Showing 1–3 of 3 results for author: Wägemann, P

vNV-Heap: An Ownership-Based Virtually Non-Volatile Heap for Embedded Systems

Authors: Markus Elias Gerber, Luis Gerhorst, Ishwar Mudraje, Kai Vogelgesang, Thorsten Herfet, Peter Wägemann

Abstract: The Internet of Batteryless Things might revolutionize our understanding of connected devices by harvesting required operational energy from the environment. These systems come with the system-software challenge that the intermittently powered IoT devices have to checkpoint their state in non-volatile memory to later resume with this state when sufficient energy is available. The scarce energy res… ▽ More The Internet of Batteryless Things might revolutionize our understanding of connected devices by harvesting required operational energy from the environment. These systems come with the system-software challenge that the intermittently powered IoT devices have to checkpoint their state in non-volatile memory to later resume with this state when sufficient energy is available. The scarce energy resources demand that only modified data is persisted before a power failure, which requires precise modification tracking. We present vNV-Heap, the first ownership-based virtually Non-Volatile Heap for intermittently powered systems with guaranteed power-failure resilience. The heap exploits ownership systems, a zero-cost (i.e., compile-time) abstraction for example implemented by Rust, to track modifications and virtualize object persistence. To achieve power-failure resilience, our heap is designed and implemented to guarantee bounded operations by static program code analysis: For example, the heap allows for determining a worst-case energy consumption for the operation of persisting modified and currently volatile objects. The evaluation of our open-source implementation on an embedded hardware platform (i.e., ESP32-C3) shows that using our heap abstraction is more energy efficient than existing approaches while also providing runtime guarantees by static worst-case bounds. △ Less

Submitted 15 May, 2025; v1 submitted 29 January, 2025; originally announced January 2025.

Reverse Engineering the ESP32-C3 Wi-Fi Drivers for Static Worst-Case Analysis of Intermittently-Powered Systems

Authors: Ishwar Mudraje, Kai Vogelgesang, Jasper Devreker, Luis Gerhorst, Phillip Raffeck, Peter Wägemann, Thorsten Herfet

Abstract: The Internet of Batteryless Things revolutionizes sustainable communication as it operates on harvested energy. This harvested energy is dependent on unpredictable environmental conditions; therefore, device operations, including those of its networking stack, must be resilient to power failures. Reactive intermittent computing provides an approach for solving this by notifications of impending po… ▽ More The Internet of Batteryless Things revolutionizes sustainable communication as it operates on harvested energy. This harvested energy is dependent on unpredictable environmental conditions; therefore, device operations, including those of its networking stack, must be resilient to power failures. Reactive intermittent computing provides an approach for solving this by notifications of impending power failures, which is implemented by monitoring the harvested energy buffered in a capacitor. However, to use this power-failure notification and guarantee forward progress, systems must break down tasks into atomic transactions that can be predictably finished before the energy runs out. Thus, static program-code analysis must determine the worst-case energy consumption (WCEC) of all transactions. In Wi-Fi-capable devices, drivers are often closed-source, which avoids the determination of WCEC bounds for transactions since static analysis requires all code along with its semantics. In this work, we integrate an energy-aware networking stack with reverse-engineered Wi-Fi drivers to enable full-stack WCEC analysis for physical transmission and reception of packets. Further, we extended a static worst-case analysis tool with a resource-consumption model of our Wi-Fi driver. Our evaluation with the RISC-V-based ESP32-C3 platform gives worst-case bounds with our static analysis approach for the transactions of the full communication stack, therefore showing that Wi-Fi-based reactive intermittent computing is feasible. △ Less

Submitted 3 April, 2025; v1 submitted 29 January, 2025; originally announced January 2025.

VeriFence: Lightweight and Precise Spectre Defenses for Untrusted Linux Kernel Extensions

Authors: Luis Gerhorst, Henriette Herzog, Peter Wägemann, Maximilian Ott, Rüdiger Kapitza, Timo Hönig

Abstract: High-performance IO demands low-overhead communication between user- and kernel space. This demand can no longer be fulfilled by traditional system calls. Linux's extended Berkeley Packet Filter (BPF) avoids user-/kernel transitions by just-in-time compiling user-provided bytecode and executing it in kernel mode with near-native speed. To still isolate BPF programs from the kernel, they are static… ▽ More High-performance IO demands low-overhead communication between user- and kernel space. This demand can no longer be fulfilled by traditional system calls. Linux's extended Berkeley Packet Filter (BPF) avoids user-/kernel transitions by just-in-time compiling user-provided bytecode and executing it in kernel mode with near-native speed. To still isolate BPF programs from the kernel, they are statically analyzed for memory- and type-safety, which imposes some restrictions but allows for good expressiveness and high performance. However, to mitigate the Spectre vulnerabilities disclosed in 2018, defenses which reject potentially-dangerous programs had to be deployed. We find that this affects 31% to 54% of programs in a dataset with 844 real-world BPF programs from popular open-source projects. To solve this, users are forced to disable the defenses to continue using the programs, which puts the entire system at risk. To enable secure and expressive untrusted Linux kernel extensions, we propose VeriFence, an enhancement to the kernel's Spectre defenses that reduces the number of BPF application programs rejected from 54% to zero. We measure VeriFence's overhead for all mainstream performance-sensitive applications of BPF (i.e., event tracing, profiling, and packet processing) and find that it improves significantly upon the status-quo where affected BPF programs are either unusable or enable transient execution attacks on the kernel. △ Less

Submitted 8 January, 2025; v1 submitted 30 April, 2024; originally announced May 2024.

Comments: RAID'24

MSC Class: 68M25 ACM Class: D.4.6