Introducing LynxSafe -005


LynxSafe™ is a new protection solution for industry-standard laptops that can:

  • Isolate the user’s sensitive work environment on a laptop so it is not exposed to network threats
  • Protect the user’s sensitive data so that it is not compromised even if the laptop is lost
  • Allow corporate assets to be protected from insider threats
  • Facilitate monitoring of corporate assets and sensitive data that allow for remote backups, remote upgrades and remote disabling of sensitive data
  • Allow seamless operation of existing work environments on commodity laptops without significant loss of user experience


For users handling sensitive or classified information, a traditional endpoint system cannot be trusted when leaving the corporate/classified network’s confines. The COVID-19 crisis has caused a prolonged work from home period, with some companies like Twitter and Fujitsu offering workers the opportunity to work from home permanently. While this is relatively easy to state, CIOs and CISOs have to adjust their IT networks to support this environment. Hackers have been quick to take advantage of this shift. The figure to the right, taken from the McAfee Labs COVID19 Threat Report published in July 2020 shows how the attacks have increased by market sector. Lynx also carried out its own survey, the results of which are summarized here.

Top 10 targeted industries -004

Traditional operating systems such as Windows, MacOS or Linux/Android that run on endpoints are vulnerable to cyber-attacks, and security updates and anti-virus software cannot be relied on to protect the endpoint. Traditional IT endpoint security solutions rely on either patching the endpoint OS or anti-virus applications that run on the endpoint OS. Either way, a compromised OS allows the threats full access to the endpoint. The sensitive data residing on the endpoint and even the encryption keys that are used to protect the data. This limits the usefulness of portable endpoint solutions such as laptops or tablets, as the sensitive information could be compromised as soon as the endpoint is connected to the outside world, either via an IT network or through connections such as USB memory sticks.



LynxSafe Architecture diagram- 001



The solution consists of the following elements:

LynxSecure Separation Kernel Hypervisor
Hardware-enforced separation and virtualization properties of LynxSecure allow for separate secure domains to exist. Two main domains are constructed:

  • One that is not secure, connected to the outside world, and handling clear-text unclassified data
  • A second domain used for handling sensitive or classified data, with no connection to the outside world. Any data transfer to and from this domain is controlled and encrypted, and any sensitive information that is stored on the endpoint is also encrypted.

Both domains can run standard operating systems and applications, but the OS and applications in the secure domain are isolated from any network borne outside threats.

Lynx Multi-Node Management
Lynx offers manageability to perform provisioning and enable the update and upgrade of operating systems and other software functionality running in virtual machines. Lynx’s platform provides tools to integrate with the current MDM (Mobile Device Management) solutions. LynxSafe supports this capability on the device itself, keeping the relevant APIs, messaging and integration required to execute on security workflows without compromising security.

Inline Disc Encryption
Allows for encryption at the storage speed for the data stored on the disk. This means that even if the endpoint is ever broken into, or stolen, the data is never exposed to a third party.


The platform is extensible to support the most stringent certification requirements such as CSfC (Commercial Solution for Classified applications) defined by the United States Government’s National Security Agency (NSA). The process enables commercial products to be used in layered solutions to protect highly classified information.



features and benefits

The following table provides a high-level summary of various features and benefits of LynxSecure:

Feature Customer Benefit   Additional Detail

DO-178B/C Level A Reusable Certification

Reduced program risk


Reusable Software Component (RSC)

Eliminates time and cost of certification effort

First and only time and space partitioned, FAA-accepted RSC

Conformance to Open Standards

Ensures application portability, software reuse and interoperability


ARINC 653-1 APplication EXecutive (APEX)


Certifiable Networking

Accelerates platform development and certification cycles

Support for TCP/IP, UDP, ADP, ICMP, IGMP, FTP and TFTP protocols on a per partition basis, certifiable up to DO-178B/C DAL A

Support for Arm, PowerPC and x86 Architectures

Provides system developer with maximum flexibility to select the architecture/ chip/ supplier that best meets their requirement

GNU C/C++ Compiler and Eclipse Toolchain Support

Harnessing industry-standard tools reduces project costs and accelerates program development



vs separation kernels

"The Separation Kernel Hypervisor and Microkernel technologies share a great deal in common, stemming from least-privileged design principles, and aim to provide a more robust application runtime environment than traditional monolithic kernel-based OSes. The technologies are similar enough, that in the commercial world, the terms are regularly interchanged based on audience or industry requirements—and hence become very confusing for consumers.

Despite the similarities in using minimalist approaches to control CPUs, the kernels are only useful when vendors construct application development platforms on top of them. Once in the hand of the developer, the delivered products can have wild differences at the CPU control level, system assurance properties, development models, and application behavior..."




Architecture Comparison



LynxSecure Platform Comparison





VP of Product Management Pavan Singh discusses the Mission Critical Edge and Digital Transformation in the age of COVID with Chris Preimesberger, Editor of eWeek online magazine

Get More Information



What to Expect

The information you provide will help Lynx to better understand your requirements at the high level and we will be able to do research on your behalf and be well prepared for our next interaction.

Your information is always considered completely confidential and is not shared with anyone outside of Lynx Software Technologies without your expressed permission. We respond to these form inputs within 1-2 business days.