18 pages

English

faa03-partition

Irkoi

Le téléchargement nécessite un accès à la bibliothèque YouScribe
Tout savoir sur nos offres

18 pages

English

Le téléchargement nécessite un accès à la bibliothèque YouScribe
Tout savoir sur nos offres

A propos
Informations
Extrait

Description

Partitioning and ProtectionBreakout SessionJohn RushbyComputer Science LaboratorySRI InternationalMenlo Park, California, USAJohn Rushby, SR I Partitioning and Protection: 1Overview This is an interactive session: pooling of knowledge, lessons learned, concerns fromdeveopers, certiﬁers, and researchers I’m the author of NASA CR-99-209347 Partitioning in Avionics Architecture:Requirements, Mechanism, and Assurance, referenced in CAST-2Available athttp://techreports.larc.nasa.gov/ltrs/PDF/1999/cr/NASA-99-cr209347.pdf I’ll start off with a brief summary Need for partitioning Partitioning mechanisms in individual processors Partitioning in bus architectures Requirements and assurance for partitioning Then it’s over to youJohn Rushby, SR I Partitioning and Protection: 2CAST 2 Deﬁnitions Partitioning is just one means of implementing the general concept of protection Partitioning is method of separating components to ensure protection (section 2.3.1of ED12B/DO-178B) The real issue is whether two or more components are protected from the actions ofeach other Component X can be said to be strictly protected from Y if any behavior of Y has noeffect on the operation of X Component X can be said to be safely protected from Y if any behavior of Y has noeffect on the safety properties of XJohn Rushby, SR I Partitioning and Protection: 3Simple PicturePartition A Partition BOperating SystemHardwareJohn Rushby, SR I Partitioning and ...

Informations

Publié par	Irkoi
Nombre de lectures	19
Langue	English

Extrait

John Rushby, SR I

Partitioning and Protection Breakout Session

John Rushby

Computer Science Laboratory

SRI International

Menlo Park, California, USA

Partitioning and Protection: 1

eracintloop:noissesevit,lgeedwlnofkgoinrecnrfsnmosoeslensnearcod,Im'902-99-RitraP743houteathACASfNroihetAscr:etcruingitiononicnAviyarI'artollsthtbaffiwusmmirfeov'sitenTh

Overview

Partitioning and Protection: 2

Requirements, Mechanism, and Assurance , referenced in CAST-2 Available at http://techreports.larc.nasa.gov/ltrs/PDF/ 1999/cr/NASA-99-cr209347.pdf

John Rushby, SR I

◦ Need for partitioning ◦ Partitioning mechanisms in individual processors ◦ Partitioning mechanisms in bus architectures ◦ Requirements and assurance for partitioning

•

• This is an deveopers, certiers, and researchers ◦

reotoyu

ompoCfdiotebascXnaentnecotprlyctristbehebynafiYmorfdeteiswhethrealissurocemooprewtoomrotprteecntneresaitcaosnoorfdehtmtoceylrporYmetfdybehifanrofYavioonsahvaoiorYfahnsomoCenopcXtnbeanidsabetofesa

• each other

• of ED12B/DO-178B)

•

• effect on the operation of X

CAST 2 Denitions

effect on the safety properties of X

John Rushby, SR I

Partitioning and Protection: 3

•

enemnaosifpmelemtitioningisjustoraParatfsephodosmetniigitnoraitnoPtiecotprofptceonclarenegehtgnitnThe3.1.estcoi2nctten(iournsroeptneneotscgniopmo

John Rushby, SR I

Partition A

Simple Picture

Partition B

Operating System

Hardware

Partitioning and Protection:

edneeltosilyWestninednenimiuetaentsmecomponlpfiayansmictierrcwelotoOrosrofslevelnoitamoduForoinctareitalcritceNnotdeeileonamidetebeliteralt,yeniwtnreseitnsecurityandprotalucitraptluaf,rtigaparoenecRonrecaidtnasomitnomponngcoInpents

• Or just to

•

Need for Partitioning

•

Partitioning and Protection: 5

John Rushby, SR I

noitacerntditeannw,u

rahcticeuterasttPartitioningabemeirrotsrporpptemretoeacrsateionagat

Basic Idea of Partitioning

•

• standard

•

Partitioning and Protection: 6

John Rushby, SR I

ementalgoldec,sosrpvodisehtnoasarshreedursoadetihcrtcetheructioteraderanFeahnnhtceronilefssoreedarresaceurhS

tospedinividllydoiandatirTmay-orem,mrymoMegninoititrapecanAtitiinonimdtarepnoitemuogeRilseedulingtsandschedppOdI/iceves

◦ ◦ Static vs. dynamic (priority-based) scheduling ◦ Static has simpler assurance, but may complicate application design ◦ Dynamic scheduling requires knowledge of pitfalls ? Priority inversions (interaction of priorities and locks) ? Correct accounting (charging for process swaps)

•

◦ ◦ Uses hardware protection mechanisms (user/supervisor modes, memory management units) ◦ And O/S principles (kernels, virtual machines, threads)

John Rushby, SR I

Partitioning and Protection: 7

Mechanisms for Partitioning in Individual Processors

•

Partition A

Partition B

Partition A

Partition B

Hardware

Operating System

Hardware

Classic OS

Architectures for Partitioning in Individual Processors

We can trust less software with the kernelized approach

Kernelized

OS Services A OS Services B Kernel

Partitioning and Protection: 8

John Rushby, SR I

entr:nocedcoalizbitusirttsmedeysceornfelpbaloaglortnItad'solcdezinanehtskcdimeowllAnnioatecithdnetrtiemapngAionissesddreAFSusEbua,GiardsnniTTAtStacicsheduleandsynchroefatarepdseesnltutnemniatnoctluagaccatinmedinitsosetsrtpaioitperoy(rtlletutcegninnI)cultTopallydifiasnftuaorettcga

• shared resources ◦ Paired BIUs in

•

• Lock-free wait-free algs to

•

• But we need to

Mechanisms For Partitioning in Bus Architectures

•

• ◦ Explicit addresses are a partition violation-in-waiting

John Rushby, SR I

Partitioning and Protection: 9