separation at the silicon, separation at the foundation
for secure laptops
The COVID-19 crisis has caused a prolonged work from home period, with some companies like Twitter and Fujitsu offering workers the opportunity to work from home permanently. While this is relatively easy to state, CIOs and CISOs have to adjust their IT networks to support this environment. For users handling sensitive or classified information, a traditional endpoint system cannot be trusted when leaving the confines of the corporate/classified network.
Hackers have been quick to take advantage of this shift. In just 10 cyber incidents during 2021, over $600 million in cash was stolen or taken as ransom. Tens of millions of citizen records were stolen, 40,000 businesses’ IT operations put at risk, one billion airline passenger details compromised and at least one bank was effectively shut down for over a week.
Traditional operating systems such as Windows, MacOS or Linux/Android that run on endpoints are vulnerable to cyber-attacks, and security updates and anti-virus software cannot be relied on to protect the endpoint. A compromised OS allows the threats full access to the endpoint, the sensitive data residing on the endpoint and even the encryption keys that are used to protect the data.
INCREASING CHALLENGES TO SECURITY
Average cost of a breach in US companies (2021)
Percentage of data breaches due to malicious or accidental incidents from insiders
Days to recognize a breach has taken place (2021)
In addition to the isolation and security functionalities offered by LynxSecure Separation Kernel Hypervisor, Lynx-MfE provides the following functionality:
Virtual KVM functionality allows end-users to switch their physical keyboard, video, and mouse between VMs using hot-keys.
In certain situations, it is useful to delay the power-on of a specific VM until another VM has reached a certain power-on state. The staging of the VMs' power-on sequence is provided by Lynx-MfE's staged-boot functionality.
Lynx-MfE includes support for a Pre-Boot Authenticator.
Over the Air (OTA) Updates
This features allows an administrator to remotely update the VM root disk, the Certificate ISO image or a LynxSecure image. Lynx-MfE supports 2 distinct types of updates.
- A binary delta patch that could be applied to an existing storage device to construct a newer version of the storage device
- Newer version of the storage device in its entirety
Last Known Good Configuration (LKGC)
Allows an end-user or system integrator to:
- Mark the current configuration to be "last-known-good" and
- Be able to revert the system to such a marked configuration at a later point in time
- Allows an administrator to wipe clean a given node's storage
The figure below shows a typical secure edge solution based on Lynx-MfE
The Lynx solution for secure laptops have fundamental advantages as compared to the systems that are built using traditional hypervisors. These include:
Least privilege architecture
This architecture does not include a privileged operating system that when compromised, can open up the system to vulnerabilities. This architecture does not have a hypervisor administrator login or an administrative user.
Immutable hardware partitioning
The system’s configuration, including the partitioning of hardware resources, interconnects between VMs and peripheral assignment is done prior to boot time. A bad actor cannot do dynamic OS modification or try to execute code from the unsecure operating system into the secure operating system.
No unprotected OS denial of service against secure OS
Since the unsecure OS is isolated and partitioned from the secure OS, a denial of service attack on the unsecured OS would not affect the secure OS.
The underlying software foundation preserves strict isolation between the different security functions and user-facing operating systems. Since the compute resources and peripherals are assigned at runtime, a guest does not have access to another guest’s resources. LynxSecure by itself does not have access to the guest operating system.