Follow us on Twitter
LynxSecure Embedded Hypervisor and Separation KernelOperating-system virtualization and embedded virtual machines for real-time systems
PRINTABLE PDF VERSION (181 kB)
LynxSecure 5.0 secure virtualization is now available. Learn more about the additional features of this exciting new release.
Visit here to learn about secure client virtualization for laptops, medical and data applications
The only secure hypervisor utilizing hardware-virtualization technology (VT) and supporting multiple cores, LynxSecure is the undisputed performance leader for secure virtualized embedded and desktop systems
Virtualization of guest operating systems
The built-in embedded hypervisor and virtualization technology allows guest operating systems (and their applications) to run on top of LynxSecure, in effect allowing multiple dissimilar operating systems to share a single physical hardware platform. Virtualization technology allows for significant cost savings through hardware consolidation, while retaining the ability to leverage the ecosystem of applications that belong to different operating system domains into a single system.
To achieve virtualization, LynxSecure uses a hypervisor to create a virtualization layer that maps physical system resources to each guest operating system. Each guest operating system is assigned certain dedicated resources, such as memory, CPU time and I/O peripherals. "Co-operative virtualization" (para-virtualization) provides superior performance for the guest operating systems—such as Linux®, LynxOS®-SE and LynxOS-178. Full virtualization allows unmodified operating systems like Windows® to run next to para-virtualized ones.
LynxSecure provides a multicore foundation for adding security to legacy systems and securely reusing legacy Windows® and Linux® applications alongside real-time systems
100% application binary-compatibility with the non-virtualized instance of the operating system is preserved. LynxSecure isolates each virtual instance by providing hardware protection to every partition with its own virtual addressing space. In addition, it guarantees resource availability, such as memory and processor-execution resources, to each partition, so that no software can fully consume the scheduled memory or time resources of other partitions. LynxSecure supports simultaneous use of system interfaces, including multiple instances of the same or different operating systems in different partitions.
Highest standards for safety- and security-critical applications
The military and avionics industries rigidly mandate high security for safety-critical software environments, operating systems and development tools. Meanwhile, military networks increasingly need to interface with the civilian IT infrastructure, exposing them to program bugs, design flaws and other vulnerabilities.
TRAINING ON LynxSecure FOR OS VIRTUALIZATION
LynxSecure addresses this issue on all fronts by providing a robust environment within which multiple secure and non-secure operating systems can perform simultaneously—with no compromise of security, reliability or data.
The LynxSecure separation kernel is a robust virtual machine monitor that has been designed to be certifiable to:
- Common Criteria EAL-7 security certification (Evaluated Assurance Level 7), which is a level of certification unattained by any known operating system to date; and
- DO-178B level A, the highest level of FAA certification for safety-critical avionics applications.
MILS architecture conformance for building secure systems
LynxSecure conforms to the Multiple Independent Levels of Security/Safety (MILS) architecture, with strict adherence to data isolation, damage limitation and information flow policies identified in this architecture. Unlike a traditional security kernel that performs all trusted functions for a secure operating system, a separation kernel's primary security function is to partition data and resources of a system and to control information flow between partitions.
Partitions and information-flow policies are defined by the kernel's configuration. This provides a robust foundation for the creation of multi-level secure systems.
Flexible scheduling policy
LynxSecure's fixed-cyclic ARINC 653-based scheduler manages CPU time to prevent starvation in any partition. LynxSecure also allows dynamic scheduling policies to maintain maximum flexibility in developing diverse secure applications using OS virtualization.
Highly scalable technology
LynxSecure provides a scalable solution ranging from deeply embedded systems to high-end workstations and servers for the design of applications in embedded avionics products, weapons systems, C4ISR data systems as well as critical infrastructure control systems.
The LynxSecure separation kernel provides the essential components for a complete scalable, multithreaded and secure architecture:
- multithreaded small-footprint run-time environment for secure application development
- multiprocess, multithreaded environment through virtualized Red Hat®, Linux, LynxOS or LynxOS-SE real-time operating systems
- symmetric multiprocessing (SMP) for optimal resource utilization and load balancing
- Microsoft® Windows® support in full virtualization mode
- high-end scalability and memory support through 64-bit execution mode and addressing capabilities
Support for open standards
Like all LynuxWorks operating systems, LynxSecure is based on open standards. LynxSecure provides a seamless migration path for LynuxWorks customers whose Linux- and POSIX®-based applications can now run on virtualized Red Hat Linux, BlueCat Linux and LynxOS family environments within LynxSecure partitions.
