SlideShare une entreprise Scribd logo

Gernot heiser unsw sydney and se l4 foundation

Télécharger en tant que PPTX, PDF
RISC-V International
RISC-V International

RISC-V Summit 2020 presentation

Technologie
1  sur  13
seL4® on RISC-V® Fast, Secure, Open-Source OS Kernel, Proved Bug-Free https://sel4.systems/ Gernot Heiser, UNSW Sydney and seL4 Foundation
The Highlight of the Year 2 RISC-V Summit, Dec'20 Gernot Heiser: seL4 on RISC-V 08/11/2020 eL4 i eri ed on RISC-V! microkerneld de R G H TAGS open source, operating s stems, risc- , securit 2020/ 06/ 09 Sounds great! But hat does it mean? seL4 ( :// 4. /) (pronounced e -e-ell-fo ) is arguabl the orld s most secure operating s stem (OS) kernel. The OSkernel is the lo est le el of soft are running on a computer s stem. It is the code that e ecutes in pri ileged mode (S-mode in RISC-V; M-mode is reser ed for microcode/ rm are). The kernel is ultimatel responsible for the securit of a computer s stem. seL4 is a microkernel ( :// . . / /M ). The idea of a microkernel is to minimise the ed comp ing ba e the part of the s stem for hich there is no Plan B if it fails. The Linu and Windo s kernels consist of tens of millions of lines of code, and contain literall thousands (more likel tens of thousands) of bugs a huge attack surface. A ell-designed microkernel, such as seL4, has about ten thousand lines inherentl more trust orth ( :// . 61. . / / //B LH 18. ).
Background: What is ? seL4 is an open source, high-assurance, high-performance operating system microkernel Piece of software that runs at the heart of any system and controls all accesses to resources World’s most comprehensive mathematical proofs of correctness and security Available on GitHub under GPLv2 license World’s fastest microkernel hardware software critical non-critical, untrusted attacks RISC-V Summit, Dec'20 Gernot Heiser: seL4 on RISC-V 3
What is ? seL4 is the most trustworthy foundation for safety- and security-critical systems Already in use across many domains: automotive, aviation, space, defence, critical infrastructure, cyber-physical systems, IoT, industry 4.0, certified security... RISC-V Summit, Dec'20 Gernot Heiser: seL4 on RISC-V 4
Performance Source seL4 Fiasco.OC Zircon Mi et al, 2019 986 2717 8157 Gu et al, 2020 1450 3057 8151 seL4.systems, Nov’20 797 N/A N/A RISC-V Summit, Dec'20 GERNOT HEISER: SEL4 ON RISC-V 5 Latency (in cycles) of a round-trip cross-address-space IPC on x64 Sources: • Zeyu Mi, Dingji Li, Zihan Yang, Xinran Wang, Haibo Chen: “SkyBridge: Fast and Secure Inter-Process Communication for Microkernels”, EuroSys, April 2020 • Jinyu Gu, Xinyue Wu, Wentai Li, Nian Liu, Zeyu Mi, Yubin Xia, Haibo Chen: “Harmonizing Performance and Isolation in Microkernels with Efficient Intra-kernel Isolation and Communication”, Usenix ATC, June 2020 • seL4 Performance, https://sel4.systems/About/Performance/, accessed 2020-11-08 Temporary performance regression in Dec’19 World’s fastest microkernel!
A few more months for RISC-V Now done for RISC-V! Unique Verification by Mathematical Proof RISC-V Summit, Dec'20 Gernot Heiser: seL4 on RISC-V 6 Proof Integrity Abstract Model C Imple- mentation Confidentiality Availability Binary code Proof Proof Functional Correctness Translation Correctness Security Enforcement seL4: Still only capability- based OS kernel with correctness proof! seL4: The only OS on RISC-V with correctness proof
What Does This Mean? Kinds of properties proved • Behaviour of C code is fully captured by abstract model • Behaviour of C code is fully captured by executable model • Kernel never fails, behaviour is always well-defined • assertions never fail • will never de-reference null pointer • will never access array out of bounds • cannot be subverted by misformed input • … • All syscalls terminate, reclaiming memory is safe, ... • Well typed references, aligned objects, kernel always mapped… • Access control is decidable 7 GERNOT HEISER: SEL4 ON RISC-V Can prove further properties on abstract level! RISC-V Summit, Dec'20
What Did We LearnAbout RISC-V? RISC-V Summit, Dec'20 Gernot Heiser: seL4 on RISC-V 8 ISA Kernel functions Kernel code size number relative SLOC relative x86 64-bit 1231 177% 16,655 3.4 Arm v7 (32-bit) 853 122% 14,114 2.8 RISC-V RV64 695 100% 4,977 1.0 Regularity is good! • Regular page-table structure ⇒ simplifies code and proofs • Regularity of ISA ⇒ most kernel code word-size independent • Clock specified in ISA Hopefully IRQ controller as well! ISA Kernel code size (SLOC) common 32-bit 64-bit x86 10,908 3,882 5,747 Arm 7,898 6,216 5,267 RISC-V 4,753 220 224 ISA Kernel functions Kernel code size Verification Effort number relative SLOC relative x86 64-bit 1231 177% 16,655 3.4 ≈ 5–6 py Arm v7 (32-bit) 853 122% 14,114 2.8 (11 py) RISC-V RV64 695 100% 4,977 1.0 ≈ 3.5 py
Rewrite Rules Binary Code Formalised C Formalised Binary Graph Language Graph Language Greatest Feature: Formal ISASpec! Gernot Heiser: seL4 on RISC-V 9 Target of functional correctness proof Proof Formal C Semantics Proof SMT Solver De- compiler Proof Formal ISA Spec Compiler Proof Verification of binary (in progress): C Source • Formal spec increases assurance • Will eventually link to verified hardware! RISC-V Summit, Dec'20
How Can I Use It?  Open source (GPL v2): Download from https://github.com/sel4  But keep in mind: seL4 is an OS microkernel and hypervisor, not an OS!  Many OS components available on the seL4 GitHub GERNOT HEISER: SEL4 ON RISC-V 10 | RISC-V Summit, Dec'20 Native Apps OS Services Device Drivers Kernel Mode User Mode
How Can I Use It?  Open source (GPL v2): Download from https://github.com/sel4  But keep in mind: seL4 is an OS microkernel and hypervisor, not an OS!  Many OS components available on the seL4 GitHub  Alternative: HENSOLDT Cyber’s TRENTOS GERNOT HEISER: SEL4 ON RISC-V 11 | RISC-V Summit, Dec'20 Kernel Mode User Mode MiG-V: HENSOLDT-Cyber RV64 Processor (based on Ariane) TRENTOS Secure Boot Crypto SD Driver E/N Driver TCP/IP File System Key Store Loader Logger License Manager Secure Update TLS Stack Supply-chain security through logic obfuscation Verified!
RISC-V Summit, Dec'20 GERNOT HEISER: SEL4 ON RISC-V 12 Further Reading: • About seL4: https://sel4.systems/ • seL4 whitepaper: https://sel4.systems/About/seL4-whitepaper.pdf • seL4 Foundation: https://sel4.systems/Foundation Defining the state of the art in trustworthy operating systems for over 10 years Now proved correct on RISC-V!
Questions? RISC-V Summit, Dec'20 Gernot Heiser: seL4 on RISC-V 13

