Star Lab’s Crucible hypervisor provides a trusted execution environment that addresses concerns unique to mission-critical computing:• Secure boot• Logical Isolation• Runtime integrity• Technology protection• Deterministic performance • Mission systems compatibility

Crucible is built upon the open-source and widely-deployed Xen Project1, and is specifically designed for use in hostile computing environments. Crucible operates as trusted supervisory software within the processor – configuring and controlling both hardware resources and software execution in order to ensure and maintain the integrity of system operations.

Secure Embedded Virtualization

202.706.7027

www.starlab.io

Crucible leverages hardware-based roots-of-trust to perform a secure boot process, and can optionally leverage hardware-provided security services at runtime. During system operation, the hypervisor enforces logical isolation such that software loads execute within private enclaves, even though they may be running on a single physical processor board.

Crucible also has strong technology protections and anti-reverse engineering features built directly into the hypervisor. These features ensure that sensitive applications and data within the system remain protected against unauthorized access, theft, and malicious modification – even in the face of dedicated hackers and reverse engineers.

1 https://www.xenproject.org

Crucible Runtime Architecture

Crucible Security Hypervisor

Mini OSLinux Windows Unikernel

Library OSBSP

Host Hardware

MissionDomain

ControlDomain

Micro-serviceDomain(s)

SupportDomain

Scheduler Security

DriverDomain(s)

Device Input/Output

Exceptions and Interrupts

DevicesMemory CPUs

AppApp

Kernel

APIsVM MgmtMiddleware

Kernel

APIs

JavaApp App

Kernel

JVMLibC

MemoryAccess

Inter VM Communcation

MMU

Technical Specifications:Crucible Core Functionality Type-1 (Bare Metal) 64-bit hypervisor based upon Xen 4.8+ 64-bit dom0 (mini-

malized Linux), isolated driver domains, SMP/AMP guest VMs

Supported Micro-architectures Intel Haswell, Broadwell, Skylake (x86-64), ARM Cortex A15, A53

Processing Cores and Memory 1 - 4096 processing cores, 1GB - 5TB system memory

VM Operating Systems Linux (PVH), Windows (HVM), VxWorks (PV), FreeRTOS

VM Image Format Default: RAW, Available: QCOW, QCOW2

Supported Virtualization Modes Default: PVH, Available: HVM, PV, PVHVM

Processor/Chipset Features Intel VTX, VTD (IOMMU), EPT, SMX, AES-NI, VE (ARM), TPM, UEFI

Performance Features Non-oversubscription of resources, VM scheduling determinism, interrupt control

Security Features Secure Boot, Software Encryption, Anti-debug, OS Hardening, Deprivileged root

Multi-Level Security Support Memory/Process Isolation, Mandatory Access Control (Logical/Virtual/Physical)

Star Lab Corporation1221 Connecticut Ave NWWashington, DC 20036

CRUCIBLE FEATURES

SECURE BOOT

Crucible’s TrueBoot functionality uses a trusted instantiation process to ensure that it will only decrypt and execute sensitive application software within authorized and verified embedded computing environments. On non-authorized, instrumented or modified hardware, the software remains fully- protected against exposure and reverse-engineering attacks.

TECHNOLOGY PROTECTION

Crucible is uniquely designed to shield sensitive software technologies from unauthorized access, theft, or reverse engineering. These protections are in place at rest, during boot, and throughout system operation. In addition to TrueBoot, Crucible provides runtime memory protection and anti-debug capabilities to protect sensitive applications at runtime.

LOGICAL ISOLATION

Crucible is configured to isolate execution domains from each other and rogue peripheral hardware. This provides the foundation for cyber attack isolation by preventing errant or malicious code in one domain from being able to read/write memory, manipulate resources, or otherwise affect operations in another domain. Furthermore, the memory protections configured by Crucible ensure that the hypervisor remains isolated from the execution domains as well as malicious peripheral hardware.

HIGH-ASSURANCE OPERATIONS

Crucible implements a number of best practices required for high-assurance systems, including comprehensive auditing of system activities, mandatory access control policies, and secure-by-default configuration options. Additionally, the hypervisor is optionally able to perform runtime integrity monitoring of core service and application VMs.

PROCESSING DETERMINISM

The Crucible Foundry Tools enable pre-defined allocation and non-oversubscription of hardware resources to ensure processing determinism at the VM. This ensures critical applications within each execution domain are able to complete operations in a fixed amount of time without interruption. Furthermore, dedicated peripheral assignment and scheduling frequency for each VM are configurable to guarantee that critical services cannot be interrupted by less-critical VM instances.

MISSION SYSTEMS COMPATIBILITY

Compatibility with existing production infrastructure is paramount to successful adoption of Crucible. Several high- priority compatibility issues are currently being addressed including: 1) support for existing operating systems and software code bases, 2) support for both older and newer processor architectures, and 3) support for common bus protocols, backplanes, peripheral hardware, and middleware/management controls.

https://starlab.io202.706.7027

info@starlab.io

Pricing data available upon request. Contact Star Lab to schedule a demonstration.