Maximizing performance and security with Linux and segregated containerization
- Secure Linux applications in isolated partitions
- Pay security-related overheads only when needed
- Seamless communication between partitions
Bunker for Linux offers dual-partition run-time environment composed of:
Open World, a traditional Linux system that can be externally exposed (e.g., network connectivity)
Bunker, a strongly isolated, security-hardened Linux execution environment
Core Features
Pre-installed and pre-configured security hardening, including encrypted filesystem, attack detection and recovery, and countermeasures for side-channel attacks
Seamless communication mechanisms between Open World and Bunker that preserve security
Secure update procedures and built-in support for containerization (e.g., Docker)
Three security profiles to balance security with performance: hard, vigorous, and extreme
The Architecture
Key features
Secure Linux Application in Isolated Partitions: Partitioning between Open World and Bunker employs next-generation Hypervisor technology
Pay Security-Related Overheads only When Needed: Involve resource-expensive security
countermeasures for critical component only (i.e., within Bunker), while keeping the performance of non-critical software unaffected
Confidentiality, Integrity & Availability (CIA) Enforcement: Ensures only authorized applications can access sensitive data and prevents tampering
Zero-Trust approach: Even if Open World is breached, Bunker for Linux prevents lateral movement or access to protected applications running within Bunker
