux
olibc: Another C Library optimized for Embedded Linuxolibc: Another C Library optimized for Embedded Linux
olibc: Another C Library optimized for Embedded Linux
 
Kernel
KernelKernel
Kernel
 
MIcrokernel
MIcrokernelMIcrokernel
MIcrokernel
 
Linux Internals - Interview essentials - 1.0
Linux Internals - Interview essentials - 1.0Linux Internals - Interview essentials - 1.0
Linux Internals - Interview essentials - 1.0
 
Mastering Real-time Linux
Mastering Real-time LinuxMastering Real-time Linux
Mastering Real-time Linux
 
Nanokernel
NanokernelNanokernel
Nanokernel
 
Advanced Components on Top of L4Re
Advanced Components on Top of L4ReAdvanced Components on Top of L4Re
Advanced Components on Top of L4Re
 
Linux Internals - Interview essentials 3.0
Linux Internals - Interview essentials 3.0Linux Internals - Interview essentials 3.0
Linux Internals - Interview essentials 3.0
 
Memory management in vx works
Memory management in vx worksMemory management in vx works
Memory management in vx works
 

Viewers also liked

ARMv7-M MPU (Memory Protection Unit) XN example
ARMv7-M MPU (Memory Protection Unit) XN exampleARMv7-M MPU (Memory Protection Unit) XN example
ARMv7-M MPU (Memory Protection Unit) XN exampleLouie Lu
 
Saguiaran, lanao del sur
Saguiaran, lanao del surSaguiaran, lanao del sur
Saguiaran, lanao del surAbdullah Dalama
 
What is Chondrosarcoma
What is ChondrosarcomaWhat is Chondrosarcoma
What is ChondrosarcomaNewswire
 
B2 b marketing part 1 prof abha wankhede
B2 b marketing part 1 prof abha wankhedeB2 b marketing part 1 prof abha wankhede
B2 b marketing part 1 prof abha wankhedeSananda Sengupta
 
What Are The Potential Complications Of Liposuction
What Are The Potential Complications Of LiposuctionWhat Are The Potential Complications Of Liposuction
What Are The Potential Complications Of LiposuctionNewswire
 
The management-of-cancer-treating-the-underlying-problems-of-cancer(1)
The management-of-cancer-treating-the-underlying-problems-of-cancer(1)The management-of-cancer-treating-the-underlying-problems-of-cancer(1)
The management-of-cancer-treating-the-underlying-problems-of-cancer(1)Newswire
 
B2 b marketing part 2 prof abha wankhede
B2 b marketing part 2 prof abha wankhedeB2 b marketing part 2 prof abha wankhede
B2 b marketing part 2 prof abha wankhedeSananda Sengupta
 

Viewers also liked (9)

ARMv7-M MPU (Memory Protection Unit) XN example
ARMv7-M MPU (Memory Protection Unit) XN exampleARMv7-M MPU (Memory Protection Unit) XN example
ARMv7-M MPU (Memory Protection Unit) XN example
 
B2 b marketing
B2 b marketing B2 b marketing
B2 b marketing
 
Saguiaran, lanao del sur
Saguiaran, lanao del surSaguiaran, lanao del sur
Saguiaran, lanao del sur
 
What is Chondrosarcoma
What is ChondrosarcomaWhat is Chondrosarcoma
What is Chondrosarcoma
 
Environment
EnvironmentEnvironment
Environment
 
B2 b marketing part 1 prof abha wankhede
B2 b marketing part 1 prof abha wankhedeB2 b marketing part 1 prof abha wankhede
B2 b marketing part 1 prof abha wankhede
 
What Are The Potential Complications Of Liposuction
What Are The Potential Complications Of LiposuctionWhat Are The Potential Complications Of Liposuction
What Are The Potential Complications Of Liposuction
 
The management-of-cancer-treating-the-underlying-problems-of-cancer(1)
The management-of-cancer-treating-the-underlying-problems-of-cancer(1)The management-of-cancer-treating-the-underlying-problems-of-cancer(1)
The management-of-cancer-treating-the-underlying-problems-of-cancer(1)
 
B2 b marketing part 2 prof abha wankhede
B2 b marketing part 2 prof abha wankhedeB2 b marketing part 2 prof abha wankhede
B2 b marketing part 2 prof abha wankhede
 

Similar to A tour of F9 microkernel and BitSec hypervisor

Jaime Peñalba - Kernel exploitation. ¿El octavo arte? [rooted2019]
Jaime Peñalba - Kernel exploitation. ¿El octavo arte? [rooted2019]Jaime Peñalba - Kernel exploitation. ¿El octavo arte? [rooted2019]
Jaime Peñalba - Kernel exploitation. ¿El octavo arte? [rooted2019]RootedCON
 
Ubuntu 16.04 LTS Security Features
Ubuntu 16.04 LTS Security FeaturesUbuntu 16.04 LTS Security Features
Ubuntu 16.04 LTS Security FeaturesDustin Kirkland
 
