Hao Li
ABSTRACT
With the rapid growth of Internet of Things (IoT) and the new emerging IoT computing paradigm such as edge computing, it is prevalent to see that today’s real-time and functional safety devices, particularly in industrial IoT and automotive scenarios, are getting multi-functional by combining multiple platforms into single product. The new trend potentially prompts embedded virtualization as a promising solution in terms of workload consolidation, separation, and cost- effective. However, hypervisors, such as KVM and XEN, are designed to run on a server and can not be easily restructured to fulfill the requirements such as real-time constrains from IoT products. Meanwhile, existing embedded virtualization solutions are normally tailored towards specific IoT scenarios, which makes them hard to extend towards various scenarios. In addition, most commercial solutions are mature and appealing but expensive and closed-source. This paper presents ACRN, a flexible, lightweight, scalable, and open source embedded hypervisor for IoT development. By focusing on CPU and memory partitioning, and mean- while optionally offloading embedded I/O virtualization to a tiny user space device model, ACRN presents a consolidated system satisfying real-time and general-purpose needs simultaneously. By adopting customer-friendly permissive BSD license, ACRN provides a practical industry-grade solution with immediate readiness. In this paper we will de- scribe the design and implementation of ACRN, and conduct thorough evaluations to demonstrate its feasibility and effectiveness. The source code of ACRN has been released at https://github.com/projectacrn/acrn-hypervisor.
- A. Aguiar, S. J. Filho, F. G. Magalhães, T. D. Casagrande, and F. Hessel. 2010. Hellfire: A design framework for critical embedded systems' applications. In 2010 11th International Symposium on Quality Electronic Design (ISQED). 730-737.Google Scholar
- GENIVI Alliance. 2018. GENIVI Compliant? Products. https://www.genivi.org/compliant-products.Google Scholar
- Paul Barham, Boris Dragovic, Keir Fraser, Steven Hand, Tim Harris, Alex Ho, Rolf Neugebauer, Ian Pratt, and Andrew Warfield. 2003. Xen and the art of virtualization. In SOSP '03: Proceedings of the nineteenth ACM symposium on Operating systems principles. 164-177. Google ScholarDigital Library
- Manfred Broy. 2006. Challenges in Automotive Software Engineering. In Proceedings of the 28th International Conference on Software Engineering (ICSE '06). ACM, New York, NY, USA, 33-42. Google ScholarDigital Library
- John M. Calandrino, Hennadiy Leontyev, Aaron Block, UmaMaheswari C. Devi, and James H. Anderson. 2006. LITMUSRT: A Testbed for Empirically Comparing Real-Time Multiprocessor Schedulers. In Proceedings of the 27th IEEE International Real-Time Systems Symposium (RTSS '06). IEEE Computer Society, Washington, DC, USA, 111-126. Google ScholarDigital Library
- A. Celesti, D. Mulfari, M. Fazio, M. Villari, and A. Puliafito. 2016. Exploring Container Virtualization in IoT Clouds. In 2016 IEEE International Conference on Smart Computing (SMARTCOMP). 1-6.Google Scholar
- Felipe Cerqueira and Björn B. Brandenburg. 2013. A Comparison of Scheduling Latency in Linux, PREEMPT RT, and LITMUS RT. In Proceedings of the 9th Annual Workshop on Operating Systems Platforms for Embedded Real-Time applications (OSPERT'13). 19-29.Google Scholar
- Intel Corporation. 2017. Getting Started with Intel® Active Management Technology (AMT). https://software.intel.com/en-us/articles/getting-started-with-intel-active-management-technology-amt.Google Scholar
- International Organization for Standardization. 2011. 26262: Road vehicles-Functional safety. https://www.iso.org/standard/43464.html.Google Scholar
- The Linux Foundation. 2017. PREEMPT RT. https://wiki.linuxfoundation.org/realtime/documentation/howto/applications/preemptrt_setup/.Google Scholar