Recommandé

SemiDynamics new family of High Bandwidth Vector-capable Cores
SemiDynamics new family of High Bandwidth Vector-capable CoresSemiDynamics new family of High Bandwidth Vector-capable Cores
SemiDynamics new family of High Bandwidth Vector-capable CoresRISC-V International
 
RISC-V Online Tutor
RISC-V Online TutorRISC-V Online Tutor
RISC-V Online TutorRISC-V International
 
Esperanto accelerates machine learning with 1000+ low power RISC-V cores on a...
Esperanto accelerates machine learning with 1000+ low power RISC-V cores on a...Esperanto accelerates machine learning with 1000+ low power RISC-V cores on a...
Esperanto accelerates machine learning with 1000+ low power RISC-V cores on a...RISC-V International
 
Closing the RISC-V compliance gap via fuzzing
Closing the RISC-V compliance gap via fuzzingClosing the RISC-V compliance gap via fuzzing
Closing the RISC-V compliance gap via fuzzingRISC-V International
 
Semi dynamics high bandwidth vector capable RISC-V cores
Semi dynamics high bandwidth vector capable RISC-V coresSemi dynamics high bandwidth vector capable RISC-V cores
Semi dynamics high bandwidth vector capable RISC-V coresRISC-V International
 
Tech talk with lampro mellon an open source solution for accelerating verific...
Tech talk with lampro mellon an open source solution for accelerating verific...Tech talk with lampro mellon an open source solution for accelerating verific...
Tech talk with lampro mellon an open source solution for accelerating verific...RISC-V International
 
Easily emulating full systems on amazon fpg as
Easily emulating full systems on amazon fpg asEasily emulating full systems on amazon fpg as
Easily emulating full systems on amazon fpg asRISC-V International
 
RISC-V 30906 hex five multi_zone iot firmware
RISC-V 30906 hex five multi_zone iot firmwareRISC-V 30906 hex five multi_zone iot firmware
RISC-V 30906 hex five multi_zone iot firmwareRISC-V International
 

Recommandé

SemiDynamics new family of High Bandwidth Vector-capable Cores
SemiDynamics new family of High Bandwidth Vector-capable CoresSemiDynamics new family of High Bandwidth Vector-capable Cores
SemiDynamics new family of High Bandwidth Vector-capable CoresRISC-V International
 
RISC-V Online Tutor
RISC-V Online TutorRISC-V Online Tutor
RISC-V Online TutorRISC-V International
 
Esperanto accelerates machine learning with 1000+ low power RISC-V cores on a...
Esperanto accelerates machine learning with 1000+ low power RISC-V cores on a...Esperanto accelerates machine learning with 1000+ low power RISC-V cores on a...
Esperanto accelerates machine learning with 1000+ low power RISC-V cores on a...RISC-V International
 
Closing the RISC-V compliance gap via fuzzing
Closing the RISC-V compliance gap via fuzzingClosing the RISC-V compliance gap via fuzzing
Closing the RISC-V compliance gap via fuzzingRISC-V International
 
Semi dynamics high bandwidth vector capable RISC-V cores
Semi dynamics high bandwidth vector capable RISC-V coresSemi dynamics high bandwidth vector capable RISC-V cores
Semi dynamics high bandwidth vector capable RISC-V coresRISC-V International
 
Tech talk with lampro mellon an open source solution for accelerating verific...
Tech talk with lampro mellon an open source solution for accelerating verific...Tech talk with lampro mellon an open source solution for accelerating verific...
Tech talk with lampro mellon an open source solution for accelerating verific...RISC-V International
 
Easily emulating full systems on amazon fpg as
Easily emulating full systems on amazon fpg asEasily emulating full systems on amazon fpg as
Easily emulating full systems on amazon fpg asRISC-V International
 
RISC-V 30906 hex five multi_zone iot firmware
RISC-V 30906 hex five multi_zone iot firmwareRISC-V 30906 hex five multi_zone iot firmware
RISC-V 30906 hex five multi_zone iot firmwareRISC-V International
 
RISC-V 30946 manuel_offenberg_v3_notes
RISC-V 30946 manuel_offenberg_v3_notesRISC-V 30946 manuel_offenberg_v3_notes
RISC-V 30946 manuel_offenberg_v3_notesRISC-V International
 
Data on the move a RISC-V opportunity
Data on the move a RISC-V opportunityData on the move a RISC-V opportunity
Data on the move a RISC-V opportunityRISC-V International
 
Fueling the datasphere how RISC-V enables the storage ecosystem
Fueling the datasphere how RISC-V enables the storage ecosystemFueling the datasphere how RISC-V enables the storage ecosystem
Fueling the datasphere how RISC-V enables the storage ecosystemRISC-V International
 
Open j9 jdk on RISC-V
Open j9 jdk on RISC-VOpen j9 jdk on RISC-V
Open j9 jdk on RISC-VRISC-V International
 
RISC-V growth and successes in technology and industry - embedded world 2021
RISC-V growth and successes in technology and industry - embedded world 2021RISC-V growth and successes in technology and industry - embedded world 2021
RISC-V growth and successes in technology and industry - embedded world 2021RISC-V International
 
RISC-V Introduction
RISC-V IntroductionRISC-V Introduction
RISC-V IntroductionRISC-V International
 
Tech talk with Antmicro - Building your world out of blocks with renode and l...
Tech talk with Antmicro - Building your world out of blocks with renode and l...Tech talk with Antmicro - Building your world out of blocks with renode and l...
Tech talk with Antmicro - Building your world out of blocks with renode and l...RISC-V International
 
RISC-V Summit 2020: The Next Ten Years
RISC-V Summit 2020: The Next Ten YearsRISC-V Summit 2020: The Next Ten Years
RISC-V Summit 2020: The Next Ten YearsRISC-V International
 
Tech talk with Antmicro - Building an open source system verilog ecosystem
Tech talk with Antmicro - Building an open source system verilog ecosystemTech talk with Antmicro - Building an open source system verilog ecosystem
Tech talk with Antmicro - Building an open source system verilog ecosystemRISC-V International
 
Coco co-desing and co-verification of masked software implementations on cp us
Coco co-desing and co-verification of masked software implementations on cp usCoco co-desing and co-verification of masked software implementations on cp us
Coco co-desing and co-verification of masked software implementations on cp usRISC-V International
 
Andes enhancing verification coverage for risc v vector extension using riscv-dv
Andes enhancing verification coverage for risc v vector extension using riscv-dvAndes enhancing verification coverage for risc v vector extension using riscv-dv
Andes enhancing verification coverage for risc v vector extension using riscv-dvRISC-V International
 
RISC-V Foundation Overview
RISC-V Foundation OverviewRISC-V Foundation Overview
RISC-V Foundation OverviewRISC-V International
 
