Secure Embedded Virtualization - Star Lab · Star Lab’s Crucible hypervisor provides a trusted...
Transcript of Secure Embedded Virtualization - Star Lab · Star Lab’s Crucible hypervisor provides a trusted...
Star Lab’s Crucible hypervisor provides a trusted execution environment that addresses concerns unique to mission-critical computing:• Secure boot• Logical Isolation• Runtime integrity• Technology protection• Deterministic performance • Mission systems compatibility
Crucible is built upon the open-source and widely-deployed Xen Project1, and is specifically designed for use in hostile computing environments. Crucible operates as trusted supervisory software within the processor – configuring and controlling both hardware resources and software execution in order to ensure and maintain the integrity of system operations.
Secure Embedded Virtualization
202.706.7027
www.starlab.io
Crucible leverages hardware-based roots-of-trust to perform a secure boot process, and can optionally leverage hardware-provided security services at runtime. During system operation, the hypervisor enforces logical isolation such that software loads execute within private enclaves, even though they may be running on a single physical processor board.
Crucible also has strong technology protections and anti-reverse engineering features built directly into the hypervisor. These features ensure that sensitive applications and data within the system remain protected against unauthorized access, theft, and malicious modification – even in the face of dedicated hackers and reverse engineers.
1 https://www.xenproject.org
Crucible Runtime Architecture
Crucible Security Hypervisor
Mini OSLinux Windows Unikernel
Library OSBSP
Host Hardware
MissionDomain
ControlDomain
Micro-serviceDomain(s)
SupportDomain
Scheduler Security
DriverDomain(s)
Device Input/Output
Exceptions and Interrupts
DevicesMemory CPUs
AppApp
Kernel
APIsVM MgmtMiddleware
Kernel
APIs
JavaApp App
Kernel
JVMLibC
MemoryAccess
Inter VM Communcation
MMU
Technical Specifications:Crucible Core Functionality Type-1 (Bare Metal) 64-bit hypervisor based upon Xen 4.8+ 64-bit dom0 (mini-
malized Linux), isolated driver domains, SMP/AMP guest VMs
Supported Micro-architectures Intel Haswell, Broadwell, Skylake (x86-64), ARM Cortex A15, A53
Processing Cores and Memory 1 - 4096 processing cores, 1GB - 5TB system memory
VM Operating Systems Linux (PVH), Windows (HVM), VxWorks (PV), FreeRTOS
VM Image Format Default: RAW, Available: QCOW, QCOW2
Supported Virtualization Modes Default: PVH, Available: HVM, PV, PVHVM
Processor/Chipset Features Intel VTX, VTD (IOMMU), EPT, SMX, AES-NI, VE (ARM), TPM, UEFI
Performance Features Non-oversubscription of resources, VM scheduling determinism, interrupt control
Security Features Secure Boot, Software Encryption, Anti-debug, OS Hardening, Deprivileged root
Multi-Level Security Support Memory/Process Isolation, Mandatory Access Control (Logical/Virtual/Physical)
Star Lab Corporation1221 Connecticut Ave NWWashington, DC 20036
CRUCIBLE FEATURES
SECURE BOOT
Crucible’s TrueBoot functionality uses a trusted instantiation process to ensure that it will only decrypt and execute sensitive application software within authorized and verified embedded computing environments. On non-authorized, instrumented or modified hardware, the software remains fully- protected against exposure and reverse-engineering attacks.
TECHNOLOGY PROTECTION
Crucible is uniquely designed to shield sensitive software technologies from unauthorized access, theft, or reverse engineering. These protections are in place at rest, during boot, and throughout system operation. In addition to TrueBoot, Crucible provides runtime memory protection and anti-debug capabilities to protect sensitive applications at runtime.
LOGICAL ISOLATION
Crucible is configured to isolate execution domains from each other and rogue peripheral hardware. This provides the foundation for cyber attack isolation by preventing errant or malicious code in one domain from being able to read/write memory, manipulate resources, or otherwise affect operations in another domain. Furthermore, the memory protections configured by Crucible ensure that the hypervisor remains isolated from the execution domains as well as malicious peripheral hardware.
HIGH-ASSURANCE OPERATIONS
Crucible implements a number of best practices required for high-assurance systems, including comprehensive auditing of system activities, mandatory access control policies, and secure-by-default configuration options. Additionally, the hypervisor is optionally able to perform runtime integrity monitoring of core service and application VMs.
PROCESSING DETERMINISM
The Crucible Foundry Tools enable pre-defined allocation and non-oversubscription of hardware resources to ensure processing determinism at the VM. This ensures critical applications within each execution domain are able to complete operations in a fixed amount of time without interruption. Furthermore, dedicated peripheral assignment and scheduling frequency for each VM are configurable to guarantee that critical services cannot be interrupted by less-critical VM instances.
MISSION SYSTEMS COMPATIBILITY
Compatibility with existing production infrastructure is paramount to successful adoption of Crucible. Several high- priority compatibility issues are currently being addressed including: 1) support for existing operating systems and software code bases, 2) support for both older and newer processor architectures, and 3) support for common bus protocols, backplanes, peripheral hardware, and middleware/management controls.
https://starlab.io202.706.7027
Pricing data available upon request. Contact Star Lab to schedule a demonstration.