Green Hills Platform for Trusted Mobile Devices
Ubiquitous mobile device present an attractive target for hackers. Mobile-borne viruses, Trojans, and other subversions have been steadily increasing, exceeding the quantity of such malware found on PCs not so long ago. Mobile phones run complex multimedia operating systems – Android, Windows 7 Mobile, Linux, MacOS - containing the same types of vulnerabilities that afflict our laptops, desktops and servers.
The Green Hills Platform for Trusted Mobile Devices enables use of the latest smartphones and tablets while simultaneously meeting stringent IT management and security requirements. At the core of the platform is the INTEGRITY Multivisor, a mobile microkernel Type-1 hypervisor built on the world's only Common Criteria EAL6+, High Robustness certified microkernel technology., This proven High Rubustness solutions provides the security required to protect valuable information against sophisticated attackers.
Unlike enterprise PCs that are traditionally IT-owned and managed, handheld devices are traditionally privately owned and subject to deep personal preference and customization. Green Hills Software works with leading mobile device OEMs, integrators, and service providers to ensure that their mobile offerings can be used to access sensitivei nformation and networks while making no sacrifices in the availability, privacy, and performance relating to the personal use of multimedia, social, and Internet apps. High robustness isolation between the personal persona and the IT-managed persona is the only way to meet these disparate requirements. Personas are implemented as virtual machines under the strict control of the INTEGRITY Multivisor.
Green Hills Software has been working with leading mobile system-on-chip (SoC) processor suppliers and device manufacturers over the past decade to optimize the INTEGRITY Multivisor technology and ensure that it is seamlessly incorporated into the device manufacturing process.
The Platform also includes a software development kit (SDK) that enables device manufacturers and service providers to incorporate secure applications and manage critical data that cannot be compromised regardless of the state of the guest environments.
Green Hills Software’s Platform for Trusted Mobile Devices leverages the high assurance protection of INTEGRITY operating system technology, with INTEGRITY Multivisor support for the latest security and virtualization hardware capabilities, including Trusted Platform Modules (TPM) and Intel Virtualization Technology (VT).
Enterprise virtualization solutions suffer from the same scope of defects and vulnerabilities that plague general purpose operating systems. Furthermore, hypervisors have been shown to actually reduce platform security due to attacks like Blue Pill and other virtual machine “escapes” that put all operating systems, applications, and data on a computer at risk.
The Green Hills Software approach avoids all of these problems by using proven separation between virtual machines and by ensuring that the virtualization software itself is unable to circumvent the security policies of the certified INTEGRITY operating system. In addition, the Platform supports the development and deployment of high assurance secure applications that cannot be trusted to run on top of guest operating systems. Green Hills Software provides a secure software development kit (SDK) to enable OEMs, anti-virus and other security software vendors, and end users to incorporate trusted, application-specific software.
With the Platform for Trusted Mobile Devices, device manufacturers and service providers can leverage traditional operating systems and software, such as Windows Mobile, Android, Symbian, and Linux, while guaranteeing the integrity, availability, and confidentiality of critical applications and information.
A few years ago, a Trojan, called Metal Gear, infected Symbian-based mobile phones. Metal Gear did not merely damage the infected phone. The malware disabled the anti-virus software running on Symbian and then wormed itself (e.g. via Bluetooth) to other phones.
There is a simple solution to this type of malware. Security applications, such as the anti-virus program, can be can be isolated so they cannot be affected by software running on the user’s primary operating system. Access to the anti-virus program is controlled by a secure channel governed by the certified kernel. Many other types of security software applications can be protected and hardened in this manner.
We bring our cell phones wherever we go. How convenient would it be if our cell phone also served as the key to our car, a fob for dual-factor authenticated Internet banking, our virtual credit card for retail payments, our ticket for public transportation, and our driver’s license and/or passport? The potential for our mobile devices to streamline so many life functions if huge. Yet the lack of a high security operating environment, however, precludes these applications from reaching the level of trust that consumer’s demand.
Green Hills Software’s INTEGRITY Multivisor enables this level of trus, allowing sensitive applicationsto run alongside the familiar mobile operating system on a single SoC, saving precious power and production cost.
With INTEGRITY Multivisor, a mobile device can host multiple instances of mobile operating systems. For example, the device can incorporate one instance of Android for the phone function, office e-mail, and other "critical" applications. A second instance of Android can designated specifically forInternet browsint.
No matter how badly the Internet instance is compromised with viruses and Trojans, the malware cannot affect the user’s critical instance. The only way for files to be moved from the Internet domain to the critical user domain is by using a secure cut and paste mechanism that requires human user interaction and cannot be spoofed or commandeered. A simple key sequence or icon is used to switch between the two Windows Mobile interfaces.
Green Hills Software is the world-leading expert in commercial high assurance systems software solutions. Green Hills Software has 30 years of systems software achievement and customer satisfaction and a worldwide engineering and support staff that can ensure the success of the most demanding projects and customers. In this day and age, mobile device manufacturers plan their product roadmaps years in advance and therefore depend on stable, proven suppliers for their critical components. Fortune 500 companies like Ford Motor, HP, and Boeing have depended upon the corporate stability, product reliability, and project delivery of Green Hills Software for many years.
Deployed since 2003, INTEGRITY Multivisor is the industry’s most powerful, reliable, and flexible embedded virtualization solution. On hypervisor acceleration-enabled processors such as Intel VT, Freescale QorIQ P40xx, and ARM TrustZone, INTEGRITY Multivisor supports high performance "full virtualization" where no changes to the guest operating system are needed.