Security by design
Protect your processes
The hardware-assisted separation of operating systems and resources with the RTS Hypervisor has been proven in thousands of applications worldwide for more than 10 years. In addition to its secure design, though, the Hypervisor features many more security-related functionalities, which are continuously being improved. This makes it the perfect platform for real-time applications in industries with demanding security requirements, such as the industrial, energy, and medical sector.
The Hypervisor has been completely written by our own engineers. No third party was involved in any part of the development process. The independent solution is neither based on an OS or another virtual machine manager, nor does it require any plug-ins for secure and deterministic operation of your processes. There are no unnecessary interfaces enabling potential access to the system. Therefore, executing non-Hypervisor code or logging in is not possible by design.
Thanks to exclusive resource allocation, the RTS Hypervisor guarantees secure operation under all circumstances. Hardware access can be blocked, filtered, modified, and timed. Temporal isolation of workloads assures that realtime applications are securely protected from impairment of concurrent workloads running in other operating systems. During operation, individual processor cores or operating systems can even reboot while the remaining systems continue to be fully operational.
The RTS Hypervisor features rights management for all Application Programming Interfaces (APIs). Main memory areas assigned to an operating system and its applications are hardware-protected, thus assuring the system’s overall data integrity. With individual read and write rights, the Hypervisor limits access to the low-latency shared memory partitions to authorized operating systems.
Access to and from external networks safely takes place via a physical network adapter which is exclusively assigned to an ›edge OS‹. This can for instance be a Linux partition with Network Function Virtualization (NFV) featuring a firewall and virus protection. Running a dedicated security gateway directly on board eliminates the need for expensive external gateways which mark a potential security risk due to open sockets.
Security options like Memory Management Unit (MMU) virtualization, I/O restrictions, and IOMMU for extended access protection of PCI devices can be turned on selectively. The Hypervisor supports secure boot and enables a chain of trust to guarantee the trustworthiness of each involved software layer.