{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,2,25]],"date-time":"2026-02-25T18:44:01Z","timestamp":1772045041018,"version":"3.50.1"},"reference-count":58,"publisher":"MDPI AG","issue":"4","license":[{"start":{"date-parts":[[2017,10,30]],"date-time":"2017-10-30T00:00:00Z","timestamp":1509321600000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/creativecommons.org\/licenses\/by\/4.0\/"}],"content-domain":{"domain":[],"crossmark-restriction":false},"short-container-title":["Electronics"],"abstract":"Virtualization has been deployed as a key enabling technology for coping with the ever growing complexity and heterogeneity of modern computing systems. However, on its own, classical virtualization is a poor match for modern endpoint embedded system requirements such as safety, security and real-time, which are our main target. Microkernel-based approaches to virtualization have been shown to bridge the gap between traditional and embedded virtualization. This notwithstanding, existent microkernel-based solutions follow a highly para-virtualized approach, which inherently requires a significant software engineering effort to adapt guest operating systems (OSes) to run as userland components. In this paper, we present \u03bc RTZVisor as a new TrustZone-assisted hypervisor that distinguishes itself from state-of-the-art TrustZone solutions by implementing a microkernel-like architecture while following an object-oriented approach. Contrarily to existing microkernel-based solutions, \u03bc RTZVisor is able to run nearly unmodified guest OSes, while, contrarily to existing TrustZone-assisted solutions, it provides a high degree of functionality and configurability, placing strong emphasis on the real-time support. Our hypervisor was deployed and evaluated on a Xilinx Zynq-based platform. Experiments demonstrate that the hypervisor presents a small trusted computing base size (approximately 60KB), and a performance overhead of less than 2% for a 10 ms guest-switching rate.<\/jats:p>","DOI":"10.3390\/electronics6040093","type":"journal-article","created":{"date-parts":[[2017,10,30]],"date-time":"2017-10-30T12:16:23Z","timestamp":1509365783000},"page":"93","update-policy":"https:\/\/doi.org\/10.3390\/mdpi_crossmark_policy","source":"Crossref","is-referenced-by-count":19,"title":["\u03bcRTZVisor: A Secure and Safe Real-Time Hypervisor"],"prefix":"10.3390","volume":"6","author":[{"given":"Jos\u00e9","family":"Martins","sequence":"first","affiliation":[{"name":"Centro Algoritmi, Universidade do Minho, 4800-058 Guimar\u00e3es, Portugal"}]},{"given":"Jo\u00e3o","family":"Alves","sequence":"additional","affiliation":[{"name":"Centro Algoritmi, Universidade do Minho, 4800-058 Guimar\u00e3es, Portugal"}]},{"ORCID":"https:\/\/orcid.org\/0000-0001-9954-9746","authenticated-orcid":false,"given":"Jorge","family":"Cabral","sequence":"additional","affiliation":[{"name":"Centro Algoritmi, Universidade do Minho, 4800-058 Guimar\u00e3es, Portugal"}]},{"ORCID":"https:\/\/orcid.org\/0000-0001-8316-6927","authenticated-orcid":false,"given":"Adriano","family":"Tavares","sequence":"additional","affiliation":[{"name":"Centro Algoritmi, Universidade do Minho, 4800-058 Guimar\u00e3es, Portugal"}]},{"ORCID":"https:\/\/orcid.org\/0000-0003-4580-7484","authenticated-orcid":false,"given":"Sandro","family":"Pinto","sequence":"additional","affiliation":[{"name":"Centro Algoritmi, Universidade do Minho, 4800-058 Guimar\u00e3es, Portugal"}]}],"member":"1968","published-online":{"date-parts":[[2017,10,30]]},"reference":[{"key":"ref_1","doi-asserted-by":"crossref","unstructured":"Heiser, G. (2008, January 1\u20134). The role of virtualization in embedded systems. Proceedings of the ACM 1st Workshop on Isolation and Integration in Embedded Systems, Scotland, UK.","DOI":"10.1145\/1435458.1435461"},{"key":"ref_2","unstructured":"Herder, J.N., Bos, H., and Tanenbaum, A.S. (2006). A Lightweight Method for Building Reliable Operating Systems Despite Unreliable Device Drivers, Vrije Universiteit. Technical Report IR-CS-018."