Lynx: Modular, Mission-Ready, MOSA-Aligned

Lynx: Purpose-Built for MOSA

Since 2019, LYNX MOSA.ic  has been a modular software framework of choice, designed for mission-critical systems that demand safety, security, and certifiability. It enables deterministic hardware partitioning on multi-core processors and supports mixed-criticality workloads. 

Unlike vendors that retrofit MOSA goals onto legacy monolithic products, LYNX MOSA.ic is the industry’s most advanced modular, open, and secure foundation for mixed-criticality systems—architected from the ground up for the modernization priorities Secretary Hegseth outlined: speed, openness, modularity, and resilience. Lynx is not just MOSA-compliant. It is MOSA-by-design. 

The U.S. Army’s Future Long Range Assault Aircraft (FLRAA) program is redefining vertical lift. LYNX MOSA.ic is at the core of this innovation, chosen by Bell Textron, Inc. as the trusted operating environment to help power the Army’s next-generation aircraft and the MV-75. 

How LYNX MOSA.ic Turns the DoW’s Vision Into Operational Reality

1. The Fast Path to Multicore Certification 

Lynx enables faster, lower-risk certification than any other platform because its LynxSecure separation-kernel hypervisor is uniquely packaged with a unikernel. LynxSecure is a true separation-kernel hypervisor built on a minimal, Rushby-defined architecture, one that isolates change, prevents ripple-effect retesting, and allows each component to be certified independently. With the addition of the LynxElement unikernel, MOSA designs gain even tighter encapsulation and dramatically smaller trusted computing bases, enabling deterministic behavior, simpler evidence generation, and repeatable certification outcomes that scale as systems evolve. 

DoW programs are slowed by platforms that couple OS services, drivers, and applications into a monolithic privileged layer. Any change forces recertification of the entire system. 

The Lynx platform eradicates those pitfalls with: 

• Precisely partitioning hardware resources: The Lynx Platform’s separation kernel hypervisor, called LynxSecure, is the only true Rushby separation kernel. LynxSecure supports multicore CPUs by precisely partitioning hardware resources to meet strict safety and security needs is the only hypervisor in the embedded and edge-compute markets adhering to the original Rushby model, formally constrained, mathematically minimal, and uniquely resistant to unintended interactions. 

• Minimal footprint, minimal rework: With no embedded drivers, services, or bloated privileged layers, change stays strictly inside the partition where it occurs. 

• Zero ripple-effect retesting: Swap or update a sensor, radio, display, or AI module without revalidating navigation, mission computers, or anything else. 

• Stronger security: The architecture drastically shrinks the attack surface, unlike traditional hypervisors that pack complexity into the privileged layer. 

Other software stacks in the market cannot match this combination of formal minimality, determinism, and isolation due to architectural decisions made decades ago. 

2. Extreme Scalability and Multicore Support with Unikernel-Based Design Competitors Simply Don’t Offer 

A major differentiator of the LYNX MOSA.ic platform is LynxElement, a unikernel guest framework that allows each application or service to run in a lightweight, purpose-built OS environment. 

This enables: 

• Lowest possible trusted computing base 

• Predictable, deterministic performance 

• Tiny footprint ideal for mixed-criticality systems 

• Component-level certification independence 

Lynx is the only vendor to pair a formally constrained separation kernel with a production-grade unikernel component model purpose-built for certifiable MOSA systems, delivering a unique combination of modularity, portability, and reuse that other architectures cannot replicate.

3. Rapid Integration Through True Modularity 

Because LynxSecure enforces strict spatial and temporal isolation and LynxElement minimizes what runs inside each partition, LYNX MOSA.ic provides the fastest path to integration across: 

• Flight- and vehicle-control functions 

• Communications and datalink stacks 

• Electronic warfare and mission-protected payloads 

• Autonomy and AI processing pipelines 

• Sensor-fusion frameworks 

• Edge-compute mission apps 

Each becomes its own certifiable “building block,” inserted or updated independently without system-wide regression testing. This reduces integration cycles from months to days. 

4. Cross-Domain Interoperability Built on Open Standards 

Beyond MOSA, LYNX MOSA.ic exposes clean, standards-aligned APIs based on: 

• FACE™ 

• POSIX® 

• ARINC 653 

• virtio (for cross-vendor device driver compatibility) 

This ensures:

• Portable components across programs 

• Rapid integration across air/land/sea/space/cyber 

• Lower lifecycle costs through reuse 

• A trusted modular runtime for mixed-criticality data flows 

5. Banishing Vendor Lock-in 

LYNX MOSA.ic reduces vendor lock-in not just at the OS layer, but across the entire architecture. Programs gain full flexibility to mix vendors, swap components, and refresh technology without recertifying the system. 

How Lynx does this better than competitors: 

• Support for multiple guest OS environments (Linux, LynxOS-178, bare metal, and LynxElement unikernels) and virtually any OS like Zephyr 

• virtio support ensures device drivers require zero Lynx-specific modifications 

• Open standards enable multi-vendor ecosystems 

With Lynx, each component is replaceable without touching the hypervisor. Other proprietary frameworks, privileged-layer drivers, and tightly coupled stacks force long-term vendor dependence. Lynx avoids this through its unique architectural design.  

6. Reinforcing the Secretary’s Supply Chain Mandate 

LYNX MOSA.ic strengthens supply-chain freedom and domestic manufacturing resilience by: 

• Running across a wide range of ITAR-compliant processors 

• Enabling integration of third-party and government-owned applications, open source solutions, and BSPs 

• Product tailoring services can be provided exclusively by U.S. citizens when required 

• Decoupling software from hardware so primes can swap vendors without system-wide recertification 

Lynx enables architectural sovereignty, not vendor dependence; it’s exactly what we understand Secretary Hegseth outlined. 

7. Empowering the New PAE (Portfolio Acquisition Executive) Model  

The shift from program-centric acquisition to portfolio-centric acquisition is meant to streamline governance, speed decisions, and force modular, open architectures (MOSA) across families of capability, not just within single programs. 

As MOSA becomes a portfolio mandate, not a program choice, PAEs by design can enforce: 

• Common reference architectures 

• Shared data standards 

• Common safety/security patterns 

• Shared software and middleware layers 

In short, the Lynx portfolio of products offers: 

• Incremental capability insertion instead of full-system replacement 

• True modular portfolios of sensors, apps, radios, autonomy modules, and mission logic 

• Cost reductions through reuse and mixed-vendor sourcing 

The Pentagon’s modernization priorities are unambiguous: speed, openness, modularity, and resilience. LYNX MOSA.ic is how defense programs achieve those priorities today, safely, predictably, and with certification rigor that competitors cannot match.

Let's operationalize the Secretary’s MOSA vision together and deliver on a vision for a modular defense future.

Schedule an Architecture Discussion

Download Technical Brief