The Aegis-approach architecture leverages Type 1 Virtualization (SeL4) to split the mobile device functions into multiple virtual machines (VMs) to allow for greater operational integrity, more granular system control, and a reduced attack surface. Various rules of operation govern the interactions across functional areas and between virtual machines. These rules ensure that the system functions in very specific ways.
The HTC A9, Secured by D4, is the initial first-generation reference device for ultra-secure mobility and includes the following features:
This Aegis device is configured in such a way that communications to and from the device must traverse a VPN. This allows for sensitive areas like Entropy and Key Store to be protected from potentially high-risk areas such as the Android OS. The most current example is our second-generation solution leveraging the Aegis approach to designing secure and modular platforms that are now deployed on a mobile device is the Aegis Ultra-Secure Mobile Device.
Aegis products focus on delivering towards ultra-secure mobility with SeL4 Virtualization, which is built on formal methods. These products help your organization conquer the challenge of security on untrusted networks. Primary components of Aegis hardware and software:
Aegis Secure Mobile SDK
The virtualization technology and framework that allows for the creation, configuration, and execution of the various function areas and virtual machines of a system.
Secure Boot
This feature validates and verifies which configurations and systems are to be booted and loaded onto a device.
Modular Hardware Platform
Device on which the Aegis Secure platform is installed. It consists of the CPU / SoC (central processing unit / system on a chip) and embedded components that make up a device.
The practical applications of the solution unlock the potential of your mobile device, while gaining defense-in-depth security. The device has the U.S. government NIAP Certification complete for CSfC compliance, including the MDF, VPN, and FDE Protection Profiles.
The Aegis approach to developing a secure and modular platform is built in at the next generation of security for connected smart devices. By leveraging the Aegis approach to secure solution, platform security, device management, and other rich services are taken care of, so you do not have to – letting you build the next functional and innovative solution for your national security needs.
An Encrypting Retransmission Device (ERD) is a gateway in which you provide a distinct level of isolation for an end-user device from the ever present "dirty" networks that are constantly trying to attach to your end-user device. You could also leverage virtualization to create a Remote Personal Device that would also connect to your end-user device. This solution further isolates your end-user device from remote sessions or "dirty" networks and provides a mechanism to obfuscate certain functions one could leverage on an end-user device by using another form factor. Naturally, you could design your gateway to provide isolation to the myriad data access across your government (NIPR/SIPR), personal, public, or business networks.
The Aegis approach to creating secure hardware-based architectures leverages Type 1 Virtualization (SeL4) to split the gateway device functions into multiple virtual machines (VMs) to allow for greater operational integrity, more granular system control, and a reduced attack surface. Various rules of operation govern the interactions across functional areas and between virtual machines. These rules ensure that the system functions in very specific ways.
The Aegis software is built on an approach that leverages modular-based security systems that are much more effective at protecting networked devices from unwanted intrusion.
On top of the VPN, the ERD enables the local user to add the following to their end-user devices:
The Aegis Secure platform offers an optimal approach to the reliability, repair, and maintenance of IoT devices. Secure IoT examples include VPN, Firmware Over the Air Update (FOTA), Device Management, and more.
The Aegis Secure solution is designed to be easily integrated into your target device, however, you may require additional support. Riverside Research has experts fluent in embedded systems and embedded virtualization. These teams can help with integration support, driver writing and platform porting, and related contract software development, including low-level bootloader, standalone C applications, real-time OS, Linux or high-level software, such as Android. This support ranges across a full spectrum of requirements, including:
Riverside Research provides dedicated software support for your Tier-3 support personnel via phone or email, enabling ultra-secure mobility for the next generation of devices.
Aegis Secure products meet CSfC compliance. The new industry standard is ultra-secure product solutions through modularity.