Titanium Secure Hypervisor (formerly Crucible) Version 6.1 – General Availability
Washington, DC, October 30, 2019 — Star Lab Corporation announced today that Titanium Secure Hypervisor (formerly Crucible) embedded virtualization software version 6.1 has been released and is now available for immediate program integration. This latest release improves Titanium Secure Hypervisor to support the upstream Xen 4.12, Titanium Security Suite for Linux 7.0 (Titanium 7.0) guests and includes hardware compatibility upgrades. Additionally, Titanium Secure Hypervisor 6.1 paves the way for significant functionality improvements planned with the next near-term full upgrade release.
According to CEO Irby Thompson, “We’re excited to now offer [Titanium Secure Hypervisor] Crucible 6.1, based on Xen 4.12. Xen 4.12 helps reduce the size of the core hypervisor, while further isolating control logic from the guests, thereby increasing security benefits for Star Lab and our customers.”
Titanium Secure Hypervisor 6.1 unlocks the advantages of Xen 4.12 for our customers and simplifies integration of future Xen upgrades. Among many other lauded improvements, Xen 4.12 enables Star Lab to more easily reduce memory footprints and attack surface with Titanium Secure Hypervisor. Our own Titanium 7.0 was also a major release including compatibility with SELinux, NIST-approved FIPS 140-2 algorithms for the x86 platform, and preparation for NSA Commercial Solutions for Classified (CSfC certification). Titanium Secure Hypervisor now enables customers to use both the Xen 4.12 hypervisor and Titanium 7.0 guests, simplifying security.
Some of the vulnerabilities in Xen which are addressed by the Titanium Secure Hypervisor 6.1 update and Xen 4.12 include:
XSA-291 – Requires a malicious or buggy (guest) kernel to incorrectly access physical device memory as is the case for devices which are physically passed thru to the guest. This was partly mitigated by Titanium Secure Hypervisor / Titanium enforcing driver signing and disabling access to /dev/mem (thereby removing several vectors of making malicious kernel modifications).
XSA-284 – Requires a (PV) guest with device pass thru
XSA-290 – Requires a malicious or buggy (guest) kernel using linear page tables. The partial mitigations are similar to XSA-291.
XSA-287 – Requires a PV guest to execute a timing related attack around the XENMEM_exchange hypercall. Titanium Secure Hypervisor enforces FLASK / XSM policy around this hypercall call (significantly hindering the ability to make use of the hypercall), and additionally uses a strict resource assignment paradigm making the timing attack harder to execute in practice.
XSA-288 – Requires a (untrusted) PV guest with hardware pass thru and kernel execution. Titanium Secure Hypervisor does not permit untrusted guests (all guests are verified before launched, and only verified guests are launched). Additionally, for trusted guests, Crucible / Titanium enforce driver signing and disable access to /dev/mem (thereby removing several vectors of making malicious kernel modifications).
XSA-293 – Requires a PV guest (likely) running Linux. Titanium Secure Hypervisor / Titanium can be configured to enforce a “full system mode” of operation, in which no untrusted executables are permitted to run. Additionally, Titanium Secure Hypervisor / Titanium enforce driver signing and disable access to /dev/mem (thereby removing several vectors of making malicious kernel modifications). Further Titanium Secure Hypervisor / Titanium remove kernel features and functionality that could be used to pivot or gain elevated execution context.
XSA-285 – Requires a (malicious) PV guest. Titanium Secure Hypervisor does not “hotplug” hardware into a guest (all hardware is statically assigned at machine creation). Additionally, Crucible does not permit untrusted guests (all guests are verified before launched, and only verified guests are launched) and there is no access to DOM-0 at runtime.
XSA-292 – Requires a (malicious) PV guest.
What’s next? As part of the near-term full Titanium Secure Hypervisor releases, Star Lab developers are working on adding modern long-term support kernel for dom0, dom0less, and additional service domain disaggregation.
Star Lab software products protect the most mission-critical systems, infrastructure and equipment in the world. Star Lab’s products are founded on secure-by-design engineering principles, leveraging design patterns that reduce attack surface, isolate critical functionality, and contain or mitigate even successful attacks. For more information on our products for embedded security and virtualization, please contact us at info@starlab.io.