Defense in-depth

EAL 5+ certified hypervisor, PolyXene® natively integrates different security blocks in order to ensure the best possible protection of sensitive information systems and critical infastructures.

PolyXene® | High security software platform for critical infrastructure & sensitive information system 2017-03-23T15:22:05+00:00

Sensitive application & data partitioning

PolyXene® ensures the safe and secure cohabitation of data and applications of differing levels of sensitivity (e.g. public vs. restricted) on one single and same work station (static or mobile).

This controlled partitioning constitutes a viable alternative to physical network separation (air-gapping), which although effective  in reducing the risk of leakage, is nevertheless costly and restrictive (non-automated data exchange via USB flash drives, long data transmission lead times, sub-standard ergonomics, high ownership costs).

As a consequence, PolyXene® also optimizes the management of IT resources and increases cost-efficiency: fewer workstations means lower TCO & management costs and reduced space requirements & energy consumption.

  • INTEGRITY
  • CONFIDENTIALITY
  • AUTHENTICATION
  • NON-REPUDIATION
  • AVAILABILITY

PolyXene® is the fruit of 10 years’ collaboration between Bertin IT and the DGA, the French arms procurement agency, examining issues of classified information partitioning and the secure exchange of sensitive data within the framework of the SINAPSE study program. Since May 2014, PolyXene® has been used by the Headquarters of the French army as part of a pilot program with a view to full deployment at a later date.

Certified CC-EAL 5 by the French Network and Information Security Agency (ANSSI), PolyXene® is one of the rare hypervisors to have been granted such a level of approval. Version 2 is currently undergoing assessment for further certification.

PolyXene, high security hypervisor | Fonctional Schema

⟩⟩ Security Services

  • files systems encryption
  • network (VPN) encryption
  • strong authentication / R-BAC

⟩⟩ Resources Management

  • control of peripherals installation

⟩⟩ Supervision

  • audit
  • logging
  • updating
  • remote administration

Data encryption

Thanks to its data-encrypted security mechanisms, PolyXene® effectively counters attacks via hidden files on a removable device (e.g. USB flash drive) or via in-flight rewriting of data. Any third-party data is not processed and is consequently unable to cause damage.

By these same mechanisms, PolyXene® protects data stored on pre-formatted and authenticated USB flash drives, making their content unintelligible to a hacker and thus preventing the risk of data leakage.

Role-based access control & authentication

By providing users with just the right level of authorization and access to resources, PolyXene® reduces the potential impact of an attack in the event of an account becoming corrupted (no privilege upgrades).

Access control and functional separation also protect the organization against the action of a malicious or imprudent in-house administrator or user.

Platform monitoring

Virtualization, using a bare-metal hypervisor, makes it possible to monitor and control and to reduce the risk of corruption by hardware. It is impossible to install peripheral devices or establish a connection with USB flash drives that are not recognized by the system.