Electronic Design

Virtual Security

Security is a key feature for most virtual-memory OSs. Given sufficient hardware controls, an OS lets an application perform any operation it likes. The OS will trap any operation that's restricted and either execute an appropriate, usually comparable action or notify the powers that be of the security infraction.

Common Criteria Evaluation Assurance Levels (EALs) number 1 (lowest) through 7 (highest). The U.S. government and other organizations use them to specify a system's level of proven security. The "proven" part is where the difficulty comes in. As systems grow in size and complexity, so does the difficulty in proving an EAL above 1.

With system virtualization, proving a system's vulnerability to security breaches becomes significantly easier, assuming the virtualization support can be proven secure. This usually isn't difficult because of the hypervisor's small size.

It's then possible to group OSs and applications by their security requirements. Proving that this system meets the design's security requirements may still be a big job on a large system. But additions to the system are now much easier, because only the subsystem where the new addition is placed needs confirmation.

Virtualization also makes policy-based security easier to implement for the same reason. A system manager can set up a new virtual space for a user or customer that's isolated from other OSs and applications. Likewise, it's now much easier to change while the system is running.

Hide comments

Comments

  • Allowed HTML tags: <em> <strong> <blockquote> <br> <p>

Plain text

  • No HTML tags allowed.
  • Web page addresses and e-mail addresses turn into links automatically.
  • Lines and paragraphs break automatically.
Publish