Final Report Abstract

The use of container technologies offers potentials in process-related control technology, such as increased update rates and an extension of the control system with value-added services, e.g., also from third-party providers. Compared to other virtualization techniques, standard container solutions have the disadvantage that all processes within a system share the kernel of the host operating system. This poses similar challenges for cloud providers and industrial control software and device vendors. Processes in software containers must be isolated from each other and from the host system by additional mechanisms. This guarantees that errors within a container do not affect the host operating system or other containers. Within this project report, isolation concepts of different container solutions are analyzed. It becomes clear that common, isolating container solutions offer sufficient isolation, but at the expense of reduced performance, especially increased scheduling latency and reduced determinism. For this reason, a concept for the isolation of software containers is created in this project, which runs trusted and untrusted value-added services in both spatially and temporally completely isolated partitions. A partitioning hypervisor such as Jailhouse is used for this purpose. For communication between value-added services in different partitions, a mechanism for interpartition communication is designed that supports three transport media. The communication takes place according to the publish-subscribe pattern, via virtual sockets, shared memory or a combination of message passing and shared memory. The latter uses control messages for synchronization between the communication partners. Data parts of messages are stored in a shared memory area. In the course of validation, it is shown that with shared memory and the combination of message passing and shared memory, the latency of large messages is reduced by a factor of 4 and 20 respectively. By combining the above mechanisms, the expansion of control functionality can be realized through the integration of container technologies.

Publications

• „Sichere Integration von Containertechnologien in Steuerungssysteme“, In: SPS-Magazin, SPS-Magazin. (2021), Nr. 08/2021
  M. Walker, A. Lechler
  
• Analysis ofReal-Time Execution Models forContainer-Based Control Applications. ARENA2036, 14-24. Springer International Publishing.
  Walker, Moritz; Tasci, Timur; Lechler, Armin & Verl, Alexander
  
• Evaluation of Isolation and Communication Mechanisms for Real-Time Containers. 2023 IEEE 32nd International Symposium on Industrial Electronics (ISIE), 1-8. IEEE.
  Walker, Moritz; Fischer, Marc; Lechler, Armin & Verl, Alexander
  
• Real-Time Capable Architecture forSoftware-Defined Manufacturing. ARENA2036, 3-13. Springer International Publishing.
  Oechsle, Stefan; Walker, Moritz; Fischer, Marc; Frick, Florian; Lechler, Armin & Verl, Alexander