Ph.D. - geht es zur Homepage der Informatik des Fachbereiches 3 ...
Ph.D. - geht es zur Homepage der Informatik des Fachbereiches 3 ...
Ph.D. - geht es zur Homepage der Informatik des Fachbereiches 3 ...
Create successful ePaper yourself
Turn your PDF publications into a flip-book with our unique Google optimized e-Paper software.
6.2. Hardware Virtualisation<br />
Again, partitioning is a possible solution for this bandwidth problem. Similar to the scheduling<br />
of proc<strong>es</strong>s<strong>es</strong>, this is a temporal scheduling, not of CPU time but of network bandwidth usage.<br />
Temporal slots are defined, which certain servic<strong>es</strong> / connections are assigned to. An example<br />
for static temporal partitioning is the Time Triggered Protocol (TTP) [49], which defin<strong>es</strong> fixed<br />
temporal slots for each node on the bus.<br />
The scheduling of network traffic is provided by hardware or by software. An industrial<br />
solution for hardware scheduling of network traffic is, for example, the Avionics Full-Duplex<br />
Ethernet (AFDX) [2], which is a real-time extension for Ethernet in avionic systems. Its main<br />
disadvantage is that additional hardware is needed.<br />
Of course, there exist also open source solutions, like the traffic control (tc) tool for<br />
GNU/Linux, which is a part of the iproute suite [52]. With tc, it is possible to assign<br />
to each network interface a so-called queuing discipline. The default discipline is a simple<br />
first-in-first-out (FIFO) discipline, which do<strong>es</strong> not protect the bandwidth of network interfac<strong>es</strong>.<br />
A possible solution for bandwith protection is the usage of the Stochastic Fairn<strong>es</strong>s Queuing<br />
(SFQ) discipline [52], which is a network traffic scheduler. Like the fair-share scheduler (Subsection<br />
6.2.1.1), the SFQ schedul<strong>es</strong> all network connections in a fair way that no connection can<br />
starve. Unfortunately, the term “stochastic” in its name is misleading because the scheduler<br />
behaviour is deterministic. It divid<strong>es</strong> the network traffic on a certain interface into certain<br />
number n of FIFO queu<strong>es</strong>. Network traffic is assigned to this n FIFO queu<strong>es</strong> by a hash function,<br />
which is chosen in a stochastic way. The n FIFO queu<strong>es</strong> are dequeued by a Round Robin [77,<br />
pp. 457-504] algorithm while here the quantum q [77, pp. 457-504] is not in time but in data<br />
size. This means that the SFQ do<strong>es</strong> not provide temporal partitioning directly, but because<br />
time t, bandwidth b ,and data size s are related by t = s b<br />
with typically b = const it can be<br />
called temporal partitioning anyway.<br />
6.2.2. Minimal Host Operating System<br />
A possible solution for Prob.2 could be the usage of an additional on-top security layer for the<br />
host operating system, such as SELinux for Linux. Its source code would be simple enough to<br />
be validated and certified and it supervis<strong>es</strong> all security functions of the host operating system.<br />
The disadvantage of this solution is that an additional execution layer is added to the host<br />
operating system, which increase the complexity.<br />
Therefore, it the usage of some kind of minimal operating system is proposed here. This<br />
operating system should mainly consist of the hypervisor implementation(s), a scheduler, which<br />
only switch<strong>es</strong> between hypervisor proc<strong>es</strong>s<strong>es</strong> and device handle routin<strong>es</strong>, and device drivers and<br />
interfac<strong>es</strong>. An example for such a minimal host operating system for hardware virtualisation is<br />
LynxSecure [55]. Due to its reduced complexity, it can be validated and certified and then the<br />
host operating system and hypervisors can be assumed to be secure.<br />
6.2.3. Hardware Assisted Virtualisation<br />
This section d<strong>es</strong>crib<strong>es</strong> a possible solution for Prob.3 with the usage of hardware assisted<br />
virtualisation. Most mo<strong>der</strong>n x86 compatible CPUs provide a support for virtualisation. Hence,<br />
they offer two mod<strong>es</strong>: Host and gu<strong>es</strong>t. The host mode is the “normal” mode of a CPU while the<br />
73