Developing for polar fire soc
Developing for polar fire socDeveloping for polar fire soc
Developing for polar fire socRISC-V International
 
Andes andes clarity for risc-v vector processor
Andes andes clarity for risc-v vector processorAndes andes clarity for risc-v vector processor
Andes andes clarity for risc-v vector processorRISC-V International
 
Chips alliance omni xtend overview
Chips alliance omni xtend overviewChips alliance omni xtend overview
Chips alliance omni xtend overviewRISC-V International
 
Ripes: Teaching Computer Architecture Through Visual and Interactive Simulators
Ripes: Teaching Computer Architecture Through Visual and Interactive SimulatorsRipes: Teaching Computer Architecture Through Visual and Interactive Simulators
Ripes: Teaching Computer Architecture Through Visual and Interactive SimulatorsRISC-V International
 
Reverse Engineering of Rocket Chip
Reverse Engineering of Rocket ChipReverse Engineering of Rocket Chip
Reverse Engineering of Rocket ChipRISC-V International
 
Codasip application class RISC-V processor solutions
Codasip application class RISC-V processor solutionsCodasip application class RISC-V processor solutions
Codasip application class RISC-V processor solutionsRISC-V International
 
RISC-V 30910 kassem_ summit 2020 - so_c_gen
RISC-V 30910 kassem_ summit 2020 - so_c_genRISC-V 30910 kassem_ summit 2020 - so_c_gen
RISC-V 30910 kassem_ summit 2020 - so_c_genRISC-V International
 
RISC-V software state of the union
RISC-V software state of the unionRISC-V software state of the union
RISC-V software state of the unionRISC-V International
 
seL4 on RISC-V/lowRISC - ORCONF'15
seL4 on RISC-V/lowRISC - ORCONF'15seL4 on RISC-V/lowRISC - ORCONF'15
seL4 on RISC-V/lowRISC - ORCONF'15Hesham Almatary
 
DevOpsDaysRiga 2017: Chris Van Tuin - A DevOps State of Mind: Continuous Secu...
DevOpsDaysRiga 2017: Chris Van Tuin - A DevOps State of Mind: Continuous Secu...DevOpsDaysRiga 2017: Chris Van Tuin - A DevOps State of Mind: Continuous Secu...
DevOpsDaysRiga 2017: Chris Van Tuin - A DevOps State of Mind: Continuous Secu...DevOpsDays Riga
 

Contenu connexe

Tendances

RISC-V 30946 manuel_offenberg_v3_notes
RISC-V 30946 manuel_offenberg_v3_notesRISC-V 30946 manuel_offenberg_v3_notes
RISC-V 30946 manuel_offenberg_v3_notesRISC-V International
 
Data on the move a RISC-V opportunity
Data on the move a RISC-V opportunityData on the move a RISC-V opportunity
Data on the move a RISC-V opportunityRISC-V International
 
Fueling the datasphere how RISC-V enables the storage ecosystem
Fueling the datasphere how RISC-V enables the storage ecosystemFueling the datasphere how RISC-V enables the storage ecosystem
Fueling the datasphere how RISC-V enables the storage ecosystemRISC-V International
 
RISC-V growth and successes in technology and industry - embedded world 2021
RISC-V growth and successes in technology and industry - embedded world 2021RISC-V growth and successes in technology and industry - embedded world 2021
RISC-V growth and successes in technology and industry - embedded world 2021RISC-V International
 
Tech talk with Antmicro - Building your world out of blocks with renode and l...
Tech talk with Antmicro - Building your world out of blocks with renode and l...Tech talk with Antmicro - Building your world out of blocks with renode and l...
Tech talk with Antmicro - Building your world out of blocks with renode and l...RISC-V International
 
RISC-V Summit 2020: The Next Ten Years
RISC-V Summit 2020: The Next Ten YearsRISC-V Summit 2020: The Next Ten Years
RISC-V Summit 2020: The Next Ten YearsRISC-V International
 
Tech talk with Antmicro - Building an open source system verilog ecosystem
Tech talk with Antmicro - Building an open source system verilog ecosystemTech talk with Antmicro - Building an open source system verilog ecosystem
Tech talk with Antmicro - Building an open source system verilog ecosystemRISC-V International
 
Coco co-desing and co-verification of masked software implementations on cp us
Coco co-desing and co-verification of masked software implementations on cp usCoco co-desing and co-verification of masked software implementations on cp us
Coco co-desing and co-verification of masked software implementations on cp usRISC-V International
 
Andes enhancing verification coverage for risc v vector extension using riscv-dv
Andes enhancing verification coverage for risc v vector extension using riscv-dvAndes enhancing verification coverage for risc v vector extension using riscv-dv
Andes enhancing verification coverage for risc v vector extension using riscv-dvRISC-V International
 
Andes andes clarity for risc-v vector processor
Andes andes clarity for risc-v vector processorAndes andes clarity for risc-v vector processor
Andes andes clarity for risc-v vector processorRISC-V International
 
Chips alliance omni xtend overview
Chips alliance omni xtend overviewChips alliance omni xtend overview
Chips alliance omni xtend overviewRISC-V International
 
Ripes: Teaching Computer Architecture Through Visual and Interactive Simulators
Ripes: Teaching Computer Architecture Through Visual and Interactive SimulatorsRipes: Teaching Computer Architecture Through Visual and Interactive Simulators
Ripes: Teaching Computer Architecture Through Visual and Interactive SimulatorsRISC-V International
 
Reverse Engineering of Rocket Chip
Reverse Engineering of Rocket ChipReverse Engineering of Rocket Chip
Reverse Engineering of Rocket ChipRISC-V International
 
Codasip application class RISC-V processor solutions
Codasip application class RISC-V processor solutionsCodasip application class RISC-V processor solutions
Codasip application class RISC-V processor solutionsRISC-V International
 
RISC-V 30910 kassem_ summit 2020 - so_c_gen
RISC-V 30910 kassem_ summit 2020 - so_c_genRISC-V 30910 kassem_ summit 2020 - so_c_gen
RISC-V 30910 kassem_ summit 2020 - so_c_genRISC-V International
 
RISC-V software state of the union
RISC-V software state of the unionRISC-V software state of the union
RISC-V software state of the unionRISC-V International
 

Tendances (20)

RISC-V 30946 manuel_offenberg_v3_notes
RISC-V 30946 manuel_offenberg_v3_notesRISC-V 30946 manuel_offenberg_v3_notes
RISC-V 30946 manuel_offenberg_v3_notes
 
Data on the move a RISC-V opportunity
Data on the move a RISC-V opportunityData on the move a RISC-V opportunity
Data on the move a RISC-V opportunity
 
Fueling the datasphere how RISC-V enables the storage ecosystem
Fueling the datasphere how RISC-V enables the storage ecosystemFueling the datasphere how RISC-V enables the storage ecosystem
Fueling the datasphere how RISC-V enables the storage ecosystem
 
Open j9 jdk on RISC-V
Open j9 jdk on RISC-VOpen j9 jdk on RISC-V
Open j9 jdk on RISC-V
 
RISC-V growth and successes in technology and industry - embedded world 2021
RISC-V growth and successes in technology and industry - embedded world 2021RISC-V growth and successes in technology and industry - embedded world 2021
RISC-V growth and successes in technology and industry - embedded world 2021
 
RISC-V Introduction
RISC-V IntroductionRISC-V Introduction
RISC-V Introduction
 
Tech talk with Antmicro - Building your world out of blocks with renode and l...
Tech talk with Antmicro - Building your world out of blocks with renode and l...Tech talk with Antmicro - Building your world out of blocks with renode and l...
Tech talk with Antmicro - Building your world out of blocks with renode and l...
 
