News Archive (1999-2012) | 2013-current at LinuxGizmos | IoT and Embedded News Feed |    About   

Secure hypervisor runs Linux from “Padded Cell”

Dec 11, 2007 — by Eric Brown — from the LinuxDevices Archive — 6 views

Green Hills Software announced a technology it calls “the world's first secure hypervisor.” The Linux-compatible Padded Cell Secure Hypervisor runs atop Green Hill's Integrity separation kernel and real-time operating system (RTOS), and boasts secure virtualization capability for platforms ranging from embedded… devices to enterprise servers.

The Padded Cell Secure Hypervisor is designed to safely enable high-security systems to incorporate less secure legacy applications and operating systems, such as Linux and Windows, says Green Hills. Like other hypervisors, Padded Cell offers compartmentalization and virtualization of guest OSes, but with its EAL6+ (Evaluation Assurance Level) compliant security policies, Green Hills claims it can also solve vexing security challenges such as:

  • Safely browsing the Internet and using email
  • Trusting virus scanning software
  • Protecting personal and medical records
  • Authenticating cash withdrawals, wire transfers, and point of sale transaction, and
  • Ensuring the availability and validity of electronic voting systems


Padded Cell Secure Hypervisor architecture

Back in 2004, Green Hills announced that its new “Padded Cell technology” (PCT) was being integrated with Integrity, but now the technology appears to be formulated into a distinct hypervisor product. PCT was said to implement a “virtual computer” in a user-mode application that runs on top of Integrity, enabling multiple PCT applications to run concurrently on a computer, with each hosting its own guest OS.

Today, Green Hills appears to ascribe similar capabilities to the Padded Cells Secure Hypervisor, claiming it interposes proven separation technology between virtual machines and ensures that the virtualization software runs as an application. That is, the separation layer runs guest OSes as user-mode Integrity applications. As a result, says the company, the virtualization software is unable to circumvent the security policies of the separation kernel, and therefore the computer is less vulnerable to enabling an attacker to take over all the operating environments running on a computer.

In terms of its ability to run guest OSes entirely in processor user-mode, the Padded Cell appears to resemble Trango's Hypervisor. As with another hypervisor contender, VirtualLogix's VLX, Padded Cell is said to exploit the latest hardware virtualization technologies, including Intel vPro. Additionally, then known as “Jaluna,” VirtualLogix in 2005 spearheaded a project to use its own virtualization technology to enable a version of Linux certifiable to EAL5 levels.

According to Green Hills, the underlying Integrity RTOS is the only OS accepted by a U.S. NIAP (National Information Assurance Partnership) lab into a high assurance (EAL6+) Common Criteria security evaluation. Integrity has been especially successful in high-security environments such as the military and aerospace firms.

Stated Green Hills' founder and CEO Dan O'Dowd, a long-time Linux skeptic who once claimed that Linux was a “national security risk,” “Everybody has become accustomed to the fail-first, patch-later mentality adopted by the world's largest software organizations and products. The fact is that it is possible to build totally secure, hacker-proof software upon which critical computing assets and resources can depend. Our introduction of Padded Cell Secure Hypervisor continues to demonstrate this.”

Availability

Green Hills did not offer information on pricing and availability, but said that the Padded Cell Secure Hypervisor supports desktop and server OSes such as Solaris, Red Hat Linux, BSD, and Windows, and runs guest embedded operating systems such as Integrity, VxWorks, and Linux (listed last, naturally.)


 
This article was originally published on LinuxDevices.com and has been donated to the open source community by QuinStreet Inc. Please visit LinuxToday.com for up-to-date news and articles about Linux and open source.



Comments are closed.