Virtual Security

Aug. 4, 2005

Security is a key feature for most virtual-memory OSs. Given sufficient hardware controls, an OS lets an application perform any operation it likes. The OS will trap any operation that's restricted and either execute an appropriate, usually comparable a

William G. Wong

Common Criteria Evaluation Assurance Levels (EALs) number 1 (lowest) through 7 (highest). The U.S. government and other organizations use them to specify a system's level of proven security. The "proven" part is where the difficulty comes in. As systems grow in size and complexity, so does the difficulty in proving an EAL above 1.

With system virtualization, proving a system's vulnerability to security breaches becomes significantly easier, assuming the virtualization support can be proven secure. This usually isn't difficult because of the hypervisor's small size.

It's then possible to group OSs and applications by their security requirements. Proving that this system meets the design's security requirements may still be a big job on a large system. But additions to the system are now much easier, because only the subsystem where the new addition is placed needs confirmation.

Virtualization also makes policy-based security easier to implement for the same reason. A system manager can set up a new virtual space for a user or customer that's isolated from other OSs and applications. Likewise, it's now much easier to change while the system is running.

About the Author

William G. Wong | Senior Content Director - Electronic Design and Microwaves & RF

I am Editor of Electronic Design focusing on embedded, software, and systems. As Senior Content Director, I also manage Microwaves & RF and I work with a great team of editors to provide engineers, programmers, developers and technical managers with interesting and useful articles and videos on a regular basis. Check out our free newsletters to see the latest content.

You can send press releases for new products for possible coverage on the website. I am also interested in receiving contributed articles for publishing on our website. Use our template and send to me along with a signed release form.

Check out my blog, AltEmbedded on Electronic Design, as well as his latest articles on this site that are listed below.

You can visit my social media via these links:

I earned a Bachelor of Electrical Engineering at the Georgia Institute of Technology and a Masters in Computer Science from Rutgers University. I still do a bit of programming using everything from C and C++ to Rust and Ada/SPARK. I do a bit of PHP programming for Drupal websites. I have posted a few Drupal modules.

I still get a hand on software and electronic hardware. Some of this can be found on our Kit Close-Up video series. You can also see me on many of our TechXchange Talk videos. I am interested in a range of projects from robotics to artificial intelligence.