Embedded Computing Design August 2011 : Page 34Strategies OSGi platform provides Internet-connected secure and real-time services in embedded devices By Johnson Yan Although Java has been widely used in enterprise software applications running on high-performance servers and in clients running on PC or mobile devices, its use in secure and real-time embedded systems has been limited. However, several recent developments in Java technology promise to change this, including the emergence of the Open Services Gateway initiative (OSGi) Java-based platform intended for software delivery, remote management, and product life-cycle management of services provided on Internet-connected embedded devices. OSGi overview and advantages The Open Services Gateway initiative (OSGi)[1] Alliance is a worldwide consortium of technology innovators advancing a proven and mature process to create open specifications that enable the modular assembly of software built with Java technology. The OSGi frame-work is a modular system and service platform for the Java programming lan-guage that implements a complete and dynamic component model, something that does not exist in stand-alone Java Virtual Machine (JVM) environments. Applications or components (coming in the form of bundles for deployment) can be remotely installed, started, stopped, updated, and uninstalled without requir-ing a reboot. Java package/class man-agement is specified in great detail. Life-cycle management is accomplished via APIs that enable management policies to be remotely downloaded. A service registry allows bundles to detect the addition or removal of services and adapt accordingly. Due to these advantages, OSGi has become the de facto standard for secure and real-time embedded devices for Internet-connected residential gateways, home energy management, medical monitoring, home security, telematics, automotive, and process control systems applications. Requirements for secure and real-time services Secure Internet-connected embedded devices are susceptible to viruses, hacking, and denial-of-service attacks. A secure embedded device must be immune to these attacks to achieve a high degree of customer satisfaction. Real time A real-time system can be divided into two categories: hard real time and soft real time. Hard real time provides deterministic response (within microseconds) and guaranteed service. Failure to meet time constraints means disaster or loss of life. Hard real time is necessary for mission-critical applications. Soft real time, on the other hand, provides fast average response time without unac-ceptable long pauses or delays. Failure to meet time constraints means degraded service. Soft real time is required for high quality of service, customer satisfaction, and low churn rate. Size, power, cost In addition to being secure and real-time, Internet-connected embedded devices must have low memory footprint, power consumption, and costs. Java innovations Several Java innovations help satisfy the aforementioned requirements for secure and real-time embedded devices. www.embedded-computing.com 34 | August 2011 Embedded Computing Design Resource Guide OSGi Platform Provides Internet-Connected Secure And Real-Time Services In Embedded DevicesJohnson YanAlthough Java has been widely used in enterprise software applications running on high-performance servers and in clients running on PC or mobile devices, its use in secure and real-time embedded systems has been limited. However, several recent developments in Java technology promise to change this, including the emergence of the Open Services Gateway initiative (OSGi) Java-based platform intended for software delivery, remote management, and product life-cycle management of services provided on Internetconnected embedded devices.<br /> <br /> OSGi overview and advantages <br /> <br /> The Open Services Gateway initiative (OSGi)[1] Alliance is a worldwide consortium of technology innovators advancing a proven and mature process to create open specifications that enable the modular assembly of software built with Java technology. The OSGi framework is a modular system and service platform for the Java programming language that implements a complete and dynamic component model, something that does not exist in stand-alone Java Virtual Machine (JVM) environments.<br /> <br /> Applications or components (coming in the form of bundles for deployment) can be remotely installed, started, stopped, updated, and uninstalled without requiring a reboot. Java package/class management is specified in great detail.<br /> Life-cycle management is accomplished via APIs that enable management policies to be remotely downloaded. A service registry allows bundles to detect the addition or removal of services and adapt accordingly.<br /> <br /> Due to these advantages, OSGi has become the de facto standard for secure and realtime embedded devices for Internetconnected residential gateways, home energy management, medical monitoring, home security, telematics, automotive, and process control systems applications.<br /> <br /> Requirements for secure and real-time services <br /> <br /> Secure <br /> <br /> Internet-connected embedded devices are susceptible to viruses, hacking, and denial-of-service attacks. A secure embedded device must be immune to these attacks to achieve a high degree of customer satisfaction.<br /> <br /> Real time <br /> <br /> A real-time system can be divided into two categories: hard real time and soft real time.<br /> <br /> Hard real time provides deterministic response (within microseconds) and guaranteed service. Failure to meet time constraints means disaster or loss of life.Hard real time is necessary for missioncritical applications.