The prpl Foundation has demonstrated its prplHypervisor for preventing industrial IoT attacks from moving laterally from one function to another.
The prplHypervisor from the prpl Foundation has made its debut at the IoT Evolution Expo in Las Vegas. The prplHypervisor is a light-weight open source hypervisor specifically designed to provide security through separation for the billions of embedded connected devices that power the Internet of Things.
VM supervision with hypervisor
A hypervisor is a piece of management software designed to look after Virtual Machines (VMs), or computers that are defined in cyberspace to work on servers often situated in cloud data centres. With a hypervisor, you can use one single chunk of hardware to run multiple Operating Systems and each OS will appear to have its own processor, memory, Input/Output (I/O) channels and other resources.
A “light weight” hypervisor is one that doesn’t take up a lot of resources on the chip hardware. This is an important feature in the protection of smaller, everyday IoT devices.
A principle set out in the Security Guidance for Embedded Computing published by prpl in early 2016, security through separation is key to fixing the fatal security flaws plaguing the IoT. “From theft of personal information and financial data to remote takeover of devices which could bring harm to the public, it’s in the interest of every stakeholder in the connected device supply chain to ensure that these devices are designed first for security,” said Art Swift, president, prpl Foundation.
Avoiding lateral movement
The prplHypervisor uses the power of hardware virtualisation to create multiple distinct secure domains. Applications and operating systems can operate independently and securely within these domains; the prplHypervisor eliminates the possibility of lateral movement within the system while allowing secure high-speed inter-VM communications.
Lateral movement refers to the phenomenon where attackers often compromise one weak point in a system and are able to use it to move laterally around it. An example of this was the hacking of a car a few years ago in which the hackers took advantage of the wireless internet connection to take control of the vehicle.
The prplHypervisor uses hardware virtualisation to create separate domains within the device, so for instance, you could have two or more assets, like hardware platforms, operating systems, storage devices or networking resources, running in tandem and contributing to the useable device. However, if one of those assets were compromised by a security flaw or attack, the others would remain unaffected due to the elimination of lateral movement.
Cesare Garlati, chief security strategist at prpl Foundation, demonstrated the prplHypervisor as part of a joint development effort of three key prpl members: Intrinsic-ID, Altran and the Pontifical Catholic University of Rio Grande do Sul (PUCRS). Garlati showed three virtual machines connecting to the Internetand securely controlling a robotic arm. The first VM receives commands from the Internet via Altran’s picoTCP stack, the second VM authenticates the request via Intrinsic-ID’s implementation of the prplPUF API and the third VM controls the robotic arm via USB. The three VMs are completely separated and communicate within the system via prplSecureInterVM APIs.
“PUCRS University is pleased to see their collaboration with prpl Foundation bear fruit. The prpl Foundation’s support of our GSE (Embedded Systems Group) team has allowed our professors, PhD and other students, computer scientists, computer engineers and undergraduate students continue working toward our long-term goal of developing cutting-edge technology to secure the Internet of Things.” said Fabiano Hessel, associate professor at PUCRS.