There’s a growing consensus among Internet of Things (IoT) cyber-physical and cybersecurity experts that built-in not bolt-on security is the way to secure critical IoT/IIoT and Enterprise edge contexts, typically gateways and routers or PCs, laptops and tablets. To achieve that however, requires a shift in both thought and implementation.
That shift is epitomized by the separation kernel hypervisor (SKH), a technology, which is well known in military and aerospace, but not sufficiently understood or adopted by the IoT, IIoT and Enterprise. The SKH was highlighted in the recently released Industrial Internet Security Framework (IISF), section 8. It can be thought of as a virtual motherboard that sits underneath the OS and applications, and directly leverages the chipset’s virtualization capability. It provides hard isolation between partitions or virtual machines, while separating security policy definition from security enforcement.
This has numerous benefits like reducing the attack surface, preventing security policy bypass, hacks or penetration into the SKH itself. The SKH is the true realization of a reference monitor because all security relevant operations are mediated by the highest privileged entity on the platform. Some SKH implementations also provide real-time determinism allowing a real-time operating system to execute with time guarantees when responding to external events. Unlike general purpose type-1 hypervisors or Linux-based implementations, the SKH offers hard isolation between different software stacks thereby preventing security breaches or safety fault propagation across different virtual machines.
Harnessing SKH’s properties enables it to significantly reduce the attack surface of IoT/IIoT and Enterprise edge implementations. For the IoT to succeed, IT and OT networks must converge and yet be completely separated; a unique paradox. Security covering both cyber-physical concerns, namely human and animal safety, and cyber asset concerns, must address this paradox unequivocally.
The SKH addresses 3 primary pain points of any IoT/IIoT implementation: Fragmentation between the IT (cyber) and OT (physical/operations) networks; Porousness across domains where IT/OT networks converge a high potential exists for data leakage; Lack of security in preventing penetration of the IT network from the OT network or vice versa, and malicious activity emanating from one and damaging the other.
Any true SKH (caveat emptor as there are some posers out there) will offer speed, a small footprint, scalability, smart cost-effectiveness through legacy support and robust security. These key characteristics will distinguish a true separation kernel hypervisor as applied in the IoT/IIoT context:
Small footprint, that allows memory constrained devices and IoT gateways to utilize the technology without needing specialized hardware
Allows continued use of legacy software letting customers preserve their existing software investments
Provides real-time determinism to allow the quick reactions to external stimuli that are essential for OT systems
Allows immutable security configurations ensuring protection for IT systems
A scalable architecture that allows for future-proofing IoT/IIoT designs
Tamper-proof data-in-motion, data-at-rest and data-in-use protection.
Some example features of SKH solutions that merit mentioning are safety partitioning, where the real-time processing of sensor input and automated vehicle control functions must be separated from complex and hazardous network communications; and cross domain guards, where different categories of users require different classes of information access.
Typically, the SKH raises the assurance of systems that perform critical functions in currently regulated or ‘soon to be regulated’ environments like the IIoT, connected and autonomous vehicles, UAVs/drones, smart cities (critical infrastructure), aerospace and defense environments and so on. Also, as cybercrime is growing at an astronomical rate other areas that can benefit from SKH-based solutions include intellectual property, finance, banking, medical and legal.
Some large enterprises recognize that intellectual property and other critical information must be as securely protected as cyber-physical information, where life and limb are at stake. They are exploring using the SKH on PCs, laptops and tablets where the hard separation of sensitive-corporate and Internet connected personal workspaces is critical.
So, the Separation Kernel Hypervisor can be adapted to many use cases across the cyber-physical landscape and it should be the go-to platform for the many areas where security (cyber) and safety (physical) are increasingly mutually inclusive and must be, as far as possible, built-in; not bolt on.
Edited by
Ken Briodagh