},{"key":"ref_3","doi-asserted-by":"crossref","unstructured":"Moratelli, C., Johann, S., Neves, M., and Hessel, F. (2016, January 6\u20137). Embedded virtualization for the design of secure IoT applications. Proceedings of the IEEE 2016 International Symposium on Rapid System Prototyping (RSP), Pittsburg, PA, USA.","DOI":"10.1145\/2990299.2990301"},{"key":"ref_4","doi-asserted-by":"crossref","first-page":"40","DOI":"10.1109\/MIC.2017.17","article-title":"IIoTEED: An Enhanced, Trusted Execution Environment for Industrial IoT Edge Devices","volume":"21","author":"Pinto","year":"2017","journal-title":"IEEE Internet Comput."},{"key":"ref_5","doi-asserted-by":"crossref","unstructured":"Heiser, G. (2011, January 5\u201310). Virtualizing embedded systems: Why bother?. Proceedings of the ACM 48th Design Automation Conference, San Diego, CA, USA.","DOI":"10.1145\/2024724.2024925"},{"key":"ref_6","doi-asserted-by":"crossref","unstructured":"Reinhardt, D., and Morgan, G. (2014, January 18\u201320). An embedded hypervisor for safety-relevant automotive E\/E-systems. Proceedings of the 2014 9th IEEE International Symposium on Industrial Embedded Systems (SIES), Pisa, Italy.","DOI":"10.1109\/SIES.2014.6871203"},{"key":"ref_7","unstructured":"Kleidermacher, D., and Kleidermacher, M. (2012). Embedded Systems Security: Practical Methods for Safe and Secure Software and Systems Development, Elsevier."},{"key":"ref_8","unstructured":"Kaiser, R. (2009, January 25\u201326). Complex embedded systems-A case for virtualization. Proceedings of the IEEE 2009 Seventh Workshop on Intelligent solutions in Embedded Systems, Ancona, Italy."},{"key":"ref_9","doi-asserted-by":"crossref","unstructured":"Aguiar, A., and Hessel, F. (2010, January 8\u201311). Embedded systems\u2019 virtualization: The next challenge?. Proceedings of the 2010 21st IEEE International Symposium on Rapid System Prototyping (RSP), Fairfax, VA, USA.","DOI":"10.1109\/RSP.2010.5656430"},{"key":"ref_10","doi-asserted-by":"crossref","unstructured":"Acharya, A., Buford, J., and Krishnaswamy, V. (2009, January 9\u201311). Phone virtualization using a microkernel hypervisor. Proceedings of the 2009 IEEE International Conference on Internet Multimedia Services Architecture and Applications (IMSAA), Bangalore, India.","DOI":"10.1109\/IMSAA.2009.5439460"},{"key":"ref_11","doi-asserted-by":"crossref","unstructured":"Rudolph, L. (2009). A virtualization infrastructure that supports pervasive computing. IEEE Perv. Comput., 8.","DOI":"10.1109\/MPRV.2009.66"},{"key":"ref_12","doi-asserted-by":"crossref","first-page":"2233","DOI":"10.1109\/TII.2014.2300753","article-title":"Internet of things in industries: A survey","volume":"10","author":"He","year":"2014","journal-title":"IEEE Trans. Ind. Inform."},{"key":"ref_13","doi-asserted-by":"crossref","unstructured":"Sadeghi, A.R., Wachsmann, C., and Waidner, M. (2015, January 8\u201312). Security and privacy challenges in industrial internet of things. Proceedings of the 2015 52nd ACM\/EDAC\/IEEE Design Automation Conference (DAC), San Francisco, CA, USA.","DOI":"10.1145\/2744769.2747942"},{"key":"ref_14","unstructured":"Joe, H., Jeong, H., Yoon, Y., Kim, H., Han, S., and Jin, H.W. (2012, January 14\u201318). Full virtualizing micro hypervisor for spacecraft flight computer. Proceedings of the 2012 IEEE\/AIAA 31st Digital Avionics Systems Conference (DASC), Williamsburg, VA, USA."