Open Kernel Labs is a privately owned company that develops microkernel-based hypervisors and operating systems for embedded systems. The company was founded in 2006 by Steve Subar and Gernot Heiser as a spinout from NICTA. It is headquartered in Chicago, while research and development was located in Sydney, Australia. The company was acquired by General Dynamics in September 2012. Wikipedia.
Heiser G.,University of New South Wales |
Leslie B.,Open Kernel Labs
Proceedings of the 1st ACM Asia-Pacific Workshop on Systems, APSys '10, Co-located with SIGCOMM 2010 | Year: 2010
We argue that recent hypervisor-vs-microkernel discussions completely miss the point. Fundamentally, the two classes of systems have much in common, and provide similar abstractions. We assert that the requirements for both types of systems can be met with a single set of abstractions, a single design, and a single implementation. We present partial proof of the existence of this convergence point, in the guise of the OKL4 microvisor, an industrial-strength system designed as a highly-efficient hypervisor for use in embedded systems. It is also a third-generation microkernel that aims to support the construction of similarly componentised systems as classical microkernels. Benchmarks show that the microvisor's virtualization performance is highly competitive. © 2010 ACM.
Open Kernel Labs | Date: 2012-12-11
Methods and apparatus for interleaving priorities of a plurality of virtual processors are disclosed. A hypervisor assigns a base priority to each virtual processor and schedules one or more virtual processors to execute on one or more physical processors based on the current priority associated with each virtual processor. When the hypervisor receives an indication from one of the virtual processors that its current priority may be temporarily reduced, the hypervisor lowers the current priority of that virtual processor. The hypervisor then schedules another virtual processor to execute on a physical processor instead of the virtual processor with the temporarily reduced priority. When the hypervisor receives an interrupt for the virtual processor with the lowered priority, the hypervisor raises the priority of that virtual processor and schedules the virtual processor with the restored priority to execute on a physical processor so that processor can handle the interrupt.
Open Kernel Labs | Date: 2012-12-07
Methods and apparatus for sharing memory between multiple processes of a virtual machine are disclosed. A hypervisor associates a plurality of guest user memory regions with a first domain and assigns each associated user process an address space identifier to protect the different user memory regions from the different user processes. In addition, the hypervisor associates a global kernel memory region with a second domain. The global kernel region is reserved for the operating system of the virtual machine and is not accessible to the user processes, because the user processes do not have access rights to memory regions associated with the second domain. The hypervisor also associates a global shared memory region with a third domain. The hypervisor allows user processes associated with the third domain to access the global shared region. Using this global shared memory region, different user processes within a virtual machine may share data without the need to swap the shared data in and out of each processes respective user region of memory.
Open Kernel Labs | Date: 2012-11-12
The present disclosure provides methods and apparatus for fast context switching in a. virtualized system. In the disclosed system, a globally unique application-space identifier is associated with each guest application. No two applications share the same application-space identifier, even if the two applications reside in different virtual machines. Domain identifiers are used to ensure that a guests mappings are only active when that guest is executing. A unique domain identifier is associated with each virtual machine, and all translation lookaside buffer entries thereby mapping the guests kernel pages with that domain value. All other mappings are tagged with a predefined domain such as zero. In addition, a virtual memory management unit may be configured to support two virtual page table pointers and a configurable boundary between a virtual user page table and a virtual kernel page table. In such an instance, the two virtual page table pointers are presented to a guest operating system, and two physical page table pointers are associated with the two virtual page table pointers.
