Virtualization for Mission Critical Systems

Need integrity? isolation? confidentiality? security?
Crucible provides peace of mind for operational systems.

Crucible is specifically designed for use in hostile computing environments.  It operates as trusted supervisory software for the processor – configuring and controlling both hardware resources and software execution in order to ensure and maintain the integrity of system operations.

Crucible also has strong technology protections and anti-reverse engineering features built directly into the hypervisor security suite. These features ensure that sensitive applications and data within the system remain protected against unauthorized access, theft, and malicious modification – even in the face of dedicated hackers and reverse engineers.

Crucible’s secure embedded virtualization makes both cyber attacks and reverse engineering substantially more difficult through:

  • Secure boot
  • Configuration integrity
  • Layered encryption and key management
  • Defense in depth approach
  • Runtime isolation of sensitive applications
  • Positive control over hardware resources
  • Processing determinism and resource control
  • Based on the industry leading Xen hypervisor
  • Intel and ARM platform support
  • Helps address 96% of NIST 800-53 (RMF) Controls





Crucible Solves Complex System Security Problems

  • Attackers with root or physical access
  • Confidentiality and integrity of software/firmware/data at rest and during runtime
  • Unsecured system configurations
  • Privilege escalation and unauthorized access/debug attempts
  • Direct acquisition and reverse engineering of device software/firmware
  • Physical attacks via JTAG or other debug interfaces in order to observe and manipulate runtime behavior

  • Malicious activity during firmware updates
  • Cyber attacks
  • Over the wire attacks
  • Collateral damage from successful cyber attacks
  • Attempts to bypass security controls in deployed systems
  • Errant or malicious code in one domain from reading/writing memory, manipulating resources, or otherwise affecting operations in another domain

How Does Crucible Address These Threats?

  • Secure embedded virtualization based on Xen
  • Operating system hardening
  • At-rest file/VM encryption
  • Measured launch process of encrypted software loads
  • Runtime isolation of sensitive applications and VMs
  • Enforced mandatory access controls
  • Runtime attestation and monitoring
  • Deprivileged root
  • Anti-debug mechanisms
  • Attack detection & response



Star Lab
Wind River
Green Hills
Lynx SW
Full Intel support (VT-x, VT-d, EPT), configuration
Full ARM support (VE, Trustzone), configuration
Full PowerPC support (QorIQ), configuration
Open Architecture
Trusted Boot
Software Protection
Hardware Security Module Integration
DO-178 Certification In-progress Legacy VxWorks Legacy Integrity Legacy LynxOS
Common Criteria (MILS) In-progress Legacy VxWorks Legacy Integrity "Certifiable"
Integrity Monitoring In-progress
BSP Isolation
Fault Recovery In-progress
Dynamic Management
HV-level Mandatory Access Control
Unikernel Support

Crucible Components

  • Crucible Foundry Tools
  • Crucible TrueBoot
  • Crucible::RT Hypervisor
  • Crucible LURE
Crucible Foundry Tools

Provides an easy-to-use software deployment toolkit (SDK) for packaging embedded application software and data files, configuring system security options, profiling hardware, and packaging production configurations and updates.

Crucible TrueBoot

Provides at-rest protections for software/firmware/data, as well as boot-time device integrity measurements. Optionally integrates with advanced Hardware Security Modules (HSMs) to provide full protection against physical attacks.

Crucible::RT Hypervisor

Provides low-level management and supervisory control over hardware resources and software execution by operating as a type-1 separation hypervisor within the processor. The Crucible::RT Hypervisor provides strong partitioning of individual software and hardware components to keep even successful attacks contained and sensitive software isolated.

Crucible LURE

Provides a hardened Linux environment with greatly reduced attack surface, configuration integrity, file-level encryption/decryption, enforced mandatory access control, de-privileged root, and application isolation / anti-debug mechanisms.

Do you have system security issues?

Schedule a Demo