PRODUCT OF THE WEEK: Star Lab’s Titanium Technology Protection
Sponsored StoryAugust 19, 2024
This week’s product, the Star Lab Titanium Technology Protection solution, provides robust Linux system-hardening and security capability for operationally-deployed Linux systems. The solution’s capabilities have also been extended to support the KVM host, an open-source virtualization technology that turns Linux into a hypervisor.
Titanium Technology Protection is designed using a threat model that assumes an attacker will gain root (admin) access to a system, Titanium for Linux maintains the integrity and confidentiality of critical data and configurations while assuring operations. It also enables customers to rapidly and affordably address the majority of their technical information assurance (IA)/cybersecurity controls with a single product.
Titanium Linux has been through pre-evaluation with participation from Navy, Army, and MDA AntiTamper Evaluation Teams and is compatible with RedHat and other binary-compatible distributions.
Simplifying Mandatory Access Control
Titanium Technology Protection simplifies Mandatory Access Control (MAC) policy creation, requiring only policies for protected applications, libraries, scripts, and data files.
- Denies by default access to protected entities even from root-level users
- Controls and restricts direct access to system hardware resources, such as peripherals and storage devices
- Prevents malicious modifications of system BIOS and firmware
- Enables secure software updates
- Encrypts and authenticates MAC policies as part of the secure boot process
Operating System Hardening
Titanium Technology Protection removes unnecessary operating system (OS) functionality which could help an attacker analyze system configuration, execution flow, and protected applications. The solution disallows unsigned module loading or process debugging, removes Kernel functionality and features, and eliminates the chance of hardened configurations being modified or bypassed in the field.
Securing Run-Time and Data-at-Rest
Titanium Technology Protection protects sensitive data, configuration files, and executables during runtime and rest. It:
- Enforces runtime protections such as debug prevention, copy protection, unauthorized reading of memory and protection against the unauthenticated loading of code into protected applications
- Authenticates protected entities, verifying that they have not been altered, and only decrypting files as needed (decryption keys are protected and stored out-of-band from attackers)
- Ensures sensitive applications, data files, and configurations are cryptographically bound to particular hardware, defeating any effort to copy and run applications on non-authentic or instrumented devices
- Cryptographically authenticates data and configuration files before permitting access by protected applications
Securing Tactical Virtualization
A vulnerability for many organizations lies with tactical virtualization. This presents a privileged attack surface for attackers to exploit. So, the Star Labs team extended Titanium technology Protection with Titanium for KVM, which thwarts attacks targeting the Kernel-based Virtual Machines (KVM) hypervisor, extending and strengthening the protections around critical program information. It enables users to:
- Leverage Titanium Secure Boot to verify the integrity and authenticity of all virtual machine artifacts.
- Secure the world's most popular virtualization solution easily, confidently, and completely.
- Minimize virtualization attack surface and eliminate unnecessary functionality that could otherwise be exploited by malicious actors.
- Eliminate future program risk by making systems FMS-ready from the start.
Many programs leverage KVM for tactical virtualization can lower cost because it is included for free with Red Hat Enterprise Linux (RHEL), but Star Labs goes further, enabling system engineers to leverage KVM for systems that will operate in the most hostile computing environments. It enables defense programs to protect critical data and applications from inspection and reverse engineering, even while adversaries have physical access to systems.
For more about Titanium Technology Protection including certifications and compliance information, visit the solution’s product page here, visit the company’s website, or follow the links below.
Resources:
- To download the Titanium Technology Protection data sheet, click here.
- To view the Titanium for KVM solution page, click here.
- To view a video on Titanium for Linux, click here.
- To download the Titanium for KVM data sheet, click here.
- To read the “Titanium for Linux: Guidelines for Securing Combat Systems” white paper, click here.
- To view a webcast on Secure Virtualization for Aerospace and Defense, click here.
- To contact Star Labs for more information, click here.