Follow us on Twitter
Desktop Virtualization and Secure Client Virtualization Based on Military-Grade TechnologySecure virtualization for laptops, medical and data applications with LynxSecure separation kernel
PRINTABLE PDF VERSION (575 kB)
In today's modern connected world, the security of either PC-like or embedded client devices is vital. These devices often hold sensitive company and personal information, and yet are connected to the open internet that is home to cyber-criminals and malicious attacks.
Securing the internet connection or adding security to a browser are traditional methods of protection, but a more secure approach is to isolate sensitive data and applications away from the point of potential attack.
Protection of data at-rest and in-motion on laptops
The LynxSecure separation kernel and hypervisor from LynuxWorks™ gives a secure software platform that virtualizes and isolates operating systems, applications, devices and data from one another while running on the same hardware platform.
LynxSecure was designed from the ground up to operate in highly secure defense environments where data and applications with different security levels need to co-reside on a single device without contamination.
LynxSecure's military-grade technology is now available for other markets such as medical, consumer, financial, industrial and communications. LynxSecure supports commonly available processor architectures, operating systems and applications, and offers the ultimate in protection, without interfering with the desired functionality of the device.
Virtualization can only provide real system security if the hypervisor has been built with security in mind (a hypervisor or its underlying operating system can be compromised).
The virtualization in LynxSecure is based on a type-1 (bare-metal) hypervisor that runs directly on the hardware, providing vastly improved performance over the more traditional type-2 (hosted) hypervisors that run on top of another operating system. LynxSecure also has the benefit of a built-in separation kernel that offers military-proven security for the OSes and applications running on it.
The LynxSecure separation kernel has been designed to securely isolate devices, memory and resources and contain them in their own partitions. The configuration of LynxSecure also allows for the definition of information flow between the different partitions, adding flexibility to the usage model while maintaining secure isolation where required. The hypervisor part of LynxSecure then allows different operating systems and applications to run in these secure partitions, and offers virtualized versions of the physical devices where appropriate.
Virtualization of guest operating systems
The built-in embedded hypervisor and virtualization technology allow guest operating systems (and their applications) to run on top of LynxSecure, in effect allowing multiple dissimilar operating systems to share a single physical hardware platform.
Virtualization technology allows for significant cost savings through hardware consolidation, while retaining the ability to leverage the ecosystem of applications that belong to different operating-system domains into a single system.
LynxSecure uses its hypervisor to create a virtualization layer that maps physical system resources to each guest operating system. Each guest operating system is assigned certain dedicated resources, such as memory, CPU time and I/O peripherals, which can be securely shared with other guest OSes if required and even includes a secure communications link between the different partitions.
Two types of virtualization are provided by LynxSecure. Para-virtualization, also known as "co-operative virtualization," provides superior performance for the guest operating systems—such as Linux® or LynxOS® family of real-time operating systems. Full virtualization allows unmodified operating systems like Windows® or Solaris™ to run next to para-virtualized ones. Both types of virtualization are supported concurrently by LynxSecure, and by utilizing hardware virtualization technologies, even fully virtualized guest OSes can run at near-native performance.
100% application binary-compatibility with the non-virtualized instance of the operating system is preserved. This allows legacy applications and operating systems to be reused on the new and secure hardware, offering cost-effective migration and reuse of existing systems. LynxSecure isolates each virtual instance by providing hardware protection to every partition with its own virtual addressing space.
In addition, it guarantees resource availability, such as memory and processor-execution resources, to each partition, so that no software can fully consume the scheduled memory or time resources of other partitions. LynxSecure supports simultaneous use of system interfaces, including multiple instances of the same or different operating systems in different partitions.
Medical device combines real-time and desktop functionality
Superlative virtualization performance
A question that is often asked of virtualization solutions is around the performance of applications and operating systems when running virtualized versus the performance when executing directly on the hardware.
LynxSecure has answered this question by using a combination of hardware and software features designed to bring the virtualized performance extremely close to native.
The small and efficient separation kernel was designed to run in real-time environments, and has a fixed-cyclic scheduler that manages CPU time to prevent starvation in any partition, providing a truly deterministic environment.
LynxSecure also allows dynamic scheduling policies for maximum flexibility when developing secure applications using OS virtualization. LynxSecure also takes full advantage of the hardware features of modern processors, such as the VPro technology from Intel® found in everything from PCs and laptops to embedded systems and mobile devices. Multicore processors can significantly boost the performance of virtualized systems, and LynxSecure provides very advanced schemes for using these devices, including a new dynamic scheduling policy for changing the amount of CPU time allocated to a guest operating system while the system is running.
Only one instance of LynxSecure is required for building a system on a multicore device. Subsequently, different views of the processor can be shown to the virtualized operating systems running on top.
Multiple guest operating systems can share a single core, which is useful if the operating systems or the applications running on them do not require 100% of the core's processing power.
