Security: Hypervisor technology makes even PCs secure

Computers running Microsoft Windows operating systems are notorious for high “hackability.” Other desktop operating systems have similar vulnerabilities as well. Green Hills Software introduced a hypervisor system that the company claims can virtually eliminate such security problems in PC-based systems by creating “virtual processors” that isolate sensitive data and operations from activities that connect to the outside world via the World Wide Web.

12/27/2007


Computers running Microsoft Windows operating systems are notorious for high “hackability.” In fact, this reporter just had to install a patch to close yet another Microsoft Windows XP vulnerability. Other desktop operating systems have similar vulnerabilities as well. These vulnerabilities make securing sensitive information and protecting PC-based control systems particularly difficult. Green Hills Software introduced a hypervisor system that the company claims can virtually eliminate security problems in PC-based systems by creating “virtual processors” that isolate sensitive data and operations from activities that connect to the outside world via the World Wide Web.
The company claims Padded Cell Secure Hypervisor is the worlds first secure hypervisor and supports computing platforms from embedded devices to enterprise desktop and server systems. The hypervisor runs atop the company’s Integrity separation kernel, which the company says is the only operating system ever to be accepted by a U.S. National Information Assurance Partnership (NIAP) into a high assurance (EAL6+) Common Criteria security evaluation.
A hypervisor runs directly on the computer hardware. Its main function is to simulate multiple virtual machines that behave like separate, isolated processors. Each virtual machine runs its own operating system, has its own isolated memory and hard-disk storage space, and application programs. Any virtual machine can run any operating system the hardware processor can run.
The hypervisor interfaces to all signals the virtual-machine operating system would use to control the hardware, and passes them to the actual hardware. The hardware acts on those signals as if they were coming directly from the virtual machine. The hypervisor also schedules hardware resources for each of the virtual machines on an as-needed basis. Thus, each virtual machine thinks it has exclusive control of the hardware, and the hardware thinks there is only one virtual machine.
Firewalls, anti-virus software, and other security applications run in the hypervisor, nullifying virtual machine vulnerabilities by blocking attacks before they reach the virtual machines. For example, a user would create one virtual machine with a connection to the Internet and keep all sensitive and irreplaceable databases and documents, as well as all control applications on separate virtual machines.
If a corrupt file or hacker attack comes in through the Internet, it only affects the one Internet-connected virtual machine, where there is no sensitive data and no control applications to compromise. If that machine becomes too disrupted to clean, it is a simple matter to delete it and initialize another Internet-connected virtual machine.
When a file, for example, comes in from the Internet from a known-friendly source and needs to be used by an application on one of the secure virtual machines, it has to go through the hypervisor with its security features before being passed to the appropriate virtual machine.
Internet-connected embedded systems, as well as the development systems designers use to create software for them face an increasing need for security. Hypervisor technology is one high-assurance way to implement it.
C.G. Masi , senior editor





No comments
The Engineers' Choice Awards highlight some of the best new control, instrumentation and automation products as chosen by...
Each year, a panel of Control Engineering editors and industry expert judges select the System Integrator of the Year Award winners.
Control Engineering Leaders Under 40 identifies and gives recognition to young engineers who...
Learn more about methods used to ensure that the integration between the safety system and the process control...
Adding industrial toughness and reliability to Ethernet eGuide
Technological advances like multiple-in-multiple-out (MIMO) transmitting and receiving
Big plans for small nuclear reactors: Simpler, safer control designs; Smarter manufacturing; Industrial cloud; Mobile HMI; Controls convergence
Virtualization advice: 4 ways splitting servers can help manufacturing; Efficient motion controls; Fill the brain drain; Learn from the HART Plant of the Year
Two sides to process safety: Combining human and technical factors in your program; Preparing HMI graphics for migrations; Mechatronics and safety; Engineers' Choice Awards
The Ask Control Engineering blog covers all aspects of automation, including motors, drives, sensors, motion control, machine control, and embedded systems.
Join this ongoing discussion of machine guarding topics, including solutions assessments, regulatory compliance, gap analysis...
News and comments from Control Engineering process industries editor, Peter Welander.
IMS Research, recently acquired by IHS Inc., is a leading independent supplier of market research and consultancy to the global electronics industry.
This is a blog from the trenches – written by engineers who are implementing and upgrading control systems every day across every industry.
Anthony Baker is a fictitious aggregation of experts from Callisto Integration, providing manufacturing consulting and systems integration.
Integrator Guide

Integrator Guide

Search the online Automation Integrator Guide
 

Create New Listing

Visit the System Integrators page to view past winners of Control Engineering's System Integrator of the Year Award and learn how to enter the competition. You will also find more information on system integrators and Control System Integrators Association.

Case Study Database

Case Study Database

Get more exposure for your case study by uploading it to the Control Engineering case study database, where end-users can identify relevant solutions and explore what the experts are doing to effectively implement a variety of technology and productivity related projects.

These case studies provide examples of how knowledgeable solution providers have used technology, processes and people to create effective and successful implementations in real-world situations. Case studies can be completed by filling out a simple online form where you can outline the project title, abstract, and full story in 1500 words or less; upload photos, videos and a logo.

Click here to visit the Case Study Database and upload your case study.