MPSoC hypervisor: The safe & secure future of avionics

□ Multicore only feasible path forward to improve processor performance □ Separation ◻ Provides safety and security by isolating independent functions and providing well-defined and characterized channels for interaction between those functions ◻ Reduces likelihood of covert side channels (security breach) as well as reducing chances of unanticipated consequences or failures (safety violation). □ To realize benefits of IMA, separation must be clearly demonstrated. ◻ Validation spans hardware and software, thus vendors of subsystems must cooperate with system integrator (and perhaps each other) to provide coordinated evidence of safety and security properties ◻ IMA security and safety properties of hardware and software cannot be considered in isolation - the whole system must be certified