Saturday, July 10, 2010

Secure Workstations for Systems Development

A virtual workstation enables the development, testing and deployment of diverse applications without changing equipment at a customer’s site. This is accomplished by adding a hypervisor, as virtualization software. Desktops, laptops or smart-phones thus become virtual workstations with the capacity to perform a large variety of tasks. The following are the functions of virtual workstations that operate as the platforms for systems development:

  1. Test applications, with different levels of security on the identical desktop, using Linux or Windows but without rebooting.
  2. Experiment and test a combination of new versions of security proposed safeguards on separate and isolated virtual computers without the need to acquire separate computing devices.
  3. Deploy different combinations of browsers and third party security appliances for examination how they interact with different applications. Assure the elimination of conflicts arising from new software patches.
  4. Validate if there is interference between security software and various versions of browsers, operating systems and proprietary application development tools. The number of cases that need testing could be in thousands.
  5. Demonstrate how the performance of the security software will affect proposed computing configurations, multi-core processors or virtual disks. This includes the verification of encryption codes.
  6. Run demonstrations of prototype versions of applications, which includes systems assurance.

The development environment for a secure workstation requires the creation of fully isolated and secure virtual machines that encapsulate an operating system and its applications. The virtualization layer must map the physical hardware resources to the virtual machine's resources, so each virtual machine has its own CPU, memory, disks, and I/O devices, and is the full equivalent of a standard x86 machine.

Virtual workstations can operate either as a Type 1 (or native, bare metal) or as a Type 2 (or hosted) hypervisors. The difference is that Type 1 runs directly on the host's hardware to control the hardware and to monitor guest operating systems whereas Type 2 runs within a conventional operating system environment.

The following figure shows one physical system with a type 1 hypervisor running directly on the system hardware, and three virtual systems using virtual resources provided by the hypervisor.


The following figure shows one physical system with a type 2 hypervisor running on a host operating system and three virtual systems using the virtual resources provided by the hypervisor.




The virtual workstation will run on any standard personal computer and will be the equivalent of a full PC, with full networking and devices — each virtual machine has its own CPU, memory, disks, I/O devices, etc. This allows the capacity to run on the supported guest applications such as Microsoft Office, Adobe Photoshop, Apache Web Server, Microsoft Visual Studio, Kernel debuggers, as well as all security software provided by vendors such as McAfee, RSA, Check Point, Symantec, Sophos and others.

SUMMARY


The development environment for secure systems requires the capacity to test and validate complex interactions between hardware, operating systems, applications and a variety of security offerings. A very large number of possible combinations must be tested not only to verify compliance with required functionality but also to assure operational viability. A virtual workstation has the capacity to assure the exploration of a large number of security features so that project schedules can be accelerated.

By using virtual workstations developers can check the acceptability of available security options in a non-homogeneous environment.

No comments:

Post a Comment

For comments please e-mail paul@strassmann.com