13
July 2013
S
AFETY
& S
ECURITY
hardware and software components. LynxSe-
cure provides greater security over Type-1 hy-
pervisors by moving non-essential privileged
components out of the hypervisor core, such
as device drivers and I/O stacks, to reduce the
system attack surface. Additionally, LynxSecure
enhances security with management and con-
figuration tools that run outside the hypervisor
to give administrators the ability to construct
flexible security designs to explicitly control
and monitor how the virtual guest OSs access
data via virtual and physical devices. The last
ten years have shown a trend in hypervisor de-
sign evolution where each stage of evolution
shows progress towards shrinking and simpli-
fying the core foundation of hypervisors to
improve performance, reliability, and security.
The transition from Type-2 to Type-1 shows
the hypervisor shift from running as an appli-
cation on a general purpose OS to being tightly
integrated with a minimized host OS. The
transition from Type-1 to Type Zero shows
the decoupling of the integrated hypervisor
from the supporting host OS to running stand-
alone. The LynxSecure Type Zero hypervisor
distils the trusted portions of the hypervisor
down to the fundamental elements, and pro-
vides the development tools necessary to build
custom high-performance, safe and secure vir-
tualization platforms.
n
Figure 2. Block diagram of a Type-2 hypervisor
Figure 3. Block diagram of a Type-1 hypervisor
link
link
1...,3,4,5,6,7,8,9,10,11,12 14,15,16,17,18,19,20,21,22,23,...76