},{"key":"ref_15","doi-asserted-by":"crossref","first-page":"1","DOI":"10.1145\/2897164","article-title":"A Survey of Mobile Device Virtualization: Taxonomy and State of the Art","volume":"49","author":"Shuja","year":"2016","journal-title":"ACM Comput. Surv. (CSUR)"},{"key":"ref_16","doi-asserted-by":"crossref","unstructured":"Hohmuth, M., Peter, M., Hartig, H., and Shapiro, J.S. (2004, January 19\u201322). Reducing TCB size by using untrusted components: Small kernels versus virtual-machine monitors. Proceedings of the 11th Workshop on ACM SIGOPS European Workshop ACM, Leuven, Belgium.","DOI":"10.1145\/1133572.1133615"},{"key":"ref_17","doi-asserted-by":"crossref","unstructured":"Murray, D.G., Milos, G., and Hand, S. (2008, January 5\u20137). Improving Xen security through disaggregation. Proceedings of the ACM Fourth ACM SIGPLAN\/SIGOPS International Conference on Virtual Execution Environments, Seattle, WA, USA.","DOI":"10.1145\/1346256.1346278"},{"key":"ref_18","doi-asserted-by":"crossref","unstructured":"Lackorzynski, A., Warg, A., Volp, M., and Hartig, H. (2012, January 7\u201312). Flattening hierarchical scheduling. Proceedings of the ACM Tenth ACM International Conference on Embedded Software, New York, NY, USA.","DOI":"10.1145\/2380356.2380376"},{"key":"ref_19","doi-asserted-by":"crossref","first-page":"277","DOI":"10.4236\/jsea.2012.54033","article-title":"A state-of-the-art survey on real-time issues in embedded systems virtualization","volume":"5","author":"Gu","year":"2012","journal-title":"J. Softw. Eng. Appl."},{"key":"ref_20","doi-asserted-by":"crossref","unstructured":"Armand, F., and Gien, M. (2009, January 10\u201313). A practical look at micro-kernels and virtual machine monitors. Proceedings of the 6th IEEE Consumer Communications and Networking Conference (CCNC 2009), Las Vegas, NV, USA.","DOI":"10.1109\/CCNC.2009.4784874"},{"key":"ref_21","doi-asserted-by":"crossref","unstructured":"Heiser, G., and Leslie, B. (2010, January 30). The OKL4 Microvisor: Convergence point of microkernels and hypervisors. Proceedings of the ACM First ACM Asia-Pacific Workshop on Workshop on Systems, New Delhi, India.","DOI":"10.1145\/1851276.1851282"},{"key":"ref_22","first-page":"9","article-title":"Secure embedded systems need microkernels","volume":"30","author":"Heiser","year":"2005","journal-title":"USENIX Login"},{"key":"ref_23","doi-asserted-by":"crossref","first-page":"44","DOI":"10.1109\/MC.2006.156","article-title":"Can we make operating systems reliable and secure?","volume":"39","author":"Tanenbaum","year":"2006","journal-title":"Computer"},{"key":"ref_24","doi-asserted-by":"crossref","first-page":"687","DOI":"10.1016\/j.jss.2006.08.039","article-title":"CAmkES: A component model for secure microkernel-based embedded systems","volume":"80","author":"Kuz","year":"2007","journal-title":"J. Syst. Softw."},{"key":"ref_25","first-page":"19","article-title":"Modular system programming in MINIX 3","volume":"31","author":"Herder","year":"2006","journal-title":"USENIX Login"},{"key":"ref_26","doi-asserted-by":"crossref","unstructured":"Hartig, H., Hohmuth, M., Liedtke, J., Wolter, J., and Schonberg, S. (1997, January 5\u20138). The performance of \u03bc-kernel-based systems. Proceedings of the ACM SIGOPS Operating Systems Review, Saint Malo, France.","DOI":"10.1145\/269005.266660"},{"key":"ref_27","unstructured":"Leslie, B., Van Schaik, C., and Heiser, G. (2005, January 18\u201323). Wombat: A portable user-mode Linux for embedded systems. Proceedings of the 6th Linux.Conf.Au, Canberra, Australia."},{"key":"ref_28","doi-asserted-by":"crossref","unstructured":"Elphinstone, K., and Heiser, G. (2013, January 3\u20136). From L3 to seL4 what have we learnt in 20 years of L4 microkernels?. Proceedings of the Twenty-Fourth ACM Symposium on Operating Systems Principles ACM, New York, NY, USA.","DOI":"10.1145\/2517349.2522720"},{"key":"ref_29","first-page":"234710","article-title":"A real-time programmer\u2019s tour of general-purpose L4 microkernels","volume":"2008","author":"Ruocco","year":"2007","journal-title":"EURASIP J. Embed. Syst."