LynxSecure Logo drop shadow -white

Separation Kernel Hypervisor

LynxSecure is a simple and elegant platform technology that controls hardware resources according to an intuitive information flow modeling language. It is the foundation of the LYNX MOSA.ic™ framework and was designed to satisfy real-time, high assurance computing requirements used to regulate military and industrial computing environments, such as NIST, NSA Common Criteria, and NERC CIP.

GET EVALUATION VERSION

Airbus Boeing Bosch Collins Denso Elekta GD GE bigger L3 LM Nasa Raytheon Rhode Sandia Toy
 

Ask the expert

An Introduction to LynxSecure

Lynx Director of Product Management Dave Beal discusses the unique architecture and benefits of LynxSecure with VP Marketing Ian Ferguson.

Watch the Video

Intro to LynxSecure w- Dave Beal

 

LynxSecure Architecture Diagram

 

Architecture & overview

Application dependencies on centralized operating system (OS) abstraction layers—data services and hardware control—make it very difficult to formally verify the security properties of a software system. 

Rather than attempting to shape system behavior indirectly by issuing commands to platform APIs according to a programming manual, LynxSecure allows developers to directly control system behavior through a unique system architecture specification written by the developer and enforced solely by the processor.

LynxSecure is available for Arm, PowerPC and x86 architectures, running directly on the platform to separate hardware resources into virtual machines used to host software, including:

  • Traditional general-purpose OSes (Linux, Windows)
  • Fully featured or simple scheduler-like RTOSes
  • NEW: FreeRTOS support
  • Enhanced bare-metal applications (Lynx Simple Applications)
 

features and benefits

The following table provides a high-level summary of various features and benefits of LynxSecure:

Feature Customer Benefit   Additional Detail

DO-178B/C Level A Reusable Certification

Reduced program risk

 

Reusable Software Component (RSC)

Eliminates time and cost of certification effort

First and only time and space partitioned, FAA-accepted RSC

Conformance to Open Standards

Ensures application portability, software reuse and interoperability

POSIX®

ARINC 653-1 APplication EXecutive (APEX)

FACE™

Certifiable Networking

Accelerates platform development and certification cycles

Support for TCP/IP, UDP, ADP, ICMP, IGMP, FTP and TFTP protocols on a per partition basis, certifiable up to DO-178B/C DAL A

Support for Arm, PowerPC and x86 Architectures

Provides system developer with maximum flexibility to select the architecture/ chip/ supplier that best meets their requirement

 
GNU C/C++ Compiler and Eclipse Toolchain Support

Harnessing industry-standard tools reduces project costs and accelerates program development

 

 

 

Product Announcement

Support for FreeRTOS™ on Arm-v8 architecture available on LynxSecure.

LEARN MORE

Distributed vs centralized

The separation kernel concept enforces a simpler distributed application runtime model on a processor by way of provably separating processor-controlled resources, such that independent applications execute on their own allocation of resources. With such a platform technology in place, the security properties of a software system can be verified by tracing system actors' data access and information flows directly to the physical allocation of resources:

Distributed vs Centralized Architectures

Simply put, LynxSecure harnesses all of the functionality in the underlying platform, such as hardware virtualization, to ensure that each virtual machine will run independent and free of interference—from power on until power off. Additionally, LynxSecure offers advanced resource scheduling and security controls that exceed traditional operating systems and microkernel offerings. These LynxSecure tunables allow developers to explicitly define how a computer platform executes with traceable evidence from specification to instantiation, establishing platform integrity for design patterns that include:

  • Safety and security domain isolation
  • Trusted execution environments
  • Reference monitor plugins such as firewalls and encryption

Microkernels
vs separation kernels

"The Separation Kernel Hypervisor and Microkernel technologies share a great deal in common, stemming from least-privileged design principles, and aim to provide a more robust application runtime environment than traditional monolithic kernel-based OSes. The technologies are similar enough, that in the commercial world, the terms are regularly interchanged based on audience or industry requirements—and hence become very confusing for consumers.

Despite the similarities in using minimalist approaches to control CPUs, the kernels are only useful when vendors construct application development platforms on top of them. Once in the hand of the developer, the delivered products can have wild differences at the CPU control level, system assurance properties, development models, and application behavior..."

READ MORE

 

 

Architecture Comparison

 

 

LynxSecure Platform Comparison

 

 

Get Evaluation Version

 

 

What to Expect

The information you provide will help Lynx to better understand your requirements at the high level and we will be able to do research on your behalf and be well prepared for our next interaction.

Your information is always considered completely confidential and is not shared with anyone outside of Lynx Software Technologies without your expressed permission. We respond to these form inputs within 1-2 business days.