News Article | March 21, 2012
Don't think you can rely on advances in technology to take care of online security threats to your business. You and your employees are the biggest threat, according to a cyber-crime lecturer at Macquarie University, Milton Baar. The smart attackers ''don't hack software and hardware, they hack people'' to plant malware in organisations, Baar says. ''At the corporate level [we can expect to see] more emails, more web links and more enticements to link that appear to come from legitimate sites.'' A frequent refrain from small-to-medium businesses is that there is nothing of value on their machines, says a security analyst at Gartner, Rob McMillan. ''Information about the business could be used to generate loans in the name of the business and information about staff [such as banking details] could be used to obtain fraudulent loans or break into a bank account,'' he says. Rather than helping secure your system, advances in technology are also creating a new wave of online security threats for businesses. Malware on mobile phones is going to take off in the next year or two, says Gernot Heiser, a senior researcher at NICTA, an Australian ICT research organisation. ''Mobile phones used to access business systems make them an increasing target for malware,'' says Heiser, a co-founder of mobile phone software company Open Kernel Labs. Mobile phones are the ''new weakest links'', says the chief technology officer at internet security company Pure Hacking, Ty Miller. ''If a mobile device is brought into an organisation, there is a risk of transferring malicious content on the phone to a laptop, [which means] an attacker could have access to corporate data,'' Miller says. Mobile phones are typically off the radar for regular software and security updates, he says. ''Smart phones and tablets - even though they are computers - are considered as appliances and are not included in the patch management process.'' Open Kernel Labs and AVG Technologies (with its recent acquisition of mobile-security company DroidSecurity) are working on technology to protect mobile phones. ''Meanwhile, the best short-term defence is to be very careful what you allow on your phone,'' Heiser says. ''App [stores] screen apps but it is unfeasible to keep doing that with the proliferation of apps being developed.'' Finally, Heiser says it pays to make sure employees are aware of the dangers of using personal phones to access a business system. Another weak link in security is the cloud. Businesses thinking of saving on operating costs by moving systems into a cloud need to remember that the cloud is an unknown environment. Are the savings worth the effort of assessing the security risk of the host provider? ''A host provider has full access to your data,'' Miller says. ''There was [the case] two months ago where a Gmail employee started going through people's email accounts. ''If you have nothing private or sensitive, then you can put it on the cloud.'' Also, as businesses are placing more and more data on the cloud, they are not aware of where it ends up, says Anna Liu, the cloud computing research leader at NICTA and an associate professor at the University of NSW. ''Is it still in Australia?'' she asks. ''Is it in the US? Can the online service provider use that data [in another context]? Different countries have different laws for privacy data. The US can examine your data if they suspect national security issues. Is that consistent with your business conduct? ''We put great trust in online service providers. The cloud is an environment where many different businesses share the same environment. This increases the potential for a side-channel attack, where one business attacks another in the cloud. They may get inappropriate control of the underlying platform and, therefore, potentially of other business users' data and applications running on the same shared environment.'' Web browsers are another concern, Miller says. ''Web browser companies are constantly trying to improve features but as browsers become more complex, more security vulnerabilities are introduced.'' This means internal corporate networks could be compromised through phishing attacks as well as targeting smartphones and tablet PCs, he says. It is even more important that businesses maintain vigilance in making sure all the usual security tasks are done. ''Keep all software up-to-date and make sure patching is done,'' Miller says.
