Security: Hypervisor technology makes even PCs secure

Computers running Microsoft Windows operating systems are notorious for high “hackability.” Other desktop operating systems have similar vulnerabilities as well. Green Hills Software introduced a hypervisor system that the company claims can virtually eliminate such security problems in PC-based systems by creating “virtual processors” that isolate sensitive data and operations from activities that connect to the outside world via the World Wide Web.

12/27/2007


Computers running Microsoft Windows operating systems are notorious for high “hackability.” In fact, this reporter just had to install a patch to close yet another Microsoft Windows XP vulnerability. Other desktop operating systems have similar vulnerabilities as well. These vulnerabilities make securing sensitive information and protecting PC-based control systems particularly difficult. Green Hills Software introduced a hypervisor system that the company claims can virtually eliminate security problems in PC-based systems by creating “virtual processors” that isolate sensitive data and operations from activities that connect to the outside world via the World Wide Web.
The company claims Padded Cell Secure Hypervisor is the worlds first secure hypervisor and supports computing platforms from embedded devices to enterprise desktop and server systems. The hypervisor runs atop the company’s Integrity separation kernel, which the company says is the only operating system ever to be accepted by a U.S. National Information Assurance Partnership (NIAP) into a high assurance (EAL6+) Common Criteria security evaluation.
A hypervisor runs directly on the computer hardware. Its main function is to simulate multiple virtual machines that behave like separate, isolated processors. Each virtual machine runs its own operating system, has its own isolated memory and hard-disk storage space, and application programs. Any virtual machine can run any operating system the hardware processor can run.
The hypervisor interfaces to all signals the virtual-machine operating system would use to control the hardware, and passes them to the actual hardware. The hardware acts on those signals as if they were coming directly from the virtual machine. The hypervisor also schedules hardware resources for each of the virtual machines on an as-needed basis. Thus, each virtual machine thinks it has exclusive control of the hardware, and the hardware thinks there is only one virtual machine.
Firewalls, anti-virus software, and other security applications run in the hypervisor, nullifying virtual machine vulnerabilities by blocking attacks before they reach the virtual machines. For example, a user would create one virtual machine with a connection to the Internet and keep all sensitive and irreplaceable databases and documents, as well as all control applications on separate virtual machines.
If a corrupt file or hacker attack comes in through the Internet, it only affects the one Internet-connected virtual machine, where there is no sensitive data and no control applications to compromise. If that machine becomes too disrupted to clean, it is a simple matter to delete it and initialize another Internet-connected virtual machine.
When a file, for example, comes in from the Internet from a known-friendly source and needs to be used by an application on one of the secure virtual machines, it has to go through the hypervisor with its security features before being passed to the appropriate virtual machine.
Internet-connected embedded systems, as well as the development systems designers use to create software for them face an increasing need for security. Hypervisor technology is one high-assurance way to implement it.
C.G. Masi , senior editor





No comments
The Engineers' Choice Awards highlight some of the best new control, instrumentation and automation products as chosen by...
The System Integrator Giants program lists the top 100 system integrators among companies listed in CFE Media's Global System Integrator Database.
The Engineering Leaders Under 40 program identifies and gives recognition to young engineers who...
This eGuide illustrates solutions, applications and benefits of machine vision systems.
Learn how to increase device reliability in harsh environments and decrease unplanned system downtime.
This eGuide contains a series of articles and videos that considers theoretical and practical; immediate needs and a look into the future.
Salary and career survey: Benchmarks and advice; Designing controls; Remote data collection, historians; Control valve advances; Hannover Messe; Control Engineering International
System integration: Best practices and technologies to help; Virtualization virtues; Cyber security advice; Motor system efficiency, savings; Product exclusives; Road to Hannover
Collaborative robotics: How to improve safety, return on investment; Industrial Internet of Things, Industrie 4.0: World views; High-performance HMI, Information Integration: OPC and OMG
This article collection contains several articles on the Industrial Internet of Things (IIoT) and how it is transforming manufacturing.
PLCs, robots, and the quest for a single controller; how OEE is key to automation solutions.

Find and connect with the most suitable service provider for your unique application. Start searching the Global System Integrator Database Now!

Getting to the bottom of subsea repairs: Older pipelines need more attention, and operators need a repair strategy; OTC preview; Offshore production difficult - and crucial
Digital oilfields: Integrated HMI/SCADA systems enable smarter data acquisition; Real-world impact of simulation; Electric actuator technology prospers in production fields
Special report: U.S. natural gas; LNG transport technologies evolve to meet market demand; Understanding new methane regulations; Predictive maintenance for gas pipeline compressors
click me