OS Security and Information Assurance Secure operating system and architecture
 Security: USAF C/KC-135 Upgrades are powered by the LynxOS-178 secure operating system and earned DO-178 certification |
At LynuxWorks™, we understand the importance of a secure embedded OS.
We designed our new LynxSecure embedded hypervisor and separation kernel specifically to provide high-assurance virtualization services and software security in embedded systems. LynxSecure is the only operating system built from the ground up to be certifiable to both Common Criteria EAL-7 and DO-178B level A.
Within the robust LynxSecure environment, multiple secure and non-secure operating systems can perform simultaneously—with no compromise of security, reliability or data.
Over 20 years of software-security experience
LynxSecure expands on the proven real-time and security capabilities of our flagship LynxOS® real-time operating system (RTOS) by adding time-space partitioning and operating-system virtualization. LynxOS is currently at work in more than one million mission-critical embedded applications around the world.
LynxSecure embedded hypervisor and separation kernel supports multiple levels of security on a single processor, in conformance with the Multiple Independent Levels of Security (MILS) architecture. The MILS architecture demonstrates component layering (kernel, middleware and application) such that security policy definition is separated from policy enforcement.
LynxSecure has also been constructed to conform to the Separation Kernel Protection Profile (SKPP).
Open standards and POSIX
As part of our long-standing commitment to open standards, LynuxWorks operating systems are POSIX®-based and Linux®-compatible. Since the LynuxWorks separation kernel will be open standards-based, POSIX-based OSes will be able to run in a secure partition. The separation kernel will eliminate the timely and costly system evaluation process that the government and military are currently performing on each operating system, by ensuring that current Linux, Solaris™, HP-RT, HPUX and UNIX® applications can be easily migrated to the secure environment.
Understanding Common Criteria and EAL levels
The evaluation of security software through the Common Criteria standard defines "evaluation assurance levels" (EAL 1-7) that indicate the process rigor associated with the development of an information technology product, as shown below:
- EAL1 – Functionally tested
- EAL2 – Structurally tested
- EAL3 – Methodically tested and checked
- EAL4 – Methodically designed, tested and reviewed
- EAL5 – Semi formally designed and tested
- EAL6 – Semi formally verified, designed and tested
- EAL7 – Formally verified, designed and tested
The level of assurance rigor increases from EAL1 (lowest) to EAL7 (highest). Assurance to EAL7 involves formal verification of the software product using mathematical models and theorem proving. A software product developed according to a protection profile is certified to a specific EAL level by a US government-approved Common Criteria Testing Lab (CCTL).
- Keeping Embedded Software safe and Secure in an Unsafe World
- A new, secure methodology is needed to separate systems of different security levels which run on shared resources—without compromising the performance of legacy systems. (EE Times Design, June 2010)
- DO-178B Provides Certification Safety net
- Developers of commercial avionics software must demonstrate compliance with DO-178 guidelines. The FAA has issued additional guidance for so-called DO-178B Reusable Software Components (RSCs as defined in AC20-148), which allow for reuse of certifications. (COTS Journal, November 2009)
- Designing Safety-critical Avionics Software Using open Standards
- Safety-critical avionics systems have continually grown more complex and software-intensive. Regulatory authorities and avionics manufacturers have responded with guidance such as DO-178B and RSC to ensure that software performs safely, with controlled development cost. (Boards and Solutions, September 2009)
- Two Different Realms: RTOS Support for Safety-critical vs. Security-critical Systems
- Safety- and security-critical system functions are evolving simultaneously, with different yet similar requirements. Modern RTOSes are stepping up to meet these needs. (VME and Critical Systems, June 2009)
- Virtualization Makes Better use of Open-source OSes and apps
- With the introduction of the embedded hypervisor, embedded systems can avoid certain performance or licensing issues inherent to open-source OSes and applications. (EE Times, March 23, 2009)
- Secure Virtualization Technology can Extend the life of Legacy Systems
- By combining the concept of virtualization and security, one can consolidate multiple legacy systems running on heterogeneous operating systems onto a single host system with high-assurance security. (Military Embedded Systems, January/February 2009)