REAL TIME OPERATING SYSTEM PART 2
REAL TIME OPERATING SYSTEM PART 2REAL TIME OPERATING SYSTEM PART 2
REAL TIME OPERATING SYSTEM PART 2Embeddedcraft Craft
 
Linux Capabilities - eng - v2.1.5, compact
Linux Capabilities - eng - v2.1.5, compactLinux Capabilities - eng - v2.1.5, compact
Linux Capabilities - eng - v2.1.5, compactAlessandro Selli
 
Lxc – next gen virtualization for cloud intro (cloudexpo)
Lxc – next gen virtualization for cloud intro (cloudexpo)Lxc – next gen virtualization for cloud intro (cloudexpo)
Lxc – next gen virtualization for cloud intro (cloudexpo)Boden Russell
 
Linux System Monitoring
Linux System Monitoring Linux System Monitoring
Linux System Monitoring PriyaTeli
 
Harnessing the Killer Micros
Harnessing the Killer MicrosHarnessing the Killer Micros
Harnessing the Killer MicrosJim Belak
 
EKernel: an object-oriented micro-kernel
EKernel: an object-oriented micro-kernelEKernel: an object-oriented micro-kernel
EKernel: an object-oriented micro-kernelMurphy Chen
 
Flintrock: A Faster, Better spark-ec2 by Nicholas Chammas
Flintrock: A Faster, Better spark-ec2 by Nicholas ChammasFlintrock: A Faster, Better spark-ec2 by Nicholas Chammas
Flintrock: A Faster, Better spark-ec2 by Nicholas ChammasSpark Summit
 
DUSK - Develop at Userland Install into Kernel
DUSK - Develop at Userland Install into KernelDUSK - Develop at Userland Install into Kernel
DUSK - Develop at Userland Install into KernelAlexey Smirnov
 
Microkernels and Beyond
Microkernels and BeyondMicrokernels and Beyond
Microkernels and BeyondDavid Evans
 
Linux or unix interview questions
Linux or unix interview questionsLinux or unix interview questions
Linux or unix interview questionsTeja Bheemanapally
 
Question 1.1. (TCO 1) _____ is a type of license for software for .docx
Question 1.1. (TCO 1) _____ is a type of license for software for .docxQuestion 1.1. (TCO 1) _____ is a type of license for software for .docx
Question 1.1. (TCO 1) _____ is a type of license for software for .docxIRESH3
 
Newstalk week 20/2014
Newstalk week 20/2014Newstalk week 20/2014
Newstalk week 20/2014Dusan Klinec
 
Linux@assignment ppt
Linux@assignment pptLinux@assignment ppt
Linux@assignment pptRama .
 
HKG15-100: What is Linaro working on - core development lightning talks
HKG15-100: What is Linaro working on - core development lightning talksHKG15-100: What is Linaro working on - core development lightning talks
HKG15-100: What is Linaro working on - core development lightning talksLinaro
 
HKG15-104: What is Linaro working on - core development lightning talks
HKG15-104: What is Linaro working on - core development lightning talksHKG15-104: What is Linaro working on - core development lightning talks
HKG15-104: What is Linaro working on - core development lightning talksLinaro
 

Similar to A tour of F9 microkernel and BitSec hypervisor (20)

Jaime Peñalba - Kernel exploitation. ¿El octavo arte? [rooted2019]
Jaime Peñalba - Kernel exploitation. ¿El octavo arte? [rooted2019]Jaime Peñalba - Kernel exploitation. ¿El octavo arte? [rooted2019]
Jaime Peñalba - Kernel exploitation. ¿El octavo arte? [rooted2019]
 
Ubuntu 16.04 LTS Security Features
Ubuntu 16.04 LTS Security FeaturesUbuntu 16.04 LTS Security Features
Ubuntu 16.04 LTS Security Features
 
REAL TIME OPERATING SYSTEM PART 2
REAL TIME OPERATING SYSTEM PART 2REAL TIME OPERATING SYSTEM PART 2
REAL TIME OPERATING SYSTEM PART 2
 
Linux Capabilities - eng - v2.1.5, compact
Linux Capabilities - eng - v2.1.5, compactLinux Capabilities - eng - v2.1.5, compact
Linux Capabilities - eng - v2.1.5, compact
 
Lxc – next gen virtualization for cloud intro (cloudexpo)
Lxc – next gen virtualization for cloud intro (cloudexpo)Lxc – next gen virtualization for cloud intro (cloudexpo)
Lxc – next gen virtualization for cloud intro (cloudexpo)
 
Linux clustering solution
Linux clustering solutionLinux clustering solution
Linux clustering solution
 
Linux System Monitoring
Linux System Monitoring Linux System Monitoring
Linux System Monitoring
 
Sockets and Socket-Buffer
Sockets and Socket-BufferSockets and Socket-Buffer
Sockets and Socket-Buffer
 
Harnessing the Killer Micros
Harnessing the Killer MicrosHarnessing the Killer Micros
Harnessing the Killer Micros
 
EKernel: an object-oriented micro-kernel
EKernel: an object-oriented micro-kernelEKernel: an object-oriented micro-kernel
EKernel: an object-oriented micro-kernel
 
