Partitioned kernels strike at core of software flaws

COMMENT ON THIS ARTICLE

Plugging an MP3 player into your car’s stereo system in the hopes of taking the edge off the early morning traffic jam might seem harmless enough.

But in today’s tech-jammed automobile, this seemingly innocuous move could potentially wreak havoc on your car’s onboard infotainment and computerized safety features.

“Without proper partitioning, the simultaneous demands could jam a car’s central processing unit (CPU),” according to Charles Eagan, vice-president, research and development at QNX Software Systems Ltd., an Ottawa-based provider or realtime operating systems software (ROTS).

If you happen to be using an onboard navigation system, the device could freeze and cause you to miss a turn you had to make.

More seriously, Eagan said, demands on your CPU from multiple devices could disable the onboard global positioning system (GPS) that alerts emergency personnel of your location in the event of an accident.

Flaws can also surface in larger environments such as enterprise networks and operating systems, where they are often exploited by hackers. QNX provides software and developing tools for companies such as Cisco Systems, Lockheed Martin, Panasonic, General Electric Co, and Siemens.

Auto manufacturing giant DaimlerChrysler Corp. also uses use QNX software to build applications for their cars entertainment, navigation and safety systems.

QNX software loaded within automobiles from DaimlerChrysler, Porsche and Audi enables these vehicles to prioritize CPU executions within milliseconds so as to prevent the unit from freezing.

The company has developed another technology dubbed Adaptive Partitioning targeted at embedded devices. It promises embedded designers the ability to develop secure, long-lasting systems without sacrificing system performance.

Adaptive Partitioning, the company says offers several benefits:

• It enables devices to download and run new software components, without compromising the behavior and realtime performance of existing components;

• It allows users or operators to download applications from potentially untrusted sources, without damaging existing programs.

Adaptive partitioning was initially developed for computer routers, Eagan said.

“Customers were complaining their routers were often so busy the user interface would lock up. It’s akin to you repeatedly hitting keys on your keyboard after it freezes. You just add to the problem.”

The prioritizing feature on QNX’s software allows developers to designate which functions should be given priority when assigning CPU allocation.

Dan Dodge, CEO of QNX, traces the roots of software vulnerability to the architecture of its kernel.

The central part of a computer’s operating system, the kernel manages system resources and communications between hardware and software components.

Dodge advocates the principle of “least privilege” – limiting a software component’s privileges to what it needs to perform its task and nothing more. The “least privilege principle”, he says, protects data and functionality, and prevents a component from being misused.

Unfortunately, says Dodge, most operating systems in the market today don’t follow this principle. “For instance, in a monolithic kernel such as Windows or Linux, device drivers, file systems and protocol stacks all run in the kernel’s memory address space, at the highest privilege level.”

Each of the services, in effect, can do anything it wants. “Consequently, a single programming error or a piece of malicious code in any of these components can compromise the reliability and security of the entire system.”

QNX uses the microkernel approach where drivers, protocol stacks and other system services run outside of the kernel as user space processes.

“The microkernel approach not only allows developers to enforce the principle of least privilege, but can also result in a tamper-resistant kernel that hackers cannot modify,” said Dodge.

However, as software applications do not operate on their own but have to interact with other software and devices, it is extremely difficult to create bug free software, says one Canadian analyst.

“Any piece of software has many dependencies and that causes problems,” said David Senf, manager, Canadian application development and infrastructure software at the Toronto-based IDC Canada Inc. “Testers cannot get into all the interactions and variables,” he said.

Concerns about product launch deadlines, market competition, interoperability strategies, and potential hacker attacks also add to the difficulty. “That’s why you have people who say they will not buy the 1.0 version of any software, and it’s also the reason why it has taken so long for Microsoft Vista to go live,” the IDC Canada analyst said.

There’s no dearth of user reports on software flaws, Senf says. However, he says developers have the primary responsibility to detect and correct bugs in their software products.

Apart from the image problems it creates, broadcasting a mea culpa has hefty price tag as well. Senf said it cost upwards of US$100,000 to for a company to publicize the existence of a bug in its product.

Patches, themselves can cause some problems. Recently Microsoft Corp. announced it would update a patch that’s causing a version of Internet Explorer (IE) to suddenly crash.

Senf, however, is hopeful improved developer tools and a shift to Web-services enabled software will help improve software quality. “Open source software has allowed users to develop patches and create changes to software to suit their needs.”

Software manufacturers such as Sun Microsystems Inc. hope the open-source environmentwill eventually lead to faster fixes for bugs and fewer code defects.

QuickLink 061212

COMMENT ON THIS ARTICLE



Related Download
IDC Marketscape Worldwide Virtual Client Computing Software Sponsor: VMware
IDC Marketscape Worldwide Virtual Client Computing Software
For a qualitative assessment of the characteristics that explain a vendor's success in the marketplace, download this IDC Study.
Register Now