To address the lack of temporal isolation and unpredictable real-time performance in mixed-criticality systems (MCS) on highly heterogeneous SoCs—caused by memory bandwidth contention among virtual machines (VMs) in virtualized environments—this paper proposes a VM-centric memory bandwidth reservation mechanism operating at the hypervisor layer. Implemented atop Xen, it hijacks the memory controller and enforces periodic bandwidth quotas via DRAM access modeling and VM-level traffic shaping, requiring no guest OS modifications or specialized hardware. It is the first hypervisor-level solution offering OS- and platform-agnostic, lightweight, fine-grained inter-VM bandwidth control. Evaluation shows zero overhead for unconstrained workloads and sub-1% overhead for constrained ones under ≥2 μs scheduling periods. The approach significantly improves bandwidth determinism and predictability for high-priority safety-critical tasks, thereby bridging a critical gap in temporal isolation for virtualized MCS deployments.

Recent advancements in fields such as automotive and aerospace have driven a growing demand for robust computational resources. Applications that were once designed for basic MCUs are now deployed on highly heterogeneous SoC platforms. While these platforms deliver the necessary computational performance, they also present challenges related to resource sharing and predictability. These challenges are particularly pronounced when consolidating safety and non-safety-critical systems, the so-called Mixed-Criticality Systems (MCS) to adhere to strict SWaP-C requirements. MCS consolidation on shared platforms requires stringent spatial and temporal isolation to comply with functional safety standards. Virtualization, mainly leveraged by hypervisors, is a key technology that ensures spatial isolation across multiple OSes and applications; however, ensuring temporal isolation remains challenging due to contention on shared hardwar resources, which impacts real-time performance and predictability. To mitigate this problem, several strategies as cache coloring and memory bandwidth reservation have been proposed. Although cache coloring is typically implemented on state-of-the-art hypervisors, memory bandwidth reservation approaches are commonly implemented at the Linux kernel level or rely on dedicated hardware and typically do not consider the concept of VMs that can run different OSes. To fill the gap between current memory bandwidth reservation solutions and the deployment of MCSs that operate on a hypervisor, this work introduces H-MBR, an open-source VM-centric memory bandwidth reservation mechanism. H-MBR features (i) VM-centric bandwidth reservation, (ii) OS and platform agnosticism, and (iii) reduced overhead. Empirical results evidenced no overhead on non-regulated workloads, and negligible overhead (<1%) for regulated workloads for regulation periods of 2 us or higher.