Flintrock: A Faster, Better spark-ec2 by Nicholas Chammas
Flintrock: A Faster, Better spark-ec2 by Nicholas ChammasFlintrock: A Faster, Better spark-ec2 by Nicholas Chammas
Flintrock: A Faster, Better spark-ec2 by Nicholas Chammas
 
DUSK - Develop at Userland Install into Kernel
DUSK - Develop at Userland Install into KernelDUSK - Develop at Userland Install into Kernel
DUSK - Develop at Userland Install into Kernel
 
fall2013
fall2013fall2013
fall2013
 
Microkernels and Beyond
Microkernels and BeyondMicrokernels and Beyond
Microkernels and Beyond
 
Linux or unix interview questions
Linux or unix interview questionsLinux or unix interview questions
Linux or unix interview questions
 
Question 1.1. (TCO 1) _____ is a type of license for software for .docx
Question 1.1. (TCO 1) _____ is a type of license for software for .docxQuestion 1.1. (TCO 1) _____ is a type of license for software for .docx
Question 1.1. (TCO 1) _____ is a type of license for software for .docx
 
Newstalk week 20/2014
Newstalk week 20/2014Newstalk week 20/2014
Newstalk week 20/2014
 
Linux@assignment ppt
Linux@assignment pptLinux@assignment ppt
Linux@assignment ppt
 
HKG15-100: What is Linaro working on - core development lightning talks
HKG15-100: What is Linaro working on - core development lightning talksHKG15-100: What is Linaro working on - core development lightning talks
HKG15-100: What is Linaro working on - core development lightning talks
 
HKG15-104: What is Linaro working on - core development lightning talks
HKG15-104: What is Linaro working on - core development lightning talksHKG15-104: What is Linaro working on - core development lightning talks
HKG15-104: What is Linaro working on - core development lightning talks
 

Recently uploaded

WordPress Websites for Engineers: Elevate Your Brand
WordPress Websites for Engineers: Elevate Your BrandWordPress Websites for Engineers: Elevate Your Brand
WordPress Websites for Engineers: Elevate Your Brandgvaughan
 
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)Mark Simos
 
How to write a Business Continuity Plan
How to write a Business Continuity PlanHow to write a Business Continuity Plan
How to write a Business Continuity PlanDatabarracks
 
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks..."LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...Fwdays
 
Streamlining Python Development: A Guide to a Modern Project Setup
Streamlining Python Development: A Guide to a Modern Project SetupStreamlining Python Development: A Guide to a Modern Project Setup
Streamlining Python Development: A Guide to a Modern Project SetupFlorian Wilhelm
 
Take control of your SAP testing with UiPath Test Suite
Take control of your SAP testing with UiPath Test SuiteTake control of your SAP testing with UiPath Test Suite
Take control of your SAP testing with UiPath Test SuiteDianaGray10
 
What's New in Teams Calling, Meetings and Devices March 2024
What's New in Teams Calling, Meetings and Devices March 2024What's New in Teams Calling, Meetings and Devices March 2024
What's New in Teams Calling, Meetings and Devices March 2024Stephanie Beckett
 
Connect Wave/ connectwave Pitch Deck Presentation
Connect Wave/ connectwave Pitch Deck PresentationConnect Wave/ connectwave Pitch Deck Presentation
Connect Wave/ connectwave Pitch Deck PresentationSlibray Presentation
 
Hyperautomation and AI/ML: A Strategy for Digital Transformation Success.pdf
Hyperautomation and AI/ML: A Strategy for Digital Transformation Success.pdfHyperautomation and AI/ML: A Strategy for Digital Transformation Success.pdf
Hyperautomation and AI/ML: A Strategy for Digital Transformation Success.pdfPrecisely
 
CloudStudio User manual (basic edition):
CloudStudio User manual (basic edition):CloudStudio User manual (basic edition):
CloudStudio User manual (basic edition):comworks
 
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek SchlawackFwdays
 
SAP Build Work Zone - Overview L2-L3.pptx
SAP Build Work Zone - Overview L2-L3.pptxSAP Build Work Zone - Overview L2-L3.pptx
SAP Build Work Zone - Overview L2-L3.pptxNavinnSomaal
 
Unleash Your Potential - Namagunga Girls Coding Club
Unleash Your Potential - Namagunga Girls Coding ClubUnleash Your Potential - Namagunga Girls Coding Club
Unleash Your Potential - Namagunga Girls Coding ClubKalema Edgar
 
Story boards and shot lists for my a level piece
Story boards and shot lists for my a level pieceStory boards and shot lists for my a level piece
Story boards and shot lists for my a level piececharlottematthew16
 
Dev Dives: Streamline document processing with UiPath Studio Web
Dev Dives: Streamline document processing with UiPath Studio WebDev Dives: Streamline document processing with UiPath Studio Web
Dev Dives: Streamline document processing with UiPath Studio WebUiPathCommunity
 
