Retrofitting Unmanned Air Vehicles and Ground Control Stations for Increased Functionality and Security

Home  /  Embedded Lynx Blog  /  Retrofitting Unmanned Air Vehicles and Ground Control Stations for Increased Functionality and Security

On October 27, 2014, Posted by , In Embedded Lynx Blog,

The use of unmanned air vehicles (UAVs) has increased considerably over the past few years in everything from military operations to border surveillance. UAVs utilized in military and law enforcement operations carry and transmit sensitive data such as troop movements and data from strategic operations. Ground control stations (GCSs) are utilized to communicate, pilot, and relay data from the UAVs, and most recently are being deployed as laptops and smart devices such as tablets. With the increased deployment of these technologies, the nature of the function of these endpoints puts them at great risk for cyber security attacks and exfiltration. According to the “Unmanned Systems Integrated Roadmap FY2013 – 2038”, the US military is expected to decrease the procurement of UAVs. Instead, there will be an increase in retrofitting existing inventory for upgrades in additional functionality as well as safety and security.


Typical UAV architectures consist of several sub-systems with varying degrees of criticality and assurance. Systems such as mission control, payload control, flight control and communications systems are sometimes run on separate on-board computers to keep data separation maintained. In this scenario, consolidation onto a single platform provides a valuable cost reduction. Doing so, however, requires certainty that those systems do not, and cannot, interfere with each other. If an application in the payload system is subverted, it should not be able to access mission control system data, nor interfere with the flight control of the aircraft. Also, with the warfighter having to now carry multiple devices for different missions and utilities, smart device consolidation is valuable from a size, weight, and power perspective.

The LynxSecure separation kernel hypervisor allows for platform consolidation while maintaining secure separation of hardware and software resources through programming of control registers and memory management units of the hardware itself. In addition, LynxSecure has granular scheduling capabilities down to the system clock tick. This allows for both strict scheduling policies where resources are guaranteed not to be starved, and dynamic scheduling policies that can donate time to critical applications when non-critical applications are idle.

LynxSecure for Unmanned Air Vehiicles


There have been several reports cyber-attacks against UAVs over the past few years. Examples include GPS spoofing to down aircrafts, stolen unencrypted video and data captured by eavesdropping on satellite communications, and the proliferation of malware targeted at UAVs and ground stations. As the use of UAVs in critical military missions increases, so does the likelihood of more sophisticated cyber-attacks.

One of the differentiating features of LynxSecure is the ability to control information flows. Explicit permissions are necessary for the ability to read or write to memory locations. This allows for one way communication and locked-down information flow policy.  LynxSecure also has a mechanism to run bare-metal C code applications as guests. These can be utilized for high assurance applications such as the encryption of data and segregated key management in order to secure communications, and data at rest applications to provide secure storage of mission critical data and surveillance.  In addition, LynxSecure has built-in capabilities such as protection against system and guest root kits, code injection prevention, continuous built in tests, and configurable system auditing.


As the budget for UAV procurement decreases, functionality requirements increase, and size weight and power become a greater concern, the need for rapid development and platform migration will increase.

LynxSecure supports commercial off the shelf (COTS) hardware platforms and the latest operating systems. Because the LynxSecure kernel does not contain device drivers and does not require a board support package (BSP), it can be migrated quickly and easily to other target platforms.

Eventually, the Federal Aviation Administration (FAA) will begin requiring stricter compliance with safety-critical and secure certifications and requirements. With a comprehensive certification package and an application independent architecture, systems can be rapidly evaluated without the concern that new capabilities added through the adoption of new hardware and software will impact the security architecture or security enforcing logic.

Read more information about LynxSecure Separation Kernel Hypervisor.