Channels ▼
RSS

Parallel

System Virtualization


Emerging Applications for Virtualization

The use of virtualization outside of traditional enterprise PC and server markets is nascent, and yet presents a significant opportunity. In this section, we discuss a sample of emerging applications with significant promise.

Telecom Blade Consolidation

Virtualization enables multiple embedded operating systems, such as Linux and VxWorks, to execute on a single telecom computer, such as an AdvancedTCA blade server based on Intel Architecture Processors. In addition, the microkernel-based virtualization architecture enables real-time applications to execute natively. Thus, control plane and data plane applications, typically requiring multiple blades, can be consolidated. Telecom consolidation provides the same sorts of size, weight, power, and cost efficiencies that enterprise servers have enjoyed with VMware.

Electronic Flight Bag

Electronic Flight Bag (EFB) is a general-purpose computing platform that flight crews use to perform flight management tasks, including calculating take-off parameters and viewing navigational charts more easily and efficiently. EFBs replace the stereotypical paper-based flight bags carried by pilots. There are three classes of EFBs, with class three being a device that interacts with the onboard avionics and requires airworthiness certification.

Using the hybrid virtualization architecture, a class three EFB can provide a Windows environment (including common applications such as Microsoft Excel) for pilots while hosting safety-critical applications that validate parameters before they are input into the avionics system. Virtualization enables class three EFBs to be deployed in the portable form factor that is critical for a cramped cockpit.

Intelligent Munitions System

Intelligent Munitions System (IMS) is a next-generation U.S. military net-centric weapons system. One component of IMS includes the ability to dynamically alter the state of munitions (such as mines) to meet the requirements of an evolving battlescape. Using the hybrid virtualization architecture, the safety-critical function of programming the munitions and providing a trusted display of weapons state for the soldier is handled by secure applications running on the safety-certified microkernel. A standard Linux or Windows graphical interface is enabled with virtualization.

In-Vehicle Infotainment

Demand for more advanced infotainment systems is growing rapidly. In addition to theater-quality audio and video and GPS navigation, wireless networking and other office technologies are making their way into the car. Despite this increasing complexity, passenger expectations for "instant on" and high availability remain. At the same time, automobile systems designers must always struggle to keep cost, weight, power, and component size to a minimum.

Although we expect desktop operating systems to crash occasionally, automobile passengers expect the radio and other traditional "head-unit" components never to fail. In fact, a failure in one of these components is liable to cause an expensive (for the automobile manufacturer) visit to the repair shop. Even worse, a severe design flaw in one of these systems may result in a recall that wipes out the profit on an entire model year of cars. Exacerbating the reliability problem is a new generation of security threats: bringing the Internet into the car exposes it to all the viruses and worms that target networked Windows-based computers.

The currently deployed solution, found on select high-end automobiles, is to divide the infotainment system onto two independent hardware platforms, placing the high-reliability, real-time components onto a computer running a real-time operating system, and the Windows component on a separate PC. This solution is highly undesirable, however, because of the need to tightly constrain component cost, size, power, and weight within the automobile.

The hybrid virtualization architecture provides an ideal solution. Head unit applications running under control of the real-time kernel are guaranteed to perform flawlessly. Because the real-time kernel is optimized for the extremely fast boot times required by automotive systems, instant-on requirements are met.

Multiple instances of Windows, powered by multiple instances of the virtual machine, can run simultaneously on the same computer. In the back seat, each passenger has a private video monitor. One passenger could even reboot Windows without affecting the second passenger's email session.

Next Generation Mobile Internet Devices

Using the hybrid virtualization architecture, mobile device manufacturers and service providers can leverage traditional operating systems and software, such as the Linux-based Moblin platform [9], while guaranteeing the integrity, availability, and confidentiality of critical applications and information (Figure 6).

[Click image to view at full size]
Figure 6: Virtualization environment for Mobile Internet Devices (MID). (Source: Green Hills Software, 2008)

We bring our mobile devices wherever we go. Ultimately, consumers would like to use mobile devices as the key to the automobile, a smart card for safe Internet banking, a virtual credit card for retail payments, a ticket for public transportation, and a driver's license and/or passport. There is a compelling world of personal digital convenience just over the horizon.

The lack of a high-security operating environment, however, precludes these applications from reaching the level of trust that consumer's demand. High assurance secure platform technology, taking maximum advantage of Intel silicon features such as Intel VT, enables this level of trust. Furthermore, security applications can be incorporated alongside the familiar mobile multimedia operating system on one chip (SoC), saving precious power and production cost.

Reducing Mobile Device Certification Cost

A certified high-assurance operating system can dramatically reduce the cost and certification time of mobile devices, for two main reasons:

  • First, because it is already certified to protect the most sensitive information exposed to sophisticated attackers, the operating system can be used to manage the security-critical subsystems. The certified operating system comes with all of its design and testing artifacts available to the certification authority, thus precluding the cost and time of certifying an operating system.
  • Second, the operating system and virtualization software take advantage of Intel VT and the Intel architecture Memory Management Unit (MMU) to partition security-critical components from the user's multimedia environment. For example, a bank may require certification of the cryptographic subsystems used to authenticate and encrypt banking transaction messages, but the bank will not care about certifying the system's multimedia functions.

Split Mobile Personalities

With secure virtualization technology, the mobile device can host multiple instances of mobile operating systems. For example, the device can incorporate one instance of Linux that the consumer uses for the phone function, e-mail, and other "critical" applications. A second instance of Linux can be used specifically for browsing the Internet. No matter how badly the Internet instance is compromised with viruses and Trojans, the malware cannot affect the user's critical instance. The only way for files to be moved from the Internet domain to the critical user domain is by using a secure cut and paste mechanism that requires human user interaction and cannot be spoofed or commandeered. A simple key sequence or icon is used to switch between the two Linux interfaces.

