Aplix Corp. on Oct. 24 unveiled patent pending user-space virtualization technology said to dynamically generate virtual execution spaces for native applications running on handheld and mobile devices. The "lightweight," "OS-independent" technique is intended to enhance security by restricting an application's access to the underlying operating system, according to the company.
Aplix claims its approach offers a more flexible configuration environment than conventional OSes, which are generally confined to a statically defined set of file access permissions based on a user ID. Virtualization offers per-application control over system services or resources such as communication bandwidth, file usage, and display access, the company says. Additionally, because it operates in user mode, configuration and security policies can be modified over-the-air by downloading a description file.
User space virtualization block diagram
(Click image for larger view)
Applix's user-space virtualization technology consists of several different functions including a user-space virtual machine (VM), a state machine, and a security manager. When an application is executed, the VM scans the binary code to detect any "security-sensitive" code, according to Aplix. If any questionable code is found, the VM generates "safe code" that calls the security manager to check whether the code should be granted the access to system resources.
Aplix says its architecture and reference implementation are applicable to "any" processor architecture, and are compatible with Linux, Windows Mobile, Symbian, the Java runtime environment, and BREW, among other software platforms. The company plans to license the technology as part of its own mobile platform, and will also provide technology licenses for a broad range of devices.
Aplix CTO Ryu Koriyama stated, "In the next generation of data device platforms, the question of how we can ensure security is an extremely important issue. I think the security technology we provide for the execution of innovative applications may prove to be the basis of a solution. Our user-space virtualization technology can be installed in almost all data device platforms currently available, creating value by enabling the construction of a safe environment for application execution."
Virtualization technologies targeting devices running embedded Linux are also offered by VirtualLogix (formerly Jaluna) and Trago Systems, among others.