RISC-V Summit 2020: The Next Ten Years
RISC-V Summit 2020: The Next Ten YearsRISC-V Summit 2020: The Next Ten Years
RISC-V Summit 2020: The Next Ten Years
 
Tech talk with Antmicro - Building an open source system verilog ecosystem
Tech talk with Antmicro - Building an open source system verilog ecosystemTech talk with Antmicro - Building an open source system verilog ecosystem
Tech talk with Antmicro - Building an open source system verilog ecosystem
 
Coco co-desing and co-verification of masked software implementations on cp us
Coco co-desing and co-verification of masked software implementations on cp usCoco co-desing and co-verification of masked software implementations on cp us
Coco co-desing and co-verification of masked software implementations on cp us
 
Andes enhancing verification coverage for risc v vector extension using riscv-dv
Andes enhancing verification coverage for risc v vector extension using riscv-dvAndes enhancing verification coverage for risc v vector extension using riscv-dv
Andes enhancing verification coverage for risc v vector extension using riscv-dv
 
RISC-V Foundation Overview
RISC-V Foundation OverviewRISC-V Foundation Overview
RISC-V Foundation Overview
 
Developing for polar fire soc
Developing for polar fire socDeveloping for polar fire soc
Developing for polar fire soc
 
Andes andes clarity for risc-v vector processor
Andes andes clarity for risc-v vector processorAndes andes clarity for risc-v vector processor
Andes andes clarity for risc-v vector processor
 
Chips alliance omni xtend overview
Chips alliance omni xtend overviewChips alliance omni xtend overview
Chips alliance omni xtend overview
 
Ripes: Teaching Computer Architecture Through Visual and Interactive Simulators
Ripes: Teaching Computer Architecture Through Visual and Interactive SimulatorsRipes: Teaching Computer Architecture Through Visual and Interactive Simulators
Ripes: Teaching Computer Architecture Through Visual and Interactive Simulators
 
Reverse Engineering of Rocket Chip
Reverse Engineering of Rocket ChipReverse Engineering of Rocket Chip
Reverse Engineering of Rocket Chip
 
Codasip application class RISC-V processor solutions
Codasip application class RISC-V processor solutionsCodasip application class RISC-V processor solutions
Codasip application class RISC-V processor solutions
 
RISC-V 30910 kassem_ summit 2020 - so_c_gen
RISC-V 30910 kassem_ summit 2020 - so_c_genRISC-V 30910 kassem_ summit 2020 - so_c_gen
RISC-V 30910 kassem_ summit 2020 - so_c_gen
 
RISC-V software state of the union
RISC-V software state of the unionRISC-V software state of the union
RISC-V software state of the union
 

Similaire à Gernot heiser unsw sydney and se l4 foundation

seL4 on RISC-V/lowRISC - ORCONF'15
seL4 on RISC-V/lowRISC - ORCONF'15seL4 on RISC-V/lowRISC - ORCONF'15
seL4 on RISC-V/lowRISC - ORCONF'15Hesham Almatary
 
DevOpsDaysRiga 2017: Chris Van Tuin - A DevOps State of Mind: Continuous Secu...
DevOpsDaysRiga 2017: Chris Van Tuin - A DevOps State of Mind: Continuous Secu...DevOpsDaysRiga 2017: Chris Van Tuin - A DevOps State of Mind: Continuous Secu...
DevOpsDaysRiga 2017: Chris Van Tuin - A DevOps State of Mind: Continuous Secu...DevOpsDays Riga
 
Embedded Fest 2019. Wei Fu. Linux on RISC-V--Fedora and Firmware in practice
Embedded Fest 2019. Wei Fu. Linux on RISC-V--Fedora and Firmware in practiceEmbedded Fest 2019. Wei Fu. Linux on RISC-V--Fedora and Firmware in practice
Embedded Fest 2019. Wei Fu. Linux on RISC-V--Fedora and Firmware in practiceEmbeddedFest
 
Defcon 22 - Stitching numbers - generating rop payloads from in memory numbers
Defcon 22 - Stitching numbers - generating rop payloads from in memory numbersDefcon 22 - Stitching numbers - generating rop payloads from in memory numbers
Defcon 22 - Stitching numbers - generating rop payloads from in memory numbersAlexandre Moneger
 
Affordable trustworthy-systems
Affordable trustworthy-systemsAffordable trustworthy-systems
Affordable trustworthy-systemsmicrokerneldude
 
2008-09-09 IBM Interaction Conference, Red Hat Update for System z
2008-09-09 IBM Interaction Conference, Red Hat Update for System z2008-09-09 IBM Interaction Conference, Red Hat Update for System z
2008-09-09 IBM Interaction Conference, Red Hat Update for System zShawn Wells
 
2008-07-30 IBM Teach the Teacher (IBM T3), Red Hat Update for System z
2008-07-30 IBM Teach the Teacher (IBM T3), Red Hat Update for System z2008-07-30 IBM Teach the Teacher (IBM T3), Red Hat Update for System z
2008-07-30 IBM Teach the Teacher (IBM T3), Red Hat Update for System zShawn Wells
 
Android OS Porting: Introduction
Android OS Porting: IntroductionAndroid OS Porting: Introduction
Android OS Porting: IntroductionJollen Chen
 
The Container Security Checklist
The Container Security Checklist The Container Security Checklist
The Container Security Checklist LibbySchulze
 
Linux Kernel , BSP, Boot Loader, ARM Engineer - Satish profile
Linux Kernel , BSP, Boot Loader, ARM Engineer - Satish profileLinux Kernel , BSP, Boot Loader, ARM Engineer - Satish profile
Linux Kernel , BSP, Boot Loader, ARM Engineer - Satish profileSatish Kumar
 
EFFICIENT VLSI IMPLEMENTATION OF THE BLOCK CIPHER RIJNDAEL ALGORITHM
EFFICIENT VLSI IMPLEMENTATION OF THE BLOCK CIPHER RIJNDAEL ALGORITHMEFFICIENT VLSI IMPLEMENTATION OF THE BLOCK CIPHER RIJNDAEL ALGORITHM
EFFICIENT VLSI IMPLEMENTATION OF THE BLOCK CIPHER RIJNDAEL ALGORITHMAJAL A J
 
Issta11
Issta11Issta11
Issta11regehr
 
Using SoC Vendor HALs in the Zephyr Project - SFO17-112
Using SoC Vendor HALs in the Zephyr Project - SFO17-112Using SoC Vendor HALs in the Zephyr Project - SFO17-112
Using SoC Vendor HALs in the Zephyr Project - SFO17-112Linaro
 