"Debugging python applications inside k8s environment", Andrii Soldatenko
"Debugging python applications inside k8s environment", Andrii Soldatenko"Debugging python applications inside k8s environment", Andrii Soldatenko
"Debugging python applications inside k8s environment", Andrii SoldatenkoFwdays
 
SIP trunking in Janus @ Kamailio World 2024
SIP trunking in Janus @ Kamailio World 2024SIP trunking in Janus @ Kamailio World 2024
SIP trunking in Janus @ Kamailio World 2024Lorenzo Miniero
 
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024BookNet Canada
 
From Family Reminiscence to Scholarly Archive .
From Family Reminiscence to Scholarly Archive .From Family Reminiscence to Scholarly Archive .
From Family Reminiscence to Scholarly Archive .Alan Dix
 
Commit 2024 - Secret Management made easy
Commit 2024 - Secret Management made easyCommit 2024 - Secret Management made easy
Commit 2024 - Secret Management made easyAlfredo García Lavilla
 

Recently uploaded (20)

WordPress Websites for Engineers: Elevate Your Brand
WordPress Websites for Engineers: Elevate Your BrandWordPress Websites for Engineers: Elevate Your Brand
WordPress Websites for Engineers: Elevate Your Brand
 
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
 
How to write a Business Continuity Plan
How to write a Business Continuity PlanHow to write a Business Continuity Plan
How to write a Business Continuity Plan
 
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks..."LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
 
Streamlining Python Development: A Guide to a Modern Project Setup
Streamlining Python Development: A Guide to a Modern Project SetupStreamlining Python Development: A Guide to a Modern Project Setup
Streamlining Python Development: A Guide to a Modern Project Setup
 
Take control of your SAP testing with UiPath Test Suite
Take control of your SAP testing with UiPath Test SuiteTake control of your SAP testing with UiPath Test Suite
Take control of your SAP testing with UiPath Test Suite
 
What's New in Teams Calling, Meetings and Devices March 2024
What's New in Teams Calling, Meetings and Devices March 2024What's New in Teams Calling, Meetings and Devices March 2024
What's New in Teams Calling, Meetings and Devices March 2024
 
Connect Wave/ connectwave Pitch Deck Presentation
Connect Wave/ connectwave Pitch Deck PresentationConnect Wave/ connectwave Pitch Deck Presentation
Connect Wave/ connectwave Pitch Deck Presentation
 
Hyperautomation and AI/ML: A Strategy for Digital Transformation Success.pdf
Hyperautomation and AI/ML: A Strategy for Digital Transformation Success.pdfHyperautomation and AI/ML: A Strategy for Digital Transformation Success.pdf
Hyperautomation and AI/ML: A Strategy for Digital Transformation Success.pdf
 
CloudStudio User manual (basic edition):
CloudStudio User manual (basic edition):CloudStudio User manual (basic edition):
CloudStudio User manual (basic edition):
 
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
 
SAP Build Work Zone - Overview L2-L3.pptx
SAP Build Work Zone - Overview L2-L3.pptxSAP Build Work Zone - Overview L2-L3.pptx
SAP Build Work Zone - Overview L2-L3.pptx
 
Unleash Your Potential - Namagunga Girls Coding Club
Unleash Your Potential - Namagunga Girls Coding ClubUnleash Your Potential - Namagunga Girls Coding Club
Unleash Your Potential - Namagunga Girls Coding Club
 
Story boards and shot lists for my a level piece
Story boards and shot lists for my a level pieceStory boards and shot lists for my a level piece
Story boards and shot lists for my a level piece
 
Dev Dives: Streamline document processing with UiPath Studio Web
Dev Dives: Streamline document processing with UiPath Studio WebDev Dives: Streamline document processing with UiPath Studio Web
Dev Dives: Streamline document processing with UiPath Studio Web
 
"Debugging python applications inside k8s environment", Andrii Soldatenko
"Debugging python applications inside k8s environment", Andrii Soldatenko"Debugging python applications inside k8s environment", Andrii Soldatenko
"Debugging python applications inside k8s environment", Andrii Soldatenko
 
SIP trunking in Janus @ Kamailio World 2024
SIP trunking in Janus @ Kamailio World 2024SIP trunking in Janus @ Kamailio World 2024
SIP trunking in Janus @ Kamailio World 2024
 
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
 
From Family Reminiscence to Scholarly Archive .
From Family Reminiscence to Scholarly Archive .From Family Reminiscence to Scholarly Archive .
From Family Reminiscence to Scholarly Archive .
 
