quest(-v): a secure and predictable system for smart iot...
TRANSCRIPT
![Page 1: Quest(-V): A Secure and Predictable System for Smart IoT ...cs-pub.bu.edu/fac/richwest/slides/intel_2016.pdfQuest(-V): A Secure and Predictable System for Smart IoT Devices Richard](https://reader033.vdocuments.mx/reader033/viewer/2022052722/5f0ce1927e708231d4379802/html5/thumbnails/1.jpg)
Quest(-V): A Secure and Predictable System for Smart IoT Devices
Richard West
Computer Science
![Page 2: Quest(-V): A Secure and Predictable System for Smart IoT ...cs-pub.bu.edu/fac/richwest/slides/intel_2016.pdfQuest(-V): A Secure and Predictable System for Smart IoT Devices Richard](https://reader033.vdocuments.mx/reader033/viewer/2022052722/5f0ce1927e708231d4379802/html5/thumbnails/2.jpg)
2
Emerging “Smart” DevicesNeed an OS
● Multiple cores● GPIOs● PWM● Virtualization support● Integrated Graphics● Various bus interfaces● Timing + data
security requirements
![Page 3: Quest(-V): A Secure and Predictable System for Smart IoT ...cs-pub.bu.edu/fac/richwest/slides/intel_2016.pdfQuest(-V): A Secure and Predictable System for Smart IoT Devices Richard](https://reader033.vdocuments.mx/reader033/viewer/2022052722/5f0ce1927e708231d4379802/html5/thumbnails/3.jpg)
3
Recap: Quest-V Separation Kernel
Sandbox M
Monitor
Sandbox 1
VCPU
. . .
Monitor
Sandbox 2
VCPU VCPU
Monitor
Communication+
Migration
VCPU VCPUSandbox
AddressSpace
ThreadIO Devices IO Devices IO Devices
PCPU(s) PCPU(s) PCPU(s)
Exploit VT-x/EPT capabilities on Intel multicore processors for efficient sandboxing
![Page 4: Quest(-V): A Secure and Predictable System for Smart IoT ...cs-pub.bu.edu/fac/richwest/slides/intel_2016.pdfQuest(-V): A Secure and Predictable System for Smart IoT Devices Richard](https://reader033.vdocuments.mx/reader033/viewer/2022052722/5f0ce1927e708231d4379802/html5/thumbnails/4.jpg)
4
VCPUs in Quest(-V)
Main VCPUs
I/O VCPUs
Threads
PCPUs (Cores)
Address Space
● Temporal isolation between VCPUs● Guarantee budget C every T cycles (or time units)● I/O VCPUs use simpler bandwidth preservation
scheme● Reduces timer reprogramming overheads for
short-lived interrupts
![Page 5: Quest(-V): A Secure and Predictable System for Smart IoT ...cs-pub.bu.edu/fac/richwest/slides/intel_2016.pdfQuest(-V): A Secure and Predictable System for Smart IoT Devices Richard](https://reader033.vdocuments.mx/reader033/viewer/2022052722/5f0ce1927e708231d4379802/html5/thumbnails/5.jpg)
5
Proposed Work
• Implement and study Quest(-V) on Intel SBCs
• Port of Quest to Intel Galileo [Done]
• Port of Quest(-V) to Intel Edison and Minnowboard Max [Quest is working]
• Qduino API [Version 1 complete]
– Now working on QduinoMC [In progress]
• IoT “smart” devices/apps: 3D printing / manufacturing, robotics, secure home automation, UAVs, etc [In progress]
![Page 6: Quest(-V): A Secure and Predictable System for Smart IoT ...cs-pub.bu.edu/fac/richwest/slides/intel_2016.pdfQuest(-V): A Secure and Predictable System for Smart IoT Devices Richard](https://reader033.vdocuments.mx/reader033/viewer/2022052722/5f0ce1927e708231d4379802/html5/thumbnails/6.jpg)
6
Smart Devices• Dumb device?
– Requires remote inputs to function
– No autonomy
• Smart device?
