The design of secure equipment requires information of different sensitivity levels to be segregated and the ability of such information to be mixed or modified, or its processing to be disturbed, to be avoided.
Such information may be private or public, red or black, sensitive or shared, uncoded or encrypted.
Segregating such data requires a segregation of the processing operations that manipulate them, and of the storage spaces (persistent, volatile, temporary, etc.) that contain them. The task is difficult if it is considered that the means used to support these processing operations (processors, memories, etc.) are physical systems which 1) have edge effects on their environment (electromagnetic radiation, electrical consumption, etc.), 2) have intrinsic characteristics (memory caches, processing prediction elements, etc.) likely to hold sensitive information between two processing operations and, 3) use materials that may exhibit a certain remanence of the information after power down.
In the field of security, the prior art proposes technical solutions based on hardware segregation principles, or software solutions with low resistance to intrusion attempts (and therefore, with low security level). The current solutions, such as the red-black hardware architectures, known to those skilled in the art, are costly to develop and produce. They require the design and the evaluation of a number of hardware cards and, usually, a complex software environment for synchronizing the exchanges between cards, segregating the administration functions, etc. These solutions lack flexibility because they are hardware solutions, necessarily less easy to correct/update in case of correction of computer anomalies (better known by the term “bug”).
A number of manufacturers and laboratories are currently working on virtualization technologies and, more particularly, on their specific security issues. Today they are widely used by server managers and more anecdotally on workstations, generally for software development and debugging purposes. They are as yet little used for security requirements.
The patent application WO 2008/108868 discloses a system and a method for implementing a virtual security platform. This patent aims to create logic compartments on a server to associate each of them with a communication network or a subnetwork, with the aim of segregating the processing operations and the specific data from these networks. This patent addresses a network issue, and more specifically an issue of segregation of the addressing and routing spaces.
The use of a virtualization technology does not however make it possible in itself to resolve one or more of the abovementioned problems. It may, however, make it possible to make systematic the taking into account of physical means or specific security procedures, and to facilitate the security evaluation of a sensitive equipment item: the taking into account of the security constraints of an equipment item is related no longer to the operating system (or OS), potentially large and complex, and the applications manipulating sensitive data, but to the virtualization technology responsible for driving the hardware resources, for restricting access to the latter and for applying a strong partitioning (logical and, possibly, physical) between the various processing operations and the information streams. Ultimately, by using a virtualization technology, the issue for a designer of a sensitive equipment item becomes an issue of the secure design of “low level” and small size software, and no longer the securing of a huge amalgam of code lines. For information, virtualization is a software layer situated between the hardware and the operating system and the client application. It makes it possible to compartmentalize the application with an OS in mutually logically independent blocks; in other words, the virtualization makes it possible to produce a “leak-tight” or controlled partitioning between the compartments and ensure that only the authorized flows can intervene between the blocks. The virtualization technology was initially devised to pool and allow an equitable and transparent sharing of hardware resources (processors, storage and communication means resources, etc.) that are a priori costly and underused. This so-called “virtualization” technology enables a number of software environments dedicated to different uses or users to share the same hardware resources, while giving each the impression of these environments being the only ones to benefit from the resources of the accommodating platform. In that, the virtualization technologies are differentiated from the operating systems: a multitasking OS enables a number of applications to run simultaneously on the same hardware platform, without seeking to give them the impression that they are the only users of the platform.