The CLARE Software Stack
Next-generation cyber-physical systems (CPSs) such as autonomous vehicles, advanced robots,
factory automation for Industry 4.0, surveillance systems, and medical devices, are characterized by
complex computing workloads that include mixed-criticality software components and
artificial intelligence (AI) algorithms. To be effectively deployed, such systems
require powerful heterogeneous computing platforms, which however introduce
considerable challenges in the design and development of software components and require convoluted
configurations to be performed by experts.
Indeed, CPSs must interact with the real world in real-time , be
safe and predictable , and be resilient to
cyber-attacks. Ensuring these features on modern heterogeneous platforms,
especially in the presence of AI algorithms, is extremely challenging. The complexity of the
platforms and the computing workload expose systems to severe safety, security, and
time-predictability issues. Furthermore, next-generation CPSs require dealing with software
technologies that are generally far from today's certification requirements and standard
regulations, and hence struggle for being accepted in engineered systems.
CLARE is a complete software stack that aims at solving these issues by offering an
integrated solution to support and drastically simplify the development of
AI-enabled CPSs while ensuring safety, security, and real-time capabilities by design. It
offers a set of components (hypervisor, virtualized hardware acceleration, security hardening,
configuration tools, etc.) developed with cutting-edge technologies that make possible to properly
leverage the power of modern heterogeneous computing platforms in a controlled and judicious way.
CLARE also allows bridging AI algorithms with rigorous software designed with state-of-the-art
engineering techniques, making AI-enabled CPSs more suitable to industrial-grade standards.
In particular, CLARE offers an ecosystem of software components and tools to:
- abstract platform complexity via automated configurations , ready-to-use
templates , and high-level APIs ;
- ensure safety , security , time
predictability , and isolation with cutting-edge system-level
mechanisms; and
- ease the adoption of machine learning in embedded systems and hardware
acceleration.
CLARE-Hypervisor
CLARE-Hypervisor is a type-1 hypervisor that integrates cutting-edge safety,
security, and real-time resource management mechanisms. It provides strong
isolation between execution domains with mixed and independent levels of
safety and security while enabling safe inter-domain communications. Such domains
can be rich environments powered by general purpose Operating Systems (Linux, Android, etc.) as
well as high-criticality, real-time execution environments where predictability and
temporal/spatial isolation is mandatory. Unmodified Guest OSes can be hosted by
strongly-isolated Virtual Machines (VMs), thus allowing an easy integration of stand-alone
domains. CLARE-Hypervisor follows a fully-static approach with off-line
configurations generated by the CLARE-Toolkit.
CLARE-Hypervisor currently supports Armv8-A processor architectures.
Main features
Cache coloring
Memory bandwidth reservation
Bank-aware memory allocation
O(1) algorithms (almost all)
Fixed-priority and EDF scheduling
FastBoot with very low latency
Address-Space Randomization
Control Flow Integrity
(Armv-8.3A/FPGA-based platform)
Secure boot for Virtual Machines
TrustZone support
Dual-hypervisor support
(>=Armv-8.4A)
Totally static
Off-line auto-generated configuration
Code suitable for SIL4 certification
(~ 7K LoC)
Low memory-footprint
Strong isolation
FPGA Interconnect
Applications running in parallel on different cores and simultaneous I/O
transactions can incur in highly-unpredictable interference. If not properly
controlled, this interference can propagate among domains, even with
different
criticality levels, hence jeopardizing the isolation capabilities of a
hypervisor.
CLARE-Hypervisor implements strong isolation mechanisms to
control such interferences by offering cutting-edge protection features that
really shield the system from any unwanted interference and related
denial-of-service attacks.
Programmable logic is the beating heart of FPGA-based heterogeneous SoCs and
can
be used to deploy a large variety of devices and accelerators. In a
multi-domain
system, portions of programmable logic can be either reserved for use within
a
certain domain or shared among multiple domains. In the former case, it is
essential to preserve the isolation capabilities of the hypervisor also at
the
level of programmable logic, especially in the presence of FPGA-based
devices
with direct access to shared resources and peripherals (e.g., the DRAM) that
are
also accessed by critical domains. In the latter case, it is crucial to
mediate
the access to avoid side-channel attacks. Furthermore, in some cases that
available FPGA area may not be enough to implement the functionality
required by
a system and must therefore be shared by multiplexing in time the deployment
of
devices.
