The worst-case overhead for a container access control call on a Cortex-M microcontroller running TinyContainer is 4 ms. That’s the cost of bringing Docker-like multi-tenancy to devices too small for Linux.
TinyContainer is a middleware that sits between a real-time operating system like RIOT OS and multiple application containers. Each container gets its own configurable scheduler policy and a fine-grained permission table for host resources — memory regions, peripherals, timers. The approach is metadata-driven: a JSON-like container manifest defines capabilities at launch time, and the runtime abstraction layer lets you swap the underlying executor (they tested CS4WAMR, a small WebAssembly runtime, but the interface is generic).
Per-Container Scheduling and Access Control on Cortex-M
Current microcontroller container solutions — think Tock’s capsules or FreeRTOS-based isolation — either hardcode permissions at compile time or lack runtime reconfiguration. TinyContainer exposes an endpoint that allows an external controller to dynamically adjust container quotas and access rights without rebooting. The experiments used popular IoT boards based on Cortex-M0, M3, M4, and M7 cores. Overhead measurements ranged from sub-millisecond for simple permission checks up to 4 ms for a full context switch plus resource validation. That’s fast enough for soft real-time control loops in industrial IoT or sensor fusion.
TinyML: Containers Hold Weights, Host Runs Inference
The showcase use case is a TinyML pipeline. A container stores the model weights and input data securely, then calls a native host service via the TinyContainer endpoint to perform the actual inference. This keeps the model inside a sandboxed environment while leveraging the RTOS’s optimized math libraries and hardware acceleration. The result: multi-tenant sensors that can run competing ML models from different vendors on the same chip, each isolated from the host’s critical control tasks.
One detail the abstract doesn’t spell out but is implied by the architecture: the container can’t DMA directly to the accelerator — it must go through the host service. That’s a deliberate security boundary. If a container goes rogue, it can’t corrupt inference results or steal another tenant’s weights.
TinyContainer is still a research prototype — the next step should be a formal verification of its access control model and a port to Arm’s TrustZone-M for hardware-backed isolation. If those land, this 4 ms overhead might be the price of safety in the constrained edge. And it’s a price I’d pay.
Source: TinyContainer: Container Runtime Middleware Enabling Multi-tenant Microcontrollers with Built-in Security
Domain: arxiv.org
Comments load interactively on the live page.