Security
- Building in RTOS Support for Safety- & Security-Critical Systems
- LynuxWorks explains the differences between safety-critical and security-critical applications and how to meet their demanding requirements with the LynxOS-178 RTOS and the LynxSecure hypervisor. (EE Times Design, August 2011)
- Enhancing Application Performance on Multicore Systems
- Tips on optimizing a multicore real-time system, including virtualization, avoiding synchronization and concurrency while maximizing application parallelism. (Military Embedded Systems, February 2011)
- Hardware Virtualization puts a new spin on Secure Systems
- Real-time determinism and military security don't have to be separate realities. A combination of a secure separation kernel and an embedded hypervisor enables whole new levels of system security. (COTS Journal, October 2010)
- Using a Separation Kernel to add Military-Grade Security to Legacy Systems
- A challenge for the software designer is how to integrate modern military-grade software programs into legacy software designed long before security standards were predominant in system requirements. (VME Critical Systems, Summer 2010)
- Virtualization: Keeping Embedded Software safe and Secure in an Unsafe World
- A new, secure methodology is needed to separate systems of different security levels which run on shared resources—without compromising the performance of legacy systems. (EE Times, June 2010)
- Secure Virtualization Combines Traditional Desktop OSs and Embedded RTOSes in Military Embedded Systems
- Advances in software and hardware technologies now make it feasible to use both embedded and desktop operating systems in a secure military system. (Military Embedded Systems, May 2010)
- DO-178B Provides Certification Safety net
- Developers of commercial avionics software must demonstrate compliance with DO-178 guidelines. The FAA has issued additional guidance for so-called DO-178B Reusable Software Components (RSCs as defined in AC20-148), which allow for reuse of certifications. (COTS Journal, November 2009)
- Designing Safety-critical Avionics Software Using open Standards
- Safety-critical avionics systems have continually grown more complex and software-intensive. Regulatory authorities and avionics manufacturers have responded with guidance such as DO-178B and RSC to ensure that software performs safely, with controlled development cost. (Boards and Solutions, September 2009)
- Two Different Realms: RTOS Support for Safety-critical vs. Security-critical Systems
- Safety- and security-critical system functions are evolving simultaneously, with different yet similar requirements. Modern RTOSes are stepping up to meet these needs. (VME and Critical Systems, June 2009)
- Virtualization Makes Better use of Open-source OSes and apps
- With the introduction of the embedded hypervisor, embedded systems can avoid certain performance or licensing issues inherent to open-source OSes and applications. (EE Times, March 23, 2009)
- Secure Virtualization Technology can Extend the life of Legacy Systems
- By combining the concept of virtualization and security, one can consolidate multiple legacy systems running on heterogeneous operating systems onto a single host system with high-assurance security. (Military Embedded Systems, January/February 2009)
- Virtual Machines: Intel's CPU Extensions Transform Virtualization
- Virtualization has traditionally presented its share of design challenges in information-assurance-based systems. But now, Intel's VT-x and VT-d CPU extensions are changing the game and showing potential to become the de facto path to virtualization. (Military Embedded Systems, January 2009)
- Separation Kernel for a Secure Real-time Operating System
- The technical foundation adopted for the so-called MILS architecture is a separation kernel like LynxSecure, which permits multiple functions to be realised on a common set of physical resources without unwanted mutual interference. (Boards and Solutions Magazine, February 2008)
- Advances in Virtualization aid Information Assurance
- Advances in the newest Intel® processors are making virtualization much easier to implement in security applications than ever before. (Embedded Computing Design, January 2008)
- Protecting our most Vital Systems
- Some significant defence programmes are already committed to a new approach to high-threat, high-asset-value systems. Rance DeLong explains MILS. (Components in Electronics, April 2007)
- Perspectives: Security and the Separation Kernel
- Today's avionics systems are designed to support more than one application, using a partitioned operating system and memory management units to ensure applications have adequate separation. (Avionics Magazine, April 2007)
- MILS: An Architecture for Security, Safety, and Real Time
- The unrelenting growth and integration of embedded controls, information processing, and communications has created a need for systems that provide robust protection for resources and services in the face of serious threats. (Embedded Technology Magazine, November 2006)
- Partitioning Operating Systems Versus Process-based Operating Systems
- Partitioning operating systems are the latest buzz, while processes, by contrast, have been around for over 30 years. Both provide memory protection, however, the intent behind them is very different.