News Article | March 21, 2012
IMAGINE a personal computer that has two souls. One moment it is your work machine, complete with a set of corporate applications and tight security settings. Then it becomes an entertainment centre, allowing you to watch any video and download any program. Thanks to a process called “virtualisation”, such computers are now being created. Ever more processing power and clever software are allowing devices of all kinds to separate from their hardware vessels and move to new homes. If this process continues as some expect, it will change computing radically. And more than one IT company will have to rethink how it does business. Virtualisation dates back to the age of mainframe computers. To make better use of them they were sometimes split into smaller “virtual machines”, each of which could run its own operating system and application. But the approach took off only in recent years, when VMWare, a software firm, applied it to servers, the powerful computers that populate today's corporate data centres. VMWare and its main rivals, Citrix and Microsoft, have since developed all kinds of software tools to manage virtual machines—moving them between data centres, for example. The success of server virtualisation has inspired IT firms and their customers to do the same thing with other types of hardware, such as devices to store data. Software now pools their capacity and allocates “virtual disks” as needed. Going further, Dropbox, an online storage service, saves identical files only once. Even large files can take only seconds to upload if they already exist somewhere on one of these firms' disks. The virtualisation of PCs is now under way. Many company computers can already work with applications that run on a central server. But start-ups are pushing the concept further. Desktone offers virtual desktops as an online service. NComputing, a maker of computer terminals, virtualises PCs so they can be shared by up to 30 users. It has already sold more than 2.5m devices, mostly to developing countries and schools. And technology from MokaFive can send an entire virtual machine—complete with operating systems, applications and data—over the network and install it on any PC. Eventually people may no longer need to carry laptops at all. Virtual computers, including data and applications, will follow them everywhere. In the long run, smartphones and other mobile devices may also become shells to be filled as needed. Open Kernel Labs, a start-up in which Citrix has a stake, already lets smartphones run applications, multimedia and radio functions on a single processor, cutting manufacturing costs. Software from Citrix turns the iPad, Apple's tablet computer, into a terminal for applications that run in a corporate data centre. How quickly will virtualisation advance? Gartner, a market-research firm, predicts that the overall market for virtualisation software will grow from $2.7 billion this year to $6.3 billion in 2014. There is certainly no lack of demand. Virtualisation lowers costs by enabling firms to make better use of their servers and buy fewer new ones. The technology also allows PCs to be maintained remotely, which is much cheaper. But improved reliability and security are even more of an attraction. Users of MokaFive, for instance, can relaunch their virtual machine should a computer virus infect it. And it can be shut down if a laptop is lost or stolen. Yet the technology also has to overcome a few hurdles. The virtualisation of servers is well understood, but for PCs and mobile devices the technique has yet to mature. In the longer run institutional barriers will prove more of a problem, argues Simon Crosby, Citrix's chief technology officer. Virtualising IT systems, he says, is only the first step to automating their management. This is seen as a threat to existing workers and makes many IT departments hesitant to embrace the technology. Still, analysts believe virtualisation will win out. Its impact will be felt through the industry. The technology not only makes IT systems more flexible, but allows firms to switch vendors more easily—which will weigh on the vendors' profits. Big software firms such as Microsoft and Oracle may be hit hardest. But many hardware-makers may suffer as well, since their wares will become even more of a commodity than they are today. Moreover, virtualisation makes it much easier to add new servers or storage devices. Alternatively, firms can simply rent extra capacity from operators of what are called “computing clouds”, such as Amazon Web Services. That outfit has built a network of data centres in which virtual machines and disks can be launched in seconds. As a result, IT systems will increasingly no longer be a capital expense, but an operational cost, like electricity. Yet the most noticeable change for computer users will be that more employees will be allowed to bring their own PC or smartphone to work, says Brian Madden of TechTarget, a consultancy. Companies can install a secure virtual heart on private machines, doing away with the need for a separate corporate device. A “bring your own computer” or “BYOC” movement has already emerged in America. Companies such as Citrix and Kraft Foods pay their employees a stipend, which they can use to buy any PC they want—even an Apple Mac. Such innovations may help to ease growing tensions between workers and IT departments. New privacy regulations and rampant cybercrime are pushing firms to tighten control of company PCs and smartphones. At the same time more and more “digital natives” enter the workforce. They have grown up with the freewheeling internet and do not suffer boring black corporate laptops gladly. Giving workers more freedom while helping firms keep control may prove to be the biggest benefit of virtualisation.