Secure virtualization can also be used to provide an MID with multiple operating system personalities, enabling service providers, phone manufacturers, and consumers to provide and enjoy a choice of environments on a single device. Furthermore, by virtualizing the user environment, personas (personal data, settings, and so on) can be easily migrated across devices, in much the same way that virtual machines are migrated for service provisioning in the data center.

In a recent article discussing the growth of mobile devices in corporate environments, USA Today stated that "mobile devices represent the most porous piece of the IT infrastructure." [10] The same problems that plague desktops and servers are afflicting mobile devices. Secure operating systems and virtualization technology provide a solution to the demand for enhanced security in the resource-constrained environment of portable consumer devices.

Gaming Systems

Gaming systems manufacturers are promoting the use of open network connectivity in next-generation gaming systems and properties. This vision provides for some exciting possibilities, yet the security challenges that arise in this architecture are not unlike other network-centric initiatives, such as the military's Global Information Grid (GIG): in both cases, formerly isolated assets are being connected to networks at risk of cyber attack. Clearly, gaming systems are an attractive target for well-resourced hostile entities.

The same hybrid virtualization architecture previously discussed can enhance user-to-game and game-to-server interactions. Secure communications components, including network security protocols and key management, can be securely partitioned away from the gaming multimedia environment (such as Linux, for example) which is hosted in a virtual machine using Intel VT. This is done in both the game console clients as well as in the servers, providing secure end-to-end encryption, authentication, and transaction verification.

Conclusion

In the past decade, virtualization has reemerged as a disruptive technology in the enterprise. However, due to resource constraints and different usage scenarios, virtualization has seen slower adoption in other areas of the computing world, in particular mobile and embedded systems. This is likely to change, due to two significant recent innovations. First, low power, Intel Atom processors now incorporate the same kind of hypervisor hardware acceleration enjoyed by desktop and server processors. Second, the advent of a powerful hybrid architecture incorporating certified high robustness security kernels, augmented with secure virtualization using Intel VT, represents a better fit for resource-constrained systems that often have rigorous safety, security, reliability, real-time, memory-efficiency, and/or power-efficiency requirements. The future for Intel VT-enabled applications is indeed bright.

References

[1] Larry Garfield. "‘Metal Gear' Symbian OS Trojan disables anti-virus software." http://www.infosyncworld.com/, 2004.

[2] Whitaker, et al. "Denali: Lightweight Virtual Machines for Distributed and Networked Applications." USENIX Annual Technical Conference. 2002.

[3] Samuel King, et al. "SubVirt: Implementing malware with virtual machines." IEEE Symposium on Security and Privacy. 2006.

[4] Joanna Rutkowska. "Subverting Vista Kernel for Fun and Profit." Black Hat USA. 2006.

[5] Tavis Ormandy. "An Empirical Study into the Security Exposure to Hosts of Hostile Virtualized Environments." http://taviso.decsystem.org/virtsec.pdf, 2006.

[6] Denise Dubie. "Security concerns cloud virtualization deployments." http://www.techworld.com/, 2007.

[7] Joanna Rutkowska, Alexander Tereshkin, and Rafal Wojtczuk. "Detecting and Preventing the Xen Hypervisor Subversions;" "Bluepilling the Xen Hypervisor;" "Subverting the Xen Hypervisor." Black Hat USA. 2008.

[8] Common Criteria Validated Products List. http://www.niap-ccevs.org/, 2008.

[9] Moblin.org. http://moblin.org.

[10] Byron Acohido, "Cellphone security seen as profit frontier." http://www.usatoday.com/, 2008.


This article and more on similar subjects may be found in the Intel Technology Journal, March 2009 Edition, "Advances in Embedded Systems Technology". More information can be found at http://intel.com/technology/itj.


Related Reading


More Insights






Currently we allow the following HTML tags in comments:

Single tags

These tags can be used alone and don't need an ending tag.

<br> Defines a single line break

<hr> Defines a horizontal line

Matching tags

These require an ending tag - e.g. <i>italic text</i>

<a> Defines an anchor

<b> Defines bold text

<big> Defines big text

<blockquote> Defines a long quotation

<caption> Defines a table caption

<cite> Defines a citation

<code> Defines computer code text

<em> Defines emphasized text

<fieldset> Defines a border around elements in a form

<h1> This is heading 1

<h2> This is heading 2

<h3> This is heading 3

<h4> This is heading 4

<h5> This is heading 5

<h6> This is heading 6

<i> Defines italic text

<p> Defines a paragraph

<pre> Defines preformatted text

<q> Defines a short quotation

<samp> Defines sample computer code text

<small> Defines small text

<span> Defines a section in a document

<s> Defines strikethrough text

<strike> Defines strikethrough text

<strong> Defines strong text

<sub> Defines subscripted text

<sup> Defines superscripted text

<u> Defines underlined text

Dr. Dobb's encourages readers to engage in spirited, healthy debate, including taking us to task. However, Dr. Dobb's moderates all comments posted to our site, and reserves the right to modify or remove any content that it determines to be derogatory, offensive, inflammatory, vulgar, irrelevant/off-topic, racist or obvious marketing or spam. Dr. Dobb's further reserves the right to disable the profile of any commenter participating in said activities.

 
Disqus Tips To upload an avatar photo, first complete your Disqus profile. | View the list of supported HTML tags you can use to style comments. | Please read our commenting policy.
 

Video