- DO-178B and the Common Criteria: Future Security Levels
- Although there are similarities between the airborne safety-critical requirements in RTCA/DO-178B and the Common Criteria, ISO 14508, compliance with the higher levels of security in the Common Criteria demands meeting additional security requirements. (COTS Journal, April 2006)
- Reusing Safety-Critical Software Components
- Safety-critical systems often operate together as a single "system-of-systems," making it important that they meet the most stringent and rigorous requirements for safety-criticality. The failure of one module in a system could create other failures or vulnerabilities, or worse yet, failure of the system as a whole. (COTS Journal, August 2005)
- Using the Microprocessor MMU for Software Protection in Real-Time Systems
- With minimal impact to overall system performance, user tasks and the kernel can be protected from accidental corruption by using multiple protected address spaces.
- Improving code Migration and Reuse
- The unrelenting growth and integration of embedded controls, information processing, and communications has created a need for systems that provide robust protection for resources and services in the face of serious threats. (Embedded Computing Design, August 2006)
- FCS Program Rolls Forward in Formation
- A wireless data network, with advanced communications and technologies, links soldiers with 18 new, lightweight manned and unmanned ground vehicles, unmanned aircraft, sensors and weapons—and it's all in one program. (COTS Journal, June 2005)
- Secure Operating Systems for Deeply Embedded Devices
- As we add more intelligence to our embedded devices, we find that they are becoming increasingly integrated into our information technology infrastructure. Though system security is not a new concept, security-in-depth is a new paradigm developers are now starting to address. (RTC Magazine, September 2004)
Virtualization Technology Demonstrations
Intel Virtualization Demonstration with LynxSecure Secure Virtualization on Sandy Bridge Platform (.WMV file)- LynxSecure Virtualization Demo on a Themis Ruggedized RES-12XR3
- LynxSecure 5.0: A new Generation of Secure Virtualization
advantages
- Optimal security and safety—the only operating system designed to support both CC EAL-7 and DO-178B level A
- Real time—time-space partitioned separation kernel for superior determinism and performance
- Hypervisor and virtualization technology— supports multiple heterogeneous, both para-virtualized and fully virtualized, operating system environments on the same physical hardware including Intel® VT
- Highly scalable—supports Symmetric MultiProcessing (SMP) and 64-bit addressing for high-end scalability
- Support for open standards—100% binary compatibility for Linux- or POSIX-based software applications allows them to migrate to a highly robust, secure environment
- Faster time to market—enables developers to begin early development for secure applications
- Building in RTOS Support for Safety- & Security-Critical Systems
- LynuxWorks explains the differences between safety-critical and security-critical applications and how to meet their demanding requirements with the LynxOS-178 RTOS and the LynxSecure hypervisor. (EE Times Design, August 2011)
- Enhancing Application Performance on Multicore Systems
- Tips on optimizing a multicore real-time system, including virtualization, avoiding synchronization and concurrency while maximizing application parallelism. (Military Embedded Systems, February 2011)
- Hardware Virtualization puts a new spin on Secure Systems
- Real-time determinism and military security don't have to be separate realities. A combination of a secure separation kernel and an embedded hypervisor enables whole new levels of system security. (COTS Journal, October 2010)
- Using a Separation Kernel to add Military-Grade Security to Legacy Systems
- A challenge for the software designer is how to integrate modern military-grade software programs into legacy software designed long before security standards were predominant in system requirements. (VME Critical Systems, Summer 2010)
- Virtualization: Keeping Embedded Software safe and Secure in an Unsafe World
- A new, secure methodology is needed to separate systems of different security levels which run on shared resources—without compromising the performance of legacy systems. (EE Times, June 2010)
- Secure Virtualization Combines Traditional Desktop OSs and Embedded RTOSes in Military Embedded Systems
- Advances in software and hardware technologies now make it feasible to use both embedded and desktop operating systems in a secure military system. (Military Embedded Systems, May 2010)
- DO-178B Provides Certification Safety net
- Developers of commercial avionics software must demonstrate compliance with DO-178 guidelines. The FAA has issued additional guidance for so-called DO-178B Reusable Software Components (RSCs as defined in AC20-148), which allow for reuse of certifications. (COTS Journal, November 2009)
- Designing Safety-critical Avionics Software Using open Standards
- Safety-critical avionics systems have continually grown more complex and software-intensive. Regulatory authorities and avionics manufacturers have responded with guidance such as DO-178B and RSC to ensure that software performs safely, with controlled development cost. (Boards and Solutions, September 2009)
- Two Different Realms: RTOS Support for Safety-critical vs. Security-critical Systems
