Skip to the main content.



DESE Research, Inc. is a knowledge-based organization conducting theoretical and analytical research in the fields of Defense, Energy, Space, and Environment (DESE). For four decades, DESE has provided advanced engineering, scientific, and technical services for our nation’s most security-centric agencies. DESE develops large-scale simulation architectures for engineering, design, and collaboration. Systems engineering projects address ballistic missile defense and theater missile defense system mission analysis through concept definition, effectiveness analysis, and battle management/command, control, and communications.


The attack surface is the number of points (or attack vectors) where an unauthorized user can access a system and extract data. Organizations must constantly monitor their attack surface to identify and block potential threats as quickly as possible. They also must try and minimize the attack surface area to reduce the risk of cyberattacks succeeding. This is commonly referred to as Attack Surface Reduction (ASR). The smaller the attack surface, the easier it is to protect. However, doing so becomes difficult as they expand their digital footprint and embrace new technologies.


The military market segment faces combative tensions with the desire to harness open technology, drastically shrink development cycles, and dramatically reduce total cost of ownership, being set against the mandate to maintain a high level of system robustness and assurance. Many cyberattacks have shown that operating systems such as Linux are challenging to harness in secure environments as they overwhelmingly complex, have a sizeable list of bugs, vulnerabilities, and no safety compliance. Smaller, more optimized-for-purpose real-time operating systems (RTOS) are typically too expensive, are not supported across the breadth of hardware the customer base wishes to deploy, and lack some of the fundamental security features.


Across a broad set of markets, systems are becoming more connected as the sharing of intelligence in real-time brings immense value. The benefit of connectivity brings with it the challenge of it being a potential entry point into the system. For military systems this can potentially mean loss of valuable data, loss of valuable systems, and/or loss of human life. 


Our approach was to showcase the use of unikernel technology coupled with a separation kernel hypervisor as a path to solve some of the challenges. In partnership with DESE, Lynx created a demonstrator to showcase how a recently discovered malware called “BPFDoor” could bring down a Linux system. BPFdoor is a backdoor that allows threat actors to remotely connect to a Linux shell to gain complete access to a compromised device. We were able to show that the unikernel-based system was inherently more immune from attack. While the application on the unikernel did crash, the rest of the system remained intact and at no time was the application granted access to the “crown jewels” of the system.


Virtualization technology, whereby multiple operating systems can be run on shared hardware, is extremely well understood if somewhat inefficient in its use of resources. More recently, industries have shifted towards using containers. Containers try to achieve the same concept as virtual machines but eliminate duplication of effort between machines. Containers are easy to run on development machines and the deployment process itself is also much simpler since one just uploads prebuilt containers to a container repository and production systems can pull the updated version. The container-based approach has its downsides. The software must be adapted for usage in containers (containerized), which can get tricky, especially with legacy codebases. Containers have many more configurations for resource allocation and interoperability capabilities, so it is quite easy to misconfigure them. The next logical step in the progression from VMs to containers is unikernels, which try to push the concepts of containers even further. Unikernels are effectively a set of pre-built binary libraries and they do not handle resource allocation. The hypervisor (LynxSecure in the case of our offering) handles direct hardware interoperation. Lynx has taken the approach of basing its unikernel product, LynxElement, on its commercially proven LynxOS-178 real time operating system. There is a focus on maintaining compatibility wherever possible between the unikernel and the standalone LynxOS-178 product to enable customers to freely transport applications between each environment. More specifically FACE and POSIX APIs are supported as well as NSA Common Criteria and NERC CIP.