Microkernel-based operating system development
Microkernel-based operating system developmentMicrokernel-based operating system development
Microkernel-based operating system developmentSenko Rašić
 
Readactor-Practical Code Randomization Resilient to Memory Disclosure
Readactor-Practical Code Randomization Resilient to Memory DisclosureReadactor-Practical Code Randomization Resilient to Memory Disclosure
Readactor-Practical Code Randomization Resilient to Memory Disclosurech0psticks
 
DefCon 2012 - Rooting SOHO Routers
DefCon 2012 - Rooting SOHO RoutersDefCon 2012 - Rooting SOHO Routers
DefCon 2012 - Rooting SOHO RoutersMichael Smith
 
yosys_presentation that help in working on the yosys tool
yosys_presentation that help in working on the yosys toolyosys_presentation that help in working on the yosys tool
yosys_presentation that help in working on the yosys toolshaguftamujeeb2
 
Tsunami of Technologies. Are we prepared?
Tsunami of Technologies. Are we prepared?Tsunami of Technologies. Are we prepared?
Tsunami of Technologies. Are we prepared?msyukor
 
Linux on RISC-V with Open Hardware (ELC-E 2020)
Linux on RISC-V with Open Hardware (ELC-E 2020)Linux on RISC-V with Open Hardware (ELC-E 2020)
Linux on RISC-V with Open Hardware (ELC-E 2020)Drew Fustini
 

Similaire à Gernot heiser unsw sydney and se l4 foundation (20)

seL4 on RISC-V/lowRISC - ORCONF'15
seL4 on RISC-V/lowRISC - ORCONF'15seL4 on RISC-V/lowRISC - ORCONF'15
seL4 on RISC-V/lowRISC - ORCONF'15
 
DevOpsDaysRiga 2017: Chris Van Tuin - A DevOps State of Mind: Continuous Secu...
DevOpsDaysRiga 2017: Chris Van Tuin - A DevOps State of Mind: Continuous Secu...DevOpsDaysRiga 2017: Chris Van Tuin - A DevOps State of Mind: Continuous Secu...
DevOpsDaysRiga 2017: Chris Van Tuin - A DevOps State of Mind: Continuous Secu...
 
Embedded Fest 2019. Wei Fu. Linux on RISC-V--Fedora and Firmware in practice
Embedded Fest 2019. Wei Fu. Linux on RISC-V--Fedora and Firmware in practiceEmbedded Fest 2019. Wei Fu. Linux on RISC-V--Fedora and Firmware in practice
Embedded Fest 2019. Wei Fu. Linux on RISC-V--Fedora and Firmware in practice
 
Defcon 22 - Stitching numbers - generating rop payloads from in memory numbers
Defcon 22 - Stitching numbers - generating rop payloads from in memory numbersDefcon 22 - Stitching numbers - generating rop payloads from in memory numbers
Defcon 22 - Stitching numbers - generating rop payloads from in memory numbers
 
Affordable trustworthy-systems
Affordable trustworthy-systemsAffordable trustworthy-systems
Affordable trustworthy-systems
 
2008-09-09 IBM Interaction Conference, Red Hat Update for System z
2008-09-09 IBM Interaction Conference, Red Hat Update for System z2008-09-09 IBM Interaction Conference, Red Hat Update for System z
2008-09-09 IBM Interaction Conference, Red Hat Update for System z
 
2008-07-30 IBM Teach the Teacher (IBM T3), Red Hat Update for System z
2008-07-30 IBM Teach the Teacher (IBM T3), Red Hat Update for System z2008-07-30 IBM Teach the Teacher (IBM T3), Red Hat Update for System z
2008-07-30 IBM Teach the Teacher (IBM T3), Red Hat Update for System z
 
Android OS Porting: Introduction
Android OS Porting: IntroductionAndroid OS Porting: Introduction
Android OS Porting: Introduction
 
The Container Security Checklist
The Container Security Checklist The Container Security Checklist
The Container Security Checklist
 
Linux Kernel , BSP, Boot Loader, ARM Engineer - Satish profile
Linux Kernel , BSP, Boot Loader, ARM Engineer - Satish profileLinux Kernel , BSP, Boot Loader, ARM Engineer - Satish profile
Linux Kernel , BSP, Boot Loader, ARM Engineer - Satish profile
 
EFFICIENT VLSI IMPLEMENTATION OF THE BLOCK CIPHER RIJNDAEL ALGORITHM
EFFICIENT VLSI IMPLEMENTATION OF THE BLOCK CIPHER RIJNDAEL ALGORITHMEFFICIENT VLSI IMPLEMENTATION OF THE BLOCK CIPHER RIJNDAEL ALGORITHM
EFFICIENT VLSI IMPLEMENTATION OF THE BLOCK CIPHER RIJNDAEL ALGORITHM
 
Tools for FPGA Development
Tools for FPGA DevelopmentTools for FPGA Development
Tools for FPGA Development
 
Issta11
Issta11Issta11
Issta11
 
Using SoC Vendor HALs in the Zephyr Project - SFO17-112
Using SoC Vendor HALs in the Zephyr Project - SFO17-112Using SoC Vendor HALs in the Zephyr Project - SFO17-112
Using SoC Vendor HALs in the Zephyr Project - SFO17-112
 
Microkernel-based operating system development
Microkernel-based operating system developmentMicrokernel-based operating system development
Microkernel-based operating system development
 
Readactor-Practical Code Randomization Resilient to Memory Disclosure
Readactor-Practical Code Randomization Resilient to Memory DisclosureReadactor-Practical Code Randomization Resilient to Memory Disclosure
Readactor-Practical Code Randomization Resilient to Memory Disclosure
 
DefCon 2012 - Rooting SOHO Routers
DefCon 2012 - Rooting SOHO RoutersDefCon 2012 - Rooting SOHO Routers
DefCon 2012 - Rooting SOHO Routers
 
yosys_presentation that help in working on the yosys tool
yosys_presentation that help in working on the yosys toolyosys_presentation that help in working on the yosys tool
yosys_presentation that help in working on the yosys tool
 
Tsunami of Technologies. Are we prepared?
Tsunami of Technologies. Are we prepared?Tsunami of Technologies. Are we prepared?
Tsunami of Technologies. Are we prepared?
 
