Security: Hypervisor technology makes even PCs secure

Computers running Microsoft Windows operating systems are notorious for high “hackability.” Other desktop operating systems have similar vulnerabilities as well. Green Hills Software introduced a hypervisor system that the company claims can virtually eliminate such security problems in PC-based systems by creating “virtual processors” that isolate sensitive data and operations from activities that connect to the outside world via the World Wide Web.

12/27/2007


Computers running Microsoft Windows operating systems are notorious for high “hackability.” In fact, this reporter just had to install a patch to close yet another Microsoft Windows XP vulnerability. Other desktop operating systems have similar vulnerabilities as well. These vulnerabilities make securing sensitive information and protecting PC-based control systems particularly difficult. Green Hills Software introduced a hypervisor system that the company claims can virtually eliminate security problems in PC-based systems by creating “virtual processors” that isolate sensitive data and operations from activities that connect to the outside world via the World Wide Web.
The company claims Padded Cell Secure Hypervisor is the worlds first secure hypervisor and supports computing platforms from embedded devices to enterprise desktop and server systems. The hypervisor runs atop the company’s Integrity separation kernel, which the company says is the only operating system ever to be accepted by a U.S. National Information Assurance Partnership (NIAP) into a high assurance (EAL6+) Common Criteria security evaluation.
A hypervisor runs directly on the computer hardware. Its main function is to simulate multiple virtual machines that behave like separate, isolated processors. Each virtual machine runs its own operating system, has its own isolated memory and hard-disk storage space, and application programs. Any virtual machine can run any operating system the hardware processor can run.
The hypervisor interfaces to all signals the virtual-machine operating system would use to control the hardware, and passes them to the actual hardware. The hardware acts on those signals as if they were coming directly from the virtual machine. The hypervisor also schedules hardware resources for each of the virtual machines on an as-needed basis. Thus, each virtual machine thinks it has exclusive control of the hardware, and the hardware thinks there is only one virtual machine.
Firewalls, anti-virus software, and other security applications run in the hypervisor, nullifying virtual machine vulnerabilities by blocking attacks before they reach the virtual machines. For example, a user would create one virtual machine with a connection to the Internet and keep all sensitive and irreplaceable databases and documents, as well as all control applications on separate virtual machines.
If a corrupt file or hacker attack comes in through the Internet, it only affects the one Internet-connected virtual machine, where there is no sensitive data and no control applications to compromise. If that machine becomes too disrupted to clean, it is a simple matter to delete it and initialize another Internet-connected virtual machine.
When a file, for example, comes in from the Internet from a known-friendly source and needs to be used by an application on one of the secure virtual machines, it has to go through the hypervisor with its security features before being passed to the appropriate virtual machine.
Internet-connected embedded systems, as well as the development systems designers use to create software for them face an increasing need for security. Hypervisor technology is one high-assurance way to implement it.
C.G. Masi , senior editor





No comments
The Engineers' Choice Awards highlight some of the best new control, instrumentation and automation products as chosen by...
The System Integrator Giants program lists the top 100 system integrators among companies listed in CFE Media's Global System Integrator Database.
The Engineering Leaders Under 40 program identifies and gives recognition to young engineers who...
This eGuide illustrates solutions, applications and benefits of machine vision systems.
Learn how to increase device reliability in harsh environments and decrease unplanned system downtime.
This eGuide contains a series of articles and videos that considers theoretical and practical; immediate needs and a look into the future.
Mobile HMI; PID tuning tips; Mechatronics; Intelligent project management; Cybersecurity in Russia; Engineering education; Road to IANA
Save energy with automation; Process control system upgrades; Dispelling controll myths; Time-sensitive networking; Control system integration; Road to IANA
Additive manufacturing advancements; Machine vision enhances robotics; Fieldbus evolution; Process safety; Advice from System Integrators of the Year; Road to IANA
This article collection contains several articles on the Industrial Internet of Things (IIoT) and how it is transforming manufacturing.

Find and connect with the most suitable service provider for your unique application. Start searching the Global System Integrator Database Now!

Flexible offshore fire protection; Big Data's impact on operations; Bridging the skills gap; Identifying security risks
The digital oilfield: Utilizing Big Data can yield big savings; Virtualization a real solution; Tracking SIS performance
Getting to the bottom of subsea repairs: Older pipelines need more attention, and operators need a repair strategy; OTC preview; Offshore production difficult - and crucial
click me