Commit 2024 - Secret Management made easy
Commit 2024 - Secret Management made easyCommit 2024 - Secret Management made easy
Commit 2024 - Secret Management made easy
 

A tour of F9 microkernel and BitSec hypervisor

  • 1. A tour of F9 microkernel and BitSec hypervisorA tour of F9 microkernel and BitSec hypervisor Louie Lu (Louie Lu ( 呂紹榕呂紹榕 ) <louie.lu@hopebaytech.com>) <louie.lu@hopebaytech.com> 11/24 @ ARRC Tainan11/24 @ ARRC Tainan
  • 3. 11/25/16 3 From 2nd gen to 3nd gen microkenrel F9 microkernel feature BitSec: 3rd generation IoT Hypervisor
  • 4. 11/25/16 4 From 2nd Gen to 3rd Gen microkernel
  • 5. 11/25/16 5 ● From 2nd gen to 3nd gen microkenrel 2nd Generation microkernel L3 Qualitative improvement of IPC performance 22 times faster then Mach 1993 [Jochen Liedkte] L4 family start from 1995, V2 ABI about L3
  • 6. 11/25/16 6 ● From 2nd gen to 3nd gen microkenrel 2nd Generation microkernel L3 Qualitative improvement of IPC performance 22 times faster then Mach 1993 [Jochen Liedkte] L4 family start from 1995, V2 ABI about L3 Fiasco, the first high level language (C++) and open source L4 microkernel L4Ka::Pistachio, OKL4, from OKLabs
  • 7. 11/25/16 7 ● From 2nd gen to 3nd gen microkenrel 2nd Generation microkernel L3 Qualitative improvement of IPC performance 22 times faster then Mach 1993 [Jochen Liedkte] L4 family start from 1995, V2 ABI about L3 Fiasco, the first high level language (C++) and open source L4 microkernel L4Ka::Pistachio, OKL4, from OKLabs
  • 8. 11/25/16 8 ● From 2nd gen to 3nd gen microkenrel 2nd Generation microkernel Issues about Ad-hoc Global thread name space => covert channel Threads as IPC target => insufficient encapsulation Single kernel memory pool => DOS attack Insufficient delegation of authority
  • 9. 11/25/16 9 ● From 2nd gen to 3nd gen microkenrel 3rd Generation microkernel, focus on... Capability Model Less system calls (seL4 only have 3 syscalls) Clear semantics (Async EndPoint ...etc) Formal Verification
  • 10. 11/25/16 10 ● From 2nd gen to 3nd gen microkenrel Capability Model Cnode, Caps in seL4 fine-graint permission control Less system calls (seL4 only have 3 syscalls) Clear semantics (Async EndPoint ...etc) Formal Verification
  • 11. 11/25/16 11 ● From 2nd gen to 3nd gen microkenrel Capability Model Cnode, Caps in seL4 Less system calls (seL4 only have 3 syscalls) Clear semantics (Async EndPoint ...etc) Formal Verification seL4 [SOSO'09] Verve [PLDI'10] FSCQ [SOSP'15] mCertiKOS ['POPL'15] CoGENT [ASPLOS'16]
  • 12. 11/25/16 12 ● From 2nd gen to 3nd gen microkenrel Formal Verification seL4 [SOSP'09] mCertiKOS [POPL'15] verified sequential kernels
  • 13. 11/25/16 13 ● From 2nd gen to 3nd gen microkenrel Formal Verification Ironcald [OSDI'14] verified software stack
  • 14. 11/25/16 14 ● From 2nd gen to 3nd gen microkenrel Formal Verification FSCQ [SOSP'15] CoGENT [ASPLOS'16] verified sequential file systems
  • 15. 11/25/16 15 ● From 2nd gen to 3nd gen microkenrel Formal Verification – Concurrent Memory kernel ?
  • 16. 11/25/16 16 ● From 2nd gen to 3nd gen microkenrel Formal Verification – Concurrent Memory kernel ? from certikos-osdi16
  • 17. 11/25/16 17 ● From 2nd gen to 3nd gen microkenrel Formal Verification – Concurrent Memory kernel ? from certikos-osdi16
  • 18. 11/25/16 18 ● From 2nd gen to 3nd gen microkenrel Formal Verification – Concurrent Memory kernel ? CertiKOS [OSDI'16] Solve the problem global changes I/O concurrency fine-grained lock liveness compiler cost...
  • 19. 11/25/16 19 ● From 2nd gen to 3nd gen microkenrel The still unsolved problem (From L3 to seL4 20y) Principled, policy-free control of CPU time. Handling of multicore processors in the age of verification.
  • 21. 11/25/16 21 F9 microkernel Memory Management Debugging Tools The Bug Unsolved problems
  • 22. 11/25/16 22 F9 microkernel Memory Management MPU (Memory Protection Unit) Fpage Address Space
  • 23. 11/25/16 23 F9 microkernel - MPU Protected Memory System Architecture (PMSAv7) ARMv7-M supports PMSAv7 MPU Support 8 memory region for setting Provide access premission control Provide memory execute setting
  • 24. 11/25/16 24 F9 microkernel - MPU MPU Register MPU_TYPE - Type Register MPU_CTRL - Control Regiser MPU_RNR - Region Number Register MPU_RBAR - Region Base Address Register MPU_RASR - Region Attribute and Size Register
  • 25. 11/25/16 25 F9 microkernel - MPU MPU – Region Number Register Select the region to read or write affect with RBAR, RASR
  • 26. 11/25/16 26 F9 microkernel - MPU MPU – Region Base Address Register Setting base address of the region Setting region is valid or not Setting which region to writes So you may just change this value without RNR
  • 27. 11/25/16 27 F9 microkernel - MPU MPU – Region Attribute and Size Register
  • 28. 11/25/16 28 F9 microkernel - MPU MPU region size Can only set region size with 2 ** n
  • 29. 11/25/16 29 F9 microkernel - MPU MPU Attribute eXecute Never access permissions (user (unprivileged) and privileged) cache policy device type and cacheability
  • 30. 11/25/16 30 F9 microkernel - MPU MPU Attribute eXecute Never access permissions (user (unprivileged) and privileged) cache policy device type and cacheability
