In the last years, virtualization techniques have grown up and have become very important in the space domain. In this article, De-RISC project will review the different aspects of this capability which is increasing software agility, flexibility and scalability while creating significant cost savings in hardware.
Systems with mixed dependability (also called mixed criticality systems) are systems where components with different dependability levels coexist on the same execution platform. However, if at least some of the components must be dependable, adequate validation (and often certification) is necessary, such that validation costs can become prohibitive for further integration. Also, special features to ensure dependability may result in a more energy-consuming, bigger and heavier mission hardware, which would increase the associated mission costs as well. A general approach to this is to separate the components on a single execution platform so well that only the separation mechanism and the high dependability components need to be validated. Virtualization is a mechanism to achieve such separation.
Virtualization in computing can be defined as the capability of abstraction of the system resources, that is, it consists in any way to recreate an execution environment, which is not the original (native) one. A hypervisor implements partitions or virtual execution environments that are isolated from each other in several domains:
- Spatial isolation: applications must execute in independent physical memory address spaces, in order to prevent propagation of faults on one application to other applications;
- Temporal isolation: the real-time behaviour of an application must be correct independent of the execution of other applications.
However, there are substantial differences between the different technological approaches used to achieve this goal, as virtualizing is a very active area with several competing technologies being currently developed. Nowadays, the main hardware virtualization techniques are:
- Full virtualization: it provides a complete re-creation of the hardware behaviour of a native system to a guest system. In full virtualization, certain “conflicting” machine instructions must be caught during runtime in order to maintain the spatial and temporal separation. They are then handled by the hypervisor;
- Para-virtualization: it requires the guest system to be modified, as some machine instructions are replaced by functions provided by the hypervisor. With para-virtualization, in contrast, no catching is necessary, and the handling can use more information from the guest. This improves the performance greatly, and it simplifies the hypervisor. Of course, the source code of the guest must be available for recompiling.
Full-virtualization is the only possible solution if there is no availability of the source code. Para-virtualization is the technique that better fits the requirements of for mixed dependability embedded systems: faster, simpler, smaller and the customization (para-virtualization) of the guest operating system is not a problem because the source code is available. Also, this technique does not requires special processor features that may increase the cost of the product. The benefits of virtualization, and especially para-virtualization in embedded systems, are therefore a key asset for reducing mission costs while ensuring the availability, reliability, safety, integrity and mantainability attributes of mixed criticality systems.
In De-RISC project, virtualization will be provided by fentISS with XtratuM Hypervisor, which will allow the development of a cost-effective solution for partitioned secure and critical embedded systems and, especially, for safety-critical and security-critical applications in the aerospace domain.