The Advent of Multi-core MILS

By Paul Parkinson

Paul Parkinson

It has been a rather long time since my previous blog post. I intended to post a blog before the holidays regarding our partner Curtiss-Wright's announcement about VxWorks MILS support on the VPX6-187, but I simply ran out of time! So here it is as my first blog post of 2013.

The Curtiss-Wright new release was actually quite a game changer. To the casual reader, it may just appear to be about the release of another board support package (BSP) on a leading-edge COTS processor card, but the fact that this BSP supports multi-core for a MILS architecture is what makes this announcement so significant.

When the MILS software architecture was proposed in 1984 by the computer scientist Dr. John Rushby, microprocessors at the time were inherently single-core, and computing performance advances were being driven by clock speed increases and die size, at a rate following Moore's Law.

Over the last decade, single-core processors with robust MMU partitioning have become sufficiently performant to enable viable MILS separation kernels (SK). In recent years, Wind River has implemented VxWorks MILS on single-core processor architectures (PowerPC MPC8548), and on multi-core processors, but only running on a single core (dual-core PowerPC MPC8641D, quad-core Intel Core i7).

However, with the VxWorks MILS Platform, Multicore Edition, the VxWorks MILS separation kernel now runs on all eight cores of the Freescale QoriQ P4080 processor concurrently. Yes that's right, I am talking about (MILS & multi-core) rather than (MILS XOR multi-core). This enables the integration of many MILS solutions on a single processor, creating reduced size, weight and power (SWaP) benefits – even high assurance security-critical systems have tough performance requirements.

The advent of multi-core processor architectures over the last few years has had a dramatic and disruptive effect on the embedded market. This has provided significant benefits in terms of reducing size, weight and power (SWaP), but has also presented some interesting challenges for safe and secure application domains.

For example, the global aerospace market has very mature processes for DO-178B safety-certification on single core processors. Similarly, the security community is approaching maturity for Common Criteria security evaluation on single core processors. But both segments are challenged when driving multicore systems through their respective processes.

ConvergenceThere has also been an emerging trend in recent years of individual systems needing to meet both safety-certification and security evaluation, and now with the emergence of multi-core, this presents some new regulatory challenges, but the benefits will be worth the effort.

This convergence is discussed in more detail in the white paper 'Safety, Security and Multicore' which is available for download from the Wind River website.

For additional information from Wind River, visit us on Facebook.