  • 31. 11/25/16 31 F9 microkernel - MPU MPU Attribute eXecute Never access permissions (user (unprivileged) and privileged) cache policy device type and cacheability
  • 32. 11/25/16 32 F9 microkernel - MPU MPU – mpu_setup_region
  • 33. 11/25/16 33 F9 microkernel - Fpage Fpage fundamental element for address space
  • 34. 11/25/16 34 F9 microkernel - Fpage Fpage fundamental element for address space
  • 35. 11/25/16 35 F9 microkernel - Fpage Fpage fundamental element for address space assign_fpage map_fpage unmap_fpage split_fpage
  • 36. 11/25/16 36 F9 microkernel - Fpage Fpage fundamental element for address space assign_fpage map_fpage unmap_fpage split_fpage
  • 37. 11/25/16 37 F9 microkernel - Fpage Fpage fundamental element for address space assign_fpage map_fpage unmap_fpage split_fpage
  • 38. 11/25/16 38 F9 microkernel - Fpage Fpage fundamental element for address space assign_fpage map_fpage unmap_fpage split_fpage
  • 39. 11/25/16 39 F9 microkernel – Address Space Address Space (as) Construct by fpage list Contain one thread's fpage information 5 API
  • 40. 11/25/16 40 F9 microkenrel – Address Space Address Space API as_t *as_create(uint32_t as_spaceid); void as_destroy(as_t *as); void as_setup_mpu(as_t *as, memptr_t sp, memptr_t pc, memptr_t stack_base, size_t stack_size); void as_map_user(as_t *as); void as_map_ktext(as_t *as);
  • 41. 11/25/16 41 F9 microkenrel – Address Space Address Space API as_t *as_create(uint32_t as_spaceid); call by:
  • 42. 11/25/16 42 F9 microkenrel – Address Space Address Space API as_t *as_create(uint32_t as_spaceid); code:
  • 43. 11/25/16 43 F9 microkenrel – Address Space Address Space API void as_map_user(as_t *as); Map user text, data and hardware device memory void as_map_ktext(as_t *as); Map kernel text, data
  • 44. 11/25/16 44 F9 microkenrel – Address Space Address Space API void as_setup_mpu(as_t *as, memptr_t sp, memptr_t pc, memptr_t stack_base, size_t stack_size);
  • 45. 11/25/16 45 F9 microkenrel – Address Space Address Space API as_setup_mpu protect stack fpages first then PC always-mapped fpages other
  • 46. 11/25/16 46 F9 microkernel – Memory management System calls are provided to manage address spaces: Grant: The memory page is granted to a new user and cannot be used anymore by its former user. Map: This implements shared memory – the memory page is passed to another task but can be used by both tasks. Flush: The memory page that has been mapped to other users will be flushed out of their address space.
  • 47. 11/25/16 47 F9 microkernel – Memory management System calls are provided to manage address spaces: Grant: The memory page is granted to a new user and cannot be used anymore by its former user. Map: This implements shared memory – the memory page is passed to another task but can be used by both tasks. Flush: The memory page that has been mapped to other users will be flushed out of their address space.
  • 48. 11/25/16 48 F9 microkernel – Memory management System calls are provided to manage address spaces: Grant: The memory page is granted to a new user and cannot be used anymore by its former user. Map: This implements shared memory – the memory page is passed to another task but can be used by both tasks. (as_map_user/ktext) Flush: The memory page that has been mapped to other users will be flushed out of their address space.
  • 49. 11/25/16 49 F9 microkernel – Memory management System calls are provided to manage address spaces: Grant: The memory page is granted to a new user and cannot be used anymore by its former user. Map: This implements shared memory – the memory page is passed to another task but can be used by both tasks. Flush: The memory page that has been mapped to other users will be flushed out of their address space. (unmap_fpage)
  • 50. 11/25/16 50 F9 microkernel – Memory management Recursive Address Space: Initial address space controlled by first process. Controls all available memory Other address spaces empty at boot In F9 microkernel, root thread was the init address space holder
  • 51. 11/25/16 51 F9 microkernel – Memory management Recursive Address Space: Initial address space controlled by first process. Controls all available memory Other address spaces empty at boot In F9 microkernel, root thread was the init address space holder Other processes (threads) obtain memory pages from first or from their other processes that got page from parent
  • 52. 11/25/16 52 F9 microkernel – Memory management Recursive Address Space: Initial address space controlled by first process. Controls all available memory Other address spaces empty at boot In F9 microkernel, root thread was the init address space holder Other processes (threads) obtain memory pages from first or from their other processes that got page from parent
  • 53. 11/25/16 53 F9 microkernel – Memory management Recursive Address Space: Initial address space controlled by first process. Controls all available memory Other address spaces empty at boot In F9 microkernel, root thread was the init address space holder Other processes (threads) obtain memory pages from first or from their other processes that got page from parent
