What Is a Hypervisor?

ProvenVisor is a next-generation hypervisor specifically designed for embedded devices with high flexibility and high-security requirements. Leveraging the ARMv8-A architecture and hardware virtualization extensions, ProvenVisor enforces strong security properties on its Virtual Machines (VMs) while providing efficient access to essential resources.

With a minimal Trusted Computing Base (TCB) and explicit authorization for inter-guest communications, ProvenVisor ensures the highest level of security for your critical
applications.

Designed for Security | ProvenVisor.

ProvenVisor has been designed from the ground up to ensure the security of the VMs it hosts, from its high-level architecture down to the implementation of each function, along with its support of ProvenCore for security services.

Minimal Trusted Computing Base:

ProvenVisor maintains a minimal Trusted Computing Base (TCB), reducing the attack surface and enhancing the overall security posture of your embedded device.

Secure Inter-Guest Communications (IGC):

Inter-Guest Communications are performed only after explicit authorization, preventing unauthorized access between VMs and further enhancing security.

Strong Isolation Security Policy:

The hypervisor enforces a strict isolation security policy between all Virtual Machines (VMs), ensuring that each VM operates independently and securely.

Amenable to High-Level Security Certification:

ProvenVisor is designed with high-level security certification in mind, making it an ideal choice for applications requiring rigorous security assurances, such as Common Criteria EAL5 certification.

ProvenVisor and ProvenCore | The Perfect Duo for Enhanced Security

One of the key aspects of achieving robust security lies in eliminating exploitable vulnerabilities from the Trusted Computing Base (TCB). The TCB includes the security functions and the underlying operating system (OS) that these functions rely on. Therefore, the correctness and effectiveness ofs ecurity functions are intricately tied to the OS implementation, even when hypervisors are used.

ProvenCore, ProvenRun’s secure OS, can be used in combination to ProvenVisor to:

Enforce Sophisticated Security Policies:

ProvenCore works seamlessly with ProvenVisor to enforce advanced security policies. It provides precise control and filtering of communication between each guest OS and the outside world, bolstering the overall security posture.

Security-Sensitive Services

ProvenCore enables you to deploy security-sensitive applications by giving you access to a catalogue of trusted, ready-to-use applications (link to ProvenApps). This enables you to deliver critical security functions with the utmost reliability.

Holistic Device Protection:

Protect the security of the whole device (Secure Boot, Secure Firmware Update, etc.).

Hypervisors & | Security.

When multiple guest OSs are present, ProvenVisor can identify which guest OS issued a particular command, allowing ProvenCore to decide whether to allow or deny each command according to the identity of the guest OS. This configuration can be as fine-grained as allowing some services to be only accessible from a given subset of guests. For example, access to the Secure Storage can be limited to specific guests. More detail about ProvenCore here: ProvenCore

Discover | Security.

Discover how ProvenVisor can elevate the security of your embedded devices and provide the trust your applications need. Contact us at contact@provenrun.com to explore the power of ProvenVisor and secure your future projects.

Get Your White Paper

To get your white paper please fill out the form

Get Your White Paper

To get your white paper please fill out the form

Get Your White Paper

To get your white paper please fill out the form

Get Your White Paper

To get your white paper please fill out the form

Contact ProvenRun

We will be in touch with your shortly! Thank You.