Military Embedded Systems

Extending military software life expectancy through safe and secure virtualization


June 17, 2009

In a tight economy, many companies are utilizing software-life-extension approaches at the code reuse, specification, or design levels to reduce expense, but these methods all have limitations. However, new Safe and Secure Virtualization (SSV) is thwarting these challenges and offering the best of all worlds.

An ideal life extension technique would be one where entire subsystems are retained from the original platform and inserted, unchanged, into the new platform. Such an approach is now possible with an emerging technology called Safe and Secure Virtualization (SSV). SSV is now finding favor in the planning and development of next-generation systems where safety and security are as important as economy and timeliness.

SSV and legacy subsystems

SSV as a method of legacy reuse is not a fantasy of future technology, but rather it is supported with COTS technology already in use. An example of SSV adoption is the recent selection of SYSGO’s PikeOS by Airbus for their A350 XWB aircraft. Among the many requirements for the new Airbus architecture is the ability to develop certifiably safe software in a native partition, while easily coexisting with legacy software subsystems in POSIX partitions.

Accordingly, SSV provides the ability to comingle software subsystems culled from a variety of legacy platforms, even including off-the-shelf open source subsystems. Because real-time behaviors can sometimes present problems when utilizing classic virtualization techniques, SSV builds upon proven ideas of virtualization, such as the use of paravirtualization to adapt a hosted operating system to interact with the hypervisor layer of the hosting operating system. However, SSV goes further in providing deterministic behavior and resource partitioning to enable the development of embedded applications with predictable real-time response and to provide the basis for certifying independent levels of both safe and secure operations. More specifically, SSV integrates the separation kernel model that includes a low-level scheduler that guarantees the overall system preemption ability while still allowing the different scheduling policies in partitions to behave as originally designed.

Therefore, by definition with SSV, sub-systems can feature different levels of safety and security without conflict or risk. The SSV real-time OS is based on a MILS-conformant microkernel that supervises every hardware access. A unique feature of the SSV architecture is the ability to classify all resources according to requirement subsets. Different operating systems, Runtime Environments (RTEs), and APIs are able to run simultaneously within protected software partitions. This is made possible through the use of accurate, manageable communication channels that allow both safety-critical and noncritical applications to coexist within a single hardware environment.

Reusing legacy code

SSV is an ultimate resolution for integrating otherwise obsolete software in a modern, high-capacity embedded system by isolating separate partitions. The advantage of this approach is the ability to reapply already-existing legacy code that does not have to undergo costly, time-consuming, and error-prone redevelopment phases. The established software is able to operate on a new hardware platform intermingled with other, newer software components such as a modern Linux OS. The modularity and independence of the separate systems allow this peaceful coexistence and cooperation to occur.

Isolating and encapsulating different software packages enable resource partitioning and time partitioning: A static assignment of all available and temporary resources takes place. Each application obtains guaranteed access to assigned resources but does not have any access to other partitions’ resources. Strict separation enforcement guarantees that failures in one partition will not affect other partitions, thus ensuring safe and secure operation.

As an example, SSV allows PikeOS to run a Linux-based subsystem and a safety-critical application with its own proprietary operating system on a single CPU platform. All partitions run in user mode and do not influence the stable kernel mode. Many OS or RTE personalities are available in this environment. These include those based on POSIX, Ada, and Linux, providing the developer the ability to cleanly adopt legacy code into next-generation systems.

Many techniques have been defined and implemented to support code reuse in order to reduce development cost and hopefully minimize risks. Intuitively, traditional virtualization provides a very valid concept to mix legacy software with new software, but falls short for many embedded applications, particularly when real-time behavior is involved. Furthermore, when safety and security are mandatory requirements, then innovative technology based on the SSV concept is essential.

Jacques Brygier is vice president of marketing at SYSGO. He has spent more than 20 years in the business of high technology and computer science, where he has acquired in-depth knowledge of the software industry, its evolution, and its main application fields. He holds a Ph.D. in Computer Science. He can be reached at [email protected].


Featured Companies


Am Pfaffenstein 8 55270
Klein-Winternheim, Germany