Alternatively, a guest operating system can be given a dedicated core, for near-native performance of fully virtualized operating systems that do not know that they are running in a shared or virtualized system and assume that they have 100% of processors bandwidth.
For more computing performance than a single core can offer, LynxSecure also allows guest operating systems with symmetric multi-processing (SMP) functionality to be executed across multiple cores.
The wide use of virtualization in servers and data centers has resulted in increased availability of hardware for virtualized systems. LynxSecure takes advantage of the hardware virtualization features built into modern processors.
Processor extensions offering Virtualization Technology (VT) like vt-x and vt-d, found in most new Intel processors, increase the performance and security of both para-virtualized and fully virtualized systems.
By using Extended Page Table (EPT) and Page Attribute Table (PAT) in Intel's latest processors, the performance of fully virtualized systems comes very close to both native and para-virtualized figures.
Benchmarks run by both independent organizations and LynuxWorks engineers have shown that an overhead of between 2% and 5% over a native OS is typical. This allows for the migration of legacy OSes and applications to a secure virtualized environment with virtually no performance impact, and often as new hardware is also involved, the performance of the legacy system can be improved.
Functionality and security
Adding extra security to a system can sometimes lead to an unwanted loss of functionality. With LynxSecure, the security is built into the underlying platform, so the virtualized guest operating systems and applications function exactly as they do when running natively.
For many applications, this ability to add security without compromising the functionality or performance of the legacy system is a key attribute helping to make the move to a virtualized solution.
For example, developers of medical devices can now add network connectivity without fear of compromising patient information, and IT organizations can add security to their corporate PCs and laptops without removing users' ability to email, surf the web, or chat on instant-message and social-media applications (see secure use cases 1 and 2).
ValidEdge MIS1100 appliance: using secure virtualization to safely detonate and analyze malicious code
An entire family of secure real-time operating systems
LynxSecure is the latest addition to the LynxOS family of secure real-time operating systems.
Today—after 22 years—our LynxOS RTOS is a mature operating system in its fifth generation of reliability.
When it comes to specific security and certification requirements, we are known for our LynxOS-178 RTOS, for critical avionics systems requiring software certification, and our LynxOS-SE RTOS with time and space partitioning.
Virtualization Technology Demonstrations
Intel Virtualization Demonstration with LynxSecure Secure Virtualization on Sandy Bridge Platform (.WMV file)- LynxSecure Virtualization Demo on a Themis Ruggedized RES-12XR3
- LynxSecure 5.0: A new Generation of Secure Virtualization
advantages
- Optimal security and safety—the only operating system designed to support both CC EAL-7 and DO-178B level A
- Real time—time-space partitioned separation kernel for superior determinism and performance
- Hypervisor and virtualization technology— supports multiple heterogeneous, both para-virtualized and fully virtualized, operating system environments on the same physical hardware including Intel® VT
- Highly scalable—supports Symmetric MultiProcessing (SMP) and 64-bit addressing for high-end scalability
- Support for open standards—100% binary compatibility for Linux- or POSIX-based software applications allows them to migrate to a highly robust, secure environment
- Faster time to market—enables developers to begin early development for secure applications
- Building in RTOS Support for Safety- & Security-Critical Systems
- LynuxWorks explains the differences between safety-critical and security-critical applications and how to meet their demanding requirements with the LynxOS-178 RTOS and the LynxSecure hypervisor. (EE Times Design, August 2011)
- Enhancing Application Performance on Multicore Systems
- Tips on optimizing a multicore real-time system, including virtualization, avoiding synchronization and concurrency while maximizing application parallelism. (Military Embedded Systems, February 2011)
- Hardware Virtualization puts a new spin on Secure Systems
- Real-time determinism and military security don't have to be separate realities. A combination of a secure separation kernel and an embedded hypervisor enables whole new levels of system security. (COTS Journal, October 2010)
- Using a Separation Kernel to add Military-Grade Security to Legacy Systems
- A challenge for the software designer is how to integrate modern military-grade software programs into legacy software designed long before security standards were predominant in system requirements. (VME Critical Systems, Summer 2010)
- Virtualization: Keeping Embedded Software safe and Secure in an Unsafe World
- A new, secure methodology is needed to separate systems of different security levels which run on shared resources—without compromising the performance of legacy systems. (EE Times, June 2010)
- Secure Virtualization Combines Traditional Desktop OSs and Embedded RTOSes in Military Embedded Systems
- Advances in software and hardware technologies now make it feasible to use both embedded and desktop operating systems in a secure military system. (Military Embedded Systems, May 2010)
- DO-178B Provides Certification Safety net
- Developers of commercial avionics software must demonstrate compliance with DO-178 guidelines. The FAA has issued additional guidance for so-called DO-178B Reusable Software Components (RSCs as defined in AC20-148), which allow for reuse of certifications. (COTS Journal, November 2009)
