Use Cases

Formal Verification

Building a foundation based on formal verification enables us to precisely define with a formal model what a system can do. This is then matched, through proofs, to the actual code implementing the model. If the proof can satisfy the model, the code is formally verified. Formal verification allows us to establish the correctness of a system to the same degree of confidence that you know that 1 + 1 = 2, eliminating human error. In other words, we have mathematical proof of the BedRock Hypervisor’s effectiveness. At BedRock we are building formal verification at scale by investing in automation.

Minimal Attack Surface

The BedRock Hypervisor combines the best concepts from microkernels, capability-based systems, and modular design for superior performance, security, and isolation. Because it enforces the principle of least authority, BedRock is able to guarantee that most attacks are not possible to begin with. Our secure architecture keeps all critical functions, including Active Security and Policy Enforcement, below the OS-reachable attack surface, thereby fully protecting the OS and its applications.

Security

BedRock Security is enabled without a cooperating operating system or application, eliminating the attack surface of the components. Based on formal verification, the capability-based system ensures resources can only be accessed when explicitly enabled. With this level of security embedded into the BedRock Hypervisor, users can run the software stack from the OS and up without modification beyond their life cycle, while still preventing attacks.

Unmodified Guest OS & Applications

The BedRock Hypervisor is designed to run unmodified guest operating systems without the need to recompile the kernel or any application. Powered by formal methods, the Hypervisor cannot be breached, and, therefore, is not part of the attack vector. The fundamental hardware abstraction layer can leverage hardware features while concealing them from the OS, increasing system security.

 

No Vendor Lock-In

The BedRock Hypervisor includes a business-friendly open source license. This prevents vendor lock-in, provides freedom of choice, and prohibits intellectual property contamination. Rather than create a dependency, BedRock Systems is committed to community-driven projects and collaboration.

BedRock Systems believes that computing should be built on a rock-solid foundation. Our BedRock HyperVisor™ (BHV™) provides a trusted computing base with a minimal attack surface that will transform the software foundation from edge devices to the cloud. Based on our Bare Metal Property™ it provides formally verified isolation at a scale that has never before been achieved, combined with BedRock Active Security™, VM introspection, and policy enforcement. BedRock has created a secure layer of protection that is both invisible and un-bypassable, which also enables a rapid adoption of critical workloads, containers and services.

3 USE CASES FOR BEDROCKING YOUR EDGE OR APPLICATIONS

MODERNIZATION WHILE ADDING ACTIVE SECURITY™ AND SERVICE AGILITY

Our Trusted Computing Based (TCB) enables the power of virtualization in modernization initiatives looking to achieve SWaP‑C* objectives and improve safety and cyber resilience/security in legacy environments while enabling the implementation and path forward to transition to Software Defined Architectures

ULTRA SECURE ENCLAVE EDGE DEVICES

Our Trusted Computing Based (TCB) enables the power of virtualization in modernization initiatives looking to achieve SWaP‑C* objectives and improve safety and cyber resilience/security in legacy environments while enabling the implementation and path forward to transition to Software Defined Architectures

  • Ultra Secure Enclave for Mobile
  • Ultra Secure Enclave for Software Defined Radio, Pilot Knee boards…
  •  

SOFTWARE DEFINED ARCHITECTURE “3 IN 1 EFFECT" FOR INDUSTRIAL CONTROL SYSTEMS

  • IIoT disruption for Smart Energy, Control, Smart City, Building Automation (Schneider, Siemens, Honeywell, …)


A nation’s infrastructure is worth protecting. Today’s electrical utilities face demands of a rapidly transforming industry, including stringent security regulations and power grid management requirements. They must also assure constant reliability and availability of power. Smart grid technologies introduce another set of challenges: the need for visibility, security controls, and compliance with the requirements. At the same time, the pressure to create a smarter infrastructure that is Software Defined, allow agile deployment of new Industrial IoT services to optimize the infrastructure and unlock new revenue.

The intersection of safety and security demand a Trusted Compute Base that is resilient against cyber-attacks, while providing the well-established IT and Cloud-Native functionality. BedRocking™ Industrial Control Systems (ICS) enables reuse of existing workloads, services, containers and applications in a brownfield manner, while preventing lateral movement of threats with the formally proven Bare Metal Property™. BedRock Active Security™ provides deep semantic forensics based on Real-Time Introspection, and fine-grained Policy protects the applications, the OS, communication and virtualized resources. The CAPEX/OPEX cost benefit combined with agile formal verification for security and safety is unlocking the Software Defined future for Automation and Control

SECURE TCB BY DESIGN™

SOFTWARE DEFINED ARCHITECTURE FOR LEGACY SYSTEMS
  • Solutions that need modernization/virtualization & security – Software Defined Architecture for moving legacy applications to a new secure design (Government, Critical Infrastructure, …)
  • Early adopters in Government are looking for High Assurance Solutions delivering CSfC, Zero Trust, Type1, Cyber resilience/CMMC & SCRM***


* SWaP-C is an acronym for Size, Weight, Power and Cost

* * CSfC – Commercial Solutions for Classified

*** Supply Chain Risk Management