Home Advertise Magazine Events NETV Directory
  


Virtualisation insecurity
28/04/2009 Email to a friend
 
Are hypervisors as secure as you think?

Virtualisation insecurityHypervisor technology is beginning to sprout up in real time telecommunications, mobile devices and other electronics products. But embedded systems have different requirements from data centres and a highly secure virtualisation environment enables some compelling applications.
A number of studies of virtualisation security and successful subversions of hypervisors have been published, demonstrating the risk of an 'escape' from the virtual machine (VM) layer, exposing all the guests, is very real. According to one analyst: "Virtualisation is essentially a new operating system … and it enables an intimate interaction between underlying hardware and the environment. The potential for messing things up is significant."
There is more to security than using the word 'secure' or 'trusted' in product names and, sadly, the world has become accustomed to the 'fail first, patch later' mentality of insecure software. Thus, many of the world's systems run insecure operating systems and hypervisors, leaving them open to compromise.

Secure virtualisation
Hypervisors typically employ a monolithic architecture, which requires a large body of operating software, including device drivers and middleware, to support the execution of one or more guest environments. In addition, the monolithic architecture often uses a single virtualisation component (itself a complicated piece of software) to support multiple guest environments. Thus, a single flaw in the hypervisor may result in a compromise of the fundamental guest environment separation intended by virtualisation in the first place.
An alternative, but similarly insecure, approach uses a trimmed down hypervisor that runs in the microprocessor's privileged mode, but which employs a special guest OS to handle I/O control and services for the other guests. Thus, a complex, monolithic body of software must still be relied upon for system security.
Green Hills Software's virtualisation architecture places virtualisation complexity and related I/O drivers and middleware into user mode applications outside the trusted computing base, which contains only the secure microkernel: GHS' INTEGRITY. The microkernel provides low level hardware support, resource partitioning and scheduling for the virtual environments. A separate instance of the virtualisation infrastructure is used for each guest environment, precluding cross VM escapes.
The combination of virtualised and native applications on one processor provides a compelling cost and power efficient operating environment, ideal for embedded electronics and portable devices (see figure 1). This hybrid model also takes advantage of multicore processors by enabling concurrent execution of native and virtualised subsystems.
The flexibility afforded by virtualisation has proven powerful in the data centre and promises even more varied and compelling advantages throughout the electronics world. However, the proper virtualisation architecture can drastically improve security without sacrificing the utility of legacy software. INTEGRITY is appropriate for electronic products that demand a high level of security, reliability, and functionality.
 
Author
David Kleidermacher
 
 
Download Articles
 
greenhills.pdf
 
 
Supporting Information
http://www.arxan.com
http://www.ghs.com
 
This material is protected by Findlay Media copyright 2010.
See Terms and Conditions.
One-off usage is permitted but bulk copying is not.
For multiple copies contact the sales team.
 
Bookmark this article using:
 
Del.icio.us digg reddit Facebook StumbleUpon
 
 
Your comments / feedback
Do you have any comments or feedback on this article? Please contact us by filling in the form below.
NameHide name
Your Email Address
Comments
Send
We may edit your comments and not all entries will be published.
Terms and Conditions
To comment on news stories or blogs you need to complete our 60 second registration process. Once completed this then allows you to download any and all white papers, register for e-zines and access our detailed supplier directory for FREE.

If you are all ready a registered user then enter your e-mail address and login.

You will need to have logged in prior to entering your comments in the boxes provided.

Please enter your email address to login and gain free access to this site.
 
If you are using this site for the first time registration is quick and completely free.
 
Register Now - Register Now


Email Address :  

Remember Me: - If this box is ticked you will be automatically logged in when you return.

Important: To protect your privacy, do not select 'Remember Me' if other users have access to the computer you are using.

 
Related Companies
Green Hills Software Ltd
 
 
Related News
BEEAs 2010 shortlist announced
 
GlobalFoundries aims for high volume 28nm manufacturing
 
Integrated graphics microprocessors take over notebook pc market
 
Intel buys Infineon’s wireless business for $1.4bn
 
MEMS motion sensing technology enables development of portable cpr rescue device
 
 
Related Technology
Operating under more pressure: Embedded microcontrollers
 
A tale of two cities - UK Electronics England
 
Flower of Scotland - UK Electronics Scotland
 
In good shape - UK Electronics Overview
 
Making a difference - UK Electronics Skills
 
 
Related Products
Multichannel rf remote control application board
 
High-current 200A crimp module joins modular connector family
 
Sponsored by RS Components: DesignSpark PCB, a free professional standard PCB design software tool
 
HiFi audio dsp first ip core approved for Dolby MS10 multistream decoder
 
MOSFETs handle the rigours of VoIP communication equipment
 
 
Related Events
Supporting the Delivery of Safety: Services to help you achieve and assure safety – A seminar and exhibition.
 
Windows Embedded Standard 7 Workshop
 
Green Power Electronics Seminars
 
Green Power Electronics Seminars
 
EMCUK
 
 
Downloads
greenhills.pdf