Our customer was looking to develop a Data Leak Prevention solution in Cybersecurity by isolating the actual machine i.e. OS and any memory from any I/O from the end user. Allowing access to the machine only through a virtual OS acting as a placeholder and executing the I/O on behalf of the user.
Not losing any performance in the process.
Have a seamless access to the actual machine without the user suspecting any place holder.
Research required into virtualization technology and how this can be leveraged in the best possible way.
Good understanding of Windows/Mac/Linux OS architecture.
More than 5 years of experience in developing cybersecurity solutions.
Kernel programming required on all 3 Operating Systems
Understanding of display graphics pipeline.
In line with the customer’s vision to achieve this solution, we developed a Type 1 Hypervisor, in this case Xen, based solution that would help run two Operating Systems on hardware giving as good as native performance.
The solution consisted of,
1. The actual Operating System, running as DOM0 or the main Operating System having full control over the harddisk and any major operations going on, on the machine.
2. A placeholder Virtual Machine viz DOM1 or secondary Operating System, that has access to only the I/O devices like Keyboard Mouse.
3. A modified Xen hypervisor with a custom tunnel that is capable of message passing from the Secondary OS to Primary OS and then taking the display buffer back to the Secondary OS as an outcome of any I/O operation.
This helped our client to achieve a completely Isolated truly virtualized system with little to no loss of performance creating a very advanced Data Leak Prevention System by avoiding any access to the actual machine with any sensitive data.
Understanding of Virtualization Technologies.
Reverse Engineering of Xen Hypervisor and QEMU.
Reverse engineering of Virtual Box to achieve seamless full screen mode.
Linux Kernel Customization.