Cyberus Technology – General Availability of Cyberus Secure Virtualization Platform

Today Cyberus Technology announces the general availabiliy of SVP, a fast, flexible and secure virtualization platform. SVP is a fully vertically integrated virtualization solution, designed to enable our customers’ use-cases with high performance and increased security.

secunet has adopted our fast and flexible Secure Virtualization Platform, SVP, as the base platform of SINA Workstation ⁴. SINA Workstation is a secure workstation designed for modern working in Public Administration.

Key Points:

• General availability of SVP, a fast, flexible and secure virtualization platform
• SVP drives the next generation of SINA Workstation, a secure workstation designed for the public sector
• A microkernel-based architecture offers the flexibility to tailor the platform to a wide variety of use-cases
• Support for GPU virtualization enables performant video conferences and improves battery life

Radically Flexible

SVP is based on the Hedron Hypervisor ³ and a microkernel-based architecture. This architecture enables enormous flexiblity and a feature-set that is well adapted to our customers needs.

For example we are currently shipping two different products, based on the same SVP technology, enabling two very different use-cases. Tycho ¹, an innovative malware analysis platform and the SINA Workstation ⁴, a secure workstation designed for modern working in public administration and certified for use with documents. On the research side we have pushed the possiblities even further with a project that enables the performance of a pass-through system, but still allows multiple virtual machines. These products and case-studies have significantly different usage models and feature requirements.

With Tycho you will find a configuration of SVP that runs a single, invisible virtual machine, tailored for Virtual Machine Introspection ². It is important that malware cannot detect the analysis environment and that the analyst has a good semantic overview of what is going on in the guest system. SVP enables this in its pass-through configuration.

On the SINA Workstation you will find the use-case for multiple virtual machines, a strong demand for performance – especially when it comes to video conferencing in the current times. SINA Workstation is targeted at the public sector and is certified for use with classified information, thus the system needs to be thoroughly tested to be a secure and stable system. SVP enables this use-case with a configuration that offers an API for Oracle VM Virtualbox⁵, graphics virtualization and an architecture that allows testing each and every commit. SVP has been certified for use with classified information by the German BSI.

Our research team has pushed the possibilities of the platform even further. We have built a prototype, which enables the system performance of a pass-through system, while still allowing multiple virtual machines. The prototype utilizes suspend and resume to switch between different virtual machines. This way the system offers near native performance and still allows instant switching between different virtual machines. The system can be combined with micro-VMs to transparently enforce fully encrypted network configurations.

SVP is best-in-class when it comes to testing. We automatically test each and every commit on roughly three dozen different hardware platforms. SVP has completed more than 500k full test-cycles during the course of its development.

Microservices at the OS Level

SVP’s microkernel-based architecture enables a high degree of flexibility. The Hedron Hypervisor ³ implements the basic mechanisms needed to enable virtualization. Our SuperNOVA VMM enables a wide variety of useage models and work-loads.

SuperNOVA also allows us to easily plug modules on top of it. In the Tycho case we have the virtual machine introspection module, which enables these deep looks inside the guest system. In the Workstation case, we have a module that talks to Virtualbox, running in a normal Linux guest, and enabling a multitude of guest configurations. For our pass-through prototype there is an operating system switching module that utilizes suspend and resume to quickly switch between virtual machines.

Graphics Virtualization – Making full use of GPUs in VMs

In times when working from home is ever more important there is a strong demand for video conferencing. Efficient video conferencing workloads require a lot of help from GPUs and GPU-heavy workloads have not been a lot of fun in VMs.

Modern GPUs support virtualization and have almost the same performance when used in virtual machines as using these cards natively. Unfortunately support in traditional virtualization stacks has been slow to follow.

With the help from SVP, Virtualbox on the SINA Workstation now supports GPU virtualization out of the box. Video conferences are on track to be much more fun and we have even played a couple of virtualized games. In office scenarios GPU virtualization improves battery life, by taking load away from the CPU.

The Road Ahead

With SVP Cyberus Technology offers a fast, flexible and secure virtualization platform to its customers. Cyberus offers full vertical integration and enables specialized use-cases and high efficency.

SVP’s existing feature-set is already strong and makes full use of modern virtualization hardware features. The roadmap for 2021 is packed with more interesting features and even better performance.

If you are interested in learning more, please contact us at: [email protected].

Read More

1. Tycho
2. Virtual Machine Introspection
3. Hedron Hypervisor
4. SINA Workstation
5. Oracle VM Virtualbox