– Ability to make own decisions, at least partly, based on sensory inputs that determine the state of the environment and the device itself
• e.g., Smart 3D printer
– Spool requests via webserver
– High level (STL file) requests rather than g-codes
– Local slicer engine & g-code parser
– Local verifier for “correctness” of requests
– Possible communication/coordination with other smart devices
![Page 7: Quest(-V): A Secure and Predictable System for Smart IoT ...cs-pub.bu.edu/fac/richwest/slides/intel_2016.pdfQuest(-V): A Secure and Predictable System for Smart IoT Devices Richard](https://reader033.vdocuments.mx/reader033/viewer/2022052722/5f0ce1927e708231d4379802/html5/thumbnails/7.jpg)
7
Developments 1/2
● Built 3D printer controller circuit using:– MinnowMax/Turbot– RAMPS 1.4– ADS7828 I2C Analog-to-Digital Converter – 4 x 4988 Pololu Stepper Motor drivers– PNP/NPN transistors, resistors etc for level shifting
● Tested on a Printrbot Simple Metal– See: www.cs.bu.edu/fac/richwest/smartprint3d.php
![Page 8: Quest(-V): A Secure and Predictable System for Smart IoT ...cs-pub.bu.edu/fac/richwest/slides/intel_2016.pdfQuest(-V): A Secure and Predictable System for Smart IoT Devices Richard](https://reader033.vdocuments.mx/reader033/viewer/2022052722/5f0ce1927e708231d4379802/html5/thumbnails/8.jpg)
8
Developments 2/2
● Ported Marlin 3D printer firmware to Yocto Linux– Used Intel IoT devkit libmraa library to interface w/
I2C ADC and GPIOs via sysfs
● Ported Quest to MinnowMax and Turbot– Developed test scenarios for 3D print objects– Details to follow
● Papers– Qduino – RTSS'15– Quest-V – ACM TOCS
![Page 9: Quest(-V): A Secure and Predictable System for Smart IoT ...cs-pub.bu.edu/fac/richwest/slides/intel_2016.pdfQuest(-V): A Secure and Predictable System for Smart IoT Devices Richard](https://reader033.vdocuments.mx/reader033/viewer/2022052722/5f0ce1927e708231d4379802/html5/thumbnails/9.jpg)
9
Marlin on Arduino
● One loop and two timer interrupt handlers– Loop: read G-code commands, translate them to
motor movements and fan/heater operations– A high frequency, sporadic timer interrupt to drive
motors (up to 10 Khz)• Trapezoidal speed control
– A low frequency, periodic timer interrupt to read extruder temperature (1 KHz)
![Page 10: Quest(-V): A Secure and Predictable System for Smart IoT ...cs-pub.bu.edu/fac/richwest/slides/intel_2016.pdfQuest(-V): A Secure and Predictable System for Smart IoT Devices Richard](https://reader033.vdocuments.mx/reader033/viewer/2022052722/5f0ce1927e708231d4379802/html5/thumbnails/10.jpg)
10
Real-Time Challenges
● Nanosleep timing for stepper motor control● Matching extrusion rate with bed motion
● Let:– B = gear pitch (e.g., 2mm for GT2 pulley)– C = gear tooth count (e.g., 20)– S = stepper motor steps per revolution (e.g., 200)– = microstepping (e.g., 16 for 4988 driver)– V = feedrate in given axis (e.g., 125mm/s)
● GPIO stepper pulse frequency, F:
– F = (V * S * / (B * C) = 10kHz using above params
– Requires 100 microsecond pulse timing
– Won't work with Linux scheduling accuracy!
![Page 11: Quest(-V): A Secure and Predictable System for Smart IoT ...cs-pub.bu.edu/fac/richwest/slides/intel_2016.pdfQuest(-V): A Secure and Predictable System for Smart IoT Devices Richard](https://reader033.vdocuments.mx/reader033/viewer/2022052722/5f0ce1927e708231d4379802/html5/thumbnails/11.jpg)
11
Marlin on Linux/MinnowBoard Max
● Ported Marlin to a Linux program– Replaced hardware timer interrupts with high
resolution software timers• Linux hrtimer-based nanosleep
– Replaced architecture-dependent I/O operations with mraa library functions
– Cons: approach fails to utilize underlying hardware parallelism
![Page 12: Quest(-V): A Secure and Predictable System for Smart IoT ...cs-pub.bu.edu/fac/richwest/slides/intel_2016.pdfQuest(-V): A Secure and Predictable System for Smart IoT Devices Richard](https://reader033.vdocuments.mx/reader033/viewer/2022052722/5f0ce1927e708231d4379802/html5/thumbnails/12.jpg)
12
Marlin on Linux
Read Gcode
Translate coordinates
to steps
Usetemperatureto do PID
control
Extract steps from the block and pulse the steppers
Buffer: each block contains steps for one command File system
Motors
Read temperatureand adjust
Fan & heater
Temperature
PID output
Fan & Heater
![Page 13: Quest(-V): A Secure and Predictable System for Smart IoT ...cs-pub.bu.edu/fac/richwest/slides/intel_2016.pdfQuest(-V): A Secure and Predictable System for Smart IoT Devices Richard](https://reader033.vdocuments.mx/reader033/viewer/2022052722/5f0ce1927e708231d4379802/html5/thumbnails/13.jpg)
13
