• IEMEK Journal of Embedded Systems and Applications
• /
• v.11 no.5
• /
• pp.259-265
• /
• 2016

In this paper, we present an architecture for the fault isolation by applying virtualization-based multi-stack technologies. We propose the simultaneous sharing and switching mechanism using virtualied serial communications. Each guest OS has its own virtual serial device. The distribution module provides communications between the guest OS's through the virtual serial devices and simultaneously detect the liveness of the guest OS. The suggested mechanism has been implemented in VirtualBox and shows satisfactory performance in transmission speed and data sharing capability with virtual RS232.

• Journal of the Korea Society of Computer and Information
• /
• v.17 no.2
• /
• pp.1-11
• /
• 2012

Recently, we have seen several implementations that virtualize the ARM architecture. Since the current ARM architecture is not possible to be virtualized using the traditional technique called "trap-and-emulation", we usually detect all virtualization sensitive instructions during the run-time of a guest kernel and emulate them virtually rather than executing them directly. The emulation for virtualization is usually implemented either by binary translation or interpretation. Our research is about how to improve the performance of emulation for virtualization based on interpretation. The interpretation usually requires a few steps: instruction fetching, instruction decoding and instruction executing. In this paper, we propose a method that decodes all virtualization sensitive instructions during the compilation time of a guest kernel and reduces the time required for interpretation during the run time of the guest kernel. Our method provides both implementation simplicity and performance improvement of emulation for virtualization based on interpretation.

• Journal of the Korea Society of Computer and Information
• /
• v.22 no.5
• /
• pp.11-19
• /
• 2017

In this paper, we propose a hypervisor for embedded systems based on ARM microprocessor. The proposed hypervisor makes it possible to run several real-time kernels concurrently on a single embedded system by virtualizing its microprocessor. With assistance of MMU, it supports virtual memory which enables each guest operating system has its own address space. Exploiting the fact that most embedded systems use memory-mapped I/O device, it provides a mechanism to distribute an external interrupt to virtual machines properly. It also achieves load balancing through live migration which moves a running virtual machine to other embedded system. Unlike other para-virtualization techniques, minor modifications are needed to run it on the hypervisor. Extensive performance measurement studies are conducted to show that the proposed hypervisor has enough potentiality of its real-world application.

• Proceedings of the Korean Information Science Society Conference
• /
• 2010.11a
• /
• pp.143-144
• /
• 2010

• Communications of the Korean Institute of Information Scientists and Engineers
• /
• v.30 no.7
• /
• pp.41-48
• /
• 2012

• Proceedings of the Korean Institute of Information and Commucation Sciences Conference
• /
• 2017.10a
• /
• pp.330-334
• /
• 2017

Container-based virtualization reduces performance overhead compared with other virtualization technologies and guarantees an isolation of each virtual execution environment. So, it is being studied to block access to host resources or container resources for sandboxing in restricted system resource like embedded devices. However, because security threats which are caused by security vulnerabilities of the host OS or the security issues of the host environment exist, the needs of the technology to prevent an illegal accesses and unauthorized behaviors by malware has to be increased. In this paper, we define additional access permissions to access a virtual execution environment newly and control them in kernel space to protect attacks from illegal access and unauthorized behaviors by malware and suggest the Container Access Control to control them. Also, we suggest a way to block a loading of unauthenticated kernel driver to disable the Container Access Control running in host OS by malware. We implement and verify proposed technologies on Linux Kernel.

• KIISE Transactions on Computing Practices
• /
• v.21 no.9
• /
• pp.604-609
• /
• 2015

The use of Operating System(OS) virtualization is increasing as it provides many useful features such as efficient use of hardware(HW), easy system migration, and isolation between virtual spaces which prevents errors effecting each other. Recent development in HW has made it possible to use OS virtualization in embedded systems. However, implementing OS virtualization means that a multiple number of schedulers are layered in a system, rendering it difficult to analyze the schedulability of the system and errors are easily produced. Errors in safety critical embedded systems can cause serious damage to life and property; thus, the hierarchical schedulability must be verified. In this paper, we propose a framework which supports formal modeling and verification of hierarchical scheduling systems with UPPAAL.

• Proceedings of the Korea Information Processing Society Conference
• /
• 2009.11a
• /
• pp.5-6
• /
• 2009

본 논문에서는 모바일 운영체제 또는 무선인터넷 플랫폼에 대한 독립성을 제공하는 가상화 기반의 모바일 시뮬레이터의 설계 및 구현에 대해 기술한다. 모바일 시뮬레이터는 단말에 최종 탑재되는 전체 SW 스택을 실제 단말 없이 데스크 탑 상에서 시험할 수 있는 환경을 제공한다. 그리고, 컨텐츠와 플랫폼의 안정성 테스트를 지원하기 위하여 사용자의 개입 없이 시뮬레이터에 의해 재현하는 이벤트 기반의 자동화 테스트를 지원한다.

• Journal of KIISE
• /
• v.42 no.5
• /
• pp.551-557
• /
• 2015

The technology using ARM TrustZone draws attention as a new embedded virtualization approach. The ARM TrustZone defines two virtual execution environment, the secure world and the normal world. In such an environment, the inter-world communication is important to extend function of software. However, the current monitor software does not sufficiently support the inter-world communication. This paper presents a new inter guestOS communication scheme, for each world, for the ARM TrustZone virtualization. The proposed communication scheme supports bidirectional inter-world communication for single core and multicore environment. In this paper, It is implemented on a NVIDIA Tegra3 processor based on the ARM Cortex-A9 MPCore and it showed a bandwidth of 30MB/s.

• KIPS Transactions on Software and Data Engineering
• /
• v.2 no.2
• /
• pp.113-118
• /
• 2013

The current GPU virtualization techniques incur large overheads when executing application programs mainly due to the fine-grain time-sharing scheduling of the GPU among multiple Virtual Machines (VMs). Besides, the current techniques lack of portability, because they include the APIs for the GPU computations in the VM monitor. In this paper, we propose a low overhead and high performance GPU virtualization approach on a heterogeneous HPC system based on the open-source Xen. Our proposed techniques are tailored to the bio applications. In our virtualization framework, we allow a VM to solely occupy a GPU once the VM is assigned a GPU instead of relying on the time-sharing the GPU. This improves the performance of the applications and the utilization of the GPUs. Our techniques also allow a direct pass-through to the GPU by using the IOMMU virtualization features embedded in the hardware for the high portability. Experimental studies using microbiology genome analysis applications show that our proposed techniques based on the direct pass-through significantly reduce the overheads compared with the previous Domain0 based approaches. Furthermore, our approach closely matches the performance for the applications to the bare machine or rather improves the performance.