CLARE-Hypervisor enables the virtualization of programmable logic by offering
all
the support for deploying strongly-isolated, multi-domain FPGA designs and
the
possibility of exposing a virtual FPGA fabric to the domains. Under FPGA
virtualization, the FRED framework (http://fred.santannapisa.it/) is
leveraged to dispatch acceleration requests to be served on the physical
FPGA
fabric.
Mixed-criticality systems include both high-criticality, high-integrity software
and low-criticality software. The latter may include vulnerabilities that, if
not proper countermeasures are taken, may expose the whole system to severe
security threats. Denial-of-service, side-channel attacks, code reuse attacks,
control flow hijack are typical examples of threats that can jeopardize the
functionality of a cyber-physical system.
CLARE-Hypervisor provides advanced security features to protect
the system from such cyber-attacks. Among others, it offers support for
efficient control-flow integrity, address-space layout randomization, secure
boot with roll-back prevention, run-time security monitoring, and mitigations
for side-channel attacks.
Virtualization of both the Secure and Normal worlds offered by Arm TrustZone
has been
pioneered
by
the CLARE-Hypervisor team on Armv7-A platforms with para-virtualization [2].
To support the coexistince of multiple dual-world (Secure and Normal)
execution domains,
CLARE-Hypervisor is moving towards a dual-hypervisor design
with two
jointly-configured
instances of the virtualization core, one in Normal world and one in Secure
world (minimal
engine).
To name an example application, it will allow integrating multiple Trusted
Execution
Environments (TEE)
on the same platform.
The dual-Hypervisor design will be available for newer platforms based on
ArmV8.4-A for
which hardware-assisted virtualization is supported in Secure world.
[2] G. Cicero, A. Biondi, G. Buttazzo and A. Patel, “Reconciling Security
with
Virtualization: A
Dual-Hypervisor Design for ARM TrustZone”, in IEEE ICIT 2018
Applications with different criticality levels could cooperate in order to
accomplish the mission of the system. Such a cooperation may rely on
inter-domain communications whose criticality is inherited by the most critical
application they involve. In these cases, it is crucial that low-criticality
software does not have the capability of corrupting the data of communication
channels or using them as attack vectors.
CLARE-Hypervisor offers a safe, secure and highly predictable
inter-domain communication mechanism.
Supported OSes & Frameworks
- Linux (Vanilla, PetaLinux, Ubuntu, etc.)
- Robot Operating System (ROS 2)
- Erika Enterprise 3 (OSEK/AUTOSAR RTOS)
- FreeRTOS
- CLARE-BasicFirmware (environment for hosting C stand-alone code)
- Other proprietary RTOSs (industrial customer)
- Xilinx Zynq UltraScale+ MPSoC
- NXP i.MX8
- QEMU Virt aarch64
- Arm Fixed Virtual Platform
Work in progress:
- NVIDIA Jetson TX2/AGX Xavier
CLARE comes with a powerful platform-aware toolkit that assembles a wide
set of tools to optimize the deployment of complex applications
and configure the entire CLARE Software Stack.
Main features included in CLARE-Toolkit:
- Rich library of ready-to-use templates
- Interfaces to specify timing, safety and security requirements for
mixed-criticality applications
- Generation of resource-efficient deployment packages to fulfill user
requirements
- Generation of binary images for the CLARE run-time environment
- Generation of cryptographically-signed images to implement per-domain Secure
Boot
- Processing of FPGA designs to configure multi-domain FPGA
virtualization mechanisms (dependency on Chip Vendor Ecosystem)
The toolkit is accompanied by a friendly Graphical User Interface (GUI) that
simplifies all
the steps required to configure and deploy applications developed with CLARE, also guiding
the designer via presets, suggestions, and ready-to-use templates.
The toolkit is integrated with the build tools of the supported platforms.
CLARE-Middleware
CLARE-Middleware provides a unified and simplified API to access the services offered by the
CLARE stack as well as
the mechanism of the underlying hardware platform. Such accesses can be granted to
applications via CLARE-Toolkit,
which is also offering the possibility of configuring their behaviour.
Main features included in CLARE-Middleware:
- Time-predictable, safe inter-domain communication
- System-level/OS-level monitoring and fault recovery
services
- Inter-domain publisher/subscriber data distribution service
- Access to security services offered by CLARE
- Simplified access to machine learning algorithms with preconfigured
video pipelines and ready-to-use deep neural networks
- Predictable virtualization of hardware accelerators
- Management of memory resources