faa03-partition

faa03-partition

English
18 Pages
Read
Download
Downloading requires you to have access to the YouScribe library
Learn all about the services we offer

Description

Partitioning and ProtectionBreakout SessionJohn RushbyComputer Science LaboratorySRI InternationalMenlo Park, California, USAJohn Rushby, SR I Partitioning and Protection: 1Overview This is an interactive session: pooling of knowledge, lessons learned, concerns fromdeveopers, certifiers, and researchers I’m the author of NASA CR-99-209347 Partitioning in Avionics Architecture:Requirements, Mechanism, and Assurance, referenced in CAST-2Available athttp://techreports.larc.nasa.gov/ltrs/PDF/1999/cr/NASA-99-cr209347.pdf I’ll start off with a brief summary Need for partitioning Partitioning mechanisms in individual processors Partitioning in bus architectures Requirements and assurance for partitioning Then it’s over to youJohn Rushby, SR I Partitioning and Protection: 2CAST 2 Definitions Partitioning is just one means of implementing the general concept of protection Partitioning is method of separating components to ensure protection (section 2.3.1of ED12B/DO-178B) The real issue is whether two or more components are protected from the actions ofeach other Component X can be said to be strictly protected from Y if any behavior of Y has noeffect on the operation of X Component X can be said to be safely protected from Y if any behavior of Y has noeffect on the safety properties of XJohn Rushby, SR I Partitioning and Protection: 3Simple PicturePartition A Partition BOperating SystemHardwareJohn Rushby, SR I Partitioning and ...

Subjects

Informations

Published by
Reads 19
Language English
Report a problem
John Rushby, SR I
Partitioning and Protection Breakout Session
John Rushby
Computer Science Laboratory
SRI International
Menlo Park, California, USA
Partitioning and Protection: 1
eracintloop:noissesevit,lgeedwlnofkgoinrecnrfsnmosoeslensnearcod,Im'902-99-RitraP743houteathACASfNroihetAscr:etcruingitiononicnAviyarI'artollsthtbaffiwusmmirfeov'sitenTh
Overview
Partitioning and Protection: 2
Requirements, Mechanism, and Assurance , referenced in CAST-2 Available at http://techreports.larc.nasa.gov/ltrs/PDF/ 1999/cr/NASA-99-cr209347.pdf
John Rushby, SR I
Need for partitioning Partitioning mechanisms in individual processors Partitioning mechanisms in bus architectures Requirements and assurance for partitioning
This is an deveopers, certiers, and researchers
reotoyu
ompoCfdiotebascXnaentnecotprlyctristbehebynafiYmorfdeteiswhethrealissurocemooprewtoomrotprteecntneresaitcaosnoorfdehtmtoceylrporYmetfdybehifanrofYavioonsahvaoiorYfahnsomoCenopcXtnbeanidsabetofesa
each other
of ED12B/DO-178B)
effect on the operation of X
CAST 2 Denitions
effect on the safety properties of X
John Rushby, SR I
Partitioning and Protection: 3
enemnaosifpmelemtitioningisjustoraParatfsephodosmetniigitnoraitnoPtiecotprofptceonclarenegehtgnitnThe3.1.estcoi2nctten(iournsroeptneneotscgniopmo
John Rushby, SR I
Partition A
Simple Picture
Partition B
Operating System
Hardware
Partitioning and Protection:
4
edneeltosilyWestninednenimiuetaentsmecomponlpfiayansmictierrcwelotoOrosrofslevelnoitamoduForoinctareitalcritceNnotdeeileonamidetebeliteralt,yeniwtnreseitnsecurityandprotalucitraptluaf,rtigaparoenecRonrecaidtnasomitnomponngcoInpents
Or just to
Need for Partitioning
Partitioning and Protection: 5
John Rushby, SR I
noitacerntditeannw,u
rahcticeuterasttPartitioningabemeirrotsrporpptemretoeacrsateionagat
Basic Idea of Partitioning
standard
Partitioning and Protection: 6
John Rushby, SR I
ementalgoldec,sosrpvodisehtnoasarshreedursoadetihcrtcetheructioteraderanFeahnnhtceronilefssoreedarresaceurhS
tospedinividllydoiandatirTmay-orem,mrymoMegninoititrapecanAtitiinonimdtarepnoitemuogeRilseedulingtsandschedppOdI/iceves
Static vs. dynamic (priority-based) scheduling Static has simpler assurance, but may complicate application design Dynamic scheduling requires knowledge of pitfalls ? Priority inversions (interaction of priorities and locks) ? Correct accounting (charging for process swaps)
Uses hardware protection mechanisms (user/supervisor modes, memory management units) And O/S principles (kernels, virtual machines, threads)
John Rushby, SR I
Partitioning and Protection: 7
Mechanisms for Partitioning in Individual Processors
Partition A
Partition B
Partition A
Partition B
Hardware
Operating System
Hardware
Classic OS
Architectures for Partitioning in Individual Processors
We can trust less software with the kernelized approach
Kernelized
OS Services A OS Services B Kernel
Partitioning and Protection: 8
John Rushby, SR I
entr:nocedcoalizbitusirttsmedeysceornfelpbaloaglortnItad'solcdezinanehtskcdimeowllAnnioatecithdnetrtiemapngAionissesddreAFSusEbua,GiardsnniTTAtStacicsheduleandsynchroefatarepdseesnltutnemniatnoctluagaccatinmedinitsosetsrtpaioitperoy(rtlletutcegninnI)cultTopallydifiasnftuaorettcga
shared resources Paired BIUs in
Lock-free wait-free algs to
But we need to
Mechanisms For Partitioning in Bus Architectures
Explicit addresses are a partition violation-in-waiting
John Rushby, SR I
Partitioning and Protection: 9
nssslccaorgeoicorkevomatadngniioitrtpaapecedssorivelp:heduinscicitimpl
Host
Interface
John Rushby, SR I
Host
Interface
Architectures for Partitioning in Distributed Systems
Bus
Host
Interface
Host
Interface
Host
Interface
Host
Interface
Star Hub
Bus/hub must be replicated; hub is a logical bus
Host
Interface
Host
Interface
Partitioning and Protection: 10
John Rushby, SR I
Partitioning Rests on Bus Guardians (or Equivalent)
Partitioning and Protection: 11
centralized Must be independent FCU from controller
writing to bus outside its slot
guardian
host/ controller
diarpranGuortnrellneveocstnoernpiarduaegonro,ednaebC