- Safety- and security-critical system functions are evolving simultaneously, with different yet similar requirements. Modern RTOSes are stepping up to meet these needs. (VME and Critical Systems, June 2009)
- Virtualization Makes Better use of Open-source OSes and apps
- With the introduction of the embedded hypervisor, embedded systems can avoid certain performance or licensing issues inherent to open-source OSes and applications. (EE Times, March 23, 2009)
- Secure Virtualization Technology can Extend the life of Legacy Systems
- By combining the concept of virtualization and security, one can consolidate multiple legacy systems running on heterogeneous operating systems onto a single host system with high-assurance security. (Military Embedded Systems, January/February 2009)
- Virtual Machines: Intel's CPU Extensions Transform Virtualization
- Virtualization has traditionally presented its share of design challenges in information-assurance-based systems. But now, Intel's VT-x and VT-d CPU extensions are changing the game and showing potential to become the de facto path to virtualization. (Military Embedded Systems, January 2009)
- Separation Kernel for a Secure Real-time Operating System
- The technical foundation adopted for the so-called MILS architecture is a separation kernel like LynxSecure, which permits multiple functions to be realised on a common set of physical resources without unwanted mutual interference. (Boards and Solutions Magazine, February 2008)
- Advances in Virtualization aid Information Assurance
- Advances in the newest Intel® processors are making virtualization much easier to implement in security applications than ever before. (Embedded Computing Design, January 2008)
- Protecting our most Vital Systems
- Some significant defence programmes are already committed to a new approach to high-threat, high-asset-value systems. Rance DeLong explains MILS. (Components in Electronics, April 2007)
- Perspectives: Security and the Separation Kernel
- Today's avionics systems are designed to support more than one application, using a partitioned operating system and memory management units to ensure applications have adequate separation. (Avionics Magazine, April 2007)
- MILS: An Architecture for Security, Safety, and Real Time
- The unrelenting growth and integration of embedded controls, information processing, and communications has created a need for systems that provide robust protection for resources and services in the face of serious threats. (Embedded Technology Magazine, November 2006)
- Partitioning Operating Systems Versus Process-based Operating Systems
- Partitioning operating systems are the latest buzz, while processes, by contrast, have been around for over 30 years. Both provide memory protection, however, the intent behind them is very different.
- DO-178B and the Common Criteria: Future Security Levels
- Although there are similarities between the airborne safety-critical requirements in RTCA/DO-178B and the Common Criteria, ISO 14508, compliance with the higher levels of security in the Common Criteria demands meeting additional security requirements. (COTS Journal, April 2006)
- Reusing Safety-Critical Software Components
- Safety-critical systems often operate together as a single "system-of-systems," making it important that they meet the most stringent and rigorous requirements for safety-criticality. The failure of one module in a system could create other failures or vulnerabilities, or worse yet, failure of the system as a whole. (COTS Journal, August 2005)
- Using the Microprocessor MMU for Software Protection in Real-Time Systems
- With minimal impact to overall system performance, user tasks and the kernel can be protected from accidental corruption by using multiple protected address spaces.
- Improving code Migration and Reuse
- The unrelenting growth and integration of embedded controls, information processing, and communications has created a need for systems that provide robust protection for resources and services in the face of serious threats. (Embedded Computing Design, August 2006)
- FCS Program Rolls Forward in Formation
- A wireless data network, with advanced communications and technologies, links soldiers with 18 new, lightweight manned and unmanned ground vehicles, unmanned aircraft, sensors and weapons—and it's all in one program. (COTS Journal, June 2005)
- Secure Operating Systems for Deeply Embedded Devices
- As we add more intelligence to our embedded devices, we find that they are becoming increasingly integrated into our information technology infrastructure. Though system security is not a new concept, security-in-depth is a new paradigm developers are now starting to address. (RTC Magazine, September 2004)
Virtualization / RTOS News
Lockheed Martin's Mission Systems and Sensors Division Selects LynuxWorks LynxOS RTOS for UK AWACS -1/25- Selecting a Partitioning OS for a Radiation Therapy System -1/12
- Building on 2011—the year that Secure Computing came of age -12/14
- Video: Secure Partitioning LynxSecure from LynuxWorks -11/11
- Video: Cloud Computing with LynxSecure from LynuxWorks -11/11
- Secure data Storage Helps Deliver Mission-Critical Information to Defense and Aerospace Personnel -11/28
EVENTS
- Embedded World 2012, Nuremberg, Germany, Feb 28-Mar 1
- Device-Driver and Real-Time Programming for the LynxOS RTOS Family, San José, CA, USA, Feb 27-Mar 2
- RSA Conference USA, San Francisco, CA, USA, Feb 27-Mar 2