- GlobalPlatform. 2018. Trusted Execution Environment. https://globalplatform.org/specifications/technical-overview/.Google Scholar
- Google. 2017. Verified Boot. https://source.android.com/security/verifiedboot/.Google Scholar
- Google. 2018. Trusty TEE. https://source.android.com/security/trusty/.Google Scholar
- Gernot Heiser. 2008. The Role of Virtualization in Embedded Systems. In Proceedings of the 1st Workshop on Isolation and Integration in Embedded Systems (IIES '08). ACM, New York, NY, USA, 11-16. Google ScholarDigital Library
- G. Heiser. 2011. Virtualizing embedded systems - why bother?. In 2011 48th ACM/EDAC/IEEE Design Automation Conference (DAC). 901-905. Google ScholarDigital Library
- Gernot Heiser and Ben Leslie. 2010. The OKL4 Microvisor: Convergence Point of Microkernels and Hypervisors. In Proceedings of the First ACM Asia-pacific Workshop on Workshop on Systems (APSys '10). ACM, New York, NY, USA, 19-24. Google ScholarDigital Library
- J. Y. Hwang, S. B. Suh, S. K. Heo, C. J. Park, J. M. Ryu, S. Y. Park, and C. R. Kim. 2008. Xen on ARM: System Virtualization Using Xen Hypervisor for ARM-Based Secure Mobile Phones. In 2008 5th IEEE Consumer Communications and Networking Conference. 257-261.Google Scholar
- Kenta Ishiguro and Kenji Kono. 2018. Hardening Hypervisors Against Vulnerabilities in Instruction Emulators. In Proceedings of the 11th European Workshop on Systems Security (EuroSec'18). ACM, New York, NY, USA, Article 7, 6 pages. Google ScholarDigital Library
- Avi Kivity Qumranet, Yaniv Kamay Qumranet, Dor Laor Qumranet, Uri Lublin Qumranet, and Anthony Liguori. 2007. KVM: The Linux virtual machine monitor. 15 (01 2007).Google Scholar
- Neil Klingensmith and Suman Banerjee. 2018. Hermes: A Real Time Hypervisor for Mobile and IoT Systems. In Proceedings of the 19th International Workshop on Mobile Computing Systems & Applications (HotMobile '18). ACM, New York, NY, USA, 101-106. Google ScholarDigital Library
- Hao Li, Dong Tong, Kan Huang, and Xu Cheng. 2010. FEMU: A Firmware-based Emulation Framework for SoC Verification. In Proceedings of the Eighth IEEE/ACM/IFIP International Conference on Hardware/ Software Codesign and System Synthesis (CODES/ISSS '10). ACM, New York, NY, USA, 257-266. Google ScholarDigital Library
- Byte Magazine. 2018. UnixBench. https://github.com/kdlucas/byte-unixbench/.Google Scholar
- IHS Markit. 2019. Teardown - Tesla 2018 Model 3 Autopilot and Media Controller. https://technology.ihs.com/607719/teardown-tesla-2018-model-3-autopilot-and-media-controller.Google Scholar
- Carlos Moratelli, Sergio Johann, Marcelo Neves, and Fabiano Hessel. 2016. Embedded Virtualization for the Design of Secure IoT Applications. In Proceedings of the 27th International Symposium on Rapid System Prototyping: Shortening the Path from Specification to Prototype (RSP '16). ACM, New York, NY, USA, 2-6. Google ScholarDigital Library
- William Norcott and Don Capps. 2016. IOzone. http://www.iozone.org/.Google Scholar
- Junya Ogasawara and Kenji Kono. 2017. Nioh: Hardening The Hypervisor by Filtering Illegal I/O Requests to Virtual Devices. In Proceedings of the 33rd Annual Computer Security Applications Conference (ACSAC 2017). ACM, New York, NY, USA, 542-552. Google ScholarDigital Library
- Anup Patel, Mai Daftedar, Mohamed Shalan, and M. Watheq El-Kharashi. 2015. Embedded Hypervisor Xvisor: A Comparative Analysis. In Proceedings of the 2015 23rd Euromicro International Conference on Parallel, Distributed, and Network-Based Processing (PDP '15). IEEE Computer Society, Washington, DC, USA, 682-691. Google ScholarDigital Library
- Gerald J. Popek and Robert P. Goldberg. 1974. Formal Requirements for Virtualizable Third Generation Architectures. Commun. ACM 17, 7 (July 1974), 412-421. Google ScholarDigital Library
