
Tock – A secure OS for embedded platforms [pdf] - nickpsecurity
https://amitlevy.com/talks/tock-adi2016.pdf
======
nickpsecurity
One problem with embedded OS's are that they have to be designed for security
from ground-up to achieve it. You need support for partitioning, resource
control, prevention of user-land DOS of kernel, and so on. Getting that onto a
MCU isn't easy. While Zephyr project was nice, it didn't have these attributes
& didn't support MMU/MPU's. Glad I found this one! Also uses Rust internally
to be safer but supports C in user-land. Working on C++ and Lua support.

Related papers below.

Ownership is Theft: Experiences building an embedded OS in Rust

[http://iot.stanford.edu/pubs/levy-tock-
plos15.pdf](http://iot.stanford.edu/pubs/levy-tock-plos15.pdf)

Note to Rust team: I hope they submitted their findings to you all for
evaluation. Part of reason for this submission is in case they didn't. Might
provide helpful design or compiler feedback for language in this sector.

Github page for Tock for any wanting to help

[https://github.com/helena-project/tock](https://github.com/helena-
project/tock)

Levy's page has numerous papers with interesting security tech. Includes key-
value stores, covert channel mitigation, & Haskell web apps.

[http://www.amitlevy.com/#publications](http://www.amitlevy.com/#publications)

~~~
kibwen
The Rust team is indeed aware of this paper, and it was discussed extensively
in the community last year. See

[https://users.rust-lang.org/t/rfc-and-paper-experiences-
buil...](https://users.rust-lang.org/t/rfc-and-paper-experiences-building-an-
os-in-rust/3110)

[https://www.reddit.com/r/rust/comments/3nauhy/experiences_bu...](https://www.reddit.com/r/rust/comments/3nauhy/experiences_building_an_os_in_rust_feedback/)

[https://www.reddit.com/r/rust/comments/3nbt2d/ownership_is_t...](https://www.reddit.com/r/rust/comments/3nbt2d/ownership_is_theft_experiences_building_an/)

~~~
nickpsecurity
Great! Appreciate the feedback. I still have hopes for languages like SPARK
and Rust in resource-constrained space to make up for lack of onboard
resources for protection, preventative or reactive. Case studies like that can
help the progress move along.

