MPSoC hypervisor: The safe & secure future of avionics

Future avionics must provide increased performance and security while maintaining safety. The additional security capabilities now being required in commercial avionics equipment arise from integration and centralization of processing capabilities combined with passenger expectations for enhanced communications connectivity. Certification of airborne electronic hardware has long provided rigorous assurance of the safety of flight, but security of information is a more recent requirement for avionics processors and communications systems. In this paper, we explore promising options for future avionics equipment leveraging the latest embedded processing hardware and software technologies and techniques. The Xilinx Zynq® UltraScale+TM MultiProcessor System on Chip (MPSoC) provides one promising avionics solution from a hardware standpoint. The MPSoC provides a high performance heterogeneous multicore processing system and programmable logic in a single device with enhanced safety and security features. Combining this processor solution with a safe and secure software hypervisor solution unlocks many opportunities to address the next generation of airborne computing requirements while satisfying embedded multicore hardware and software certification objectives. In this paper we review the Zynq MPSoC and use of a software hypervisor to provide robust partitioning via virtualization. Partitioning is well established to support safety of flight in Integrated Modular Avionics (IMA) while maintaining reasonable performance. Security is a more recent concern, gaining attention as a vulnerability that can also affect safety in unanticipated ways. Hypervisor-based partitioning provides strong isolation that can reduce covert side channels of information exchange and support Multiple Independent Levels of Security (MILS).

[1]  Francisco J. Cazorla,et al.  Towards improved survivability in safety-critical systems , 2011, 2011 IEEE 17th International On-Line Testing Symposium.

[2]  Jean Arlat,et al.  Characterization of Hypervisors for Security-Enhanced Avionics Applications , 2011 .

[3]  Frédéric Boniol,et al.  New Challenges for Future Avionic Architectures , 2013, Modeling Approaches and Algorithms for Advanced Computer Applications.

[4]  P. Huyck ARINC 653 and multi-core microprocessors — Considerations and potential impacts , 2012, 2012 IEEE/AIAA 31st Digital Avionics Systems Conference (DASC).

[5]  Paul Parkinson Safety, Security and Multicore , 2011, SSS.

[6]  Sven-Ole Voigt,et al.  A multi-core FPGA-based SoC architecture with domain segregation , 2012, 2012 International Conference on Reconfigurable Computing and FPGAs.

[7]  B. Sutterfield,et al.  Future integrated modular avionics for jet fighter mission computers , 2008, 2008 IEEE/AIAA 27th Digital Avionics Systems Conference.

[8]  M. Fletcher,et al.  Next generation space avionics: a highly reliable layered system implementation , 2004, The 23rd Digital Avionics Systems Conference (IEEE Cat. No.04CH37576).

[9]  Eric N. Johnson,et al.  State-Based Scheduling of Real-Time UAV Flight Control Avionics Tasks , 2005 .

[10]  Genshe Chen,et al.  Information fusion in a cloud computing era: A systems-level perspective , 2014, IEEE Aerospace and Electronic Systems Magazine.

[11]  Lui Sha,et al.  Single Core Equivalent Virtual Machines for Hard Real—Time Computing on Multicore Processors , 2014 .

[12]  Thomas Gaska,et al.  Applying virtualization to avionics systems — The integration challenges , 2010, 29th Digital Avionics Systems Conference.

[13]  Myong H. Kang,et al.  Separation virtual machine monitors , 2012, ACSAC '12.

[14]  Eduardo Tovar,et al.  Towards Certifiable Multicore-based Platforms for Avionics , 2015 .

[15]  Jan Reineke,et al.  Designing Predictable Multicore Architectures for Avionics and Automotive Systems — extended abstract — , 2009 .

[16]  Aniket Kulkarni,et al.  Multi-core Processors , 2014 .

[17]  Steven H. VanderLeest,et al.  ARINC 653 hypervisor , 2010, 29th Digital Avionics Systems Conference.

[18]  Massimo Violante,et al.  Coping With the Obsolescence of Safety- or Mission-Critical Embedded Systems Using FPGAs , 2011, IEEE Transactions on Industrial Electronics.

[19]  J. Rushby,et al.  The MILS component integration approach to secure information sharing , 2008, 2008 IEEE/AIAA 27th Digital Avionics Systems Conference.

[20]  R. Wilhelm,et al.  Predictability Considerations in the Design of Multi-Core Embedded Systems ∗ , 2010 .

[21]  Larry M. Kinnan,et al.  Use of multicore processors in avionics systems and its potential impact on implementation and certification , 2009, 2009 IEEE/AIAA 28th Digital Avionics Systems Conference.

[22]  David Cooper,et al.  SafSec: Commonalities Between Safety and Security Assurance , 2005, SSS.

[23]  R. Duren Options for upgrading legacy avionics systems , 2002, Proceedings. The 21st Digital Avionics Systems Conference.

[24]  Tarek F. Abdelzaher,et al.  10th IEEE real-time and embedded technology and applications symposium , 2004, SIGBED.

[25]  Jim Alves-Foss,et al.  The MILS architecture for high-assurance embedded systems , 2006, Int. J. Embed. Syst..

[26]  Alfons Crespo,et al.  Multicore partitioned systems based on hypervisor , 2014 .