Quest on MinnowBoard Max
●Ported Quest to MinnowBoard Max– Added I2C Driver– Added GPIO Driver– Updated ACPI firmware to latest version
● Implemented partial mraa library on Quest– I2C Module (read/write bytes on I2C bus)– GPIO Module (get/set value+direction of GPIOs)
● Qduino Framework
![Page 14: Quest(-V): A Secure and Predictable System for Smart IoT ...cs-pub.bu.edu/fac/richwest/slides/intel_2016.pdfQuest(-V): A Secure and Predictable System for Smart IoT Devices Richard](https://reader033.vdocuments.mx/reader033/viewer/2022052722/5f0ce1927e708231d4379802/html5/thumbnails/14.jpg)
14
Marlin on Quest/MinnowMax
●Three Qduino loops– Loop 1: command reading and path planning
• Calculate & buffer steps+direction along each axis
– Loop 2: motor driving
• Smallest period and largest CPU utilization
– Loop 3: temperature reading & adjustment• Largest period and smallest utilization
![Page 15: Quest(-V): A Secure and Predictable System for Smart IoT ...cs-pub.bu.edu/fac/richwest/slides/intel_2016.pdfQuest(-V): A Secure and Predictable System for Smart IoT Devices Richard](https://reader033.vdocuments.mx/reader033/viewer/2022052722/5f0ce1927e708231d4379802/html5/thumbnails/15.jpg)
15
Marlin on Quest/MinnowMax
Quest Kernel
VCPUVCPU VCPU
QduinoLibrary
G-code translation Temperature PID
control
Loop 1Extract steps
from the block and pulse the steppers
Read temperatureand adjust fan/heater
Loop 2 Loop 3
buffer
Temperature
PID output
MinnowBoardCore 1 Core 2
![Page 16: Quest(-V): A Secure and Predictable System for Smart IoT ...cs-pub.bu.edu/fac/richwest/slides/intel_2016.pdfQuest(-V): A Secure and Predictable System for Smart IoT Devices Richard](https://reader033.vdocuments.mx/reader033/viewer/2022052722/5f0ce1927e708231d4379802/html5/thumbnails/16.jpg)
16
Qduino
• Qduino – Enhanced Arduino API for Quest
– Parallel and predictable loop execution
– Real-time communication b/w loops
– Predictable and efficient interrupt management
– Real-time event delivery
– Backward compatible with Arduino API
– Simplifies multithreaded real-time programming
![Page 17: Quest(-V): A Secure and Predictable System for Smart IoT ...cs-pub.bu.edu/fac/richwest/slides/intel_2016.pdfQuest(-V): A Secure and Predictable System for Smart IoT Devices Richard](https://reader033.vdocuments.mx/reader033/viewer/2022052722/5f0ce1927e708231d4379802/html5/thumbnails/17.jpg)
17
Interleaved Sketches
//Sketch 2: toggle pin 10 every 3sint val10 = 0;
void setup() {pinMode(10, OUTPUT);
}
void loop() {val10 = !val10; //flip the output
valuedigitalWrite(10, val10);delay(3000); //delay 3s
}
// Sketch 1: toggle GPIO pin 9 // every 2sint val9 = 0;
void setup() {pinMode(9, OUTPUT);
}
void loop() {val9 = !val9; //flip the output valuedigitalWrite(9, val9);delay(2000); //delay 2s
}
How do you merge the sketches and keep the correct delays?
![Page 18: Quest(-V): A Secure and Predictable System for Smart IoT ...cs-pub.bu.edu/fac/richwest/slides/intel_2016.pdfQuest(-V): A Secure and Predictable System for Smart IoT Devices Richard](https://reader033.vdocuments.mx/reader033/viewer/2022052722/5f0ce1927e708231d4379802/html5/thumbnails/18.jpg)
18
Interleaved Sketches
int val9, val10 = 0;int next_flip9, next_flip10 = 0;
void setup() {pinMode(9, OUTPUT);pinMode(10, OUTPUT);
}void loop() {
if (millis() >= next_flip9) {val9 = !val9; //flip the output valuedigitalWrite(9, val9);next_flip9 += 2000;
}if (millis() >= next_flip10) {
val10 = !val10; //flip the output valuedigitalWrite(10, val10);next_flip10 += 3000;
}}
● Do scheduling by hand
● Inefficient
● Hard to scale
![Page 19: Quest(-V): A Secure and Predictable System for Smart IoT ...cs-pub.bu.edu/fac/richwest/slides/intel_2016.pdfQuest(-V): A Secure and Predictable System for Smart IoT Devices Richard](https://reader033.vdocuments.mx/reader033/viewer/2022052722/5f0ce1927e708231d4379802/html5/thumbnails/19.jpg)
19
Qduino Multi-threaded Sketchint val9, val10 = 0;int C = 500, T = 1000;
void setup() {pinMode(9, OUTPUT);pinMode(10, OUTPUT);
}
void loop(1, C, T) {val9 = !val9; // flip the output valuedigitalWrite(9, val9);delay(2000);
}
void loop(2, C, T) {val10 = !val10; // flip the output valuedigitalWrite(10, val10);delay(3000);
}
![Page 20: Quest(-V): A Secure and Predictable System for Smart IoT ...cs-pub.bu.edu/fac/richwest/slides/intel_2016.pdfQuest(-V): A Secure and Predictable System for Smart IoT Devices Richard](https://reader033.vdocuments.mx/reader033/viewer/2022052722/5f0ce1927e708231d4379802/html5/thumbnails/20.jpg)
20
Qduino Organization
Sketch
Kernel
User
...Quest NativeApp
Quest NativeApp
Galileo
QDuino Libs
loop1 loopN...
