ping since 2003, INTEGRITY Multivisor is the only virtualisation solution built upon security certified separation kernel technology that provides highly assured isolation between personas while also providing a native open standard execution environment for security-critical tasks.
“Green Hills Software brings its 30+ years successful track record for deploying trusted and certified software solutions for mission-critical electronics to the mobile market,” commented Chris Rommel, vice president of M2M & Embedded Technology at VDC. “This latest release of INTEGRITY Multivisor firmly places the Company at the forefront of mobile virtualisation and secure dual-persona technology.”
Key capabilities of Multivisor v4 for Mobile include:
• Hardware accelerated 3D graphics concurrently shared between all Android personas
• Virtual Self-Encrypting Drive (vSED) for hypervisor-protected user authentication and data-at-rest protection
• VPN for hypervisor-protected data-in-transit protection
• Green Hills Software’s FIPS 140-2 and NSA Suite B cryptographic library
• Hardware enabled virtualisation using ARM Virtualisation Extensions (ARM VE)
• Multicore SMP support
• Complete suite of virtualised and securely shared I/O, including Bluetooth, USB, cellular voice and data, audio, hardware-accelerated graphics, touch screen/buttons, Wi-Fi, sensors, and GPS
• Secure boot
• Virtualisation supports the latest Android Jelly Bean versions
In addition to the isolation provided by its separation kernel, built-in security components of INTEGRITY Multivisor render common attacks impossible, including stealing encryption keys, key logging, and screen scraping. Yet, the security capabilities execute without the knowledge of the virtualised Android guest operating systems and without impacting user experience.
Historically, heavy guest kernel paravirtualisation was required to achieve acceptable virtualisation performance in mobile devices. These modifications are not only intrusive to the OEM development process, but they also slow time-to-market and result in a less maintainable and error-prone solution. ARM Architecture Virtualisation Extension (ARM VE) is a world-class implementation for virtualisation acceleration and hypervisor management. INTEGRITY Multivisor support for ARM VE was first demonstrated in commercial devices at the 2013 CES and is based upon Green Hills Software’s extensive experience in virtualisation hardware that has been applied to the Intel (2005) and Power Architectures (2008).
Industry observers acknowledge that Type 1 hypervisors like the INTEGRITY Multivisor possess the necessary software foundation to achieve a far higher level of robustness and security than is possible with Type 2 hypervisors and OS virtualisation/containers. However, because the Type 1 hypervisor runs on bare metal, it must be ported. INTEGRITY Multivisor for Trusted Mobile Devices eliminates the traditional development time and cost tradeoff of the Type 1 approach because it leverages the INTEGRITY separation kernel that is already widely, rapidly, and continuously ported across processors as a real-time kernel for embedded systems. In addition, the INTEGRITY Multivisor for Trusted Mobile Devices v4 employs an I/O management infrastructure for secure sharing of the full suite of mobile and automotive device peripherals without requiring special assistance from device manufacturers. INTEGRITY Multivisor can be ported to a new mobile device using a supported chipset and Android release in weeks.
“As has already transpired in the cloud, the hypervisor is quickly supplanting the operating system as the software foundation for sophisticated consumer electronics,” commented David Kleidermacher, chief technology officer, Green Hills Software. “INTEGRITY Multivisor is the ideal hypervisor for mobile, enabling the vision of secure, dual-mode personal/business use and reduced total cost of ownership that is simply impossible with a mobile OS by itself.”