Search

CN-115632792-B - Real-time hierarchical scheduling method for embedded device TEE of industrial control system

CN115632792BCN 115632792 BCN115632792 BCN 115632792BCN-115632792-B

Abstract

The invention discloses a real-time hierarchical scheduling method for an embedded device TEE of an industrial control system. The method is oriented to a trusted execution environment TEE of an embedded device in an industrial control system, a safety scheduler for real-time task scheduling only according to priority is realized in a safety environment, and the real-time availability of the system is effectively ensured. The security and the real-time performance are decoupled by adopting a two-layer hierarchical scheduling design, a security scheduler and an environment scheduler are respectively realized in a security environment, and the complexity of the TCB is reduced. The method is characterized in that the environment dispatcher recovers the safe environment or the unsafe environment, the interaction between the two environments is reduced while the system works cooperatively, and the system safety is improved. The method is based on event driving, and a safety timer is set according to a predictable scheduling event, so that the number of interruption times in the scheduling process is greatly reduced, and the interruption overhead of a system is obviously reduced.

Inventors

  • DUAN BINBIN
  • ZHAO CHENGCHENG
  • WANG MENGZHI
  • YANG ZEYU
  • CHENG PENG
  • CHEN JIMING

Assignees

  • 浙江大学

Dates

Publication Date
20260505
Application Date
20221019

Claims (8)

  1. 1. The real-time hierarchical scheduling method for the embedded device TEE of the industrial control system is characterized by comprising the following steps of: S1, initializing safe environment and unsafe environment parameters, initializing real-time task parameters, loading user tasks and starting an environment scheduler in the safe environment in the unsafe environment of an embedded device of an industrial control system in which a TEE is deployed; S2, the environment scheduler supplements budget and updates deadlines for the safe environment and the unsafe environment according to the current environment parameters, and sets the two environments into an operable state; S3, setting a safety timer by the environment scheduler according to the next scheduling event, and then jumping to the safety scheduler of the safety environment in the step S4 or the scheduler of the non-safety environment in the step S5 according to the environment priority algorithm, wherein the next scheduling event comprises the task entering queue with high priority, budget supplement and task completion, and the adopted environment priority algorithm is a delayed monotonic rate algorithm, and the current task is a delayed monotonic rate algorithm Delay preemption state time The method comprises the following steps: Wherein the method comprises the steps of To preempt tasks Is used for the task deadline of (1), For the current moment of time, For the task Is used for the task run-time of (1), And Respectively tasks Is used for cutting out and cutting in time; s4, the safety dispatcher consumes the budget supplemented in the step S2, updates the budget for the safety real-time task and switches the safety real-time task to execute according to the safety dispatching algorithm; S5, switching the non-safety real-time task execution by the non-safety scheduler according to a non-safety scheduling algorithm; And S6, when the timing of the safety timer set in the step S3 is finished, interrupting the current task execution, saving the task context, and jumping to the environment scheduler in the step S2.
  2. 2. The method for real-time hierarchical scheduling of an embedded device TEE of an industrial control system according to claim 1, wherein in step S1, the environment parameters include an environment budget, an environment deadline, an environment period and an environment state of a safe environment and a non-safe environment, and the environment state includes four types of in-operation, runnable, underbudgeted and idle, and is initially an underbudgeted state.
  3. 3. The method for real-time hierarchical scheduling of an industrial control system embedded device TEE according to claim 1, wherein in step S1, the initializing real-time task parameters specifically includes the following steps: s11, determining real-time task models of safe and unsafe environments; s12, carrying out comprehensive schedulable analysis on the real-time task model obtained in the step S11; and S13, generating real-time task parameters including task budget, task running time, task deadline, task period and task priority.
  4. 4. The method for real-time hierarchical scheduling of an embedded device TEE of an industrial control system according to claim 1, wherein in step S2, the environment parameters are the initialization parameters in step S1 when the embedded device is initialized, and the environment parameters are updated in a secure environment by an environment scheduler after the initialization.
  5. 5. The method for real-time hierarchical scheduling of an industrial control system embedded device TEE according to claim 1, wherein the step S2 of supplementing the budget specifically comprises the steps of: S21, updating the execution budget, and jumping to the step S22 if the execution budget is smaller than the consumption, and jumping to the step S24 if the execution budget is not smaller than the consumption; S22, comparing the head budget of the supplementary area with the consumption, if the head budget of the supplementary area is smaller than the consumption, jumping to the step S23, otherwise jumping to the step S24; s23, subtracting the head budget of the supplementary area from the consumption, assigning the head budget of the original supplementary area to the tail, moving the whole budget of the supplementary area upwards, and jumping to the step S22; and S24, combining the execution budget and the head budget, and completing budget replenishment.
  6. 6. The method for real-time hierarchical scheduling of an industrial control system embedded device TEE according to claim 1, wherein in step S4, the safety scheduler switches safety real-time task execution according to a monotonic rate algorithm, including RTU management control task, real-time I/O interrupt task, excess analog input reporting task and status mutation reporting task, safety task Priority of (3) The calculation method is as follows: Wherein the method comprises the steps of For the safety weight, the safety importance of the task is embodied, For a task cycle, the shorter the cycle, the higher the priority, Is an urgency coefficient.
  7. 7. The method according to claim 1, wherein in step S5, the unsafe scheduler switches unsafe real-time task execution according to a round robin scheduling algorithm, including kWh counter monitor tasks, real-time I/O driver tasks, and real-time network transmission tasks.
  8. 8. The method for real-time hierarchical scheduling of an industrial control system embedded device TEE according to claim 1, wherein in step S6, the task context is a structure body including a task cycle, a task budget, a task deadline, a supplement zone length, a supplement zone header, a supplement zone tail, and an execution budget supplement section, wherein the execution budget supplement section is variable in length and the other parameters are fixed in length.

