LinuxDevices.com Archive Index (1999-2012) | 2013-current at LinuxGizmos.com | About  
Follow LinuxGizmos:
Twitter Google+ Facebook RSS feed

Android virtualization platform taps security-enhanced hypervisor

Mar 25, 2010 — by Eric Brown — from the LinuxDevices Archive
Please share:    Tweet about this on TwitterGoogle+Share on FacebookShare on LinkedInShare on RedditPin on Pinterest

Open Kernel Labs (OK Labs) announced the availability of a mobile virtualization reference platform for its Android version of the OKL4 microkernel hypervisor (“Microvisor”). The Android “One Core” platform appears to be the first implementation of version 4.0 of OKL4, which offers security and performance enhancements, says the company.

The OK Labs "One Core" platform is billed as a "complete solution" for semiconductor suppliers, mobile equipment manufacturers (OEMs), and mobile network operators (MNOs) that are developing virtualization-enabled, low-cost smartphones based on Android. One Core appears to expand on the OK:Android product announced last June, which was billed as an Android version of the OKL4 microvisor.

OKL4 allows multiple operating systems to run on a single phone, or a single operating system to offer multiple secure compartments. It runs almost everything in userspace, and includes a thin hardware abstraction layer that can support Linux, Windows Mobile, Windows CE, Symbian, and/or other guest OSes. It also includes a minimal POSIX-compliant execution environment, enabling multiple applications and device drivers to run in separate, isolated partitions.

Screen capture from video (below) showing new Android security features in OKL4
(Click to enlarge)

The new One Core version supports both low-cost single-core processors, as well as advanced multi-core SoCs, "helping OEMs deliver cost-effective multi-OS devices today and providing a direct path for deploying on advanced multi-core hardware in next-generation designs," says OK Labs. The development platform is said to target a wide range of mobile CPUs and SoCs from semiconductor vendors including ST-Ericsson, Texas Instruments (TI), and Qualcomm.

One Core is claimed to significantly reduce bill-of-material (BOM) costs for Android-based mobile devices. By using OKL4 virtualization to consolidate application, multimedia, and baseband radio processing onto a single CPU, OK Labs customers can "bring a high-performance smartphone user experience to consumers at a featurephone price," says the company.

OK Labs did not provide any more details on the specific components available with the One Core platform. OK Labs Android "One Core" appears to be the first implementation of version 4.0 of OKL4, the hypervisor technology that has been available for several years. The OKL4 3.0 technology has been used, for example, on Motorola's Linux-based Evoke QA4 (pictured at right).

OKL4 Microvisor 4.0 offers patent-pending performance enhancements, as well as a new framework for developing and optimizing device drivers and abstracting hardware variations among Android-based handsets and other wireless devices, says OK Labs. Version 4.0 also improves the microvisor's security capabilities to support mobile payments, and to provide secure connectivity between mobile workers and business-critical enterprise assets, says the company.

Beyond that, the company had no more details on OKL4 4.0, the first major upgrade to the technology since OKL4 3.0 was announced in October 2008. However,a new YouTube video below appears to speak to some of the new security enhancements, discussing the protection of drivers within a secure hypercell. OKL4 is shown to protect the drivers from access by Android, thereby protecting against malicious attacks. For example, the demo aims to show that voice data that can be recorded by an attack on a current Android phone, would not be accessible under OKL4.

The new release may possibly be based on OKL4-destined security technology announced by the company last August. At the time, OK Labs announced completion of a four-year research project aimed at developing a highly secure, "100 percent bug-free" hypervisor for mobile phones. This "seL4" research project was run by NICTA (National Information and Communications Technology Australia), which was OK Labs' original incubator and investor, as well as researchers from the University of New South Wales (UNSW) in Australia, and other institutions.

The seL4 project developed a formal mathematical proof of the correctness of the microkernel used by OKL4, the company said. By mathematically proving the correctness of underlying kernel functioning of the microkernel used in OKL4, the project "paves the way for validating and deploying mobile virtualization under certification and security regimes," said the company at the time. The company also said in August that it would bring the results of the project to market "in future generations of mobile virtualization products."

YouTube video showing demonstration of OKL4 security on an Android phone
(Source: OK Labs)
(Click to play)

Stated Steve Subar, President and CEO, OK Labs, "OEMs and MNOs look to Android as a low-cost, interoperable, and increasingly ubiquitous open mobile applications platform. Android 'One Core' combines our industry-leading OKL4 Microvisor and enhanced Android, enabling the mobile/wireless ecosystem to unlock the full potential of Android, offering performance, interoperability, and security in mass-market smartphones."

Availability

The Android One Core platform is available now, says OK Labs, which is demonstrating the technology today at CTIA in Las Vegas. The demonstration, which appears to cover the same topics as the video above, highlights a customer-developed application for secure VoIP calling on Android-based handsets.

OK Labs will also demonstrate its Nirvana Phone reference architecture announced last month. Co-developed with Citrix as part of their "Mobile-to-Enterprise" virtualization initiative, the Nirvana Phone is an OKL4-based cross-platform reference architecture for smartphones that taps the Citrix Receiver client to let users access corporate desktops and applications. The Nirvana Phone offers a video-out port for displaying virtualized desktops on an external monitor, plus Bluetooth and USB drivers for controlling keyboards and mice.

More information on OKL4-related development technology may be found at the company's Community Portal, here.


This article was originally published on LinuxDevices and has been donated to the open source community by QuinStreet Inc. Please visit LinuxToday.com for up-to-date news and articles about Linux and open source.

(advertise here)


Comments are closed.