Hypervisor boosts ‘bring your own device’ strategies
Multivisor v4 for Mobile is optimized for ARM processors and includes hardware accelerated 3D graphics concurrently shared between all Android personas and a Virtual Self-Encrypting Drive (vSED) for hypervisor-protected user authentication and data-at-rest protection. There is also a VPN for hypervisor-protected data-in-transit protection and a comprehensive suite of virtualised and securely shared I/O, including Bluetooth, USB, cellular voice and data, audio, hardware-accelerated graphics, touch screen/buttons, Wi-Fi, sensors, and GPS. Shipping since 2003, INTEGRITY Multivisor is built upon security certified separation kernel technology that provides highly assured isolation between personas while also providing a native open standard execution environment for security-critical tasks.
“As has already transpired in the cloud, the hypervisor is quickly supplanting the operating system as the software foundation for sophisticated consumer electronics,” said David Kleidermacher, chief technology officer at, Green Hills. “INTEGRITY Multivisor is the ideal hypervisor for mobile, enabling the vision of secure, dual-mode personal/business use and reduced total cost of ownership that is simply impossible with a mobile OS by itself.”
In addition to the isolation provided by its separation kernel, built-in security components of INTEGRITY Multivisor render common attacks impossible, including stealing encryption keys, key logging, and screen scraping. Yet, the security capabilities execute without the knowledge of the virtualised Android guest operating systems and without impacting user experience.
Historically, heavy guest kernel paravirtualisation was required to achieve acceptable virtualisation performance in mobile devices. These modifications are not only intrusive to the OEM development process, but they also slow time-to-market and result in a less maintainable and error-prone solution. ARM Architecture Virtualisation Extension (ARM VE) is a world-class implementation for virtualisation acceleration and hypervisor management. INTEGRITY Multivisor support for ARM VE was first demonstrated in commercial devices at the 2013 CES and is based upon Green Hills Software’s experience in virtualisation hardware that has been applied to the Intel (2005) and Power Architectures (2008).
Industry observers acknowledge that Type 1 hypervisors like the INTEGRITY Multivisor possess the necessary software foundation to achieve a far higher level of robustness and security than is possible with Type 2 hypervisors and OS virtualisation/containers. However, because the Type 1 hypervisor runs on bare metal, it must be ported. INTEGRITY Multivisor for Trusted Mobile Devices eliminates the traditional development time and cost tradeoff of the Type 1 approach because it leverages the INTEGRITY separation kernel that is already widely, rapidly, and continuously ported across processors as a real-time kernel for embedded systems. In addition, the INTEGRITY Multivisor for Trusted Mobile Devices v4 employs an I/O management infrastructure for secure sharing of the full suite of mobile and automotive device peripherals without requiring special assistance from device manufacturers. INTEGRITY Multivisor can be ported to a new mobile device using a supported chipset and Android release in weeks.
“Green Hills Software brings its 30+ years successful track record for deploying trusted and certified software solutions for mission-critical electronics to the mobile market,” said Chris Rommel, vice president of M2M & Embedded Technology at VDC.“This latest release of INTEGRITY Multivisor firmly places the Company at the forefront of mobile virtualisation and secure dual-persona technology.”