Type 1 Virtualization
Traditional IoT architectures create massive attack surface
The traditional architecture of IoT and smart devices creates a massive attack surface, forcing you to either accept high risk or create restrictive security policies that reduce productivity and inhibit use.
The Aegis Secure platform and solution uses Type 1 virtualization to deliver a more secure and productive architecture
The Aegis Secure is a framework for providing security and extensibility to connected devices. The architecture isolates certain system processes and capabilities by leveraging Type 1 Virtualization to separate the functions into multiple virtual machines (VMs). Splitting the system into multiple functional areas allows for greater operational integrity, more granular system control, and a reduced attack surface. Various rules of operation govern the interactions across functional areas and between virtual machines. These rules ensure that the system functions in very specific ways, as defined by the specific use case.
Key Features
Modularity – Multiple levels of containerization serve to isolate applications and components while enabling plug and play virtual machines and components, faster system development and software reuse. This approach makes it possible to securely run legacy software together with updates and third-party software.
Formal Methods – Cog only uses formal methods proven virtualization tools. This is the only way to ensure that the virtualization tool is mathematically to perform as built. This is the newest standard for providing an ‘assured’ level of security in the code that operates on the lowest level of your connected device.
Security – The industry’s most advanced Virtual Private Network (VPN), storage encryption technologies and device policies ensure defense-grade embedded security.
Value Added Modules –Additional layers of security can be added to D4 Secure to provide the highest degree of assurance that the device and data is protected including:
- Full Disk Encryption (FDE) – Second layer of full disk encryption beyond the native encryption capability typically included in the operating system to provide double Data at Rest (DAR) protection.
- Nested VPN – Second VPN to the operating system, to run a truly ‘nested’ VPN solution on the device, which provides double Data in Transit (DIT) protection.
Scalability – Ability to concurrently run software with vastly different Operating System (OS) and platform requirements as well as run a common set of software over a variety of different hardware devices. This speeds up development by eliminating the need to refactor or rewrite old code and also easily supports new hardware.
Device Management – Unrivaled capacity management and control facilitating over the air updates (OTA) at the platform level, supporting any OS, legacy or third-party software.