Washington, DC, October 30, 2019 — Star Lab Corporation announced today that Crucible embedded virtualization software version 6.1 has been released and is now available for immediate program integration. This latest release improves Crucible to support the upstream Xen 4.12, Titanium Security Suite for Linux 7.0 (Titanium 7.0) guests and includes hardware compatibility upgrades. Additionally, Crucible 6.1 paves the way for significant functionality improvements planned with the next near-term full upgrade release.
According to CEO Irby Thompson, “We’re excited to now offer Crucible 6.1, based on Xen 4.12. Xen 4.12 helps reduce the size of the core hypervisor, while further isolating control logic from the guests, thereby increasing security benefits for Star Lab and our customers.”
Crucible 6.1 unlocks the advantages of Xen 4.12 for our customers and simplifies integration of future Xen upgrades. Among many other lauded improvements, Xen 4.12 enables Star Lab to more easily reduce memory footprints and attack surface with Crucible. Our own Titanium 7.0 was also a major release including compatibility with SELinux, NIST-approved FIPS 140-2 algorithms for the x86 platform, and preparation for NSA Commercial Solutions for Classified (CSfC certification). Crucible now enables customers to use both the Xen 4.12 hypervisor and Titanium 7.0 guests, simplifying security.
Some of the vulnerabilities in Xen which are addressed by the Crucible 6.1 update and Xen 4.12 include:
XSA-291 – Requires a malicious or buggy (guest) kernel to incorrectly access physical device memory as is the case for devices which are physically passed thru to the guest. This was partly mitigated by Crucible / Titanium enforcing driver signing and disabling access to /dev/mem (thereby removing several vectors of making malicious kernel modifications).
XSA-284 – Requires a (PV) guest with device pass thru
XSA-290 – Requires a malicious or buggy (guest) kernel using linear page tables. The partial mitigations are similar to XSA-291.
XSA-287 – Requires a PV guest to execute a timing related attack around the XENMEM_exchange hypercall. Crucible enforces FLASK / XSM policy around this hypercall call (significantly hindering the ability to make use of the hypercall), and additionally uses a strict resource assignment paradigm making the timing attack harder to execute in practice.
XSA-288 – Requires a (untrusted) PV guest with hardware pass thru and kernel execution. Crucible does not permit untrusted guests (all guests are verified before launched, and only verified guests are launched). Additionally, for trusted guests, Crucible / Titanium enforce driver signing and disable access to /dev/mem (thereby removing several vectors of making malicious kernel modifications).
XSA-293 – Requires a PV guest (likely) running Linux. Crucible / Titanium can be configured to enforce a “full system mode” of operation, in which no untrusted executables are permitted to run. Additionally, Crucible / Titanium enforce driver signing and disable access to /dev/mem (thereby removing several vectors of making malicious kernel modifications). Further Crucible / Titanium remove kernel features and functionality that could be used to pivot or gain elevated execution context.
XSA-285 – Requires a (malicious) PV guest. Crucible does not “hotplug” hardware into a guest (all hardware is statically assigned at machine creation). Additionally, Crucible does not permit untrusted guests (all guests are verified before launched, and only verified guests are launched) and there is no access to DOM-0 at runtime.
XSA-292 – Requires a (malicious) PV guest.
What’s next? As part of the near-term full Crucible releases, Star Lab developers are working on adding modern long-term support kernel for dom0, dom0less, and additional service domain disaggregation.
Star Lab software products protect the most mission-critical systems, infrastructure and equipment in the world. Star Lab’s products are founded on secure-by-design engineering principles, leveraging design patterns that reduce attack surface, isolate critical functionality, and contain or mitigate even successful attacks. For more information on our products for embedded security and virtualization, please contact Mike Fox at [email protected]