Linux on RISC-V with Open Hardware (ELC-E 2020)
Linux on RISC-V with Open Hardware (ELC-E 2020)Linux on RISC-V with Open Hardware (ELC-E 2020)
Linux on RISC-V with Open Hardware (ELC-E 2020)
 

Plus de RISC-V International

London Open Source Meetup for RISC-V
London Open Source Meetup for RISC-VLondon Open Source Meetup for RISC-V
London Open Source Meetup for RISC-VRISC-V International
 
Ziptillion boosting RISC-V with an efficient and os transparent memory comp...
Ziptillion boosting RISC-V with an efficient and os transparent memory comp...Ziptillion boosting RISC-V with an efficient and os transparent memory comp...
Ziptillion boosting RISC-V with an efficient and os transparent memory comp...RISC-V International
 
Static partitioning virtualization on RISC-V
Static partitioning virtualization on RISC-VStatic partitioning virtualization on RISC-V
Static partitioning virtualization on RISC-VRISC-V International
 
Standardizing the tee with global platform and RISC-V
Standardizing the tee with global platform and RISC-VStandardizing the tee with global platform and RISC-V
Standardizing the tee with global platform and RISC-VRISC-V International
 
RISC-V NOEL-V - A new high performance RISC-V Processor Family
RISC-V NOEL-V - A new high performance RISC-V Processor FamilyRISC-V NOEL-V - A new high performance RISC-V Processor Family
RISC-V NOEL-V - A new high performance RISC-V Processor FamilyRISC-V International
 
RISC-V 30907 summit 2020 joint picocom_mentor
RISC-V 30907 summit 2020 joint picocom_mentorRISC-V 30907 summit 2020 joint picocom_mentor
RISC-V 30907 summit 2020 joint picocom_mentorRISC-V International
 
Ripes tracking computer architecture throught visual and interactive simula...
Ripes tracking computer architecture throught visual and interactive simula...Ripes tracking computer architecture throught visual and interactive simula...
Ripes tracking computer architecture throught visual and interactive simula...RISC-V International
 
Open source manufacturable pdk for sky water 130nm process node
Open source manufacturable pdk for sky water 130nm process nodeOpen source manufacturable pdk for sky water 130nm process node
Open source manufacturable pdk for sky water 130nm process nodeRISC-V International
 
Online test program generator for RISC-V processors
Online test program generator for RISC-V processorsOnline test program generator for RISC-V processors
Online test program generator for RISC-V processorsRISC-V International
 
Klessydra t - designing vector coprocessors for multi-threaded edge-computing...
Klessydra t - designing vector coprocessors for multi-threaded edge-computing...Klessydra t - designing vector coprocessors for multi-threaded edge-computing...
Klessydra t - designing vector coprocessors for multi-threaded edge-computing...RISC-V International
 
Educating the computer architects of tomorrow's critical systems with RISC-V
Educating the computer architects of tomorrow's critical systems with RISC-VEducating the computer architects of tomorrow's critical systems with RISC-V
Educating the computer architects of tomorrow's critical systems with RISC-VRISC-V International
 

Plus de RISC-V International (17)

WD RISC-V inliner work effort
WD RISC-V inliner work effortWD RISC-V inliner work effort
WD RISC-V inliner work effort
 
RISC-V Zce Extension
RISC-V Zce ExtensionRISC-V Zce Extension
RISC-V Zce Extension
 
London Open Source Meetup for RISC-V
London Open Source Meetup for RISC-VLondon Open Source Meetup for RISC-V
London Open Source Meetup for RISC-V
 
Ziptillion boosting RISC-V with an efficient and os transparent memory comp...
Ziptillion boosting RISC-V with an efficient and os transparent memory comp...Ziptillion boosting RISC-V with an efficient and os transparent memory comp...
Ziptillion boosting RISC-V with an efficient and os transparent memory comp...
 
Static partitioning virtualization on RISC-V
Static partitioning virtualization on RISC-VStatic partitioning virtualization on RISC-V
Static partitioning virtualization on RISC-V
 
Standardizing the tee with global platform and RISC-V
Standardizing the tee with global platform and RISC-VStandardizing the tee with global platform and RISC-V
Standardizing the tee with global platform and RISC-V
 
Security and functional safety
Security and functional safetySecurity and functional safety
Security and functional safety
 
RISC-V NOEL-V - A new high performance RISC-V Processor Family
RISC-V NOEL-V - A new high performance RISC-V Processor FamilyRISC-V NOEL-V - A new high performance RISC-V Processor Family
RISC-V NOEL-V - A new high performance RISC-V Processor Family
 
RISC-V 30908 patra
RISC-V 30908 patraRISC-V 30908 patra
RISC-V 30908 patra
 
RISC-V 30907 summit 2020 joint picocom_mentor
RISC-V 30907 summit 2020 joint picocom_mentorRISC-V 30907 summit 2020 joint picocom_mentor
RISC-V 30907 summit 2020 joint picocom_mentor
 
Ripes tracking computer architecture throught visual and interactive simula...
Ripes tracking computer architecture throught visual and interactive simula...Ripes tracking computer architecture throught visual and interactive simula...
Ripes tracking computer architecture throught visual and interactive simula...
 
Porting tock to open titan
Porting tock to open titanPorting tock to open titan
Porting tock to open titan
 
Open source manufacturable pdk for sky water 130nm process node
Open source manufacturable pdk for sky water 130nm process nodeOpen source manufacturable pdk for sky water 130nm process node
Open source manufacturable pdk for sky water 130nm process node
 
Online test program generator for RISC-V processors
Online test program generator for RISC-V processorsOnline test program generator for RISC-V processors
Online test program generator for RISC-V processors
 
Klessydra t - designing vector coprocessors for multi-threaded edge-computing...
Klessydra t - designing vector coprocessors for multi-threaded edge-computing...Klessydra t - designing vector coprocessors for multi-threaded edge-computing...
Klessydra t - designing vector coprocessors for multi-threaded edge-computing...
 
Educating the computer architects of tomorrow's critical systems with RISC-V
Educating the computer architects of tomorrow's critical systems with RISC-VEducating the computer architects of tomorrow's critical systems with RISC-V
Educating the computer architects of tomorrow's critical systems with RISC-V
 
Data trustworthiness at the edge
Data trustworthiness at the edgeData trustworthiness at the edge
Data trustworthiness at the edge
 

Dernier

"Debugging python applications inside k8s environment", Andrii Soldatenko
"Debugging python applications inside k8s environment", Andrii Soldatenko"Debugging python applications inside k8s environment", Andrii Soldatenko
"Debugging python applications inside k8s environment", Andrii SoldatenkoFwdays
 
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)Mark Simos
 
TrustArc Webinar - How to Build Consumer Trust Through Data Privacy
TrustArc Webinar - How to Build Consumer Trust Through Data PrivacyTrustArc Webinar - How to Build Consumer Trust Through Data Privacy
TrustArc Webinar - How to Build Consumer Trust Through Data PrivacyTrustArc
 
Dev Dives: Streamline document processing with UiPath Studio Web
Dev Dives: Streamline document processing with UiPath Studio WebDev Dives: Streamline document processing with UiPath Studio Web
Dev Dives: Streamline document processing with UiPath Studio WebUiPathCommunity
 
Human Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR SystemsHuman Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR SystemsMark Billinghurst
 
Developer Data Modeling Mistakes: From Postgres to NoSQL
Developer Data Modeling Mistakes: From Postgres to NoSQLDeveloper Data Modeling Mistakes: From Postgres to NoSQL
Developer Data Modeling Mistakes: From Postgres to NoSQLScyllaDB
 
