| Popis: |
Current and future aircraft systems require real-time embedded software with greater flexibility than what was previously available for production aircraft. Some flexibility for real-time embedded software systems has been achieved recently through time and space partitioned (TSP) operating systems. TSP operating systems have been implemented through ARINC-653 architectures by a number of commercial vendors to support safety critical applications. However, for increased functionality and flexibility to support future battle space scenarios, aircraft will need to communicate over multiple networks while maintaining data separation and multiple levels of security (MLS). As a result, new MLS-capable real time operating systems referred to as multiple independent levels of security/safety (MILS) separation kernels are emerging and in the process of being certified. The ARINC-653 standard, which too is used by the new MILS kernel, will allow for independently produced applications to run together on the same hardware and provide most of the capability necessary for isolating applications with different security levels. With MILS, functionality such as device drivers, files systems, and networks stacks are moved out of the RTOS and put into partitions, so the kernel can be affordably evaluated (using mathematical verification) and information flow, data isolation, periods processing, and damage limitation can be enforced. To better understand the impacts of separating device drivers from the kernel, Boeing moved the bulk of a Dy-4 Systemspsila MIL-STD-1553 device driver functionality out of a RTOS kernel and into an application partition. This paper details the design, decisions, effort, results, and lessons learned as a result of performing this activity under the Air Force Research Laboratory (AFRL) program in support of the CV-22. AFRLpsilas objective was to gain insight and promote the development and application of commercial TSP operating systems for real-time embedded software systems. |
