Not All Hypervisors are Created Equally


A new design is needed to build modern applications and protect sensitive assets.

Nowadays a building contractor would not construct a skyscraper using adobe; much better materials are available. The same thinking holds true when companies look for a hypervisor, the foundation for all business applications. BedRock HyperVisors or BHV™ is built with leading edge materials: a formally verified trusted computing base with a precise specification, so confidential data is protected and applications behave exactly as specified.  

Legacy Solution Limitations

Popular virtualization solutions were built on yesterday’s technology. In order to deliver adequate performance, these systems were constructed as a large, self-contained blob. As a result, they are very big — many have tens of millions of lines of code – and complex, so managing and troubleshoot became more challenging.

Another limitation was they have a wide attack surface. In essence, every one of the many components in the kernel becomes a potential attack vector. The wider the range, the more potential entry points for the bad guys.

Legacy virtualization systems are also buggy. Developers cannot test every possible iteration of an application because there are so many – and the numbers keep growing. Instead, they try a representative subset and hope for the best, an approach whose flaws became quite evident through the years.  The end result is these solutions do a mediocre job of protecting corporate assets.

Time to Raze the Roof with HyperVisors

Vendors have tried to update their buildings, but the process is similar to remodeling an outdated home. There is only so much that can be done to make the old look new. At some point, the time has come to raze the old building and start anew. 

For virtualization, that time is now. A new approach is needed, one that addresses past problems. One change is breaking the blob up into small, manageable modular components. Here, companies take a close look at each individual item rather than trying to separate what it is doing from all of its interconnected tentacles.

A new virtualization system needs a limited attack surface. No longer should a job scheduler be a potential entryway for a criminal. Also rather than give developers a rich set of functions that potentially could be compromised, limit their options to a narrowly defined feature set.

The BedRock Difference

As a startup, BedRock Systems is not weighed down by legacy hypervisors designs. Consequently, it built a new building, one constructed from inception on bedrock to take advantage of today’s technology and keep confidential information out of the hands of criminals.

The BedRock HyperVisor is self-contained, so all other housekeeping systems sit outside and no longer become potential attack vectors that attackers use to bypass system security. The solution features formal verification at scale, a mathematical proven Isolation with real time introspection at the instruction level; and formal verification for core code. The solution features tools that reduces human error dramatically and minimizes the time needed for verification. The product grants access to resources securely and prevents the spread of malicious code. With it, companies build application skyscrapers made of today’s technology bedrock rather than adobe.

By Osman Ismael

Share This Post