A Verified Formal Specification of A Secured Communication Method For Smart Card Applications

In remote villages without access to modern IT technology, simple devices such as smartcards can be used to carry out business transactions. These devices typically store multiple business applications from multiple vendors. Although devices must prevent malicious or accidental security breaches among the applications, a secure communication channel between two applications from different vendors is often required. In this paper, first, we propose a method of establishing secure communication channels between applications in embedded operating systems that run on multi-applet smart cards. Second, we enforce the high assurance using an intransitive noninterference security policy. Thirdly, we formalize the method through the Z language and create the formal specification of the proposed secure system. Finally, we verify its correctness using Rushby's unwinding theorem.

System Software

In order to cope with the complexity of applications of embedded systems, reuse of components is a key technique. As pointed out by Sangiovanni-Vincentelli (The context for platform-based design. IEEE Design and Test of Computers, 2002), software and hardware components must be reused in the platform-based design methosdology (see p. 296). These components comprise knowledge from earlier design efforts and constitute intellectual property (IP). Standard software components that can be reused include system software components such as embedded operating systems (OSs) and middleware. The last term denotes software that provides an intermediate layer between the OS and application software. This chapter starts with a description of general requirements for embedded operating systems. This includes real-time capabilities as well as adaptation techniques to provide just the required functionality. Mutually exclusive access to resources can result in priority inversion, which is a serious problem for real-time systems. Priority inversion can be circumvented with resource access protocols. We will present three such protocols: the priority inheritance, priority ceiling, and stack resource protocols. A separate section covers the ERIKA real-time system kernel. Furthermore, we will explain how Linux can be adapted to systems with tight resource constraints. Finally, we will provide pointers for additional reusable software components, like hardware abstraction layers (HALs), communication software, and real-time data bases. Our description of embedded operating systems and of middleware in this chapter is consistent with the overall design flow.

Dependability Aspects in Configurable Embedded Operating Systems

As all conceptual layers in the software stack depend on the operating system (OS) to reliably provide resource-management services and isolation, it can be considered the “reliable computing base” that must be hardened for correct operation under fault models such as transient hardware faults in the memory hierarchy. In this chapter, we approach the problem of system-software hardening in three complementary scenarios. (1) We address the following research question: Where do the general reliability limits of static system-software stacks lie, if designed from scratch with reliability as a first-class design goal? In order to reduce the proverbial “attack surface” as far as possible, we harness static application knowledge from an AUTOSAR-compliant task set, and protect the whole OS kernel with AN-encoding. This static approach yields an extremely reliable software system, but is constrained to specific application domains. (2) We investigate how reliable a dynamic COTS embedded OS can become if hardened with programming-language and compiler-based fault-tolerance techniques. We show that aspect-oriented programming is an appropriate means to encapsulate generic software-implemented hardware fault tolerance mechanisms that can be application-specifically applied to a selection of OS components. (3) We examine how system-software stacks can survive even more adverse fault models like whole-system outages, using emerging persistent memory (PM) technology as a vehicle for state conservation. Our findings include that software transactional memory facilitates maintaining consistent state within PM and allows fast recovery.

Timing Comparison of the Real-Time Operating Systems for Small Microcontrollers

In automatic systems used in the control and monitoring of industrial processes, fieldbuses with specific real-time requirements are used. Often, the sensors are connected to these fieldbuses through embedded systems, which also have real-time features specific to the industrial environment in which it operates. The embedded operating systems are very important in the design and development of embedded systems. A distinct class of these operating systems is real-time operating systems (RTOSs) that can be used to develop embedded systems, which have hard and/or soft real-time requirements on small microcontrollers (MCUs). RTOSs offer the basic support for developing embedded systems with applicability in a wide range of fields such as data acquisition, internet of things, data compression, pattern recognition, diversity, similarity, symmetry, and so on. The RTOSs provide basic services for multitasking applications with deterministic behavior on MCUs. The services provided by the RTOSs are task management and inter-task synchronization and communication. The selection of the RTOS is very important in the development of the embedded system with real-time requirements and it must be based on the latency in the handling of the critical operations triggered by internal or external events, predictability/determinism in the execution of the RTOS primitives, license costs, and memory footprint. In this paper, we measured and compared the timing performance for synchronization throughout an event, semaphore, and mailbox for the following RTOSs: FreeRTOS 9.0.0, FreeRTOS 10.2.0, rt-thread, Keil RTX, uC/OS-II, and uC/OS-III. For the experimental tests, we developed test applications for two MCUs: ARM Cortex™-M4 and ARM Cortex™-M0+ based MCUs.

A Framework Prototype for Multithreaded Implementation Over Micro-Controllers

Multithreading is pervasive in embedded system applications development. The applications requirements are becoming more rigorous, demanding the execution of concurrent tasks that must also take into account modularity and flexibility. An important part of the operating systems development concerns the implementation of scheduling algorithms. In an embedded system context, it is essential to consider that the scheduling algorithm heavily influences application behavior. Due to restricted and finite hardware resources, it is important to evaluate the use of flexible algorithms to guarantee efficiency. Currently, projects for embedded operating systems do exist for microcontrollers’ devices that implement scheduling algorithms, however, the developer cannot change or add new scheduling policies without implementing kernel tweaks and modifications. The alternatives are not flexible when choosing the scheduling algorithm according to the application needs. This imposes restrictions to many systems, forcing them to run specific static scheduling algorithms because no other options are available. The objective of this work concerns the design and development of a framework that implements a microkernel with a modular scheduler unit, allowing the execution of tailored algorithms according to the application profile. The idea is to provide a flexible platform to conveniently select the most appropriated algorithm. We have employed low capacity hardware to implement multithreading patterns corresponding to sets of concurrent tasks, demonstrating the strengths of adopting our approach. Our results show that the use of modern techniques that combine modularity, multithreading, and scheduling methods for embedded systems yield best executions when compared to its sequential counterparts.