  • 54. 11/25/16 54 F9 microkernel Debugging Tools kdb kproble openocd + gdb
  • 55. 11/25/16 55 F9 microkernel – Debugging Tools KDB In-kernel debugger is built and run at boot by default support multiple useful command easy to adding new command
  • 56. 11/25/16 56 F9 microkernel – Debugging Tools KDB In-kernel debugger is built and run at boot by default support multiple useful command
  • 57. 11/25/16 57 F9 microkernel – Debugging Tools kprobe Linux-style kprobe support banding by symbol name
  • 58. 11/25/16 58 F9 microkernel – Debugging Tools openocd + gdb Powerful then st-util useful command: http://openocd.org/doc/html/General-Commands.html
  • 59. 11/25/16 59 F9 microkernel – Debugging Tools openocd + gdb Powerful then st-util useful command: http://openocd.org/doc/html/General-Commands.html
  • 60. 11/25/16 60 F9 microkernel – Debugging Tools openocd + gdb useful command: http://openocd.org/doc/html/General-Commands.html memory access mdw / mdh / mdb – Display contents of address addr mww / mwh /mwb – Writes the specified value at addr
  • 61. 11/25/16 61 F9 microkernel – Debugging Tools openocd + gdb useful command: http://openocd.org/doc/html/General-Commands.html memory access mdw / mdh / mdb – Display contents of address addr mww / mwh /mwb – Writes the specified value at addr access register value reg – dump all register value reg [number | name] [value] – just OP
  • 62. 11/25/16 62 F9 microkernel – The Bug The Bug Really matter one
  • 63. 11/25/16 63 F9 microkernel – The Bug The Bug Really matter one Adding new feature for l4test (a test suite from pisachio) IPC testing via Local destination Id
  • 64. 11/25/16 64 F9 microkernel – The Bug The Bug Really matter one Adding new feature for l4test (a test suite from pisachio) IPC testing via Local destination Id
  • 65. 11/25/16 65 F9 microkernel – The Bug The Bug Really matter one Adding new feature for l4test (a test suite from pisachio) IPC testing via Local destination Id
  • 66. 11/25/16 66 F9 microkernel – The Bug The Bug Really matter one Adding new feature for l4test (a test suite from pisachio) IPC testing via Local destination Id
  • 67. 11/25/16 67 F9 microkernel – The Bug The Bug - Sender
  • 68. 11/25/16 68 F9 microkernel – The Bug The Bug - Reciver
  • 69. 11/25/16 69 F9 microkernel – The Bug The Bug
  • 70. 11/25/16 70 F9 microkernel – The Bug The Bug
  • 71. 11/25/16 71 F9 microkernel – Unsolved problems Unsolved problems Time-slice schedule User space busy loop hang system POSIX layer support
  • 73. 11/25/16 73 BitSec BitSec is...... BitSec is a microkernel intended for high-reliability embedded applications on ARMv7-M architecture processors, such as the Cortex-M4. BitSec is a third-generation microkernel. Its design is heavily inspired by EROS/KeyKOS, MINIX 3, and the L4 family, particularly seL4.
  • 74. 11/25/16 74 BitSec BitSec, like other third-generation microkernel Focuses on minimality and security, Expresses all authority through explicit capabilities, Moves other mechanisms with security implications outside the kernel, Blurs the line between a traditional microkernel and a hypervisor, and Targets a very small kernel codebase (in BitSec’s case, less than 2500 sloccount lines of code).
  • 75. 11/25/16 75 BitSec BitSec, like other third-generation microkernel Focuses on minimality and security, Expresses all authority through explicit capabilities, Moves other mechanisms with security implications outside the kernel, Blurs the line between a traditional microkernel and a hypervisor, and Targets a very small kernel codebase (in BitSec’s case, less than 2500 sloccount lines of code).
  • 76. 11/25/16 76 BitSec BitSec is not... A complete operating system
  • 77. 11/25/16 77 BitSec BitSec is not... A complete operating system By analogy: putting the Linux kernel on a computer doesn’t allow one to run Firefox. Linux is only a kernel; there’s a whole lot of operating system that must be added to make a complete system. This is even more true of BitSec than of Linux, because BitSec’s design is so minimal. Like other third- generation microkernels, BitSec doesn’t even include hardware drivers in the kernel.
  • 78. 11/25/16 78 BitSec BitSec is not... A complete operating system
  • 79. 11/25/16 79 BitSec BitSec is not... A complete operating system By analogy: putting the Linux kernel on a computer doesn’t allow one to run Firefox. Linux is only a kernel; there’s a whole lot of operating system that must be added to make a complete system. This is even more true of BitSec than of Linux, because BitSec’s design is so minimal. Like other third- generation microkernels, BitSec doesn’t even include hardware drivers in the kernel.
  • 80. 11/25/16 80 BitSec - Key BitSec capability: Key Conceptually, Key combines A reference to a kernel object A set of operations on that object that the key enables
  • 81. 11/25/16 81 BitSec - Key BitSec capability: Key Implementation, a key is a kernel data structure built from three part A brand, which distinguishes kines of keys to particular object from one another A generation, which distinguishes keys to successive objects, created in the same location, from one another. A pointer to a kernel object.