Hyperautomation and AI/ML: A Strategy for Digital Transformation Success.pdf
Hyperautomation and AI/ML: A Strategy for Digital Transformation Success.pdfHyperautomation and AI/ML: A Strategy for Digital Transformation Success.pdf
Hyperautomation and AI/ML: A Strategy for Digital Transformation Success.pdfPrecisely
 
How to write a Business Continuity Plan
How to write a Business Continuity PlanHow to write a Business Continuity Plan
How to write a Business Continuity PlanDatabarracks
 
Take control of your SAP testing with UiPath Test Suite
Take control of your SAP testing with UiPath Test SuiteTake control of your SAP testing with UiPath Test Suite
Take control of your SAP testing with UiPath Test SuiteDianaGray10
 
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek SchlawackFwdays
 
Unraveling Multimodality with Large Language Models.pdf
Unraveling Multimodality with Large Language Models.pdfUnraveling Multimodality with Large Language Models.pdf
Unraveling Multimodality with Large Language Models.pdfAlex Barbosa Coqueiro
 
Ensuring Technical Readiness For Copilot in Microsoft 365
Ensuring Technical Readiness For Copilot in Microsoft 365Ensuring Technical Readiness For Copilot in Microsoft 365
Ensuring Technical Readiness For Copilot in Microsoft 3652toLead Limited
 
Advanced Test Driven-Development @ php[tek] 2024
Advanced Test Driven-Development @ php[tek] 2024Advanced Test Driven-Development @ php[tek] 2024
Advanced Test Driven-Development @ php[tek] 2024Scott Keck-Warren
 
Connect Wave/ connectwave Pitch Deck Presentation
Connect Wave/ connectwave Pitch Deck PresentationConnect Wave/ connectwave Pitch Deck Presentation
Connect Wave/ connectwave Pitch Deck PresentationSlibray Presentation
 
SIP trunking in Janus @ Kamailio World 2024
SIP trunking in Janus @ Kamailio World 2024SIP trunking in Janus @ Kamailio World 2024
SIP trunking in Janus @ Kamailio World 2024Lorenzo Miniero
 
Artificial intelligence in cctv survelliance.pptx
Artificial intelligence in cctv survelliance.pptxArtificial intelligence in cctv survelliance.pptx
Artificial intelligence in cctv survelliance.pptxhariprasad279825
 
Commit 2024 - Secret Management made easy
Commit 2024 - Secret Management made easyCommit 2024 - Secret Management made easy
Commit 2024 - Secret Management made easyAlfredo García Lavilla
 
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024BookNet Canada
 
Leverage Zilliz Serverless - Up to 50X Saving for Your Vector Storage Cost
Leverage Zilliz Serverless - Up to 50X Saving for Your Vector Storage CostLeverage Zilliz Serverless - Up to 50X Saving for Your Vector Storage Cost
Leverage Zilliz Serverless - Up to 50X Saving for Your Vector Storage CostZilliz
 

Dernier (20)

"Debugging python applications inside k8s environment", Andrii Soldatenko
"Debugging python applications inside k8s environment", Andrii Soldatenko"Debugging python applications inside k8s environment", Andrii Soldatenko
"Debugging python applications inside k8s environment", Andrii Soldatenko
 
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
 
TrustArc Webinar - How to Build Consumer Trust Through Data Privacy
TrustArc Webinar - How to Build Consumer Trust Through Data PrivacyTrustArc Webinar - How to Build Consumer Trust Through Data Privacy
TrustArc Webinar - How to Build Consumer Trust Through Data Privacy
 
Dev Dives: Streamline document processing with UiPath Studio Web
Dev Dives: Streamline document processing with UiPath Studio WebDev Dives: Streamline document processing with UiPath Studio Web
Dev Dives: Streamline document processing with UiPath Studio Web
 
Human Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR SystemsHuman Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR Systems
 
DMCC Future of Trade Web3 - Special Edition
DMCC Future of Trade Web3 - Special EditionDMCC Future of Trade Web3 - Special Edition
DMCC Future of Trade Web3 - Special Edition
 
Developer Data Modeling Mistakes: From Postgres to NoSQL
Developer Data Modeling Mistakes: From Postgres to NoSQLDeveloper Data Modeling Mistakes: From Postgres to NoSQL
Developer Data Modeling Mistakes: From Postgres to NoSQL
 
Hyperautomation and AI/ML: A Strategy for Digital Transformation Success.pdf
Hyperautomation and AI/ML: A Strategy for Digital Transformation Success.pdfHyperautomation and AI/ML: A Strategy for Digital Transformation Success.pdf
Hyperautomation and AI/ML: A Strategy for Digital Transformation Success.pdf
 
How to write a Business Continuity Plan
How to write a Business Continuity PlanHow to write a Business Continuity Plan
How to write a Business Continuity Plan
 
Take control of your SAP testing with UiPath Test Suite
Take control of your SAP testing with UiPath Test SuiteTake control of your SAP testing with UiPath Test Suite
Take control of your SAP testing with UiPath Test Suite
 
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
 
Unraveling Multimodality with Large Language Models.pdf
Unraveling Multimodality with Large Language Models.pdfUnraveling Multimodality with Large Language Models.pdf
Unraveling Multimodality with Large Language Models.pdf
 
Ensuring Technical Readiness For Copilot in Microsoft 365
Ensuring Technical Readiness For Copilot in Microsoft 365Ensuring Technical Readiness For Copilot in Microsoft 365
Ensuring Technical Readiness For Copilot in Microsoft 365
 
Advanced Test Driven-Development @ php[tek] 2024
Advanced Test Driven-Development @ php[tek] 2024Advanced Test Driven-Development @ php[tek] 2024
Advanced Test Driven-Development @ php[tek] 2024
 
Connect Wave/ connectwave Pitch Deck Presentation
Connect Wave/ connectwave Pitch Deck PresentationConnect Wave/ connectwave Pitch Deck Presentation
Connect Wave/ connectwave Pitch Deck Presentation
 
SIP trunking in Janus @ Kamailio World 2024
SIP trunking in Janus @ Kamailio World 2024SIP trunking in Janus @ Kamailio World 2024
SIP trunking in Janus @ Kamailio World 2024
 
Artificial intelligence in cctv survelliance.pptx
Artificial intelligence in cctv survelliance.pptxArtificial intelligence in cctv survelliance.pptx
Artificial intelligence in cctv survelliance.pptx
 
Commit 2024 - Secret Management made easy
Commit 2024 - Secret Management made easyCommit 2024 - Secret Management made easy
Commit 2024 - Secret Management made easy
 
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
 
Leverage Zilliz Serverless - Up to 50X Saving for Your Vector Storage Cost
Leverage Zilliz Serverless - Up to 50X Saving for Your Vector Storage CostLeverage Zilliz Serverless - Up to 50X Saving for Your Vector Storage Cost
Leverage Zilliz Serverless - Up to 50X Saving for Your Vector Storage Cost
 

