Multi-pronged approach
In the end, the solution should address several factors:
- Fully utilize the capabilities provided to us by multicore processor providers.
- Limit the impact of privilege escalation to stay within the application platform environment that failed to withstand the hacker
- Provide a platform capability immune to privilege escalation
- Most importantly, deliver the hardware-supported module (OS, bare-metal application or service, or unikernel) for the secure separation these multicores provide us.
This solution is not an OS, nor even a micro-kernel—it’s a separation kernel hypervisor, where the word “kernel” merely reflects the well-understood need to support the development of securely isolated system services, as well as hosted guest OSs. A separation kernel hypervisor is a small purpose-built security layer (no OS inside) that utilizes hardware virtualization instructions to enable virtualized modules (OSs, RTOSs, bare-metal apps) to run securely on top with dedicated, securely separated hardware resources.
Keep using your favorite OS or legacy for application development, but secure it up with virtualized separation when running on multicore.
About the author:
John Blevins is Director of Products at Lynx Software Technologies.
This article was first published in Electronic Design - www.electronicdesign.com