May 03, 2008
What is Secure HyperCell Technology?
We announced Secure HyperCell (SHC) technology without saying what it really is. You're excused for being a bit confused.
So, what is it? In a nutshell, it is an abstraction that includes fine-grained protection domain at one end, and complete virtual machines at the other, and combines this with mandatory access control mediated by segregated (i.e. kernel-protected) capabilities.
To put it differently, SHCs are protection or isolation containers that consists of one or several address spaces which represent a driver, an application (potentially consisting of multiple cooperating processes) a system service, or a virtual machine containing a guest OS and many applications. SHCs are isolated from each other, except for explicitly-established channels controlled by a resource manager implementing a designer-defined system-wide security policy, and enforced by OKL4. Caps provide access to resources and IPC.
The SHC concept gives us a convenient way of referring to isolation domains of different granularity. This is in line with my standard sermon that embedded systems need something that's more general than virtual machines. The SHC is that “something”, and capabilities are the critical mechanism behind it.
I hope this clarifies it a bit. Please let me know if it doesn't.
Posted by Gernot Heiser on May 03 at 08:32 AM
About Gernot Heiser:
Gernot Heiser, Chief Technology Officer, never thought he would be in the business world. Prior to NICTA's creation in 2003, Dr Heiser was a full-time faculty member at the University of New South Wales. However, this die-hard academic couldn’t pass up the opportunity to see the commercialization of this research. Gernot still loves teaching, almost as much as he loves good wine and good food. And anyone will tell you that Gernot knows his wine.