News Article | June 25, 2011
Mobile virtualization boasts an array of use cases — from cost savings for mobile device manufacturers to security for “Obamaberries” and other superphones. It also can give mobile devices dual personas. A hot topic today is the use case that’s also of greatest interest to smartphone and tablet users — enterprise mobility – using virtualization in the enterprise to support secure corporate connectivity and productivity on-the-go. Most discussions of enterprise mobility focus exclusively on the benefits of giving mobile workers access to corporate data, networks and applications. In theory, that means making workers more productive while saving on capital equipment costs. In practice, enterprise mobility often forces a choice between corporate security, or worker productivity and personal freedom. Mobile workers around the world increasingly prefer to use their own smartphones, tablets, and other wireless devices for both professional and personal communications and computing. This consumerization of enterprise IT, a natural consequence of smartphone and mobile applications growth, puts new pressures on companies to accommodate and secure employee-owned mobile devices. Historically, IT security concerns have resulted in employee mobile devices running the RIM (BlackBerry) operating system or Microsoft Windows variants as the primary “supported” mobile devices in corporate environments. However, the overwhelming popularity of new devices including the iPhone, iPad and a wide range of Android smartphones has resulted in employees increasingly sneaking their own personal devices into the workplace. A number of technical and process-based approaches are commercially available to address requirements for enterprise mobility security. Currently, enterprise IT looks to Mobile Device Management (MDM) and endpoint security technologies such as encryption and anti-virus software, to bolster enterprise mobility. These technologies are necessary and powerful, but leave critical requirements unmet. In particular, MDM and endpoint security rely on the integrity of the underlying smartphone operating system (OS) and software stack, which are still vulnerable to exploits. Even the security software that protects the device may be susceptible, threatening both the integrity of the mobile device and any information that passes through it. Many of these company-imposed restrictions also make mobile devices too cumbersome for personal use, limiting productivity and increasing corporate vulnerability as users ditch the proper procedures. Implementing enterprise security policy usually entails restrictions on freedom to fully use the capabilities of the device (e.g., blacklisting online destinations, curtailing application download and use). The unfortunate result is that employees continue to carry a second, personal device, leaving many benefits of enterprise mobility unrealized. In data centers, virtualization separates the hardware from the software running on it, allowing for consolidation of separate, disparate physical systems into multiple virtual machines on one server. Mobile virtualization effects a similar consolidation by merging multiple dedicated embedded processors onto a single CPU. Mobile virtualization provides a secure, isolated and robust run-time environment for programs (including operating systems), which is indistinguishable from actual “bare metal” hardware. This environment is called a virtual machine (VM). The virtual machines can become a container for guest software, imitating computer hardware and isolating guests from one another. Providing the virtual machine environment and managing VM resources is a software layer called a hypervisor. Enterprise desktop virtualization programs are typically application-level (Type II) hypervisors: They let users run additional OSes and applications, such as Windows on MacOS, or Linux on Windows. But, to be effective and truly secure, mobile virtualization should employ Type I hypervisors, “bare metal” technology comparable to blade and server virtualization in the enterprise data center. Not all Type I hypervisors are created equal. Some mobile virtualization platforms offer superior performance and finer granularity than others. A smaller trusted compute base and stricter hardware-enforced separation among virtual machines assures a more secure mobile virtualization solution. The fine-grained “capabilities” available with some hypervisors make it easier for integrators and architects to configure and control communication among virtual machines, without compromising performance or security. Such fine-grained control allows mobile system designers to expose select characteristics of a shared devices (e.g., a sound chip or wireless interface) giving one trusted guest OS full read/write permissions to it, but more restricted access to a second untrusted guest, either directly or through a virtual device driver. Access controls like these are fast and hardware-enforced using processor-based memory management, and impose little or no power consumption or response-time overhead. Mobile virtualization software itself (a microvisor), also imposes minimal cost in the software bill of materials of a smartphone or other mobile device, and, in fact, can substantially reduce those costs in three ways. First, consolidating multiple CPUs onto a single chipset saves on silicon. Second, systems with fewer hardware components cost less to test and are inherently more reliable, improving manufacturing yields and margins. Third, fewer components draw less power, allowing use of smaller, cheaper batteries or letting users squeeze more life and talk time. These savings are more than just “cost shavings.” – Tear-downs from OK Labs and industry analysts show that mobile hardware consolidation can yield savings of upwards of $65 on total device expenses of $150-$250. Such steep cost reduction improves margins, makes smart devices more accessible, and even opens new segments for affordable “mass market” smartphones. Effective enterprise mobility rests on three pillars: security, privacy, and freedom to fully use the capabilities of the device. Of the various options for implementing enterprise mobility securely while preserving end-user privacy and freedom, only mobile virtualization consistently balances all three pillars. Other solutions attempt to implement the form of dual persona functionality, but miss the substance of underlying security, and of preserving privacy and freedom. Mobile virtualization lets enterprise IT secure access to enterprise assets and services, while ensuring user privacy and preserving intact smartphone user experience. All on a single off-the-shelf smartphone or tablet! And, mobile virtualization lets users adopt the mobile device of their choice, while allowing corporate IT departments to manage sensitive data on those devices with enterprise-level security and compliance. Steve Subar is founder and CEO of Open Kernel Labs.
