The future of military systems is software-defined and virtualized

Story

October 12, 2018

Software-defined open virtualization solutions are a smart way to implement next-gen military systems: They're easier to maintain and enable future software and hardware upgrades with minimal risks, costs, and downtime.

Network virtualization and software-defined networking (SDN) are being embraced as easier ways to maintain and secure military systems. Software virtualization, not intended for network virtualization, is also helping to manage complexity and improve system security.

Virtualization, by its design, can increase network security. “Instead of having a fixed attack surface that traditional compute platforms expose, a virtualized platform presents a dynamic environment that is more challenging to compromise,” says Chip Downing, senior director of aerospace and defense for Wind River (Alameda, California).

As you can imagine, this is ideal for military platforms “because as the war­fighter situation changes and evolves, the platform can dynamically evolve with the capabilities and demands required to execute a mission,” he adds. “This real-time, dynamic evolution of platform capabilities reduces the attack surface of security threats and vastly reduces the threat of ‘canned’ attacks on statically configured systems.”

Virtualization can address many of the military’s security concerns

Platform security “improves the more the virtualization platform responds to mission demands, because new applications and capabilities change the composition of the virtualization platform and the attack surface, making it harder to execute an attack,” Downing says.

That’s why he believes that the future of all military systems is virtualized. “The ­traditional federated, statically defined, hard-to-change, hardware-defined, vendor-locked system of the past must yield to a new architecture – a design based on open standards, like FACE [Future Airborne Capability Environment], which is software-defined and enables rapid implementation of new capabilities regardless of hardware or operating system constraints.”

The virtualization of military systems is already well underway. While most of these success stories aren’t made public, Downing points to the Northrop Grumman Black Hawk UH-60V cockpit digitization program as a good public example of using an open virtualization platform to solve upgradability, safety, security, reduced lifestyle costs, and standards-adherence requirements. (Figure 1.)

 

Figure 1: Northrop Grumman’s UH-60 V digital cockpit design is modernizing the Army’s fleet of Black Hawk helicopters, giving pilots improved situational awareness and enhancing mission safety. Photo: Northrop Grumman.

 

Emerging trends in network virtualization

One of the biggest trends is software-defined networking (SDN), which was created specifically to solve security issues and relies on a zero-trust model that assumes all guests are untrusted and limits the code base.

Another trend Downing is seeing in military avionics is an increasing use of open virtualization standards like FACE, run by the Open Group. “The OS foundation of FACE is the ARINC 653 time and space partitioning standard that robustly separates applications from different suppliers into separate virtual address spaces or virtual machines,” he adds.

“The future of networks is software-defined,” Downing says. “These systems are open, less costly, and support more capability and high levels of safety and security. They’re also easier to maintain and enable future hardware and software upgrades with minimal cost, risk, and downtime. Software-defined open virtualization solutions are the smart way to implement next-generation military systems.”

Network virtualization for defense customers

Open architectures and open source are important to the defense community when it comes to virtualization.

“Our Titanium Cloud capabilities are open and based on multiple open source components such as OpenStack, Linux, CEPH, KVM, and DPDK,” Downing explains. “We also provide full support for OpenFlow-based controllers like OpenDaylight. Titanium Cloud was the seed code for the OpenStack edge cloud project StarlingX, which will also be used in the Akraino Edge Stack project from the Linux Foundation.”

Open architectures are important so that hardware virtualization can be leveraged to assist in creating virtual machines that support simultaneous guest OS environments on advanced multicore hardware platforms from ARM, Intel, and PowerPC architectures, Downing adds.

Use of virtualization software, not intended for network virtualization, also on the rise

How is virtualization software – not intended for network virtualization – for embedded components being used in avionics and security applications for defense customers? “The primary use case is separation enabled by the current generation of central processing units (CPUs) with on-chip support for hardware virtualization,” says Lee Cresswell, vice president of worldwide sales for Lynx Software Technologies (San Jose, California). “Today’s complex multicore processors are moving toward becoming networked systems-on-a-chip, so many of the assumed attributes of distributed systems like isolation and separation that were previously achieved by physical means may no longer apply when shared resources such as memory and input/output need to be managed in new ways. Yet many of our development methods and legacy systems need this separation to function. Hosting a guest OS is one example of this broader use case, and systems may only need to facilitate the separation of safety-critical or security-critical modules running on bare metal.”

The main challenges in this area revolve around system security, Cresswell adds. “The systemwide objective is usually system security, which is often the baseline for safety certification when partitioning is required. But it goes deeper than that; it’s about managing the complexity of development that complex processor integrations force upon the systems software environment,” he ex­plains. “Separation through using processor virtualization tools in new ways is a steppingstone toward modularization of software capabilities, usually to facilitate independent parallel development on these shared MCPs and maximum code reuse across programs.”

Within five years, Cresswell envisions that “the smart use of virtualization technology will become a fundamental enabler for a shift away from kernel and OS-centric system designs and toward modular system development capability in which the OS/kernel is hosted to support legacy systems integration.”

 

Sidebar 1

 

 

Sidebar 2