Is a Type 1 hypervisor more secure?
|
In an FCW research report, 72% of respondents were comfortable running mission-critical systems on virtual machines, and that was in 2013. At the time of this writing (2021), that number is even higher, and programs are considering the size, weight, and power (SWaP), development, and security costs of virtualization for their next-generation programs. When you consider the benefits of virtualization on defense platforms, it's easy to understand why. Consider the following benefits: Show
Reduced Size, Weight, and Power ConsumptionBy using a Type-1 hypervisor, the number of boards and servers deployed on a military system can be reduced drastically, increasing carrying capacity (both weight and space) while reducing power consumption. Strengthened Protection Against Threats and FailuresCyber resiliency can be achieved by avoiding disasters that take down physical servers. A quick clone and replacement of one or more virtual machines can near-instantly get a damaged system back up and running with minimal loss of mission capability. Enhanced Flexibility to Meet Exact Mission RequirementsEmbedded operating systems can be chosen (and secured) for their particular mission requirements. Instead of installing an Enterprise version of Linux with all the functionality that any military system could ever need, for example, a specific distribution can be selected for the mission at hand and secured accordingly. The word 'virtualization' has historically brought concerns to mind, such as — slow, complex, and insecure (CVE-2020-28368, https://xenbits.xen.org/xsa/, https://www.vmware.com/security/advisories.html). These are not the types of issues you want to face when deploying mission-computing for the most advanced and secure military systems in the world. Fortunately, this view of virtualization is dated and no longer the case, especially in the context of modern, secure, tactical virtualization technologies and hardware platforms. When combined with a powerful single-board computer, you get an advanced mission computing and radar systems platform for our nation's critical defense technologies. Bringing Virtualization to Mission Computing and Radar SystemsOur partnership with Curtiss-Wright brings the benefits of virtualization to advanced mission computing and radar systems. We've pre-integrated our secure tactical virtualization solution, Titanium Secure Hypervisor, with Curtiss-Wright's popular mission computing and radar board, the CHAMP-XD1. The result: a qualified solution that meets anti-tamper and cybersecurity security requirements with high levels of performance and minimal SWaP costs. Titanium Secure Hypervisor is built upon the open-source and widely deployed Xen Project, and is specifically designed for hostile computing environments. It operates as trusted supervisory software within the processor – configuring and controlling both hardware resources and software execution in order to ensure and maintain the integrity of system operations. Titanium Secure Hypervisor leverages hardware-based root-of-trust to perform a secure boot process and can optionally leverage hardware-provided security services at runtime. During system operation, the hypervisor enforces physical and logical isolation such that software loads execute within private enclaves, even though they may be running on a single physical processing board. Titanium Secure Hypervisor also has strong technology and anti-reverse engineering protections built-in. These features ensure that sensitive applications and data remain protected against unauthorized access, theft, and malicious modification – even in the face of dedicated hackers who have physical and/or logical administrative access to the processing board. On the hardware side, Curtiss Wright's CHAMP-XD1 provides a hardware foundation of trust, fully leveraging Intel's hardware building blocks. The CHAMP-XD1 integrates the Intel hardware foundations, enabling the Titanium Security Hypervisor to act as a software root of trust and isolation engine for the rest of the platform. The CHAMP XD1 enables the use of multiple peripherals leveraging SR-IOV to provide distinct peripherals to each guest and support the direct passthrough of other peripherals. The CHAMP XD1 also provides 8-12 CPU cores, 16-32GB of memory, local storage, TPM, and other physical infrastructure required for a secure, tactical virtualization platform. We collaborated with Curtiss Wright by pre-integrating these two technologies. Integration of the CHAMP XD1 and Titanium Security Hypervisor followed a number of steps leading us to the final solution; steps that anyone can follow for the same results. The integration was simple and elegant. In our next blog post, we'll outline exactly how we did it. Sign up for our newsletter to get notified when that blog post is published. Is Type 1 or Type 2 hypervisor more secure?Advantages of Type-1 hypervisor
Highly secure: Since they run directly on the physical hardware without any underlying OS, they are secured from the flaws and vulnerabilities that are often endemic to OSes. This ensures that every VM is isolated from any malicious software activity.
Which hypervisor type is more secure?The most commonly deployed type of hypervisor is the type 1 or bare-metal hypervisor, where virtualization software is installed directly on the hardware where the operating system is normally installed. Because bare-metal hypervisors are isolated from the attack-prone operating system, they are extremely secure.
Why are Type 1 hypervisors more secure than Type 2 hypervisors?Type 1 hypervisors are also known as bare-metal hypervisors, because they run directly on the host's physical hardware without loading the attack-prone underlying OS, making them very efficient and secure.
Why is type 2 hypervisor less secure?Type 2 hypervisors are essentially treated as applications because they install on top of a server's OS, and are thus subject to any vulnerability that might exist in the underlying OS. A missed patch or update could expose the OS, hypervisor and VMs to attack.
|
