VOSYSmonitor, a TrustZone-based Hypervisor for ISO 26262 Mixed-critical System

Lucas, Pierre; Chappuis, Kevin; Boutin, Benjamin; Vetter, Julian; Raho, Daniel

doi:10.23919/fruct.2018.8588018

Cited by 10 publications

(5 citation statements)

References 0 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Cereia and Cibrario carried out a similar exercise, implementing a virtualization layer that allowed to deploy an RTOS and a guest OS, pointing out some of the limitations that ARM TrustZone imposed on them at the time: it only allowed the execution of two OSs and, while the guest OS did not it could access or interfere with the RTOS, it did not work in reverse, so it would not support two secure RTOS [94]. These limitations are shared by ARM TrustZone-based hypervisors proposed in later work, such as the Secure Automotive Software Platform by Kim et al [95] or the open-source Xvisor presented by Cicero et al [96] VOSYSmonitor, from Virtual Open Systems, also allows parallel execution of a secure partition (running an RTOS) and a partition without real-time guarantees (GPOS), but has the particularity that it allows the non-critical partition (GPOS) to use another hypervisor (such as Xen or KVM), so it could be argued that it also supports multi-guest OS [97]. VOSYSmonitor gives full priority to the RTOS, allowing the GPOS(s) to run when there are no active tasks on the RTOS.…”

Section: E Other Hypervisorsmentioning

confidence: 99%

A Comprehensive Survey on the Use of Hypervisors in Safety-Critical Systems

2023

View full text Add to dashboard Cite

Virtualization has become one of the main tools for making efficient use of the resources offered by multicore embedded platforms. In recent years, even sectors such as space, aviation, and automotive, traditionally wary of adopting this type of technology due to the impact it could have on the safety of their systems, have been forced to introduce it into their day-to-day work, as their applications are becoming increasingly complex and demanding. This article provides a comprehensive review of the research work that uses or considers the use of a hypervisor as the basis for building a virtualized safetycritical embedded system. Once the hypervisors developed or adapted for this type of system have been identified, an exhaustive qualitative comparison is made between them. an exhaustive qualitative comparison is made between them. To the best of our knowledge, this is the first time that all this information is collected in a single article. Therefore, the main contribution of this article is that it collects and categorizes the information of each hypervisor and compares them with each other, so that this article can be used as a starting point for future researchers in this area, who will be able to quickly check which hypervisor is best suited to their research needs.

show abstract

Section: E Other Hypervisorsmentioning

confidence: 99%

A Comprehensive Survey on the Use of Hypervisors in Safety-Critical Systems

2023

View full text Add to dashboard Cite

show abstract

“…Other than the OS and hypervisor modules, there are plenty of other modules which compose the MICROSAR Safe basic software which have all been certified by the ISO 26262 ASIL-D standard as SEooC [19]. VOSYSmonitor [20] is an ASIL-C ISO 26262-compliant hypervisor, developed for both ARMv7 and ARMv8 architectures whose Cortex-A processors offer the Secure Monitor mode. This feature allows executing a safety-critical RTOS and a general-purpose OS simultaneously; moreover, it allows the use of virtualization extensions like Linux/KVM, thus enabling the instantiation of multiple virtual machines.…”

Section: Related Workmentioning

confidence: 99%

Certify the Uncertified: Towards Assessment of Virtualization for Mixed-criticality in the Automotive Domain

Cinque¹,

Simone²,

Marchetta³

2022

Preprint

View full text Add to dashboard Cite

Nowadays, a feature-rich automotive vehicle offers several technologies to assist the driver during his trip and guarantee an amusing infotainment system to the other passengers, too. Consolidating worlds at different criticalities is a welcomed challenge for car manufacturers that have recently tried to leverage virtualization technologies due to reduced maintenance, deployment, and shipping costs. For this reason, more and more mixed-criticality systems are emerging, trying to assure compliance with the ISO 26262 Road Vehicle Safety standard. In this short paper, we provide a preliminary investigation of the certification capabilities for Jailhouse, a popular opensource partitioning hypervisor. To this aim, we propose a testing methodology and showcase the results, pointing out when the software gets to a faulting state, deviating from its expected behavior. The ultimate goal is to picture the right direction for the hypervisor towards a potential certification process.

show abstract

“…VOSYSMonitor. VOSYSmonitor [115,116] is a lowlevel closed-source software layer that executes in the monitor mode of the ARM TrustZone architecture. It was conceived for the automotive industry and it is compliant with the ASIL-C requirements of the ISO 26262 standard [10].…”

Section: Arm Trustzone-assisted Virtualizationmentioning

confidence: 99%

Virtualizing Mixed-Criticality Systems: A Survey on Industrial Trends and Issues

Cinque,

Cotroneo,

De Simone

et al. 2021

Preprint

View full text Add to dashboard Cite

Virtualization is gaining attraction in the industry as it promises a flexible way to integrate, manage, and re-use heterogeneous software components with mixed-criticality levels, on a shared hardware platform, while obtaining isolation guarantees. This work surveys the state-of-the-practice of real-time virtualization technologies by discussing common issues in the industry. In particular, we analyze how different virtualization approaches and solutions can impact isolation guarantees and testing/certification activities, and how they deal with dependability challenges. The aim is to highlight current industry trends and support industrial practitioners to choose the most suitable solution according to their application domains.

show abstract

VOSYSmonitor, a TrustZone-based Hypervisor for ISO 26262 Mixed-critical System

Cited by 10 publications

References 0 publications

A Comprehensive Survey on the Use of Hypervisors in Safety-Critical Systems

A Comprehensive Survey on the Use of Hypervisors in Safety-Critical Systems

Certify the Uncertified: Towards Assessment of Virtualization for Mixed-criticality in the Automotive Domain

Virtualizing Mixed-Criticality Systems: A Survey on Industrial Trends and Issues

Contact Info

Product

Resources

About