  • 82. 11/25/16 82 BitSec - Key BitSec capability: Key struct
  • 83. 11/25/16 83 BitSec - Key BitSec capability: Key struct keys can be freely copied but not directly created mint the key from object table
  • 84. 11/25/16 84 BitSec - Key BitSec capability: Key Brands 64 bit value chosen when the key was create (minted) indelible, cannot be alter except by minting a new key program cannot discover the brand of keys they hold when a key is copied, the copies bear the same brand
  • 85. 11/25/16 85 BitSec - Key BitSec capability: Key keys can be freely copied but not directly created mint the key from object table program can only perform three operations on a key Copy the key into a different key register Send a message to the object designated by the key Receive a message from the object designated by the key
  • 86. 11/25/16 86 BitSec - Key BitSec capability: Key keys can be freely copied but not directly created mint the key from object table program can not do following without holding addi auth Determine the kind of kernel object designated by a key Determine if two keys designate the same kernel object Determine if two keys give the same rights on their designated objects
  • 87. 11/25/16 87 BitSec - Key BitSec capability: Key keys can be freely copied but not directly created mint the key from object table program can not do following without holding addi auth Determine the kind of kernel object designated by a key Determine if two keys designate the same kernel object Determine if two keys give the same rights on their designated objects
  • 88. 11/25/16 88 BitSec - Key BitSec capability: Key Generations and Revocation used to provide efficient revocation When program invokes a key kernel compares the key's generation to a object generation If two match, proceeds normally If not match, object has been invalidated
  • 89. 11/25/16 89 BitSec - Key BitSec capability: Key Generations and Revocation used to provide efficient revocation When program invokes a key kernel compares the key's generation to a object generation If two match, proceeds normally If not match, object has been invalidated
  • 90. 11/25/16 90 BitSec – Object Oriented BitSec design: Object Oriented Using c++11 standard Every resource and service that the system can see in the kernel is represented as an objectbundling together state and operations on that state.
  • 91. 11/25/16 91 BitSec – Object Oriented BitSec design: Object Oriented Using c++11 standard Every resource and service that the system can see in the kernel is represented as an objectbundling together state and operations on that state. For example: the Keys
  • 92. 11/25/16 92 BitSec – Object Oriented BitSec design: Object Oriented Every resource and service that the system can see in the kernel is represented as an objectbundling together state and operations on that state. For example: the Keys
  • 93. 11/25/16 93 BitSec – Object Oriented BitSec design: Object Oriented Using c++11 standard Every resource and service that the system can see in the kernel is represented as an objectbundling together state and operations on that state. For example: the Keys
  • 94. 11/25/16 94 BitSec – Object Oriented BitSec design: Object Oriented Using c++11 standard Every resource and service that the system can see in the kernel is represented as an objectbundling together state and operations on that state. For example: the Keys And can be usable from C
  • 95. 11/25/16 95 BitSec – Object Oriented BitSec design: Object Oriented And can be usable from C BitSec is implemented in C++11, but was designed to be usable from legacy languages suchas C and assembler. As FreeRTOS/BitSec is entirely C (and C90 at that), this seems to have worked.
  • 96. 11/25/16 96 BitSec – Future work BitSec future work Enhancement of the build systems porting guest OS to BitSec (FreeRTOS, Linux, or maybe from stratch) Formal Verify by CoGENT Adding network stack ?
  • 97. 11/25/16 97 F9 / BitSec Demoon stm32f429
  • 98. 11/25/16 98 A tour of F9 microkernel and BitSec hypervisor Q&A
  • 99. 11/25/16 99 A tour of F9 microkernel and BitSec hypervisor Thanks
  • 100. 11/25/16 100 References CertiKOS: An Extensible Architecture for Building Certified Concurrent OS Kernels http://flint.cs.yale.edu/certikos/publications/certikos-osdi16.pdf F9 microkernel & ARM hypervisor https://hackmd.io/s/r16AUMbJe F9: A secure microkernel for MMUless embedded systems https://github.com/grapherd/f9-report F9: A secure and Efficient Microkernel Built for Deeply Embedded Systems http://www.slideshare.net/jserv/f9-microkernel Technical Report on the BitSec Kernel OpenOCD general command http://openocd.org/doc/html/General-Commands.html

Editor's Notes

  1. Brands allow two keys to the same object to behave differently. The meaning of a brand is entirely up to the object designated by the key. Kernel objects specify the meaning of brands so that the System can mint appropriate keys,   but transparent objects (particularly Gates) pass the brand up to programs for interpretation.   It may encode access permissions, unique client identifiers, etc.