The events of September 11, 2001 and its aftermath have created a heightened
awareness of security loopholes in every aspect of homeland security. The security of an embedded device
depends heavily on its operating system (OS) for a secure environment for its applications.
LynuxWorks delivers
Security white papers
- Separation Kernel for a Secure Real-time Operating System
- The technical foundation adopted for the so-called MILS architecture is a separation kernel like LynxSecure, which permits multiple functions to be realised on a common set of physical resources without unwanted mutual interference. (Boards and Solutions Magazine, February 2008)
- Protecting
our most Vital Systems
- Some significant defence programmes are already committed to a new approach to high-threat, high-asset-value systems. Rance DeLong explains MILS. (Components in Electronics, April 2007)
- Perspectives:
Security and the Separation Kernel
- Today's avionics systems are designed to support more than one application, using a partitioned operating
system and memory management units to ensure applications have adequate separation. (Avionics Magazine,
April 2007)
- MILS: An Architecture for Security, Safety,
and Real Time
- The unrelenting growth and integration of embedded controls, information processing, and communications
has created a need for systems that provide robust protection for resources and services in the face of
serious threats. (Air Force Research Laboratory Technology Horizons, November 2006)
- Partitioning Operating Systems Versus Process-based
Operating Systems
- Partitioning operating systems are the latest buzz, while processes, by contrast, have been around
for over 30 years. Both provide memory protection, however, the intent behind them is very different.
- DO-178B and the Common
Criteria: Future Security Levels
- Although there are similarities between the airborne safety-critical requirements in RTCA/DO-178B
and the Common Criteria, ISO 14508, compliance with the higher levels of security in the Common Criteria
demands meeting additional security requirements. (COTS Journal, April 2006)
- Reusing Safety-Critical Software Components
- Safety-critical systems often operate together as a single "system-of-systems," making it
important that they meet the most stringent and rigorous requirements for safety-criticality. The failure
of one module in a system could create other failures or vulnerabilities, or worse yet, failure of the
system as a whole. (COTS Journal, August 2005)
- Real-Time Secure Operating System
- An overview of: a) the need for a secure operating system and b) the high-level design of a secure
operating system that can be built and evaluated to the highest assurance levels.
- Safety-Critical Software (DO-178B)
- Failure of some software systems could cause catastrophic consequences for human life. The LynxOS-178
RTOS was designed to be certifiable to the DO-178B specification
and to facilitate production of the highest-quality safety-critical software.
-
- Using the Microprocessor MMU
for Software Protection in Real-Time Systems
- With minimal impact to overall system performance, user tasks and the kernel can be protected from
accidental corruption by using multiple protected address spaces.
- Improving code Migration
and Reuse
- The unrelenting growth and integration of embedded controls, information processing, and communications
has created a need for systems that provide robust protection for resources and services in the face of
serious threats. (Embedded Computing Design, August 2006)
- LynuxWorks: A case Study in Combat-ready
Linux
- As open source, especially Linux, makes its way into nearly every sector of the economy, one of the
final frontiers is the military and aerospace market, where new applications must clear hurdles such as
the FAA's rigorous DO-178B certification for aviation software. (Newsforge, December 2005)
- FCS Program Rolls Forward in Formation
- A wireless data network, with advanced communications and technologies, links soldiers with 18 new,
lightweight manned and unmanned ground vehicles, unmanned aircraft, sensors and weapons—and it’s
all in one program. (COTS Journal, June 2005)
- Homeland Security and
Embedded Software
- The proliferation of Internet connected embedded devices has created opportunities for malicious users
to exploit security weaknesses in embedded software to gain access to sensitive systems. As a result,
developing highly secure embedded systems is imperative to ensure the safety of our country’s critical
infrastructures. (Embedded Computing Design, October 2004)
- Secure Operating Systems
for Deeply Embedded Devices
- As we add more intelligence to our embedded devices, we find that they are becoming increasingly integrated
into our information technology infrastructure. Though system security is not a new concept, security-in-depth
is a new paradigm developers are now starting to address. (RTC Magazine, September 2004)
- Embedded Tools Train an eye on Security
- A wireless data network, with advanced communications and technologies, links soldiers with 18 new,
lightweight manned and unmanned ground vehicles, unmanned aircraft, sensors and weapons—and it’s
all in one program. (EE Times, September 2004)
- Linux can be used in the Military
- The controversy surrounding the use of Linux in military applications is heating up. Here are several
points of view from companies in-the-know. (COTS Journal, June 2004)
Today's aerospace and defense system developers
trust LynuxWorks for the uncompromising security and reliability that their applications require. It's
no wonder that our flagship LynxOS® real-time operating system is currently
at work in more than one million mission-critical embedded applications.
New LynxSecure provides the latest, most secure system architecture
LynuxWorks™ understands the importance of a secure embedded OS. The new LynxSecure
separation kernel from LynuxWorks is the only operating system that supports both Common Criteria
EAL-7 and DO-178B level A.
LynxSecure expands on the proven real-time capabilities and system security of the LynxOS®
real-time operating system (RTOS) by adding time-space
partitioning and operating-system virtualization.
The LynxSecure separation kernel supports multiple levels of security on a single processor,
in conformance with the Multiple Independent Levels of Security (MILS) architecture. The MILS architecture
demonstrates component layering (kernel, middleware and application) such that security policy definition
is separated from policy enforcement.
Within the robust LynxSecure environment, multiple secure and non-secure operating systems
can perform simultaneously—with no compromise of security, reliability or data.
Open standards and POSIX
As part of our long-standing commitment to open standards, LynuxWorks operating systems
are POSIX®-based and Linux®-compatible. Since the LynuxWorks separation kernel will be open standards-based,
POSIX-based OSes
will be able to run in a secure partition. The EAL-7 separation kernel will eliminate the timely and
costly system evaluation process that the government and military are currently performing on each operating
system, by ensuring that current Linux, Solaris™, HP-RT, HPUX and UNIX® applications can be
easily migrated to the EAL-7 secure environment.
Understanding Common Criteria and EAL levels
The evaluation of security software through the Common Criteria standard defines "evaluation
assurance levels" (EAL 1-7) that indicate the process rigor associated with the development of an
information technology product, as shown below:
- EAL1 – Functionally tested
- EAL2 – Structurally tested
- EAL3 – Methodically tested and checked
- EAL4 – Methodically designed, tested and reviewed
- EAL5 – Semi formally designed and tested
- EAL6 – Semi formally verified, designed and tested
- EAL7 – Formally verified, designed and tested
The level of assurance rigor increases from EAL1 (lowest) to EAL7 (highest). Assurance
to EAL7 involves formal verification of the software product using mathematical models and theorem proving.
A software product developed according to a protection profile is certified to a specific EAL level by
a US government-approved Common Criteria Testing Lab (CCTL).
The secure Multiple Independent Levels of Security (MILS) architecture demonstrates component
layering (kernel, middleware and application)
