- Notifications
You must be signed in to change notification settings - Fork724
A secure embedded operating system for microcontrollers
License
Apache-2.0, MIT licenses found
Licenses found
tock/tock
Folders and files
| Name | Name | Last commit message | Last commit date | |
|---|---|---|---|---|
Repository files navigation
Tock is an embedded operating system designed for running multiple concurrent,mutually distrustful applications on Cortex-M and RISC-V based embeddedplatforms. Tock's design centers around protection, both from potentiallymalicious applications and from device drivers. Tock uses two mechanisms toprotect different components of the operating system. First, the kernel anddevice drivers are written in Rust, a systems programming language that providescompile-time memory safety and type safety. Tock uses Rust to protect the kernel(e.g. the scheduler and hardware abstraction layer) from platform specificdevice drivers as well as isolate device drivers from each other. Second, Tockuses memory protection units to isolate applications from each other and thekernel.
Tock is now on its second major release! For a summary of the latest newfeatures and improvements, check out thechangelog.
There are a variety of resources for learning about Tock, contributing to theproject, and getting help.
- About Tock
- The Tock Book: online tutorials and documentation
- Getting Started with Secure Embedded Systems: Tock textbook
- Developing Tock
- Getting Help
The Tock project adheres to the RustCode of Conduct.
All contributors, community members, and visitors are expected to familiarizethemselves with the Code of Conduct and to follow these standards in allTock-affiliated environments, which includes but is not limited to repositories,chats, and meetup events. For moderation issues, please contact members of the@tock/core-wg.
Amit Levy, Bradford Campbell, Branden Ghena, Daniel B. Giffin, Pat Pannuto, Prabal Dutta, and Philip Levis. 2017. Multiprogramming a 64kB Computer Safely and Efficiently. In Proceedings of the 26th Symposium on Operating Systems Principles (SOSP ’17). Association for Computing Machinery, New York, NY, USA, 234–251. DOI:https://doi.org/10.1145/3132747.3132786
Bibtex
@inproceedings{levy17multiprogramming, title = {Multiprogramming a 64kB Computer Safely and Efficiently}, booktitle = {Proceedings of the 26th Symposium on Operating Systems Principles}, series = {SOSP'17}, year = {2017}, month = {10}, isbn = {978-1-4503-5085-3}, location = {Shanghai, China}, pages = {234--251}, numpages = {18}, url = {http://doi.acm.org/10.1145/3132747.3132786}, doi = {10.1145/3132747.3132786}, acmid = {3132786}, publisher = {ACM}, address = {New York, NY, USA}, conference-url = {https://www.sigops.org/sosp/sosp17/}, author = {Levy, Amit and Campbell, Bradford and Ghena, Branden and Giffin, Daniel B. and Pannuto, Pat and Dutta, Prabal and Levis, Philip},}This is the primary paper that describes the design considerations of Tock.
Other Tock-related papers
There are two shorter papers that look at potential limitations of the Rust language for embedded software development. The earlier PLOS paper lays out challenges and the later APSys paper lays out potential solutions. Some persons describing work on programming languages and type theory may benefit from these references, but generally, most work should cite the SOSP paper above.
@inproceedings{levy17rustkernel,title = {The Case for Writing a Kernel in Rust},booktitle = {Proceedings of the 8th Asia-Pacific Workshop on Systems},series = {APSys '17},year = {2017},month = {9},isbn = {978-1-4503-5197-3},location = {Mumbai, India},pages = {1:1--1:7},articleno = {1},numpages = {7},url = {http://doi.acm.org/10.1145/3124680.3124717},doi = {10.1145/3124680.3124717},acmid = {3124717},publisher = {ACM},address = {New York, NY, USA},conference-url = {https://www.cse.iitb.ac.in/~apsys2017/},author = {Levy, Amit and Campbell, Bradford and Ghena, Branden and Pannuto, Pat and Dutta, Prabal and Levis, Philip},}@inproceedings{levy15ownership,title = {Ownership is Theft: Experiences Building an Embedded {OS} in {R}ust},booktitle = {Proceedings of the 8th Workshop on Programming Languages and Operating Systems},series = {PLOS 2015},year = {2015},month = {10},isbn = {978-1-4503-3942-1},doi = {10.1145/2818302.2818306},url = {http://dx.doi.org/10.1145/2818302.2818306},location = {Monterey, CA},publisher = {ACM},address = {New York, NY, USA},conference-url = {http://plosworkshop.org/2015/},author = {Levy, Amit and Andersen, Michael P and Campbell, Bradford and Culler, David and Dutta, Prabal and Ghena, Branden and Levis, Philip and Pannuto, Pat},}There is also a paper on the Tock security model. The threat model documentation in the docs/ folder is the source of truth for the current Tock threat model, but this paper represents a snapshot of the reasoning behind the Tock threat model and details how it compares to those in similar embedded OSes.
@inproceedings{10.1145/3517208.3523752,author = {Ayers, Hudson and Dutta, Prabal and Levis, Philip and Levy, Amit and Pannuto, Pat and Van Why, Johnathan and Watson, Jean-Luc},title = {Tiered Trust for Useful Embedded Systems Security},year = {2022},isbn = {9781450392556},publisher = {Association for Computing Machinery},address = {New York, NY, USA},url = {https://doi.org/10.1145/3517208.3523752},doi = {10.1145/3517208.3523752},booktitle = {Proceedings of the 15th European Workshop on Systems Security},pages = {15–21},numpages = {7},keywords = {security, embedded systems, operating systems, IoT},location = {Rennes, France},series = {EuroSec '22}}Licensed under either of
- Apache License, Version 2.0 (LICENSE-APACHE orhttp://www.apache.org/licenses/LICENSE-2.0)
- MIT license (LICENSE-MIT orhttp://opensource.org/licenses/MIT)
at your option.
Unless you explicitly state otherwise, any contribution intentionally submittedfor inclusion in the work by you, as defined in the Apache-2.0 license, shallbe dual licensed as above, without any additional terms or conditions.
About
A secure embedded operating system for microcontrollers