general dynamics secure virtualization solutions · this information is not approved for public...
Post on 16-Apr-2020
11 Views
Preview:
TRANSCRIPT
1
Chuck Roose
Principal Systems Engineer
Information Assurance Division
This information is not approved for public disclosure without prior approval by NSA.
General DynamicsSecure Virtualization Solutions
2
Virtualization Security Characteristics
�Separation/Isolation� Independent Virtual Machines
� Independent “Virtual Appliances”
� Isolate Vulnerabilities
� Limit Attack Vectors
�Virtual Machine Monitor (Hypervisor)� Security “Control Point”
� Memory Management
� Enables Audit
�Fail Safe� Fast, efficient recovery from failures
� Redundant Processes
3
Enablers
�Hardware Virtualization and Security Features� Intel VT
� Intel TXT
� Trusted Platform Module (TPM)
�Software Virtualization and Security Features� Virtualized Access to Peripherals
� Memory Management
� Process Containment
�Open Standards from Trusted Computing Group� Trusted Network Connect (TNC)
� TPM
� Other (Virtualization Standards, PC Client,…)
4
Multiple Form Factors
Brings multi-level and cross-domain computing to tactical and strategic environments using a single low-cost COTS computer, standard operating systems, and existing applications
Empowers “Assured Information Sharing” across multiple U.S. or Coalition security domains without needing extensive classification labelling
Drives reduction in hardware size, weight, and power, and number of networks needed
Trusted Virtual Environment (TVE), Trusted Virtual Environment (TVE), High Assurance Platform-compliant: A partnership between the U.S. Government, General Dynamics, and industry leaders, where one computer simultaneously runs multiple operating systems in different security domains
Note: security classification labels in this briefing are for example purposes and DO NOT reflect any actual classification;
all information in this brief is unclassified.
Trusted Virtual Environment – An application of secure virtualization
“Commercial HAP-Compliant Solution“
5
Thin-client
Thin-client
TVE Architectural Approach
D1
D0
D2
D3
P0
P1
P2
P3
Helper VM
Helper VM
App
App
App
CI
App
App
Linux (S)
Linux (S)
Windows (S)
Windows (S)
Trusted
Solaris (MLS)
Trusted
Solaris (MLS)
Windows (U)
Windows (U)
HypervisorHypervisor
PeripheralsPeripherals
App
App
Embed OS
Embed OS
Virtualization
Stack
Virtualization
Stack
COTS Advanced Processor CoreCOTS Advanced Processor Core
Privileged De-Privileged
Creates rings
(layers) of highest privilege
Creates rings
(layers) of highest privilege
Multiple Guest Operating Systems and application running with no
code changes per classification level or security domain
Multiple Guest Operating Systems and application running with no
code changes per classification level or security domain
Industry-standard separation kernel &
secure virtual machine monitor (aka
Hypervisor) manages the partitions & access
to the peripherals
Industry-standard separation kernel &
secure virtual machine monitor (aka
Hypervisor) manages the partitions & access
to the peripherals
Manages
cross-domain
enablement
Manages
cross-domain
enablement
Creates rings (layers) of reduced
privilege and multiple partitions
Creates rings (layers) of reduced
privilege and multiple partitions
Manages cross-domain
Manages cross-domain
Hardware assisted
virtualization & security features
Hardware assisted
virtualization & security features
(PRESENT)Windows XP
Linux & SELinuxTrusted Solaris 8
TNE
(FUTURE)Windows Vista
Xen LinuxSolaris 10
LynxOS-SE
(PRESENT)Windows XP
Linux & SELinuxTrusted Solaris 8
TNE
(FUTURE)Windows Vista
Xen LinuxSolaris 10
LynxOS-SE
Manages
shared windowing
Manages
shared windowing
Supports emerging
HyperCalland Host VM APIs for
Enlightened
OS (Vista, Longhorn,
Xen)
Supports emerging
HyperCalland Host VM APIs for
Enlightened
OS (Vista, Longhorn,
Xen)
Not all features on this slide will be available in TVE’s first release
Helper App
6
G.H.O.S.T.TVE
Team and Partners
INDUSTRY PARTNERS
Integrator
and High
Robustness
Software
IndustryMemberships
TechnologyIntegrations
U.S. NationalSecurity Agency
GOVERNMENT PARTNERS
HAP Program Manager,
IA Oversight, Certification
Operational Sponsors, Accreditation Sponsors, Technology Providers
U.S. SpecialOperationsCommand
U.S. Navy
U.S. DefenseIntelligenceAgency
U.S. NSA IAResearch Lab
U.S. Air Force Research Lab
Canada Dept ofNational Defence
U.S. PacificCommand
COTS Security Enhanced Platform
COTS Virtualization Software
Integrator and High Robustness Software
Formal Methods and CDS Tech Providers
Hardware provider
7
All other product and service names are the property of their respective owners. ® Reg. U.S. Pat. & Tm. Off.
General:(866) 400-0195IASystems@gdc4s.com
TVE / HAP: Chuck Roose(813) 314-8776Chuck.Roose@gdc4s.com
Service & Support:
(877) 230-0236infosecsupport@gdc4s.com
International: +1 (410) 850-4893DSN: 644-1139
Questions?
top related