Ph.D. - geht es zur Homepage der Informatik des Fachbereiches 3 ...
Ph.D. - geht es zur Homepage der Informatik des Fachbereiches 3 ...
Ph.D. - geht es zur Homepage der Informatik des Fachbereiches 3 ...
You also want an ePaper? Increase the reach of your titles
YUMPU automatically turns print PDFs into web optimized ePapers that Google loves.
6.2. Hardware Virtualisation<br />
a fixed size s: ∀e : ∀l : s e,l = {p e,l,0 , p e,l,1 , . . . }, length(s e , l) > 0, V ≥ ∑ n<br />
e=0<br />
∑ m<br />
l=1 length(s e,l),<br />
∀k : length(p e,l,k ) = s [77, pp. 353-453].<br />
This strategy is used in most of the current multi-user-multiproc<strong>es</strong>sing operating systems,<br />
like GNU/Linux.<br />
6.2. Hardware Virtualisation<br />
Section 6.1 d<strong>es</strong>cribed traditional strategi<strong>es</strong> for avoiding the influence of faulty or malicious<br />
components on the r<strong>es</strong>t of the system. This strategy must be integrated in the hardware 1 and<br />
the software and/or the operating system. That means for the usage of th<strong>es</strong>e strategi<strong>es</strong>, it is<br />
important how the hardware platform and the operating system are chosen.<br />
This is often problematic because open source software is typically not limited to a certain<br />
hardware or software platform. For a concrete open model software for industrial usage, this<br />
is almost mandatory because during its development not all potentially used hardware and<br />
software platforms can be known in advance. This leads to the need for another mechanism for<br />
memory protection that better fulfils the requirements of open model software in industrial<br />
applications.<br />
The solution proposed in this work is the usage of hardware virtualisation [92]. Ideally,<br />
each supplier implementation or program should be executed in a separated virtual machine.<br />
The term virtual machine (VM) refers to the hardware virtualisation of any operating system<br />
repr<strong>es</strong>enting a computer. Since a VM is completely separated from its host’s operating<br />
system, the virtualised operating system do<strong>es</strong> not have any direct acc<strong>es</strong>s or knowledge about<br />
it. Programs executed in a VM can only communicate via a (virtual) network or a shared file<br />
system with programs on the host system or on other VMs.<br />
The application of the hardware virtualisation concept to the initial problem of open models<br />
is shown in Figure 6.3. It holds the generated and certified model implementation and the two<br />
supplier implementations from Figure 6.2, but, in contrast, all supplier implementations are<br />
now locked in own virtual machin<strong>es</strong>. This assur<strong>es</strong> that the malicious implementation cannot<br />
compromise any other part of the software while a communication still is possible.<br />
This hardware virtualisation concept fits the typical use cas<strong>es</strong> of open model software in<br />
industrial applications because:<br />
• Supplier implementations in a VM can never acc<strong>es</strong>s memory of the host system or any<br />
other VM independent from the used operating system or memory management strategi<strong>es</strong><br />
and can only communicate with other components over defined and known channels.<br />
• There exist several OSS / FLOSS implementations for hardware virtualisation, e.g.,<br />
QEMU (KVM) [73], VirtualBox [66], Xen [97], and User Mode Linux [91].<br />
Furthermore, the usage of hardware virtualisation provid<strong>es</strong> additional advantag<strong>es</strong> compared to<br />
traditional memory management strategi<strong>es</strong>:<br />
Adv.1: Hardware virtualisation protects the host operating system from any kind of negative<br />
and direct influence by failur<strong>es</strong>, errors, or malicious behaviours of components executed<br />
1 typically CPU and MMU<br />
69