Virtualization Architecture for Secure Systems

Engineers creating the next generation of embedded devices are faced with the challenge of controlling power, footprint, and bill of materials while meeting demand for more capabilities, delivered faster and with higher reliability. Any organization that can achieve these goals while reducing risks will gain significant advantages over the competition.

INTEGRITY Multivisor overview

INTEGRITY Multivisor, Secure Virtualization INTEGRITY Multivisor is the optional virtualization service for the safety and security certified INTEGRITY RTOS separation kernel that enables safe execution of trusted real-time critical software alongside untrusted applications running on general purpose operating systems. Click here for a larger view.

Embedded designers are increasingly turning to system virtualization to dramatically transform product development. Virtualization consolidates disparate systems onto dedicated virtual machines, running on a single hardware platform. In addition, the hardware abstraction afforded by virtualization enables rapid migration to new hardware, freeing developers to focus on differentiating features and functionality.

Based on the market leading high reliability operating system, INTEGRITY Multivisor delivers on this promise.

Deployed since 2003, INTEGRITY Multivisor is the most powerful, reliable, and flexible embedded virtualization solution available. As the diagram illustrates, INTEGRITY Multivisor can host arbitrary guest operating systems alongside a comprehensive suite of real-time applications and middleware. Applications and guest operating systems are flexibly scheduled across one or multiple cores, can communicate efficiently with each other, and utilize system peripherals according to a strict access control model.

Architectural considerations

A robust and portable virtualization infrastructure must have a flexible enough architecture to handle the wide variety of hardware capabilities available across microprocessors. INTEGRITY Multivisor maximizes the use of available hardware virtualization facilities while minimizing modifications to guest operating systems.

Many silicon manufacturers now include hardware assisted virtualization technology—such as ARM Virtualization Extensions (VE), Intel VT-x and VT-d, and virtualization-enabled Power Architecture. For these architectures, INTEGRITY Multivisor supports high performance "full virtualization" where no changes to the guest operating system are needed. Where device access must be shared between guests and/or applications, it's easy to add applications that coordinate access to the underlying hardware.

On processors lacking hypervisor mode assistance, INTEGRITY Multivisor applies carefully crafted, minimally intrusive modifications to the guest operating system to maximize performance without sacrificing ease of migration and portability.

INTEGRITY Multivisor provides flexible and powerful mechanisms for managing cores. The Multivisor can statically bind guest operating systems to cores, in an Asymmetric Multiprocessing (AMP) model, or dynamically schedule workloads in a Symmetric Multiprocessing (SMP) model, depending on system requirements.

Features and benefits

INTEGRITY Multivisor offers a number of compelling benefits:

  • Lower production costs through hardware consolidation
  • Faster time-to-market by removing the pain of porting operating systems to new hardware and existing applications to new operating systems
  • Longer time-in-market by reusing legacy operating systems and software
  • Higher product pricing power due to increased features in smaller form factors
  • Flexibility to run arbitrary, unmodified guest operating systems, including Windows, Linux, QNX, and Android
  • Ability to combine hard real-time and/or reliability-critical processing with guest operating system functionality
  • Enabling new device use cases, like multiple guest instances with varying level of security
  • Built on INTEGRITY, the leading safety and security certified operating system
  • Products and expert engineering support from a trusted, independent virtualization supplier that you can partner with for the long term

Reliability pedigree

Organizations trust Green Hills technology in systems with the most demanding reliability requirements:

  • NSA-certified secure mobile phones
  • FAA DO-178B Level A-certified avionics controlling passenger and military jets
  • FDA Class III life-critical medical devices
  • EN 50128 SWISL 4-certified railway control and protection systems
  • IEC-61508 SIL3-certified industrial control systems
  • Automotive, consumer, networking, and many other reliability-critical systems

Many hypervisors bundle the software required to support guest environments, such as device drivers and middleware, in a monolithic architecture. The results look much like a general purpose operating system, with unknown exposure and many vulnerabilities. Numerous guest operating system “escapes” and other subversions have been discovered in other hypervisors, such as Xen and VMware. The INTEGRITY Multivisor architecture relies on a trustworthy security kernel to provide domain isolation, certified to protect against even the most sophisticated attacks.

Market examples

in-vehicle infotainment, secure automotive
For in-vehicle infotainment systems, INTEGRITY Multivisor guarantees partitioning for safe and secure hosting of guest operating systems, applications, and peripheral drivers. Click here for more information

INTEGRITY Multivisor enables engineers to innovate in ways not otherwise possible. The following market examples come directly from Green Hills Software’s customer base:

Telecom blade consolidation

  • Execute control plane operating systems (e.g. Linux) alongside real-time data plane processing on a single SoC
  • Take maximum advantage of next-generation multicore network processors

Automotive E-Cockpit

  • Consolidate infotainment and digital instrument clusters to reduce automotive cost and footprint
  • Host rear view camera and surround view as real-time applications to ensure instant-on, continually reliable performance
  • Allow Internet connection without risk of corruption to critical applications

» Click for more on the INTEGRITY Multivisor for In-Vehicle Infotainment

Next-generation mobile devices

  • Run multiple instances of Mobile OS (e.g. Android) to separate corporate and personal environments
  • Reduce time-to-market by enabling multiple OS flavors to run without porting drivers to each OS
  • Provide common smartphone functions while enabling next-generation security applications such as virtual credit card, virtual ticketing (e.g. public transportation), virtual keys and identification

Electronic flight bag

  • Replaces pilot’s pen and paper with PC functionality for calculating take-off parameters and validating navigational charts
  • Enable virtualized Windows Office applications while guaranteeing validation and programming of cockpit avionics using safety-critical native applications on the same portable PC

Intelligent weapons systems

  • Netbook form factor with sophisticated Linux graphical interface
  • Real-time applications provide trusted display of weapons state (securely multiplexed with Linux GUI) as well as safety-critical munitions programming