We worked with Curtiss Wright by pre-integrating these two technologies. Integration of the CHAMP XD1 and Titanium Security Hypervisor followed a number of steps leading us to the final solution; steps that can be followed by anyone for the same results. The integration was straightforward. Here's how we did it:
Read MoreIn an FCW research report, 72% of respondents were comfortable running mission-critical systems on virtual machines, and that was in 2013. At the time of this writing (2021), that number is even higher, and programs are considering the size, weight, and power (SWaP), development, and security costs of virtualization for their next-generation programs. When you consider the benefits of virtualization on defense platforms, it's easy to understand why. Consider the following benefits:
Read MoreOne strategy for delivering software of the highest quality is practicing Continuous Integration and Delivery (CI/CD). While CI/CD is a relatively common quality assurance practice among software applications, it is much more difficult to use with low-level software such as kernel and embedded applications.
There are many existing virtualization solutions, but few of them are well suited for use in CI. For this reason, we developed Transient, an open-source QEMU-wrapper focused on ease-of-use within a CI/CD pipeline. Ultimately, Transient makes testing applications on virtualized hardware a much more simple and painless endeavour.
Read MoreStar Lab has long believed that Secure by Design is the best strategy for approaching security problems. To understand why this principle guides our work, you first need to understand the difficult class of problems we hope to address.
Read MoreEarly computer architectures, like the first Acorn RISC Machine pictured in Figure 0, had no support for CPU virtualization. In the 30 years since, processor designers have added new hardware components to fully enable virtualization.
This article explores how the Xen hypervisor supports CPU virtualization on modern ARM processors. We will start with a short background on virtualization and Xen, followed by a discussion of how ARM supports CPU virtualization with the virtualization extensions and finishing with a discussion of how Xen utilizes these features.
We are focused specifically on the ARMv8 architecture, commonly referred to as AArch64, and systems that support the ARM virtualization extensions. We will be assuming that a device tree is used for hardware discovery as is the case for nearly all embedded ARM devices.
Read MoreThis article will explore how the Xen hypervisor uses the Memory Management Unit (MMU) on ARM architecture to support virtualization. We’ll take a brief look at the history and purpose of the MMU then dive into Xen specifics, focusing on the ARMv8 implementation.
Read MoreXen is an open-source baremetal hypervisor that is widely used by commercial and non-commercial platforms to provide virtualization support. However, unlike most other hypervisors, Xen supports multiple ways of virtualizing guests. Below is a brief history of the development of these modes and their relationships with one another:
Read MoreAs a security company with a focus on utilizing hypervisor technology, the team at Star Lab wanted to research potential hypervisor-based solutions for cloud security. The demand for cloud services has skyrocketed worldwide, with an increasing amount of critical services being migrated to the cloud. Sophisticated adversaries will seek to exploit cloud platforms to access critical / sensitive information, and these new threats demand novel virtualization-based cyber security tools and techniques to keep pace and blunt the adversaries attacks.
Read MoreIn October 2018, the GAO released a report on cyber vulnerabilities in weapons systems. This report highlights the need to consider cyber survivability in the weapons system design process. At Star Lab, we think virtualization is an enabling technology that helps address many of the concerns raised in the GAO report. In this post we will share two virtualization techniques that we often use for securing systems: 1) minimizing a system’s attack surface and 2) isolating components within the system.
Read More
