• Solutions

• What is Mobile Virtualization
• Mass-Market Smartphone
• Quicker Development
• Branded Service Integration
• New Platform Adoption
• M2E and Nirvana Phone
• SecureIT Mobile

• Virtualization and Security

• Virtualization and Paravirtualization
• Secure HyperCell Technology
• Mobile and Embedded Systems
• Benefits of Virtualization
• The OK Labs Virtualization Advantage
• Unbeatable Security
• Platform Requirements
• The OKL4 Microkernel Advantage

Secure Services

Download the white paper: SecureIT Mobile

The need for supporting mobile commerce, remotely accessing enterprise business assets, and securing sensitive personal information on mobile devices is growing rapidly. Organizations responsible for safety and security are looking to use standard handsets to manage costs without compromising their communication. Mobile virtualization can help meet these emerging security requirements for mobile devices.

Rich functionality provided by smartphones and enabled by complex OSes and application software also carries risk of exploitation.  Securing applications and services running in complex software environments has proven difficult.  Complex software inevitably contains bugs and security vulnerabilities, providing an on-ramp for malware and other exploits.

Virtualization can help secure mobile platforms, applications, and services by keeping trusted software to a bare minimum – the hypervisor itself and carefully chosen additional components – and then isolating them from potential threats.

Virtual machines, containing a bare minimum of essential software, can be dedicated to secure services. A single phone could contain VMs optimized for execution of secure services and for rich applications, deployed side-by-side, with practically no incremental BOM costs to support the capability.

Security is best created from the ground up and the OKL4 mobile virtualization solution provides a strong security foundation for mobile device software.

Secure service examples include:

• Mobile payments and mobile banking
• Access to private medical records
• Secure access to business-critical corporate data and applications from employee personal mobile phones
• Secure calling capability

Isolation

“Need to know” is the watchword employed in building organizational security; “need to access” is its direct analog in computer security. The ability to isolate different software environments is a key tool for building secure systems. With the OKL4 Microvisor, mobile system and security architects have the flexibility to isolate complete virtual machines (VMs) together with guest OSes and hosted applications down to a single application/service or even individual device drivers. Bullet-proof, granular isolation can not present impediments to performance. The OKL4 Microvisor gives architects and integrators the freedom to establish high-speed communications channels among OKL4 guest environments, meeting performance requirements of wireless, multimedia, and other real-time software.

Strict VM isolation also enhances security by mitigating software defects. Through componentization and isolation, device OEMs, mobile network operators (MNOs), ISVs, and other mobile ecosystem players can isolate de-privileged and untrusted software from trusted system software, limiting the impact of software faults and the ability to build security exploits on them.

OKL4 mobile virtualization reduces the quantity and complexity of software running in privileged mode. With OKL4, the only privileged mode software running is the OKL4 Microvisor itself, while guest OS kernels and device drivers execute as user-level entities, greatly reducing the impact of both exploits and software faults.

OKL4 also offers fine-grained capability-based protection, supporting the principles of least privilege, separation of privilege, and complete mediation in the OKL4 kernel itself and systemwide.

Trusted computing base – size does matter
Mobile software content doubles every two years, accompanied by falling prices of DRAM and flash. Despite this burgeoning software load, the security of mobile software still hinges on the size and scope of mobile systems' trusted computing base (TCB).

With the OKL4 Microvisor, system and security architects gain the opportunity to isolate software components with high security requirements into minimal cells. The footprint of such a lightweight cell is typically orders of magnitude smaller and more manageable than a complete OS, significantly reducing the size of the mobile systems' TCB, and associated risks.