We build a secure operating system based on a microkernel architecture to reduce complexity and maximize component isolation. Serving the key principle of Composability Hardware and Software, our system consists of small building blocks that cooperate securely in a distributed use case. We co-design our operating system with the Scalable Computing Hardware and Wireless Connectivity groups to solve platform and network security problems. The Composable Operating Systems group will provide the essential building blocks from which customized systems for IoT use cases can be built.
We work closely with the MPSoC team to bring our operating system from a software-based simulator to actual hardware. To this end, we instantiate all hardware building blocks of the MPSoC on an FPGA circuit emulator, which allows us to evaluate hardware designs and test interaction with software components of our operating system. In the end, our operating system and applications shall run on a real system on chip.
Security is not for free. For example, physical isolation of components by placing them onto different cores requires additional resources. We investigate how exclusive and shared usage of resources can be provided with the same mechanisms, allowing system designers to choose between maximal isolation and minimal resource usage on a case-by-case basis.
For the whole system to be trustworthy, it is critical that only those components that are responsible for a specific scenario can communicate with each other and that they behave as intended. We research minimal hardware and software support for secure attestation of each component's identity and integrity. This support is also needed to realize secure software updates.
Nils Asmussen, Michael Roitzsch, Carsten Weinhold; Pluggable Components All The Way Down. 1st International Workshop on Next-Generation Operating Systems for Cyber-Physical Systems (NGOSCPS), April 2019, Montreal, Canada (PDF)
Nils Asmussen, Michael Roitzsch, Hermann Härtig; M3X: Autonomous Accelerators via Context-Enabled Fast-Path Communication. USENIX Annual Technical Conference (ATC), July 2019, Renton, WA, USA (PDF)
Matthias Hille, Nils Asmussen, Pramod Bhatotia, Hermann Härtig; SemperOS: A Distributed Capability System. USENIX Annual Technical Conference (ATC), July 2019, Renton, WA, USA (PDF)
Till Miemietz, Hannes Weisbach, Michael Roitzsch, Hermann Härtig; K2: Work-Constraining Scheduling of NVMe-Attached Storage. 40th IEEE Real-Time Systems Symposium (RTSS), December 2019 (PDF)