- Designing Safety-critical Avionics Software Using open Standards
- Safety-critical avionics systems have continually grown more complex and software-intensive. Regulatory authorities and avionics manufacturers have responded with guidance such as DO-178B and RSC to ensure that software performs safely, with controlled development cost. (Boards and Solutions, September 2009)
- Two Different Realms: RTOS Support for Safety-critical vs. Security-critical Systems
- Safety- and security-critical system functions are evolving simultaneously, with different yet similar requirements. Modern RTOSes are stepping up to meet these needs. (VME and Critical Systems, June 2009)
- Virtualization Makes Better use of Open-source OSes and apps
- With the introduction of the embedded hypervisor, embedded systems can avoid certain performance or licensing issues inherent to open-source OSes and applications. (EE Times, March 23, 2009)
- Secure Virtualization Technology can Extend the life of Legacy Systems
- By combining the concept of virtualization and security, one can consolidate multiple legacy systems running on heterogeneous operating systems onto a single host system with high-assurance security. (Military Embedded Systems, January/February 2009)
- Virtual Machines: Intel's CPU Extensions Transform Virtualization
- Virtualization has traditionally presented its share of design challenges in information-assurance-based systems. But now, Intel's VT-x and VT-d CPU extensions are changing the game and showing potential to become the de facto path to virtualization. (Military Embedded Systems, January 2009)
- Separation Kernel for a Secure Real-time Operating System
- The technical foundation adopted for the so-called MILS architecture is a separation kernel like LynxSecure, which permits multiple functions to be realised on a common set of physical resources without unwanted mutual interference. (Boards and Solutions Magazine, February 2008)
- Advances in Virtualization aid Information Assurance
- Advances in the newest Intel® processors are making virtualization much easier to implement in security applications than ever before. (Embedded Computing Design, January 2008)
- Protecting our most Vital Systems
- Some significant defence programmes are already committed to a new approach to high-threat, high-asset-value systems. Rance DeLong explains MILS. (Components in Electronics, April 2007)
- Perspectives: Security and the Separation Kernel
- Today's avionics systems are designed to support more than one application, using a partitioned operating system and memory management units to ensure applications have adequate separation. (Avionics Magazine, April 2007)
- MILS: An Architecture for Security, Safety, and Real Time
- The unrelenting growth and integration of embedded controls, information processing, and communications has created a need for systems that provide robust protection for resources and services in the face of serious threats. (Embedded Technology Magazine, November 2006)
- Partitioning Operating Systems Versus Process-based Operating Systems
- Partitioning operating systems are the latest buzz, while processes, by contrast, have been around for over 30 years. Both provide memory protection, however, the intent behind them is very different.
- DO-178B and the Common Criteria: Future Security Levels
- Although there are similarities between the airborne safety-critical requirements in RTCA/DO-178B and the Common Criteria, ISO 14508, compliance with the higher levels of security in the Common Criteria demands meeting additional security requirements. (COTS Journal, April 2006)
- Reusing Safety-Critical Software Components
- Safety-critical systems often operate together as a single "system-of-systems," making it important that they meet the most stringent and rigorous requirements for safety-criticality. The failure of one module in a system could create other failures or vulnerabilities, or worse yet, failure of the system as a whole. (COTS Journal, August 2005)
- Using the Microprocessor MMU for Software Protection in Real-Time Systems
- With minimal impact to overall system performance, user tasks and the kernel can be protected from accidental corruption by using multiple protected address spaces.
- Improving code Migration and Reuse
- The unrelenting growth and integration of embedded controls, information processing, and communications has created a need for systems that provide robust protection for resources and services in the face of serious threats. (Embedded Computing Design, August 2006)
- FCS Program Rolls Forward in Formation
- A wireless data network, with advanced communications and technologies, links soldiers with 18 new, lightweight manned and unmanned ground vehicles, unmanned aircraft, sensors and weapons—and it's all in one program. (COTS Journal, June 2005)
- Secure Operating Systems for Deeply Embedded Devices
- As we add more intelligence to our embedded devices, we find that they are becoming increasingly integrated into our information technology infrastructure. Though system security is not a new concept, security-in-depth is a new paradigm developers are now starting to address. (RTC Magazine, September 2004)
Virtualization / RTOS News
Lockheed Martin's Mission Systems and Sensors Division Selects LynuxWorks LynxOS RTOS for UK AWACS -1/25- Selecting a Partitioning OS for a Radiation Therapy System -1/12
- Building on 2011—the year that Secure Computing came of age -12/14
- Video: Secure Partitioning LynxSecure from LynuxWorks -11/11
- Video: Cloud Computing with LynxSecure from LynuxWorks -11/11
- Secure data Storage Helps Deliver Mission-Critical Information to Defense and Aerospace Personnel -11/28
- Embedded World 2012, Nuremberg, Germany, Feb 28-Mar 1
- Device-Driver and Real-Time Programming for the LynxOS RTOS Family, San José, CA, USA, Feb 27-Mar 2
- RSA Conference USA, San Francisco, CA, USA, Feb 27-Mar 2