x86 SoC
Edison Minnowboard
GPIO Driver
SPI Driver
I2C Driver
![Page 21: Quest(-V): A Secure and Predictable System for Smart IoT ...cs-pub.bu.edu/fac/richwest/slides/intel_2016.pdfQuest(-V): A Secure and Predictable System for Smart IoT Devices Richard](https://reader033.vdocuments.mx/reader033/viewer/2022052722/5f0ce1927e708231d4379802/html5/thumbnails/21.jpg)
21
Qduino New APIsFunction Signatures Category
● loop(loop_id, C, T) Structure
● interruptsVcpu(C,T) ← I/O VCPU● attachInterruptVcpu(pin,ISR,mode,C,T) ←Main VCPU
Interrupt
● spinlockInit(lock)● spinlockLock(lock)● spinlockUnlock(lock)
Spinlock
● channelWrite(channel,item)● item channelRead(channel)
Four-slot
● ringbufInit(buffer,size)● ringbufWrite(buffer,item)● ringbufRead(buffer,item)
Ring buffer
![Page 22: Quest(-V): A Secure and Predictable System for Smart IoT ...cs-pub.bu.edu/fac/richwest/slides/intel_2016.pdfQuest(-V): A Secure and Predictable System for Smart IoT Devices Richard](https://reader033.vdocuments.mx/reader033/viewer/2022052722/5f0ce1927e708231d4379802/html5/thumbnails/22.jpg)
22
Qduino Event Handling
Scheduler
MainVCPU
MainVCPU
SketchThread
I/OVCPU
User InterruptHandler
Interrupt Bottom
Half
CPU Core(s) GPIO Expander
Kernel
User
Wakeup
attachInterruptVcpu
interrupt return
GPIO Driver
Hardware Interrupt
![Page 23: Quest(-V): A Secure and Predictable System for Smart IoT ...cs-pub.bu.edu/fac/richwest/slides/intel_2016.pdfQuest(-V): A Secure and Predictable System for Smart IoT Devices Richard](https://reader033.vdocuments.mx/reader033/viewer/2022052722/5f0ce1927e708231d4379802/html5/thumbnails/23.jpg)
23
Qduino Temporal Isolation
0
10
20
30
40
50
60
100T 200T 300T 400T 500T
Cou
nter
(x1
04 )
Time (Periods)
(50,100),2(50,100),4
(70,100),2(70,100),4
(90,100),2(90,100),4
Linux,2Linux,4 ● Foreground loop increments
counter during loop period
● 2-4 background loops actas potential interference, consuming remainingCPU capacity
● No temporal isolation ortiming guarantees w/Linux
![Page 24: Quest(-V): A Secure and Predictable System for Smart IoT ...cs-pub.bu.edu/fac/richwest/slides/intel_2016.pdfQuest(-V): A Secure and Predictable System for Smart IoT Devices Richard](https://reader033.vdocuments.mx/reader033/viewer/2022052722/5f0ce1927e708231d4379802/html5/thumbnails/24.jpg)
24
Qduino Rover
● Autonomous Vehicle● Collision avoidance using ultrasonic
sensor
● Two tasks:● A sensing task detects distance to an
obstacle – delay(200)● An actuation task controls the motors -
delay(100)
![Page 25: Quest(-V): A Secure and Predictable System for Smart IoT ...cs-pub.bu.edu/fac/richwest/slides/intel_2016.pdfQuest(-V): A Secure and Predictable System for Smart IoT Devices Richard](https://reader033.vdocuments.mx/reader033/viewer/2022052722/5f0ce1927e708231d4379802/html5/thumbnails/25.jpg)
25
Rover Performance
● Measure the time interval between two consecutive calls to the motor actuation code
● Clanton Linux single loop● delay from both sensing
and actuation task● Qduino multi-loop
● No delay from sensing loop
● No delay from sensor timeout
● The shorter the worst case time interval, the faster the vehicle can drive
0
100
200
300
400
500
600
700
800
10 20 30 40 50 60 70 80 90 100
Tim
e (m
illis
econ
ds)
Sample #
Clanton Single-loopQduino Multi-loop
Qduino Single-loopClanton Interrupt
![Page 26: Quest(-V): A Secure and Predictable System for Smart IoT ...cs-pub.bu.edu/fac/richwest/slides/intel_2016.pdfQuest(-V): A Secure and Predictable System for Smart IoT Devices Richard](https://reader033.vdocuments.mx/reader033/viewer/2022052722/5f0ce1927e708231d4379802/html5/thumbnails/26.jpg)
