Our group is working on the following 3 issues.

Security

By connecting to the Internet, embedded systems such as mobiles phones and digital TVs are becomming attractive targets of malicious attacks. In contrast to PCs and network servers, embedded systems have relatively limited performance. Furthermore, they are not managed by a well educated administrator but users without technical knowledge. Our group is studying the security system for embedded systems, which works with small computational resources and detect intrusions all by itself without the existence of an administrator.

Bugs

Along with the evolution of embedded systems, the scale of their software is increasing rapidly. For instance some mobile phone software consists of more than 10,000,000 LOC. Such a complexity hinders debugging, thereby some bugs become apparent after a product is released to the market. Therefore, there is a requirement for the system that hides and repairs software faults, and continues its execution.

Resource Management

Some of modern embedded systems consists of multiple OSs. Usually OSs are designed to manage the entire resources provided by the underlying hardware. However, in the multi-OS environement, the resources should somehow be shared among them. We study the methodology for managing the resources efficiently among OSs by dynamically chaging the assignment of the resources to the OSs according to the system load and their behaviors.

Projects

To tackle the above problems, the following projects are running now.

ArcOS

ArcOS is OS developed as a basis of supporting automatic error recovery framework. Traditional OSs require rebooting entire system on system fault. In contrast, ArcOS is designed from scratch, consists of multiple modules to encapsulate a system fault in a module and rebooting only that module, the system recovers from the fault in relavitly short time. We are discussing design and programming model that supports fast rebooting.

SPUMONE

SPUMONE is a virtualization layer which multiplexes a single physical processor into multiple virtual processors. Each virtual processor is capable for running dedicated OS, so multiple OSs could be executed concurrently on a single processor with support of SPUMONE. This project is working on a resource management among multiple OSs.

Monitoring System

Monitoring system detects the data structure inconsistency of an OS kernel and repairs it automatically. Viruses and worms modifies kernel data structures for hiding itself (known as rootkits). Based on the pre-defines rules of the kernel data structure, the monitoring system detects kernel data structures violating those rules and repairs them. Our challenge is to find out a methodology to define those rules automatically, which are currently written by hand.