Metalvisor & OpenShift (Pt. 2)

Brad Sollar
Chief Technical Officer

February 20, 2023

Zero Trust

While OpenShift provides many security features, too many to mention for this post, when it comes to Zero Trust, OpenShift provides many Software Defined Networks (SDN) constructs to secure microservicves in all directions i.e., east-west, north-south by using SDNs, which enable firewall rule configurations to be easily automated, thereby reducing network operating costs. SDNs make it possible to define per-host, per-pod, and per-project isolation via NetworkPolicies, a concept also referred to as microsegmentation.

OpenShift also provides many options for securing network traffic with TLS and certificates management for applications, all of these features become a foundation for building and securing containerized applications that meet the Tenants of Zero Trust defined by NIST 800-207.  

Metalvisor supports RHEL & OpenShift and is able to enhance the security by providing security below the Operating System OS. The Mainsail MetalvisorTM provides organizations an evolving and operationalized security platform for edge workloads that need to live beyond the trusted perimeter.  Utilizing a custom separation kernel at the UEFI layer, Metalvisor restricts threat actors by implementing security below the Operating System and out of reach of traditional adversaries.   

Zero Trust principles are built into the design by “trusting nothing, and always verifying” starting with the hardware, where cryptographic verification of hardware leads to a secure hardware-based root of trust where higher-level software and application chains of trust are built. The entire system, from boot,  is constantly verifying the runtime of workloads, enforcing security policy, and protecting against advanced attacks.

Unlike traditional systems that depend on implicit trust of either the hardware or virtualization layer, Metalvisor implements isolated domains, launched from firmware sitting below the OS level. A dedicated policy engine independent of OS designed to uniquely perform security policy & cryptographic verification for all resources in hardware & software; which is a design that we believe meets and exceeds NIST 800-207 Zero Trust Architecture.

Metalvisor provides Zero Trust at the CPU level by using cryptographic verification of hardware, extending it to the runtime of applications including OpenShift. Metalvisor provides advanced security measures that meet and exceed the guidelines set forth by NIST 800-207 for Zero Trust. This high level of security helps protect the DOD against cyber threats by providing a secure environment for running critical applications and workloads.

The cryptographic verification of hardware helps to ensure the integrity of the system and the authenticity of the hardware, preventing any unauthorized access or tampering. This advanced level of security can provide peace of mind to the DOD and help to minimize the risk of security breaches, data loss, and other cyber threats.

Metalvisor provides advanced Zero Trust by incorporating several key security features and technologies. Here are a few examples of how Metalvisor provides Advanced Zero Trust:

  1. TypeZero Hypervisor: Metalvisor is a TypeZero hypervisor, which means it operates at the lowest level of the system (launched from firmware UEFI), providing a secure foundation for all compute workloads. This helps to prevent attackers from accessing sensitive data and systems by operating at the lowest levels in the system to set up security and cryptography controls at boot.
  2. Multi-Key Total Memory Encryption: Metalvisor uses multi-key total memory encryption to protect data and systems from ransomware attacks and other forms of malware. Each virtual machine (VM) has its own unique encryption key, providing defense-in-depth and ensuring that sensitive data is protected.
  3. Active Response Capability (ARC): Metalvisor has built-in ARC capabilities that allow it to detect and respond to potential threats in real-time. This helps to prevent the spread of malware and minimize the damage caused by ransomware attacks.
  4. Immutable Workloads: Metalvisor's immutable workloads feature ensures that the software and data on a system cannot be modified without authorization. Once a workload has been signed and deployed, it cannot be altered or tampered with, reducing the risk of malware infections and other security incidents.
  5. Cryptographic Signing of Workloads: Metalvisor uses cryptographic signing to verify the authenticity and integrity of workloads before they are executed. This helps to prevent attackers from installing malicious software or tampering with existing workloads and ensures that only authorized software is running on the system.
  6. Segmentation and Isolation: Metalvisor provides segmentation and hardware-based isolation between virtual machines, ensuring that each VM runs in a secure, isolated environment. This helps to prevent malware from spreading from one VM to another and reduces the risk of data breaches.

By incorporating these security features, Metalvisor provides a comprehensive, proactive solution for Advanced Zero Trust. By continuously monitoring and responding to potential threats, Metalvisor helps organizations to maintain secure operations and protect sensitive data in a rapidly changing threat landscape.

"Metalvisor can enhance OpenShift by securing layers beneath the OS, Firmware, and Hardware creating full-stack hardening to NIST 800-207"

NIST Zero Trust SP 800-207 Adherence @ 2.1 Tenets of Zero Trust 

  1. All data sources and computing services are considered resources

         • Metalvisor Hypervisor Boots Before Multi-User Domain Linux OS and & Performs Micro-Segmentation of compute resources.

  1. All communication is secured regardless of network location.

         • Metalvisor Has built In Processor Entropy which each processor has its own security keys for secure communications.

  1. Access to individual enterprise resources is granted on a per-session basis.

         • Metalvisor Only Supports Tenant Based Signed Resources regardless of Enterprise Control

  1. Access to resources is determined by dynamic policy—including the observable state of client identity, application/service, and the requesting asset—and may include other behavioral and environmental attributes.

         • Metalvisor Only Supports Tenant Based Signed Resources regardless of Enterprise Control

  1. The enterprise monitors and measures the integrity and security posture of all owned and associated assets

         • Metalvisor Supports Runtime Policy Integration with Redhat Cockpit and remote Syslog

  1. All resource authentication and authorization are dynamic and strictly enforced before access is allowed.

         • Metalvisor Has a dedicated policy engine virtual machine instance single core which has no OS that sole function is to perform Security Policy Verification.

NIST Zero Trust SP 800-207 Adherence @ 2.2 A Zero Trust View of a Network

  1. The entire enterprise private network is not considered an implicit trust zone

         • Metalvisor Isolates Network Devices and Support Virtual Software Defined Networks (LibVirt / VirtIO)

  1. Devices on the network may not be owned or configurable by the enterprise.

         • Metalvisor Policy is only signed by tenants and authorized to run by the enterprise.  The signed tenant attribute-based policy is immutable from the enterprise orchestration domain.

  1. No resource is inherently trusted.

         • Metalvisor does not support resource-sharing of any hardware; cores, memory, cache, and peripherals, even from the enterprise administration VM orchestration domain. Metalvisor ensures cryptographic integrity from host CPU start/boot up through domain runtime, ensuring trust at the lowest level possible.

  1. Not all enterprise resources are on enterprise-owned infrastructure.

         • Metalvisor's key attribute is the hardware is not owned by anyone; it only allocates  signed tenant virtual domains and immutable security and resource policies to run independent of the enterprise operator. Metalvisor also supports role-based access with customer-owned & cryptographically signed, immutable workloads.

Metalvisor Enables  Zero Trust at the physical processor node and its resources while integrating with other Zero Trust Network Architectures (ZTNA) and security products. Metalvisor is based on Red Hat Enterprise Linux (RHEL), which has wide enterprise adoption and integrations with many security and networking products used in the DoD today. This enables integration and compatibility now and in the future with existing and new architectures. 

In our next article we will look at how a TypeZero hypervisor can bring Quality of Service and Determinism to OpenShift workloads.