- Separation Kernel for a Secure Real-time Operating System
- The technical foundation adopted for the so-called MILS architecture is a separation kernel like LynxSecure, which permits multiple functions to be realised on a common set of physical resources without unwanted mutual interference. (Boards and Solutions Magazine, February 2008)
- Advances in Virtualization aid Information Assurance
- Advances in the newest Intel® processors are making virtualization much easier to implement in security applications than ever before. (Embedded Computing Design, January 2008)
- Protecting our most Vital Systems
- Some significant defence programmes are already committed to a new approach to high-threat, high-asset-value systems. Rance DeLong explains MILS. (Components in Electronics, April 2007)
- Perspectives: Security and the Separation Kernel
- Today's avionics systems are designed to support more than one application, using a partitioned operating system and memory management units to ensure applications have adequate separation. (Avionics Magazine, April 2007)
- MILS: An Architecture for Security, Safety, and Real Time
- The unrelenting growth and integration of embedded controls, information processing, and communications has created a need for systems that provide robust protection for resources and services in the face of serious threats. (Embedded Technology Magazine, November 2006)
- Partitioning Operating Systems Versus Process-based Operating Systems
- Partitioning operating systems are the latest buzz, while processes, by contrast, have been around for over 30 years. Both provide memory protection, however, the intent behind them is very different.
- DO-178B and the Common Criteria: Future Security Levels
- Although there are similarities between the airborne safety-critical requirements in RTCA/DO-178B and the Common Criteria, ISO 14508, compliance with the higher levels of security in the Common Criteria demands meeting additional security requirements. (COTS Journal, April 2006)
- Reusing Safety-Critical Software Components
- Safety-critical systems often operate together as a single "system-of-systems," making it important that they meet the most stringent and rigorous requirements for safety-criticality. The failure of one module in a system could create other failures or vulnerabilities, or worse yet, failure of the system as a whole. (COTS Journal, August 2005)
- Using the Microprocessor MMU for Software Protection in Real-Time Systems
- With minimal impact to overall system performance, user tasks and the kernel can be protected from accidental corruption by using multiple protected address spaces.
- Improving code Migration and Reuse
- The unrelenting growth and integration of embedded controls, information processing, and communications has created a need for systems that provide robust protection for resources and services in the face of serious threats. (Embedded Computing Design, August 2006)
- LynuxWorks: A case Study in Combat-ready Linux
- As open source, especially Linux, makes its way into nearly every sector of the economy, one of the final frontiers is the military and aerospace market, where new applications must clear hurdles such as the FAA's rigorous DO-178B certification for aviation software. (Newsforge, December 2005)
- FCS Program Rolls Forward in Formation
- A wireless data network, with advanced communications and technologies, links soldiers with 18 new, lightweight manned and unmanned ground vehicles, unmanned aircraft, sensors and weapons—and it's all in one program. (COTS Journal, June 2005)
- Embedded Tools Train an eye on Security
- As embedded designers incorporate more security and safety needs into devices, embedded tools will have to evolve to provide capabilities needed both for product development and process management. (EE Times, September 2004)
- Secure Operating Systems for Deeply Embedded Devices
- As we add more intelligence to our embedded devices, we find that they are becoming increasingly integrated into our information technology infrastructure. Though system security is not a new concept, security-in-depth is a new paradigm developers are now starting to address. (RTC Magazine, September 2004)
Virtualization / RTOS News
- ARM Processor Support for LynxOS-SE RTOS Builds Secure Mobile Applications -7/13
- Keeping Embedded Software safe and Secure in an Unsafe World -6/10
- Consumer Trends Fuel Medical Device Innovation -4/10
- Announcing LynxSecure 4.0: the most Feature-Rich Secure Separation Kernel and Embedded Hypervisor -4/27/10
- LynxSecure Real-time Applications and Device Driver Programming Workshop, San José, CA, USA, Jul 27-30
- UCDMO (Annual Unified Cross Domain Management Office), Boston, MA, USA, Aug 9-12
- AUVSI Unmanned Systems North America, Denver, CO, USA, Aug 24-27
