Green Hills Software demonstrated the multicore interference mitigation capabilities of the INTEGRITY-178 Time-Variant Unified Multi-Processing (tuMP) RTOS on Armv8-A processor cores at the Defence & Security Equipment International (DESI) conference and exhibition in London.
Multicore interference mitigation is critical for both safety-critical and security-critical applications because the same sources of interference that affect determinism and availability can also be used for covert timing attacks. In addressing multicore mitigation for Arm cores, INTEGRITY-178 tuMP provides architects of airborne systems the option to use a processor family with high multicore performance that also comes with the increased determinism and reduced size, weight, and power (SWaP) of Arm’s reduced instruction set computing (RISC) design.
Utilising multicore processors for safety-critical and security-critical applications can be quite challenging due to the inherent contention from multiple cores trying to access a given shared resource, such as memory or I/O. Certification authorities have emphasised their concerns about such interference by including objectives for interference identification, mitigation, and verification in the CAST-32A position paper.
As a true multicore Integrated Modular Avionics (IMA) operating system with a proven nine-year service history, INTEGRITY-178 tuMP includes both a fully capable multicore scheduler and support for bandwidth allocation and management of shared processor resource access. The supported bandwidth management technique emulates a high-rate hardware-based approach to ensure continuous allocation enforcement. These capabilities greatly lower integration and certification risk, while also enabling the integrator to manage significant software retest costs that would occur when a software application changes or is added.
“Meeting safety-certification for multicore avionics has many challenges beyond single-core certifications, and Green Hills Software is committed to providing system integrators the extra features, tools, and documentation they need,” said Dan O'Dowd, Founder and Chief Executive Officer of Green Hills Software. “INTEGRITY-178 tuMP is the only commercial RTOS to provide a full set of tools to directly address the multicore interference objectives specified in CAST-32A.”
With a proven nine-year service history, the INTEGRITY-178 tuMP multicore RTOS is unique in providing the highest levels of both safety and security in the same software product. For security, INTEGRITY-178 is the only operating system ever certified to the Separation Kernel Protection Profile (SKPP) published by the US National Security Agency (NSA) as well as Common Criteria EAL 6+. That security pedigree has been extended to the multicore INTEGRITY-178 tuMP RTOS.
INTEGRITY-178 tuMP meets the flight safety assurance requirements of DO-178 Level A, and is the only true IMA operating system for multicore architectures available today. INTEGRITY-178 tuMP is the only RTOS that fully complies with ARINC 653 Part 1 Supplement 4, and it is also the only RTOS that provides DAL A-compliant mechanisms to mitigate multicore interference.
These capabilities substantially lower integration and certification risk while enabling true IMA capabilities. These RTOS features permit the system integrator and the system end-user to affordably manage software sustainment activities when an application program must be added, modified, or improved within the system’s IMA framework.