Slashdot Mirror

← Back to Stories (view on slashdot.org)

Linux Foundation Launches ELISA, an Open Source Project For Building Safety-Critical Systems (venturebeat.com)

Posted by msmash on from the tightening-security dept.

The Linux Foundation today launched Enabling Linux in Safety Applications (ELISA), an open source project comprising tools intended to help companies build and certify Linux-based systems whose failure could result in loss of human life, significant property damage, or environmental damage. From a report: In partnership with British chip designer Arm, BMW, autonomous platforms company Kuka, Linutronix, and Toyota, ELISA will work with certification and standardization bodies in "multiple industries" to establish ways Linux can form the foundation of safety-critical systems across industries.

8 of 36 comments (clear)

  1. How do you feel about that? by goombah99 · · Score: 4, Funny

    Why would you say that?

    Obscure joke, lets see who gets it.

    --
    Some drink at the fountain of knowledge. Others just gargle.
    1. Re:How do you feel about that? by goombah99 · · Score: 2, Funny

      Is it important to you to "see who gets it"?

      https://en.wikipedia.org/wiki/...

      --
      Some drink at the fountain of knowledge. Others just gargle.
    2. Re:How do you feel about that? by KlomDark · · Score: 2

      Please elucidate

    3. Re:How do you feel about that? by 93+Escort+Wagon · · Score: 2

      Obscure joke, lets see who gets it.

      On this forum? Probably any of us who are over 40, and a not-insignificant percentage of the younger participants as well. ;-)

      --
      #DeleteChrome
  2. Formal Verification by JBMcB · · Score: 4, Interesting

    Why not start with a formally verified kernel instead of the relative chaos that is Linux kernel development?

    https://en.wikipedia.org/wiki/...

    The kernel and proofs are licensed under GPLv2, and tools are BSD 2-clause.

    --
    My Other Computer Is A Data General Nova III.
    1. Re:Formal Verification by AmiMoJo · · Score: 2

      Formal verification like that isn't that useful for these kinds of systems.

      So you have a GPL formally verified microkernel. You need to build it into a usable system. You need an SoC that it supports, and you need to provide a lot of services to the microkernel to make it do anything useful. And if you touch any of the kernel code, it's not formally verified any more.

      It's a bit like how we tried to build secure systems by writing perfect, verifiable secure code. It turned into a complete nightmare, and didn't even work very well. On automotive you have the additional problem of unreliable hardware, e.g. you need to be able to recover from power supply glitches or cosmic rays flipping random bits in RAM, so your format verification only covered half he problem.

      The solution is the same as for secure code - defence in depth. Make sure that one failure won't literally crash the system. The kernel and OS can provide a lot of services to enable that in a way that is testable and doesn't result in every developer trying to do their own thing, which as we know is always a bad idea for crypto and the same applies to a lot of safety critical stuff.

      I actually write life critical code for a living, BTW.

      --
      const int one = 65536; (Silvermoon, Texture.cs)
      SJW, n: "Someone I don't like, and by the way I'm a fuckwit" - AC
  3. What is "safety critical"? by ctilsie242 · · Score: 3, Insightful

    I am not sure what this will do. To me, a "safety critical" OS like QNX, LynxOS, or INTEGRITY from Green Hills software. These are all operating systems designed from the ground up to be secure, and have defense in depth through every part of the OS, some of which even support physically unclonable functions (PUFs) on chips ensuring that there is no need for a secure enclave that can be read. All of which are also real time operating systems, which ensure that if you need to get a packet at "x" time, you will get that packet. Even Kaspersky has their own RTOS.

    The problem is that people want to use the same commodity development tools in the embedded arena as they use for their web pages. This can be done, but there will be a ton of code that is possibly insecure. Developing for platforms that actually need security and reliability with a secure RTOS will take a lot more time and trouble, and today's environment of "it builds, ship it", I don't think many companies really will care to go the extra mile to actually do much about safety critical functions.

    1. Re:What is "safety critical"? by arth1 · · Score: 2, Insightful

      As far as I know, BMW has been using QNX for quite a while, and with fairly good results. I can only guess at why they want to embrace Linux more, and my two top guesses are availability of developers, and to prevent QNX from squeezing too much blood from them by helping create a viable alternative, whether they choose to use it or not.