n
Type-2 hypervisors are computer emulation
applications that run on general purpose oper-
ating systems. A Type-2 hypervisor allows users
to run multiple operating systems (OSs) si-
multaneously on a single platform. For example,
a Windows 7 user can install a hypervisor ap-
plication like VMware Workstation, to run a
Windows XP guest OS on top of their Windows
7 host OS. As an application the Type-2 hyper-
visor is subject to performance, security, and
reliability penalties. The hosted hypervisor in-
curs performance hits because it competes with
other user applications like web browsers and
e-mail clients for system resources. Type-2 hy-
pervisors are weak in reliability and security
because they inherit the vulnerabilities of the
user- controlled host operating system.
Type-1 hypervisors are computer emulation
software tightly integrated with embedded OSs
that run transparently to the end-user. Type-1
hypervisors gain a significant performance im-
provement over Type-2 hypervisors because
they are self-hosted with embedded OSs that
are optimized for virtualization. Type-1 hyper-
visors significantly reduce the attack-surface
over Type-2 hypervisors by limiting access to
the hypervisor to only system administrators,
preventing end-users and user applications from
tampering with the hypervisor. Additionally
Type-1 hypervisor vendors control all the soft-
ware that comprise the hypervisor package in-
cluding the virtualization functions and OS
functions, like device drivers and I/O stacks.
Control over the software package prevents ma-
licious software from being introduced into the
hypervisor foundation. The limited access and
strong control over the embedded OS greatly
increase the reliability of Type-1 hypervisors.
LynuxWorks introduces LynxSecure as a new
class of hypervisor Type Zero, based on a new
architecture that allows for higher levels of
performance, reliability, and security over Type-
1 hypervisors. The Type Zero hypervisor is
built from the ground up with the minimum
software components required to fully virtualize
guest OSs and control information flow be-
tween guest OSs. The Type Zero architecture
removes the need for an embedded host OS to
support virtualization, allowing the hypervisor
to run in an unhosted environment. This dras-
tically differs from Type-1 monolithic archi-
tectures where the hypervisor is integrated
into a host OS, or Type-1 microkernel archi-
tectures where the hypervisor is controlled
and assisted by a root or parent operating sys-
tem. LynxSecure runs on a variety of computing
platforms including servers, desktops, and lap-
tops. It hosts guest OSs in both headless (no-
display) and local display modes to suit the
needs of several cloud environments and client
end-user environments. The Type Zero hyper-
visor offers increased levels of performance by
scheduling the execution of guest OSs on CPU
cores with an extremely light weight scheduler.
It also gives guest OSs direct control over
physical devices to achieve native I/O perform-
ance, and gives guest OSs the ability to inter-
communicate over high speed point-to-point
communication channels. LynxSecure is de-
signed to meet the highest level of reliability
requirements for aerospace, medical, military,
and business applications. To achieve high re-
liability the hypervisor runs as a stateless exe-
cutable with minimal dynamic functionality
for a stable foundation, uses a real-time sched-
uler to precisely guarantee the availability of
all guest OSs, and provides advanced built-in
auditing and health monitoring capabilities to
continuously monitor the operation of critical
Hypervisor evolution enables safe
and secure virtualization platforms
S
AFETY
& S
ECURITY
By Will Keegan,
LynuxWorks
This article reviews
the evolution of modern
hypervisor architectures,
from Type-2 to Type Zero,
and describes the performance,
reliability, and security benefits
achieved through LynxSecure
Type Zero architecture.
Figure 1. Block diagram of the LynxSecure Type Zero hypervisor
July 2013
12
link
1...,2,3,4,5,6,7,8,9,10,11 13,14,15,16,17,18,19,20,21,22,...76