<br /> <br /> Soft real time, on the other hand, provides fast average response time without unacceptable long pauses or delays. Failure to meet time constraints means degraded service. Soft real time is required for high quality of service, customer satisfaction, and low churn rate.<br /> <br /> Size, power, cost <br /> <br /> In addition to being secure and real-time, Internet-connected embedded devices must have low memory footprint, power consumption, and costs.<br /> <br /> Java innovations <br /> <br /> Several Java innovations help satisfy the aforementioned requirements for secure and real-time embedded devices.<br /> <br /> Direct Java bytecode execution <br /> <br /> With direct Java bytecode execution, the JVM bytecodes are the processor’s instruction set. Their executions are fast and atomic (non-interruptible).<br /> Interpretation and Just-In-Time (JIT) compilation are not required. This innovation allows: <br /> <br /> . Fast Java bytecode execution: No slowdown by interpretation or JIT compilation.<br /> <br /> . Low memory footprint: Interpreter and JIT compilation adds to the memory requirement.<br /> <br /> . Low power consumption: Can use lower clock due to higher Java performance.<br /> <br /> . Low cost: No JVM interpreter or JIT compiler license cost.<br /> <br /> Figure 1 illustrates the contrast between direct execution and traditional Java implementations.<br /> <br /> Hardware Real-Time Operating System (RTOS) <br /> <br /> Real-time Java is achieved with native hardware implementation of real-time Java threading primitives, deterministic threading, a fixed-priority preemptive thread scheduler, and automatic interrupt vectoring. Without hardware real-time Java, a dual language platform must be employed (C for real-time functions and Java for non-real-time functions), resulting in high development and maintenance costs to support two programming languages and environments. The weak link between C and Java inherent in the dual language platform is also a key source of security issues. Eliminating this weak link makes the processor less prone to crashes, hacking, or virus attacks. This innovation allows: <br /> <br /> . Hard real time: Standard Java programs can use realtime features automatically.<br /> <br /> . Low memory footprint: The RTOS is built in and does not require an external RTOS, which adds to the memory requirement.<br /> <br /> . Low cost: No external RTOS licensing cost.<br /> <br /> Hardware multiple JVM <br /> <br /> Hardware multiple JVM allows multiple independent JVMs to run independently in one processor with firewalls securely separating the applications running on each JVM. This is achieved by hardware support for deterministic time slicing and memory space slicing among the multiple JVMs. Also, fast JVM context switching is achieved with hardware support.Moreover, each independent JVM can be restarted without affecting the other JVMs.<br /> <br /> One practical application of this feature is to use two JVMs to enhance security by running secured processes in one JVM and Internet-connected applications (exposed to outside threat) on the other.This, along with the elimination of the weak links between C and Java in the dual language platform, makes the processor less prone to crashes, hacking, or virus attacks.Another useful application is to run one JVM for real-time processes and the other JVM for non-real-time processes.This approach significantly reduces the complexity of real-time system design.This innovation enables: <br /> <br /> . Security: Each JVM is independent and secure from the other. A failed JVM can be restarted without affecting the other.<br /> <br /> . Real time: A real-time application can run on one JVM while a non-real-time application runs on the other JVM with fast context switching.<br /> <br /> . Low power consumption: Different power management policies can run on the two JVMs.<br /> <br /> Figure 2 illustrates hardware multiple JVM implementation with two JVMs.<br /> <br /> Silicon-based implementation <br /> <br /> To simplify Java application development and reduce the cost of deploying secure and real-time services on embedded systems, designers can use silicon-based Systems-on-Chips (SoCs).A cost-effective SoC Java solution with a built-in RTOS, complete set of drivers for industry-standard peripherals and I/O (communication, storage, networking, security, and so on), and OSGi middleware support allows users to focus on the Java application for fast time to market.<br /> <br /> An example of a silicon-based implementation from aJile Systems is shown in Figure 3. In this implementation, the SoC incorporates the three major Java innovations discussed earlier to enable low-cost and low-power deployment of secure and real-time Internet-connected applications.<br /> <br /> OSGi-based deployment of Internetconnected embedded applications is gaining momentum and acceptance as a means of providing secure and real-time services in the emerging and Growing vertical markets for embedded devices: residential, automotive, and industrial. This trend is accelerated by the availability of silicon-based OSGi platforms that make economic deployment possible.<br /> <br /> Johnson Yan is senior VP of sales and business development at aJile Systems Inc. Prior to joining aJile Systems, he was VP of marketing and business development at Silicon Motion and founder and CEO of Jaxstream, and held VP and management positions at Tvia, ATI Technologies, Oak Technologies, and Trident Microsystems. Johnson has a BSEE from the University of Texas at Austin and a Master’s degree in EECS from the University of California at Berkeley. He holds four patents in graphics/imaging technology.<br /> <br /> Publication List |
