A SAFE & SECURE ARINC 653 HYPERVISOR

Embedded hypervisors allow integration of a mixture of legacy and modern applications onto a single computing platform, thus reducing size, weight, power, and cost (SWaP-C). DornerWorks is developing extensions to the open source Xen hypervisor that will meet DO-178C Level A requirements for safety and high robustness requirements based on Common Criteria Evaluation Assurance Level (EAL) 6+ for security. Our extensions provide compliance with the ARINC 653 standard, including time and space partitioning and refine the idea of I/O partitioning. Our partitioning of I/O provides deterministic bandwidth allocation to guest domains. To meet security requirements we apply modern formal analysis techniques to our design. A distinctive aspect of our hypervisor is our use of permissive licensing based on open source with meticulous configuration management. We believe that the transparency and availability offered by a permissive license and an open architecture coupled with rigorous certification artifacts for both safety and security establishes a compelling alternative for partitioning of software in safety and security-critical systems.