26
RacerX Autonomous Vehicle
![Page 27: Quest(-V): A Secure and Predictable System for Smart IoT ...cs-pub.bu.edu/fac/richwest/slides/intel_2016.pdfQuest(-V): A Secure and Predictable System for Smart IoT Devices Richard](https://reader033.vdocuments.mx/reader033/viewer/2022052722/5f0ce1927e708231d4379802/html5/thumbnails/27.jpg)
27
Edison 3D Printer Controller
Real-timeSensing &
Control
Real-timeSensing &
Control
Real-timeJob
Scheduling
Real-timeJob
Scheduling
LinuxLinux
MemoryMemory
MonitorMonitor
Core(s)Core(s) Core(s)Core(s) Core(s)Core(s)
Web Server /Verification
Web Server /Verification
Comms
MonitorMonitor MonitorMonitor
MemoryMemory MemoryMemory
I/O Devicese.g. Motors,
Extruder,Temp Sensors
I/O Devicese.g. Motors,
Extruder,Temp Sensors
I/O Devicese.g. Flash
Storage
I/O Devicese.g. Flash
Storage
I/O Devicese.g. NIC
I/O Devicese.g. NIC
Har
dwar
eK
erne
l
VCPU(s)VCPU(s) VCPU(s)VCPU(s)
Use
r
Unt
rust
edT
rust
ed
Sandbox 1 Sandbox 2 Sandbox 3
DU
AL
CO
RE
AT
OM
SIL
VE
RM
ON
T
QU
AR
K M
CU
INT
ER
NE
T
![Page 29: Quest(-V): A Secure and Predictable System for Smart IoT ...cs-pub.bu.edu/fac/richwest/slides/intel_2016.pdfQuest(-V): A Secure and Predictable System for Smart IoT Devices Richard](https://reader033.vdocuments.mx/reader033/viewer/2022052722/5f0ce1927e708231d4379802/html5/thumbnails/29.jpg)
29
MinnowMax 3D Printer Controller
7805
GND
7404
1N47281K
GND
Z_STOP
+12V
Z_STOP Sensor
5VREG
1234567
141312111098GND
CH0
CH1
CH2
CH3
CH4
CH5
CH6
CH7
NC
SCL
SDA
REF
VCC
ADS7828 I2C-ADCTHERM0 +5V
+5V
Y_ENABLE
Z_ENABLE
RAMPS 1.4
4988 4988
4988
4988
A0A1A0
A0A2
X_STEPX_DIR
A0A7A6
A0A8
Y_STEPY_DIR
A0
D46
Z_
ST
EP
A0
D48
Z_
DIR
A0
D38
X_
EN
AB
LE
A0
D26
E0
_S
TE
PA
0D
28E
0_
DIR
A0
D24
E0
_E
NA
BL
E
D3X_STOP
D15Y_STOP_max
HEAT_IN
D9FAN_IN
D10
X
Y
Z
E0
-- s
s Y_STOP_max
GN
D
+1
2V
+- -+
D9 D10
THERM0A0A13 X_STOP Switch
T0
Thermistor
13579
1113151719212325
2468
101214161820222426
GND GND
+5V +3.3V
SCL
SDA
PWM0
FAN
HEATER X_STEP
SPI_MISO
SPI_MOSI
Z_ENABLE
E0_STEP
E0_DIR
X_STOP
Y_STOP_max
Z_STOP E0_ENABLE
Z_DIR
Z_STEP
Y_ENABLE
Y_DIR
Y_STEP
X_ENABLE
X_DIR
MINNOWBOARD MAX
2N3906
2N3904
1K
GND
4.7K
+5V
GND
+3.3V
4.7K
FAN orHEATER
FAN_IN (D9)orHEAT_IN (D10)
Circuit x2
![Page 30: Quest(-V): A Secure and Predictable System for Smart IoT ...cs-pub.bu.edu/fac/richwest/slides/intel_2016.pdfQuest(-V): A Secure and Predictable System for Smart IoT Devices Richard](https://reader033.vdocuments.mx/reader033/viewer/2022052722/5f0ce1927e708231d4379802/html5/thumbnails/30.jpg)
30
Future Directions
• QduinoMC
– API support to map loops to cores
– Load balancing via MARACAS [RTSS'16] framework
– Pub/sub communications between Quest-V sandboxes
• e.g., Linux ↔ Quest
• QROS
– Legacy Linux ROS nodes communicate w/ time-critical Quest services
![Page 31: Quest(-V): A Secure and Predictable System for Smart IoT ...cs-pub.bu.edu/fac/richwest/slides/intel_2016.pdfQuest(-V): A Secure and Predictable System for Smart IoT Devices Richard](https://reader033.vdocuments.mx/reader033/viewer/2022052722/5f0ce1927e708231d4379802/html5/thumbnails/31.jpg)
31
Future Directions
• Smart Devices / Apps
– Use Intel SBCs/SoCs (Up board, Edison, MinnowMax, Celeron Braswell, Skylake U, Kaby/Apollo Lake NUCs)
– Energy + CPU + GPU + latency-sensitive I/O requirements
– RacerX autonomous rover
– Smart drones
• Configurable mission objectives (indoor / outdoor)
• Search & rescue, surveillance, package delivery, SLAM, target tracking