},{"key":"ref_30","doi-asserted-by":"crossref","first-page":"48","DOI":"10.1109\/MC.2005.163","article-title":"Intel virtualization technology","volume":"38","author":"Uhlig","year":"2005","journal-title":"Computer"},{"key":"ref_31","doi-asserted-by":"crossref","unstructured":"Steinberg, U., and Kauer, B. (2010, January 13\u201316). NOVA: A microhypervisor-based secure virtualization architecture. Proceedings of the ACM 5th European Conference on Computer Systems, New York, NY, USA.","DOI":"10.1145\/1755913.1755935"},{"key":"ref_32","doi-asserted-by":"crossref","first-page":"333","DOI":"10.1145\/2644865.2541946","article-title":"KVM\/ARM: The design and implementation of the linux ARM hypervisor","volume":"Volume 49","author":"Dall","year":"2014","journal-title":"ACM Sigplan Notices"},{"key":"ref_33","doi-asserted-by":"crossref","unstructured":"Varanasi, P., and Heiser, G. (2011, January 11\u201312). Hardware-supported virtualization on ARM. Proceedings of the ACM Second Asia-Pacific Workshop on Systems, Shanghai, China.","DOI":"10.1145\/2103799.2103813"},{"key":"ref_34","doi-asserted-by":"crossref","unstructured":"Zampiva, S., Moratelli, C., and Hessel, F. (2015, January 2\u20134). A hypervisor approach with real-time support to the mips m5150 processor. Proceedings of the IEEE 2015 16th International Symposium on Quality Electronic Design (ISQED), Santa Clara, CA, USA.","DOI":"10.1109\/ISQED.2015.7085475"},{"key":"ref_35","unstructured":"Frenzel, T., Lackorzynski, A., Warg, A., and H\u00e4rtig, H. (2010, January 25\u201327). Arm trustzone as a virtualization technique in embedded systems. Proceedings of the Twelfth Real-Time Linux Workshop, Nairobi, Kenya."},{"key":"ref_36","unstructured":"Bertogna, M. (2017, January 28\u201330). LTZVisor: TrustZone is the Key. Proceedings of the 29th Euromicro Conference on Real-Time Systems (Leibniz International Proceedings in Informatics), Dubrovnik, Croatia."},{"key":"ref_37","doi-asserted-by":"crossref","unstructured":"Pinto, S., Pereira, J., Gomes, T., Ekpanyapong, M., and Tavares, A. (2016). Towards a TrustZone-assisted Hypervisor for Real Time Embedded Systems. IEEE Comput. Archit. Lett.","DOI":"10.1109\/LCA.2016.2617308"},{"key":"ref_38","doi-asserted-by":"crossref","unstructured":"Winter, J. (2008, January 31). Trusted computing building blocks for embedded linux-based ARM Trustzone platforms. Proceedings of the 3rd ACM Workshop on Scalable Trusted Computing, Alexandria, VA, USA.","DOI":"10.1145\/1456455.1456460"},{"key":"ref_39","doi-asserted-by":"crossref","first-page":"30","DOI":"10.1016\/j.csi.2007.10.010","article-title":"Virtual machines for distributed real-time systems","volume":"31","author":"Cereia","year":"2009","journal-title":"Comput. Stand. Interfaces"},{"key":"ref_40","unstructured":"Sangorrin, D., Honda, S., and Takada, H. (2010, January 7\u20139). Dual operating system architecture for real-time embedded systems. Proceedings of the 6th International Workshop on Operating Systems Platforms for Embedded Real-Time Applications (OSPERT), Brussels, Belgium."},{"key":"ref_41","first-page":"18","article-title":"TrustZone: Integrated Hardware and Software Security","volume":"3","author":"Alves","year":"2004","journal-title":"Technol. Depth"},{"key":"ref_42","unstructured":"Steinberg, U., Wolter, J., and Hartig, H. (2005, January 6\u20138). Fast component interaction for real-time systems. Proceedings of the 17th Euromicro Conference on Real-Time Systems, (ECRTS 2005), Washington, DC, USA."},{"key":"ref_43","doi-asserted-by":"crossref","unstructured":"Herder, J.N., Bos, H., Gras, B., Homburg, P., and Tanenbaum, A.S. (2008, January 15\u201317). Countering ipc threats in multiserver operating systems (a fundamental requirement for dependability). Proceedings of the 2008 14th IEEE Pacific Rim International Symposium on Dependable Computing (PRDC\u201908), Taipei, Taiwan.","DOI":"10.1109\/PRDC.2008.25"},{"key":"ref_44","unstructured":"Shapiro, J.S. (2003, January 11\u201314). Vulnerabilities in synchronous IPC designs. Proceedings of the IEEE 2003 Symposium on Security and Privacy, Berkeley, CA, USA."},{"key":"ref_45","unstructured":"Kaiser, R., and Wagner, S. (2007, January 16). Evolution of the PikeOS microkernel. Proceedings of the First International Workshop on Microkernels for Embedded Systems, Sydney, Australia."