News Article | February 27, 2012
US Government workers might not be best known for their sense of style, but some Defense Department workers may soon be carrying Prada - the phones, that is. With a US Department of Defense contract in hand, Open Kernel Labs is working with LG to develop a secure version of the Prada Android phone for the department's workers. Employees who have the phones will be able to access government data using secure apps, OK Labs said. The DoD has not made any commitments about the number of phones it plans to buy and OK Labs can't disclose exactly which applications will be secured on the phones, said Carl Nerup, vice president of global business and corporate development for OK Labs. The DoD can decide to let users switch between a personal section of the phone and a work section or simply load the secure apps onto the phones. In a press release about the deal, OK Labs said the companies are working on securing other devices including tablets and devices running other mobile platforms in addition to Android. The goal, OK Labs said, is to allow government workers to carry one phone. Some workers use two phones: one sanctioned by their employer for security reasons and another that the user chooses based on personal preferences. For the OK Labs technology to work, OEMs must build software into the phones before they are shipped and then apps must be made compatible with the technology. The result is a secure app running in a virtual machine that can't be accessed by malware that might be loaded onto the phone. As part of the deal, the DoD defines the requirements it's looking for on the phone and is funding its development, Nerup said. But LG will be able to sell the resulting upgraded version of the Prada outside of the DoD to security-conscious enterprises. OK Labs expects the phones to start being used by the DoD in mid-2012. The company couldn't say what the phones would cost but estimates they will sell for 10 percent to 20 percent above the wholesale price. Subsequent phone models shouldn't take quite as long to produce, particularly for an enterprise that doesn't have quite as arduous a process as the DoD has for introducing a new device, Nerup said. OK Labs has also released a white paper that covers virtualization in mobile devices. OK Labs hopes that the white paper will allow other vendors to model their systems on the architecture described, in order to sell similar kinds of virtualized phones to government agencies. Virtualization on mobile phones has been a hot topic recently. OK Labs, VMware and Red Bend are among companies virtualizing mobile phones so that the most security-conscious employees can use popular consumer phones for work applications. Verizon last year said it would sell an LG phone that offers virtualization technology from VMware, and Telefonica has announced plans to offer a Samsung phone with VMware's virtualization technology.