• Real-time adaptive control (e.g. in windy conditions)
– Biokinematic / body sensor network (Edison/Curie)
![Page 32: Quest(-V): A Secure and Predictable System for Smart IoT ...cs-pub.bu.edu/fac/richwest/slides/intel_2016.pdfQuest(-V): A Secure and Predictable System for Smart IoT Devices Richard](https://reader033.vdocuments.mx/reader033/viewer/2022052722/5f0ce1927e708231d4379802/html5/thumbnails/32.jpg)
32
Future Directions
• Quest-V on Edison, MinnowMax, Up board, other Intel SBCs/SoCs
– Mixed-criticality: Linux + Quest
– Mixed-criticality scheduling (ECRTS'16)
– TMR fault tolerance using replicated sandboxes
![Page 33: Quest(-V): A Secure and Predictable System for Smart IoT ...cs-pub.bu.edu/fac/richwest/slides/intel_2016.pdfQuest(-V): A Secure and Predictable System for Smart IoT Devices Richard](https://reader033.vdocuments.mx/reader033/viewer/2022052722/5f0ce1927e708231d4379802/html5/thumbnails/33.jpg)
33
MARACAS Framework
• Quest memory+cache-aware scheduling framework
– Supports VCPU load balancing to share background cycles across cores
• Background cycles: 1-C/T
• Uses h/w perf counters to identify bus congestion
• Congestion? Throttle select cores with available background cycles
• Reduces memory/bus congestion while guaranteeing VCPU foreground timing requirements
![Page 34: Quest(-V): A Secure and Predictable System for Smart IoT ...cs-pub.bu.edu/fac/richwest/slides/intel_2016.pdfQuest(-V): A Secure and Predictable System for Smart IoT Devices Richard](https://reader033.vdocuments.mx/reader033/viewer/2022052722/5f0ce1927e708231d4379802/html5/thumbnails/34.jpg)
34
MARACAS Framework
• Avg memory request latency = Occupancy / Requests
• Occupancy = UNC_ARB_TRK_OCCUPANCY.ALL
– Cycles weighted by queued memory requests
• Requests = UNC_ARB_TRK_REQUEST.ALL
– # of requests to memory controller request queue
• If latency exceeds threshold apply weighted throttling to cores
• Use COLORIS [PACT'14] dynamic page coloring for cache isolation
![Page 35: Quest(-V): A Secure and Predictable System for Smart IoT ...cs-pub.bu.edu/fac/richwest/slides/intel_2016.pdfQuest(-V): A Secure and Predictable System for Smart IoT Devices Richard](https://reader033.vdocuments.mx/reader033/viewer/2022052722/5f0ce1927e708231d4379802/html5/thumbnails/35.jpg)
35
Lessons Learned
• Intel SBCs for “smart” devices
– Multiple cores (good for multi-tasking)
– VT-x capabilities for security/isolation/fault tolerance
– GPIOs for interfacing sensors + actuators
– PWMs for motor & servo control
– Serial interfaces for device communication
– Shared caches + memory bus affects temporal isolation (not good for real-time!)
• ARINC 653 requires space-time isolation b/w cores
![Page 36: Quest(-V): A Secure and Predictable System for Smart IoT ...cs-pub.bu.edu/fac/richwest/slides/intel_2016.pdfQuest(-V): A Secure and Predictable System for Smart IoT Devices Richard](https://reader033.vdocuments.mx/reader033/viewer/2022052722/5f0ce1927e708231d4379802/html5/thumbnails/36.jpg)
36
Wish List 1/2
• Intel SBCs for “smart” devices
– Temporal isolation b/w cores
• TI ARM PRU-like features for dedicated core(s)
• Quark offers something close on the Edison
• Support for cache + bus isolation (way partitioning, page coloring, TDMA bus management?)
– Better GPU support
• Needed for vision+AI+deep learning tasks
• Georgia Tech AutoRally vehicle uses Mini-ITX + Nvidia GTX 750 Ti PCIe card, which is too power-hungry and heavy
– Low-wattage “PC” with GPIOs, serial buses, GPU ala Nvidia Jetson (but better!)
