PRINTABLE
PDF VERSION (165 kB)
With the introduction of the new LynxSecure separation kernel and embedded-system hypervisor, LynuxWorks™ once again raises the bar when it comes to superior embedded software security and safety.
Highest standards for safety- and security-critical applications
The military and avionics industries rigidly mandate high security for safety-critical software environments, operating systems and development tools. Meanwhile, military
networks increasingly need to interface with the civilian IT infrastructure, exposing them to program bugs, design flaws and other vulnerabilities.
LynxSecure addresses this issue on all fronts by providing a robust environment within which multiple secure and non-secure operating systems can perform simultaneously—with no compromise of security, reliability or data. LynxSecure expands on the proven real-time capabilities of the LynxOS® real-time operating system (RTOS) with time-space
partitioning and operating-system virtualization.
The LynxSecure separation kernel is a robust virtual machine monitor that is certifiable to:
- Common Criteria EAL-7 security certification (Evaluated Assurance Level 7), which is a level of certification unattained by any known operating system to date; and
- DO-178B level A, the highest level of FAA certification for safety-critical avionics applications.
MILS architecture conformance for building secure systems
LynxSecure conforms to the Multiple Independent Levels of Security/Safety (MILS) architecture, with strict adherence to data isolation, damage limitation and information flow policies identified in this architecture. Unlike a traditional security kernel that performs all trusted functions for a secure operating system, a separation kernel's primary security function is to partition data and resources of a system and to control information flow between partitions. Partitions and information-flow policies are defined by the kernel's configuration. This provides a robust foundation for the creation of multi-level secure systems.
Virtualization of guest operating systems
The use of hypervisors and virtualization technology allows one operating system (and its applications) to run within the environment of another kernel, in effect allowing multiple dissimilar operating systems to share a single physical hardware platform. Virtualization technology allows for significant cost savings through hardware consolidation, while retaining the ability to leverage the ecosystem of applications that belong to different operating-system domains into a single system.
To achieve virtualization, LynxSecure uses a hypervisor to create a virtualization layer that maps physical system resources to each guest operating system. Each guest operating system is assigned certain dedicated resources, such as memory, CPU time and I/O peripherals.
"Co-operative virtualization" provides superior performance for the guest operating systems—such as Linux®, LynxOS-SE and LynxOS-178. 100% application
binary-compatibility with the non-virtualized instance of the operating system is preserved.
LynxSecure isolates each virtual instance by providing hardware protection to every partition with its own virtual addressing space. In addition, it guarantees resource availability, such as memory and processor-execution resources, to each partition, so that no software can fully consume the scheduled memory or time resources of other partitions. LynxSecure supports simultaneous use of system interfaces, including multiple instances of the same or different operating systems in different partitions.
Flexible scheduling policy
LynxSecure's fixed-cyclic ARINC 653-based scheduler manages CPU time to prevent starvation in any partition. LynxSecure also allows dynamic scheduling policies to maintain maximum flexibility in developing diverse secure applications using OS virtualization.
Highly scalable technology
LynxSecure provides a scalable solution ranging from deeply embedded systems to high-end workstations and servers for the design of applications in embedded avionics products, weapons systems, C4ISR data systems as well as critical infrastructure control systems.
The LynxSecure separation kernel provides the essential components for a complete scalable, multithreaded and secure architecture:
- multithreaded small-footprint run-time environment for secure application development
- multiprocess, multithreaded environment through virtualized Red Hat®, Linux, LynxOS or LynxOS-178 real-time operating systems
- symmetric multiprocessing (SMP) for optimal resource utilization and load balancing
- high-end scalability and memory support through 64-bit execution mode and addressing capabilities
Support for open standards
Like all LynuxWorks operating systems, LynxSecure is based on open standards. LynxSecure provides a seamless migration path for LynuxWorks customers whose Linux- and POSIX®-based applications can now run on virtualized Red Hat, Linux and LynxOS family environments within LynxSecure partitions.
The LynxSecure separation kernel provides a high-assurance run-time environment: a small-footprint, flexible API based on open standards (POSIX), that allows for the development and certification of secure applications to CC EAL-7.
