Safety-critical systems and in particular mixed-criticality systems require spatial and temporal separation for their hosted applications and functionalities. Additional constraints are using Commercial Off-The-Shelf (COTS) components, portability and determinism. These items are required for economic success for products with low piece numbers and long life-cycles like aircraft. Available embedded processors lack means for spatial separation of Input/Output (I/O) components like an Input/Output Memory Management Unit (IOMMU). The objective of this paper is to provide spatial separation for I/O in COTS mixed-criticality embedded real-time systems like avionics with minimum possible impact on performance (transfer time, transfer rate, Central Processing Unit (CPU) usage). The three main contributions of this paper are: (1) The presented Input/Output Memory Protection Unit (IOMPU) enables to upgrade spatial separation for I/O to a system by using COTS components and Non-Transparent Bridge (NTB) technology. In addition, the IOMPU concept is compatible with existing temporal separation solutions. (2) The paper shows a prototype implementation and a potential use case in context of hardware-based I/O virtualization. (3) The evaluation in this paper demonstrates that the IOMPU concept is practically applicable. The performance overhead (transfer time, transfer rate) is below 0.88%, which is almost negligible, particularly compared to state-of-the-art software-based solutions.
展开▼