• e.g., “smart” drone has energy and weight restrictions
![Page 37: Quest(-V): A Secure and Predictable System for Smart IoT ...cs-pub.bu.edu/fac/richwest/slides/intel_2016.pdfQuest(-V): A Secure and Predictable System for Smart IoT Devices Richard](https://reader033.vdocuments.mx/reader033/viewer/2022052722/5f0ce1927e708231d4379802/html5/thumbnails/37.jpg)
37
Wish List 2/2
• Intel SBCs for “smart” devices
– Simplified VT-x support
• Basic memory partitioning b/w sandboxes (no EPT walking)
• Like segmentation with simplified VMCS
• Simplified IOMMU w/ DMA to sandbox physical offset address
– Tagged memory for confidentiality + integrity on secure information flows between sandboxes
– H/W-assisted port-based I/O interposition
• To prevent sandbox discovery/access to unauthorized devices
![Page 38: Quest(-V): A Secure and Predictable System for Smart IoT ...cs-pub.bu.edu/fac/richwest/slides/intel_2016.pdfQuest(-V): A Secure and Predictable System for Smart IoT Devices Richard](https://reader033.vdocuments.mx/reader033/viewer/2022052722/5f0ce1927e708231d4379802/html5/thumbnails/38.jpg)
38
The End
? || /* */
![Page 39: Quest(-V): A Secure and Predictable System for Smart IoT ...cs-pub.bu.edu/fac/richwest/slides/intel_2016.pdfQuest(-V): A Secure and Predictable System for Smart IoT Devices Richard](https://reader033.vdocuments.mx/reader033/viewer/2022052722/5f0ce1927e708231d4379802/html5/thumbnails/39.jpg)
39
Extra Slides
![Page 40: Quest(-V): A Secure and Predictable System for Smart IoT ...cs-pub.bu.edu/fac/richwest/slides/intel_2016.pdfQuest(-V): A Secure and Predictable System for Smart IoT Devices Richard](https://reader033.vdocuments.mx/reader033/viewer/2022052722/5f0ce1927e708231d4379802/html5/thumbnails/40.jpg)
40
Goals
• Develop high-confidence (embedded) systems– Mixed criticalities: timeliness and safety
• Predictable
• Secure
• Safe / Fault tolerant
• Efficient
![Page 41: Quest(-V): A Secure and Predictable System for Smart IoT ...cs-pub.bu.edu/fac/richwest/slides/intel_2016.pdfQuest(-V): A Secure and Predictable System for Smart IoT Devices Richard](https://reader033.vdocuments.mx/reader033/viewer/2022052722/5f0ce1927e708231d4379802/html5/thumbnails/41.jpg)
41
Target Applications
• Healthcare• Avionics• Automotive• Factory automation• Robotics• Space exploration• Internet-of-Things (IoT)• Industry 4.0 smart factories• Smart drones, other devices
![Page 42: Quest(-V): A Secure and Predictable System for Smart IoT ...cs-pub.bu.edu/fac/richwest/slides/intel_2016.pdfQuest(-V): A Secure and Predictable System for Smart IoT Devices Richard](https://reader033.vdocuments.mx/reader033/viewer/2022052722/5f0ce1927e708231d4379802/html5/thumbnails/42.jpg)
42
Internet of Things
● Number of Internet-connected devices
> 12.5 billion in 2010
● World population > 7 billion (2015)
● Cisco predicts 50 billion Internet devices by
2020
● Challenges:
● Secure management of data● Reliable + predictable data processing & exchange● Device interoperability
![Page 43: Quest(-V): A Secure and Predictable System for Smart IoT ...cs-pub.bu.edu/fac/richwest/slides/intel_2016.pdfQuest(-V): A Secure and Predictable System for Smart IoT Devices Richard](https://reader033.vdocuments.mx/reader033/viewer/2022052722/5f0ce1927e708231d4379802/html5/thumbnails/43.jpg)
43
Background: Quest Real-Time OS
• Initially a “small” RTOS
• ~30KB ROM image for uniprocessor version
• Page-based address spaces
• Threads
• Dual-mode kernel-user separation
• Real-time Virtual CPU (VCPU) Scheduling
• Later SMP support
• LAPIC timing
FreeRTOS, uC/OS-II etc
QuestLinux, Windows,
Mac OS X etc
![Page 44: Quest(-V): A Secure and Predictable System for Smart IoT ...cs-pub.bu.edu/fac/richwest/slides/intel_2016.pdfQuest(-V): A Secure and Predictable System for Smart IoT Devices Richard](https://reader033.vdocuments.mx/reader033/viewer/2022052722/5f0ce1927e708231d4379802/html5/thumbnails/44.jpg)
44
From Quest to Quest-V
• Quest-V for multi-/many-core processors– Distributed system on a chip
– Time as a first-class resource
• Cycle-accurate time accountability
– Separate sandbox kernels for system components
– Memory isolation using h/w-assisted memory virtualization
– Also CPU, I/O, cache partitioning
• Focus on safety, efficiency, predictability + security