Description

Real-time hierarchical scheduling method for embedded device TEE of industrial control system Technical Field The invention belongs to the technical field of real-time process management of an industrial control device (TEE), and particularly relates to a real-time hierarchical scheduling method of an industrial control system embedded device (TEE). Background In an industrial control system embedded device real-time system, security, criticality and timeliness are the most important attributes of a single real-time task (process). Security is the ability to maintain confidentiality and integrity in an attack. Trusted Execution Environments (TEEs) are based on hardware-provided isolation mechanisms, focusing on protecting the confidentiality and integrity of the system. The criticality, i.e., the importance of a task to the proper functioning of the system, is generally consistent with security. Therefore, the application of TEE effectively protects the security and criticality of the system. And timeliness refers to completing a particular task before a deadline. To ensure timeliness, schedulable analysis is often performed at design time, employing a set of real-time task characteristics (cycle, deadline, budget), and generating a set of scheduling parameters that ensure that all tasks have computing resources to complete before the deadline. However, implementing such a scheduler directly for all secure and non-secure processes can significantly increase the complexity of the TCB, thereby affecting the performance of the system. Currently, most TEE real-time process management is mainly responsible for global schedulers in non-secure environments, and the availability of the system cannot be guaranteed without schedulers in secure environments. If the global scheduler is moved directly into the secure environment, two problems arise. 1) The global scheduler still needs to understand the semantics of the non-secure tasks and maintain runtime information, which can significantly increase the complexity of the scheduler, 2) during scheduling, the secure environment assumes that the input information from the non-secure environment is malicious, thus minimizing the interaction of the two environments on the schedule. One scheduling method that has been employed to minimize interactions is idle scheduling, i.e., always prioritizing security tasks. But the security tasks do not necessarily require the shortest response time and therefore idle scheduling may lead to a decrease in overall system performance. In addition, conventional scheduling algorithms typically utilize a timer to interrupt at fixed intervals, the overhead of which can be tolerated in systems without a secure architecture. However, in TEE, context switching between secure and non-secure environments is complex, and overhead due to time slice interruption is unacceptable. Disclosure of Invention Therefore, the technical problem to be solved by the application is that the real-time process management for the embedded device TEE of the industrial control system in the prior art can obviously increase the complexity of the TCB, bring excessive interrupt overhead and influence the overall performance of the system, so that the application provides a real-time hierarchical scheduling method for the embedded device TEE of the industrial control system. According to the method, a safety scheduler for scheduling real-time tasks only according to priority is realized in the safety environment of the embedded device of the industrial control system with the deployed TEE, and the real-time availability of the system is effectively ensured. The method adopts a two-layer hierarchical scheduling design, decouples the safety and the real-time performance, minimizes the interaction between a safe environment and a non-safe environment, reduces the complexity of TCB and ensures the overall performance of the system. The method is based on event driving, and the interrupt is set according to the predictable scheduling event, so that the interrupt times in the scheduling process are greatly reduced, and the interrupt overhead of the system is remarkably reduced. In order to achieve the purpose, the technical scheme of the invention is as follows, the real-time hierarchical scheduling method of the embedded device TEE of the industrial control system comprises the following steps: S1, initializing safe environment and unsafe environment parameters, initializing real-time task parameters, loading user tasks and starting an environment scheduler in the safe environment in the unsafe environment of an embedded device of an industrial control system in which a TEE is deployed; S2, the environment scheduler supplements budget and updates deadlines for the safe environment and the unsafe environment according to the current environment parameters, and sets the two environments into an operable state; S3, setting a safety timer by the environment dispatcher according to