Advertisement

LynuxWorks and Wave Demonstrate First Use of Multi-Banded Self-Encrypting Drive Combined with Secure Virtualiz

LynuxWorks and Wave Demonstrate First Use of Multi-Banded Self-Encrypting Drive Combined with Secure Virtualization

LynuxWorks, Inc. recently announced its continued collaboration with Wave Systems Corporation (NASDAQ:WAVX) on the use of a self-encrypting drive (SEDs) with the LynxSecure separation kernel and hypervisor for running multiple operating systems simultaneously on a single endpoint. The demonstration links individual encrypted disk bands to different secure virtual domains provided by LynxSecure, running on a single device. The demonstration takes place this week In the LynuxWorks booth (#310) at the 2nd Annual National Security Agency’s (NSA) Trusted Computing Conference and Exposition (Orlando, FL, September 20-22).

As the use of portable and mobile endpoints become more common in the business environment, the risk of data compromise through either physical or cyber theft grows. New mechanisms are required to protect sensitive information while the endpoint is either ‘at-rest’ or ‘on-line’ away from the company premises. The collaborative use of SEDs and secure virtualization on an endpoint offers this protection.

SEDs are a better option than traditional software encryption for protecting data when using virtualization on an endpoint, as the encryption is “built in” to the drive itself. Multi-banded SEDs are the latest generation of this drive technology, and feature separate bands on the disk, with each band separately encrypted that can be used for storing data with separate levels of security or sensitivity on a single system. Multi-banded SEDs have been used in Enterprise deployments over the last few years, but this is the first known demonstration of the technology running on an endpoint device linked to secure virtualization.

Virtualization allows IT organizations to run multiple ‘virtual’ machines on a single physical machine. Each virtual machine shares the resources of a single computer across these multiple environments, allowing different operating systems and multiple applications to run simultaneously. A secure separation kernel and hypervisor, like LynxSecure from LynuxWorks, maintains each virtual machine in its own secure partition, not allowing any access from one partition to another partition’s data or applications, and effectively splits an endpoint device into multiple secure systems. Separation kernel technology is one of the fundamental building blocks used by the defense industry for running multiple security levels on a single system. Secure virtualization can effectively separate traditionally unsecure environments such as Internet browsing from sensitive corporate applications and data that are housed on the same endpoint.

When combining secure virtualization with the new encrypted drive technology, each band on the multi-banded SED is linked to a secure partition, so now the data for each partition is securely separate as well. Data used by one partition can neither be accessed by, nor even seen by another partition. This allows endpoints to have multiple levels of data protection, whether ‘at-rest’ or ‘on-line.’

“The latest LynxSecure release has added some key features to make endpoint devices secure without loss of user functionality.” said Gurjot Singh, CEO and president of LynuxWorks. “Combining LynxSecure 5.0 with the multi-banded SED technology from Wave has just added an extra level of security to endpoints and we believe has raised the bar for fighting the battle against cyber criminals.”

“Our collaboration with LynuxWorks and their LynxSecure separation kernel and hypervisor is helping to bring new levels of protection to sensitive data held on portable endpoint devices,” said Dr. Robert Thibadeau, Wave’s chief scientist and senior vice president. “This unique demonstration is a real eye-opener for IT organizations who are worried about both physical and cyber theft of their corporate information.”

Technology Demonstration:

For the technology demonstration at the NSA Trusted Computing Conference, LynuxWorks will use an off-the-shelf Dell Latitude, pre-installed with the LynxSecure separation kernel and hypervisor, equipped with a Seagate multi-band SED managed by Wave’s EMBASSY Trusted Drive Manager. One LynxSecure partition will run the Microsoft Windows XP operating system (OS) and will be used for personal applications, data and Internet browsing; the other secure partition will run the Windows 7 OS with corporate applications and sensitive data. Each partition will be mapped to separate self-encrypted bands on the Seagate drive. The demonstration will show how the two partitions can be run simultaneously on a single machine, using a secure software graphics switch to move between them. However, if the appropriate security device (such as USB dongle, Common Access Card (CAC) or fingerprint sensor) is not in place when starting the endpoint, the Windows 7 partition will not unlock the secure band of the SED, and hence the sensitive data will not be accessible even while the machine is running.

www.lynuxworks.com

Advertisement



Learn more about LynuxWorks

Leave a Reply