![Page 45: Quest(-V): A Secure and Predictable System for Smart IoT ...cs-pub.bu.edu/fac/richwest/slides/intel_2016.pdfQuest(-V): A Secure and Predictable System for Smart IoT Devices Richard](https://reader033.vdocuments.mx/reader033/viewer/2022052722/5f0ce1927e708231d4379802/html5/thumbnails/45.jpg)
45
Related Work
• Existing virtualized solutions for resource partitioning
– Wind River Hypervisor, XtratuM, PikeOS,
Mentor Graphics Hypervisor
– Xen, Oracle PDOMs, IBM LPARs
– Muen, (Siemens) Jailhouse
![Page 46: Quest(-V): A Secure and Predictable System for Smart IoT ...cs-pub.bu.edu/fac/richwest/slides/intel_2016.pdfQuest(-V): A Secure and Predictable System for Smart IoT Devices Richard](https://reader033.vdocuments.mx/reader033/viewer/2022052722/5f0ce1927e708231d4379802/html5/thumbnails/46.jpg)
46
SS Scheduling
• Model periodic tasks– Each SS has a pair (C,T) s.t. a server is
guaranteed C CPU cycles every period of T cycles when runnable• Guarantee applied at foreground priority• background priority when budget depleted
– Rate-Monotonic Scheduling theory applies
![Page 47: Quest(-V): A Secure and Predictable System for Smart IoT ...cs-pub.bu.edu/fac/richwest/slides/intel_2016.pdfQuest(-V): A Secure and Predictable System for Smart IoT Devices Richard](https://reader033.vdocuments.mx/reader033/viewer/2022052722/5f0ce1927e708231d4379802/html5/thumbnails/47.jpg)
47
PIBS Scheduling
• IO VCPUs have utilization factor, UV,IO
• IO VCPUs inherit priorities of tasks (or Main VCPUs) associated with IO events– Currently, priorities are (T) for corresponding
Main VCPU– IO VCPU budget is limited to:● TV,main* UV,IO for period TV,main
![Page 48: Quest(-V): A Secure and Predictable System for Smart IoT ...cs-pub.bu.edu/fac/richwest/slides/intel_2016.pdfQuest(-V): A Secure and Predictable System for Smart IoT Devices Richard](https://reader033.vdocuments.mx/reader033/viewer/2022052722/5f0ce1927e708231d4379802/html5/thumbnails/48.jpg)
48
PIBS Scheduling
• IO VCPUs have eligibility times, when they can execute
• te = t + Cactual / UV,IO
– t = start of latest execution
– t >= previous eligibility time
![Page 49: Quest(-V): A Secure and Predictable System for Smart IoT ...cs-pub.bu.edu/fac/richwest/slides/intel_2016.pdfQuest(-V): A Secure and Predictable System for Smart IoT Devices Richard](https://reader033.vdocuments.mx/reader033/viewer/2022052722/5f0ce1927e708231d4379802/html5/thumbnails/49.jpg)
49
Example VCPU ScheduleExample SS-Only Schedule
τ1 Main ApplicationSporadic Server
C=8 T=16
0 8 16 24 32
0 8 16 24 32
0 8 16 24 32
τ2 I/O Interrupt BHSporadic Server
C=4 T=16
Execution
I/O EventInitiated Interrupts Occur
MissedDeadline
8,0 8,16
4,0
4,9
3,9 1,25
3,11 1,25
2,11 1,25 1,27
time
2,25 1,27 1,29
2,27 1,29 1,41
![Page 50: Quest(-V): A Secure and Predictable System for Smart IoT ...cs-pub.bu.edu/fac/richwest/slides/intel_2016.pdfQuest(-V): A Secure and Predictable System for Smart IoT Devices Richard](https://reader033.vdocuments.mx/reader033/viewer/2022052722/5f0ce1927e708231d4379802/html5/thumbnails/50.jpg)
50
Example VCPU ScheduleExample SS+PIBS Schedule
τ1 Main ApplicationSporadic Server
C=8 T=16
0 8 16 24 32
0 8 16 24 32
0 8 16 24 32
τ2 I/O Interrupt BHPIBS
U=0.25
Execution
I/O EventInitiated Interrupts Occur
8,0 8,16
time
8,32
4,04,9
4,134,25
No MissedDeadline
![Page 51: Quest(-V): A Secure and Predictable System for Smart IoT ...cs-pub.bu.edu/fac/richwest/slides/intel_2016.pdfQuest(-V): A Secure and Predictable System for Smart IoT Devices Richard](https://reader033.vdocuments.mx/reader033/viewer/2022052722/5f0ce1927e708231d4379802/html5/thumbnails/51.jpg)
51
Utilization Bound Test
• Sandbox with 1 PCPU, n Main VCPUs, and m I/O VCPUs– Ci = Budget Capacity of Vi
– Ti = Replenishment Period of Vi
– Main VCPU, Vi
– Uj = Utilization factor for I/O VCPU, Vj
∑i=0
n−1CiTi
+ ∑j=0
m−1
(2−Uj)⋅Uj≤n⋅( n√2−1)
![Page 52: Quest(-V): A Secure and Predictable System for Smart IoT ...cs-pub.bu.edu/fac/richwest/slides/intel_2016.pdfQuest(-V): A Secure and Predictable System for Smart IoT Devices Richard](https://reader033.vdocuments.mx/reader033/viewer/2022052722/5f0ce1927e708231d4379802/html5/thumbnails/52.jpg)
52
Cache Partitioning
• Shared caches controlled using color-aware memory allocator [COLORIS – PACT'14]
• Cache occupancy prediction based on h/w performance counters
– E' = E + (1-E/C) * ml – E/C * mo
– Enhanced with hits + misses
[Book Chapter, OSR'11, PACT'10]
● 5 patents (3 awarded so far) w/ VMware