Gernot heiser unsw sydney and se l4 foundation

  • 1. seL4® on RISC-V® Fast, Secure, Open-Source OS Kernel, Proved Bug-Free https://sel4.systems/ Gernot Heiser, UNSW Sydney and seL4 Foundation
  • 2. The Highlight of the Year 2 RISC-V Summit, Dec'20 Gernot Heiser: seL4 on RISC-V 08/11/2020 eL4 i eri ed on RISC-V! microkerneld de R G H TAGS open source, operating s stems, risc- , securit 2020/ 06/ 09 Sounds great! But hat does it mean? seL4 ( :// 4. /) (pronounced e -e-ell-fo ) is arguabl the orld s most secure operating s stem (OS) kernel. The OSkernel is the lo est le el of soft are running on a computer s stem. It is the code that e ecutes in pri ileged mode (S-mode in RISC-V; M-mode is reser ed for microcode/ rm are). The kernel is ultimatel responsible for the securit of a computer s stem. seL4 is a microkernel ( :// . . / /M ). The idea of a microkernel is to minimise the ed comp ing ba e the part of the s stem for hich there is no Plan B if it fails. The Linu and Windo s kernels consist of tens of millions of lines of code, and contain literall thousands (more likel tens of thousands) of bugs a huge attack surface. A ell-designed microkernel, such as seL4, has about ten thousand lines inherentl more trust orth ( :// . 61. . / / //B LH 18. ).
  • 3. Background: What is ? seL4 is an open source, high-assurance, high-performance operating system microkernel Piece of software that runs at the heart of any system and controls all accesses to resources World’s most comprehensive mathematical proofs of correctness and security Available on GitHub under GPLv2 license World’s fastest microkernel hardware software critical non-critical, untrusted attacks RISC-V Summit, Dec'20 Gernot Heiser: seL4 on RISC-V 3
  • 4. What is ? seL4 is the most trustworthy foundation for safety- and security-critical systems Already in use across many domains: automotive, aviation, space, defence, critical infrastructure, cyber-physical systems, IoT, industry 4.0, certified security... RISC-V Summit, Dec'20 Gernot Heiser: seL4 on RISC-V 4
  • 5. Performance Source seL4 Fiasco.OC Zircon Mi et al, 2019 986 2717 8157 Gu et al, 2020 1450 3057 8151 seL4.systems, Nov’20 797 N/A N/A RISC-V Summit, Dec'20 GERNOT HEISER: SEL4 ON RISC-V 5 Latency (in cycles) of a round-trip cross-address-space IPC on x64 Sources: • Zeyu Mi, Dingji Li, Zihan Yang, Xinran Wang, Haibo Chen: “SkyBridge: Fast and Secure Inter-Process Communication for Microkernels”, EuroSys, April 2020 • Jinyu Gu, Xinyue Wu, Wentai Li, Nian Liu, Zeyu Mi, Yubin Xia, Haibo Chen: “Harmonizing Performance and Isolation in Microkernels with Efficient Intra-kernel Isolation and Communication”, Usenix ATC, June 2020 • seL4 Performance, https://sel4.systems/About/Performance/, accessed 2020-11-08 Temporary performance regression in Dec’19 World’s fastest microkernel!
  • 6. A few more months for RISC-V Now done for RISC-V! Unique Verification by Mathematical Proof RISC-V Summit, Dec'20 Gernot Heiser: seL4 on RISC-V 6 Proof Integrity Abstract Model C Imple- mentation Confidentiality Availability Binary code Proof Proof Functional Correctness Translation Correctness Security Enforcement seL4: Still only capability- based OS kernel with correctness proof! seL4: The only OS on RISC-V with correctness proof
  • 7. What Does This Mean? Kinds of properties proved • Behaviour of C code is fully captured by abstract model • Behaviour of C code is fully captured by executable model • Kernel never fails, behaviour is always well-defined • assertions never fail • will never de-reference null pointer • will never access array out of bounds • cannot be subverted by misformed input • … • All syscalls terminate, reclaiming memory is safe, ... • Well typed references, aligned objects, kernel always mapped… • Access control is decidable 7 GERNOT HEISER: SEL4 ON RISC-V Can prove further properties on abstract level! RISC-V Summit, Dec'20
  • 8. What Did We LearnAbout RISC-V? RISC-V Summit, Dec'20 Gernot Heiser: seL4 on RISC-V 8 ISA Kernel functions Kernel code size number relative SLOC relative x86 64-bit 1231 177% 16,655 3.4 Arm v7 (32-bit) 853 122% 14,114 2.8 RISC-V RV64 695 100% 4,977 1.0 Regularity is good! • Regular page-table structure ⇒ simplifies code and proofs • Regularity of ISA ⇒ most kernel code word-size independent • Clock specified in ISA Hopefully IRQ controller as well! ISA Kernel code size (SLOC) common 32-bit 64-bit x86 10,908 3,882 5,747 Arm 7,898 6,216 5,267 RISC-V 4,753 220 224 ISA Kernel functions Kernel code size Verification Effort number relative SLOC relative x86 64-bit 1231 177% 16,655 3.4 ≈ 5–6 py Arm v7 (32-bit) 853 122% 14,114 2.8 (11 py) RISC-V RV64 695 100% 4,977 1.0 ≈ 3.5 py
  • 9. Rewrite Rules Binary Code Formalised C Formalised Binary Graph Language Graph Language Greatest Feature: Formal ISASpec! Gernot Heiser: seL4 on RISC-V 9 Target of functional correctness proof Proof Formal C Semantics Proof SMT Solver De- compiler Proof Formal ISA Spec Compiler Proof Verification of binary (in progress): C Source • Formal spec increases assurance • Will eventually link to verified hardware! RISC-V Summit, Dec'20
  • 10. How Can I Use It?  Open source (GPL v2): Download from https://github.com/sel4  But keep in mind: seL4 is an OS microkernel and hypervisor, not an OS!  Many OS components available on the seL4 GitHub GERNOT HEISER: SEL4 ON RISC-V 10 | RISC-V Summit, Dec'20 Native Apps OS Services Device Drivers Kernel Mode User Mode
  • 11. How Can I Use It?  Open source (GPL v2): Download from https://github.com/sel4  But keep in mind: seL4 is an OS microkernel and hypervisor, not an OS!  Many OS components available on the seL4 GitHub  Alternative: HENSOLDT Cyber’s TRENTOS GERNOT HEISER: SEL4 ON RISC-V 11 | RISC-V Summit, Dec'20 Kernel Mode User Mode MiG-V: HENSOLDT-Cyber RV64 Processor (based on Ariane) TRENTOS Secure Boot Crypto SD Driver E/N Driver TCP/IP File System Key Store Loader Logger License Manager Secure Update TLS Stack Supply-chain security through logic obfuscation Verified!
  • 12. RISC-V Summit, Dec'20 GERNOT HEISER: SEL4 ON RISC-V 12 Further Reading: • About seL4: https://sel4.systems/ • seL4 whitepaper: https://sel4.systems/About/seL4-whitepaper.pdf • seL4 Foundation: https://sel4.systems/Foundation Defining the state of the art in trustworthy operating systems for over 10 years Now proved correct on RISC-V!
  • 13. Questions? RISC-V Summit, Dec'20 Gernot Heiser: seL4 on RISC-V 13