1

Chuck Roose

Principal Systems Engineer

Information Assurance Division

This information is not approved for public disclosure without prior approval by NSA.

General DynamicsSecure Virtualization Solutions

2

Virtualization Security Characteristics

�Separation/Isolation� Independent Virtual Machines

� Independent “Virtual Appliances”

� Isolate Vulnerabilities

� Limit Attack Vectors

�Virtual Machine Monitor (Hypervisor)� Security “Control Point”

� Memory Management

� Enables Audit

�Fail Safe� Fast, efficient recovery from failures

� Redundant Processes

3

Enablers

�Hardware Virtualization and Security Features� Intel VT

� Intel TXT

� Trusted Platform Module (TPM)

�Software Virtualization and Security Features� Virtualized Access to Peripherals

� Memory Management

� Process Containment

�Open Standards from Trusted Computing Group� Trusted Network Connect (TNC)

� TPM

� Other (Virtualization Standards, PC Client,…)

4

Multiple Form Factors

Brings multi-level and cross-domain computing to tactical and strategic environments using a single low-cost COTS computer, standard operating systems, and existing applications

Empowers “Assured Information Sharing” across multiple U.S. or Coalition security domains without needing extensive classification labelling

Drives reduction in hardware size, weight, and power, and number of networks needed

Trusted Virtual Environment (TVE), Trusted Virtual Environment (TVE), High Assurance Platform-compliant: A partnership between the U.S. Government, General Dynamics, and industry leaders, where one computer simultaneously runs multiple operating systems in different security domains

Note: security classification labels in this briefing are for example purposes and DO NOT reflect any actual classification;

all information in this brief is unclassified.

Trusted Virtual Environment – An application of secure virtualization

“Commercial HAP-Compliant Solution“

5

Thin-client

Thin-client

TVE Architectural Approach

D1

D0

D2

D3

P0

P1

P2

P3

Helper VM

Helper VM

App

App

App

CI

App

App

Linux (S)

Linux (S)

Windows (S)

Windows (S)

Trusted

Solaris (MLS)

Trusted

Solaris (MLS)

Windows (U)

Windows (U)

HypervisorHypervisor

PeripheralsPeripherals

App

App

Embed OS

Embed OS

Virtualization

Stack

Virtualization

Stack

COTS Advanced Processor CoreCOTS Advanced Processor Core

Privileged De-Privileged

Creates rings

(layers) of highest privilege

Creates rings

(layers) of highest privilege

Multiple Guest Operating Systems and application running with no

code changes per classification level or security domain

Multiple Guest Operating Systems and application running with no

code changes per classification level or security domain

Industry-standard separation kernel &

secure virtual machine monitor (aka

Hypervisor) manages the partitions & access

to the peripherals

Industry-standard separation kernel &

secure virtual machine monitor (aka

Hypervisor) manages the partitions & access

to the peripherals

Manages

cross-domain

enablement

Manages

cross-domain

enablement

Creates rings (layers) of reduced

privilege and multiple partitions

Creates rings (layers) of reduced

privilege and multiple partitions

Manages cross-domain

Manages cross-domain

Hardware assisted

virtualization & security features

Hardware assisted

virtualization & security features

(PRESENT)Windows XP

Linux & SELinuxTrusted Solaris 8

TNE

(FUTURE)Windows Vista

Xen LinuxSolaris 10

LynxOS-SE

(PRESENT)Windows XP

Linux & SELinuxTrusted Solaris 8

TNE

(FUTURE)Windows Vista

Xen LinuxSolaris 10

LynxOS-SE

Manages

shared windowing

Manages

shared windowing

Supports emerging

HyperCalland Host VM APIs for

Enlightened

OS (Vista, Longhorn,

Xen)

Supports emerging

HyperCalland Host VM APIs for

Enlightened

OS (Vista, Longhorn,

Xen)

Not all features on this slide will be available in TVE’s first release

Helper App

6

G.H.O.S.T.TVE

Team and Partners

INDUSTRY PARTNERS

Integrator

and High

Robustness

Software

IndustryMemberships

TechnologyIntegrations

U.S. NationalSecurity Agency

GOVERNMENT PARTNERS

HAP Program Manager,

IA Oversight, Certification

Operational Sponsors, Accreditation Sponsors, Technology Providers

U.S. SpecialOperationsCommand

U.S. Navy

U.S. DefenseIntelligenceAgency

U.S. NSA IAResearch Lab

U.S. Air Force Research Lab

Canada Dept ofNational Defence

U.S. PacificCommand

COTS Security Enhanced Platform

COTS Virtualization Software

Integrator and High Robustness Software

Formal Methods and CDS Tech Providers

Hardware provider

7

All other product and service names are the property of their respective owners. ® Reg. U.S. Pat. & Tm. Off.

General:(866) 400-0195IASystems@gdc4s.com

TVE / HAP: Chuck Roose(813) 314-8776Chuck.Roose@gdc4s.com

Service & Support:

(877) 230-0236infosecsupport@gdc4s.com

International: +1 (410) 850-4893DSN: 644-1139

Questions?