Safe Collaboration in Extensible Operating Systems: A Study on Real-Time Extensions

Abstract

This article proposes a solution to guarantee safe interaction to components that are willing to collaborate in an extensible operating system, dedicated to small embedded systems such as smart cards, that guarantees isolation. We propose a simple way to verify the behaviour of some components using an extension of the type system by adding information about argument-passing modes to the method signatures (e.g., is an argument read or written?). We present a formalization of a PCC-like algorithm (off-card proof generator and on-card proof verifier) to statically check the passing modes of the components in the CAMILLE exokernel for smart cards. We apply our technique to ensure trust between collaborative real-time extensions with the aim of supporting safe dynamic loading of scheduling policy.