Security
- Separation Kernel for a Secure Real-time Operating System
- The technical foundation adopted for the so-called MILS architecture is a separation kernel like LynxSecure, which permits multiple functions to be realised on a common set of physical resources without unwanted mutual interference. (Boards and Solutions Magazine, February 2008)
- Protecting
our most Vital Systems
- Some significant defence programmes are already committed to a new approach to high-threat, high-asset-value systems. Rance DeLong explains MILS. (Components in Electronics, April 2007)
- Perspectives:
Security and the Separation Kernel
- Today's avionics systems are designed to support more than one application, using a partitioned operating
system and memory management units to ensure applications have adequate separation. (Avionics Magazine,
April 2007)
- MILS: An Architecture for Security, Safety,
and Real Time
- The unrelenting growth and integration of embedded controls, information processing, and communications
has created a need for systems that provide robust protection for resources and services in the face of
serious threats. (Air Force Research Laboratory Technology Horizons, November 2006)
- Partitioning Operating Systems Versus Process-based
Operating Systems
- Partitioning operating systems are the latest buzz, while processes, by contrast, have been around
for over 30 years. Both provide memory protection, however, the intent behind them is very different.
- DO-178B and the Common
Criteria: Future Security Levels
- Although there are similarities between the airborne safety-critical requirements in RTCA/DO-178B
and the Common Criteria, ISO 14508, compliance with the higher levels of security in the Common Criteria
demands meeting additional security requirements. (COTS Journal, April 2006)
- Reusing Safety-Critical Software Components
- Safety-critical systems often operate together as a single "system-of-systems," making it
important that they meet the most stringent and rigorous requirements for safety-criticality. The failure
of one module in a system could create other failures or vulnerabilities, or worse yet, failure of the
system as a whole. (COTS Journal, August 2005)
- Real-Time Secure Operating System
- An overview of: a) the need for a secure operating system and b) the high-level design of a secure
operating system that can be built and evaluated to the highest assurance levels.
- Safety-Critical Software (DO-178B)
- Failure of some software systems could cause catastrophic consequences for human life. The LynxOS-178
RTOS was designed to be certifiable to the DO-178B specification
and to facilitate production of the highest-quality safety-critical software.
-
- Using the Microprocessor MMU
for Software Protection in Real-Time Systems
- With minimal impact to overall system performance, user tasks and the kernel can be protected from
accidental corruption by using multiple protected address spaces.
- Improving code Migration
and Reuse
- The unrelenting growth and integration of embedded controls, information processing, and communications
has created a need for systems that provide robust protection for resources and services in the face of
serious threats. (Embedded Computing Design, August 2006)
- LynuxWorks: A case Study in Combat-ready
Linux
- As open source, especially Linux, makes its way into nearly every sector of the economy, one of the
final frontiers is the military and aerospace market, where new applications must clear hurdles such as
the FAA's rigorous DO-178B certification for aviation software. (Newsforge, December 2005)
- FCS Program Rolls Forward in Formation
- A wireless data network, with advanced communications and technologies, links soldiers with 18 new,
lightweight manned and unmanned ground vehicles, unmanned aircraft, sensors and weapons—and it’s
all in one program. (COTS Journal, June 2005)
- Homeland Security and
Embedded Software
- The proliferation of Internet connected embedded devices has created opportunities for malicious users
to exploit security weaknesses in embedded software to gain access to sensitive systems. As a result,
developing highly secure embedded systems is imperative to ensure the safety of our country’s critical
infrastructures. (Embedded Computing Design, October 2004)
- Secure Operating Systems
for Deeply Embedded Devices
- As we add more intelligence to our embedded devices, we find that they are becoming increasingly integrated
into our information technology infrastructure. Though system security is not a new concept, security-in-depth
is a new paradigm developers are now starting to address. (RTC Magazine, September 2004)
- Embedded Tools Train an eye on Security
- A wireless data network, with advanced communications and technologies, links soldiers with 18 new,
lightweight manned and unmanned ground vehicles, unmanned aircraft, sensors and weapons—and it’s
all in one program. (EE Times, September 2004)
- Linux can be used in the Military
- The controversy surrounding the use of Linux in military applications is heating up. Here are several
points of view from companies in-the-know. (COTS Journal, June 2004)
advantages