News Article | March 4, 2013
Around 1.2 billion Catholics will wait on pins and needles as the Cardinals enter the Sistine Chapel in Rome's Holy See during conclave in order to elect the new Supreme Pontiff, for as much as two weeks or maybe even a month, according to Vatican history. However perhaps a billion smartphone and tablet users -- with Android and iOS claiming nearly as many religious followers as Roman Catholicism -- are still waiting for the blessings of Enterprise IT before their devices can enter their Holy Networks. Bring Your Own Device, or BYOD, has always been a tricky issue for large corporations. To lower IT costs, allowing employees to bring their own smartphones and tablets to work has a clearly identifyable cost savings over employer-supplied devices, but there are three major problems with this. First is the issue of securing the employee device to meet any number of corporate security standards that allow it to participate on the network as a managed client, the second is to ensure the security of corporate data, and the third is allowing the employee to use their device freely for personal use. There have been a number of approaches to this in the past, all with varying degrees of success, but overall BYOD has only been considered a small experiment in corporate IT in most companies. At this year's Mobile World Congress in Barcelona, a number of technologies and initiatives previewed by mobile device vendors and ISV/System Integration companies will now ensure the "Holy Trinity" for BYOD can finally be achieved. Samsung, the Korean electronics giant and the world leader in handset sales, has released KNOX , an integrated security offering for BYOD that allows any enterprise the ability to secure their smartphones on a corporate network. Among other features, such as integrated Centrify Active Directory single sign-on capability, KNOX is a "containerization" technology, which gives enterprises the ability to run applications, data and settings in a segmented and fully protected region of the Android OS that is entirely separate from the employee personal data and applications and can be remotely wiped if the device is lost or the employee is terminated. This security implementation is not unlike the "Jails" or "Zones" which exist on Oracle's UNIX-based Solaris operating system that runs on their UltraSPARC mid-range enterprise servers. Containers are a type of virtualization also referred to as "OS virtualization" where a single OS kernel provides the constructs for memory and storage isolation, and is considered the least resource intensive form of virtualization. While Container technology like KNOX when combined with policy-enforced management may be sufficient for many enterprises, it limits smartphone use to a single vendor (in this case Samsung) and may not be secure enough for other types of enterprises such as Government, Banking and Healthcare. For the most demanding security requirements, there is GD Protected, which is an entire suite of technology offerings from General Dynamics C4 Systems. Yes, the very same General Dynamics that has brought you the F-16 jet fighter and the ultra-secret "Obamaberry." Ultra-secure devices like the Sectera Edge "Obamaberry" used in military and government communications used to be extremely vertical, and extremely expensive (as in multi thousand dollar each) in nature. But with the acquisition of Open Kernel Labs' Type-1 OKL4 "Microvisor" technology General Dynamics is looking to make a big splash in the commercial space using far less expensive commodity hardware like the Samsung Galaxy SIII and the LG Optimus. This broad suite of technology which is avaliable to OEM and carrier partners to license and use in their own offerings includes TrustZone Integrity Measurement and Attestation, Certification & Accreditation of the hardware, Trusted Boot & Provisioning, Secure Voice/Email/Data/Browsing & Network Access, Containers, On-Device data encryption, Mobile Device Management (MDM), Global Policy Arbitration, Virtual Private Networking, Smartcard verification, Secure Gesture and Mobile Virtualization. General Dynamics has created a proof-of-concept smartphone using LG's hardware called "Groom Lake" (named after the super-secret government facility in the Nevada Test Site which reportedly houses "Area 51", that makes the goings-on at the Vatican look downright open by comparison) which utilizes all of these security technologies and is currently avaliable for evaluation by enterprises. General Dynamics is not the only vendor that has created a virtualized, dual-personality smartphone for Enterprise use. Red Bend, who is a leader in the wireless carrier over-the-air software update and carrier handset provisioning space, has partnered with Samsung in releasing a Galaxy SIII handset under their "TRUE BYOD" branding which is being sold to enterprises today under Samsung's partnership program. It should be noted that GD's "Groom Lake" systems architecture, as well as Red Bend's VLX, while initially implemented on Android, can work with other mobile operating systems such as Windows Phone, BlackBerry OS 10, Ubuntu for Mobile, webOS, and even Apple's iOS if the respective companies were willing to license the technology and GD and Red Bend were to para-virtualize the drivers necessary for each of the mobile operating systems to run on their respective hypervisors. If this level of effort to virtualize all of the leading mobile OSes were undertaken, a "Best of Breed" smartphone could exist with say, Windows Phone 8 as the secure corporate image and Android as the personal phone, both virtualized on the same hardware. If anything, that would make smartphones and tablets in the enterprise religious-agnostic. So far, Samsung has licensed the GD TrustZone piece as an add-on option in KNOX for enterprises looking to add OS image valaidation. But soon, by using the entire GD Protected suite and the microvisor technology, we could see systems like the Dual Persona Secure Smartphone as depicted below in enterprises all over the world. Will comprehensive Obamaberry-style security and mobile device management finally allow BYOD to "Get Religion?" Talk Back and Let Me Know.