},{"key":"ref_46","unstructured":"Marko, B. (2017, January 28\u201330). VOSYSmonitor, a Low Latency Monitor Layer for Mixed-Criticality Systems on ARMv8-A. Proceedings of the 29th Euromicro Conference on Real-Time Systems (Leibniz International Proceedings in Informatics), Dubrovnik, Croatia."},{"key":"ref_47","unstructured":"Masmano, M., Ripoll, I., Crespo, A., and Metge, J. (2009, January 28\u201330). Xtratum: A hypervisor for safety critical embedded systems. Proceedings of the 11th Real-Time Linux Workshop, Dresden, Germany."},{"key":"ref_48","unstructured":"Ramsauer, R., Kiszka, J., Lohmann, D., and Mauerer, W. (2017, January 14). Look Mum, no VM Exits! (Almost). Proceedings of the 13th International Workshop on Operating Systems Platforms for Embedded Real-Time Applications (OSPERT), Dubrovnik, Croatia."},{"key":"ref_49","unstructured":"Pak, E., Lim, D., Ha, Y.M., and Kim, T. (2017, January 14). Shared Resource Partitioning in an RTOS. Proceedings of the 13th International Workshop on Operating Systems Platforms for Embedded Real-Time Applications (OSPERT), Dubrovnik, Croatia."},{"key":"ref_50","unstructured":"Toppers.jp (2017, September 29). Introduction to the SafeG. Available online: http:\/\/www.toppers.jp\/en\/safeg.html."},{"key":"ref_51","doi-asserted-by":"crossref","unstructured":"Kim, S.W., Lee, C., Jeon, M., Kwon, H., Lee, H.W., and Yoo, C. (2013, January 2\u20136). Secure device access for automotive software. Proceedings of the IEEE 2013 International Conference on Connected Vehicles and Expo (ICCVE), Las Vegas, NV, USA.","DOI":"10.1109\/ICCVE.2013.6799789"},{"key":"ref_52","unstructured":"Tzvisor.org (2017, September 29). TZvisor\u2014TrustZone-assisted Hypervisor. Available online: http:\/\/www.tzvisor.org."},{"key":"ref_53","unstructured":"Schierboom, E.G.H. (2007). Verification of Fiasco\u2019s IPC Implementation. [Master\u2019s Thesis, Computing Science Department, Radboud University]."},{"key":"ref_54","unstructured":"Steinberg, U. (2004). Quality-Assuring Scheduling in the Fiasco Microkernel. [Master\u2019s Thesis, Dresden University of Technology]."},{"key":"ref_55","unstructured":"Smejkal, T., Lackorzynski, A., Engel, B., and V\u00f6lp, M. (2015, January 7\u201310). Transactional IPC in Fiasco.OC. Proceedings of the 11th International Workshop on Operating Systems Platforms for Embedded Real-Time Applications (OSPERT), Lund, Sweden."},{"key":"ref_56","unstructured":"Lackorzynski, A., Warg, A., and Peter, M. (2010, January 25\u201327). Virtual processors as kernel interface. Proceedings of the Twelfth Real-Time Linux Workshop, Nairobi, Kenya."},{"key":"ref_57","doi-asserted-by":"crossref","unstructured":"Xia, T., Pr\u00e9votet, J.C., and Nouvel, F. (2015, January 25\u201329). Mini-nova: A lightweight arm-based virtualization microkernel supporting dynamic partial reconfiguration. Proceedings of the 2015 IEEE International Parallel and Distributed Processing Symposium Workshop (IPDPSW), Hyderabad, India.","DOI":"10.1109\/IPDPSW.2015.72"},{"key":"ref_58","first-page":"254","article-title":"Cost of Virtual Machine Live Migration in Clouds: A Performance Evaluation","volume":"9","author":"Voorsluys","year":"2009","journal-title":"Cloud Com"}],"container-title":["Electronics"],"original-title":[],"language":"en","link":[{"URL":"https:\/\/www.mdpi.com\/2079-9292\/6\/4\/93\/pdf","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,10,11]],"date-time":"2025-10-11T18:48:54Z","timestamp":1760208534000},"score":1,"resource":{"primary":{"URL":"https:\/\/www.mdpi.com\/2079-9292\/6\/4\/93"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2017,10,30]]},"references-count":58,"journal-issue":{"issue":"4","published-online":{"date-parts":[[2017,12]]}},"alternative-id":["electronics6040093"],"URL":"https:\/\/doi.org\/10.3390\/electronics6040093","relation":{},"ISSN":["2079-9292"],"issn-type":[{"value":"2079-9292","type":"electronic"}],"subject":[],"published":{"date-parts":[[2017,10,30]]}}}