OS Security

At Lynx Software Technologies, we understand the importance of a secure embedded OS.

We designed our new LynxSecure Separation Kernel Hypervisor specifically to provide high-assurance virtualization services and software security in embedded systems. LynxSecure is the only kernel built from the ground up to be certifiable to both Common Criteria EAL-7 and DO-178B/C level A.

Within the robust LynxSecure environment, multiple secure and non-secure operating systems can perform simultaneously—with no compromise of security, reliability or data.


LynxSecure expands on the proven real-time and security capabilities of our flagship LynxOS® real-time operating system (RTOS) by adding time-space partitioning and operating-system virtualization. LynxOS is currently at work in more than one million mission-critical embedded applications around the world.

LynxSecure Separation Kernel Hypervisor supports multiple levels of security on a single processor, in conformance with the Multiple Independent Levels of Security (MILS) architecture. The MILS architecture demonstrates component layering (kernel, middleware and application) such that security policy definition is separated from policy enforcement.

LynxSecure has also been constructed to conform to the Separation Kernel Protection Profile (SKPP).


As part of our long-standing commitment to open standards, Lynx Software Technologies operating systems are POSIX®-based and Linux®-compatible. Since the Lynx Software Technologies separation kernel will be open standards-based, POSIX-based OSes will be able to run in a secure partition. The separation kernel will eliminate the timely and costly system evaluation process that the government and military are currently performing on each operating system, by ensuring that current Linux, Solaris™, HP-RT, HPUX and UNIX® applications can be easily migrated to the secure environment.


The evaluation of security software through the Common Criteria standard defines “evaluation assurance levels” (EAL 1-7) that indicate the process rigor associated with the development of an information technology product, as shown below:

  • EAL1 – Functionally tested
  • EAL2 – Structurally tested
  • EAL3 – Methodically tested and checked
  • EAL4 – Methodically designed, tested and reviewed
  • EAL5 – Semi formally designed and tested
  • EAL6 – Semi formally verified, designed and tested
  • EAL7 – Formally verified, designed and tested

The level of assurance rigor increases from EAL1 (lowest) to EAL7 (highest). Assurance to EAL7 involves formal verification of the software product using mathematical models and theorem proving. A software product developed according to a protection profile is certified to a specific EAL level by a US government-approved Common Criteria Testing Lab (CCTL).