- QNX. 2017. QNX Hypervisor. http://blackberry.qnx.com/en/products/hypervisor/index. Ralf Ramsauer, Jan Kiszka, Daniel Lohmann, and Wolfgang Mauerer. 2017. Look Mum, no VM Exits! (Almost). CoRR abs/1705.06932 (2017). arXiv:1705.06932 http://arxiv.org/abs/1705.06932Google Scholar
- D. Reinhardt and G. Morgan. 2014. An embedded hypervisor for safety-relevant automotive E/E-systems. In Proceedings of the 9th IEEE International Symposium on Industrial Embedded Systems (SIES 2014). 189-198.Google ScholarCross Ref
- Rusty Russell. 2008. Virtio: Towards a De-facto Standard for Virtual I/O Devices. SIGOPS Oper. Syst. Rev. 42, 5 (July 2008), 95-103. Google ScholarDigital Library
- Weisong Shi, Jie Cao, Quan Zhang, Youhuizi Li, and Lanyu Xu. 2016. Edge Computing: Vision and Challenges. IEEE Internet of Things Journal 3 (2016), 637-646.Google ScholarCross Ref
- SIEMENS. 2017. Industrial PCs for the Digital Factory. https://w3.siemens.com/mcms/automation/en/pc-based-automation/Documents/simatic-ipc-en.pdf.Google Scholar
- Green Hills Software. 2018. INTEGRITY Multivisor. https://www.ghs.com/products/rtos/integrity_virtualization.html.Google Scholar
- Kun Tian, Yaozu Dong, and David Cowperthwaite. 2014. A Full GPU Virtualization Solution with Mediated Pass-through. In Proceedings of the 2014 USENIX Conference on USENIX Annual Technical Conference (USENIX ATC'14). USENIX Association, Berkeley, CA, USA, 121-132. http://dl.acm.org/citation.cfm?id=2643634.2643647 Google ScholarDigital Library
- S. Trujillo, A. Crespo, and A. Alonso. 2013. MultiPARTES: Multicore Virtualization for Mixed-Criticality Systems. In 2013 Euromicro Conference on Digital System Design. 260-265. Google ScholarDigital Library
- Freek Verbeek, Oto Havle, Julien Schmaltz, Sergey Tverdyshev, Holger Blasum, Bruno Langenstein, Werner Stephan, Burkhart Wolff, and Yakoub Nemouchi. 2015. Formal API Specification of the PikeOS Separation Kernel. In NASA Formal Methods, Klaus Havelund, Gerard Holzmann, and Rajeev Joshi (Eds.). Springer International Publishing, Cham, 375-389.Google Scholar
- S. Xi, J. Wilson, C. Lu, and C. Gill. 2011. RT-Xen: Towards real-time hypervisor scheduling in Xen. In 2011 Proceedings of the Ninth ACM International Conference on Embedded Software (EMSOFT). 39-48. Google ScholarDigital Library
- Jun Zhang, Kai Chen, Baojing Zuo, Ruhui Ma, Yaozu Dong, and Haibing Guan. 2010. Performance analysis towards a KVM-Based embedded real-time virtualization architecture. In 5th International Conference on Computer Sciences and Convergence Information Technology. 421-426.Google ScholarCross Ref
Index Terms
- ACRN: a big little hypervisor for IoT development
Recommendations
VM Migration and Live-Update for Reliable Embedded Hypervisor
Dependable Software Engineering. Theories, Tools, and ApplicationsAbstractWith the development of hardware virtualization technology, more and more embedded hypervisors are being implemented. Traditional embedded hypervisors focus on resource utilization and real-time performance while neglecting the reliability ...
Effects of dynamic isolation for full virtualized RTOS and GPOS guests
Industrial systems currently include not only control processing with real-time operating system (RTOS) but also information processing with general-purpose operating system (GPOS). Multicore-based virtualization is an attractive option to provide ...
Embedded virtualization for the design of secure IoT applications
RSP '16: Proceedings of the 27th International Symposium on Rapid System Prototyping: Shortening the Path from Specification to PrototypeEmbedded virtualization has emerged as a valuable way to reduce costs, improve software quality, and decrease design time. Additionally, virtualization can enforce the overall system's security from several perspectives. One is security due to ...
Comments