Separation Kernel Hypervisor
ASK THE EXPERT
AN INTRODUCTION TO LYNXSECURE
ARCHITECTURE & OVERVIEW
Application dependencies on centralized operating system (OS) abstraction layers—data services and hardware control—make it very difficult to formally verify the security properties of a software system.
Rather than attempting to shape system behavior indirectly by issuing commands to platform APIs according to a programming manual, LynxSecure allows developers to directly control system behavior through a unique system architecture specification written by the developer and enforced solely by the processor.
LynxSecure is available for Arm, PowerPC and x86 architectures, running directly on the platform to separate hardware resources into virtual machines used to host software, including:
• Traditional general-purpose OSes (Linux, Windows)
• Fully featured or simple scheduler-like RTOSes
• FreeRTOS support
• Enhanced bare-metal applications (Lynx Simple Applications)
• LynxElement®, the industry's first commercial unikernel
DISTRIBUTED VS CENTRALIZED
The separation kernel concept enforces a simpler distributed application runtime model on a processor by way of provably separating processor-controlled resources, such that independent applications execute on their own allocation of resources. With such a platform technology in place, the security properties of a software system can be verified by tracing system actors' data access and information flows directly to the physical allocation of resources:
Simply put, LynxSecure harnesses all of the functionality in the underlying platform, such as hardware virtualization, to ensure that each virtual machine will run independent and free of interference—from power on until power off. Additionally, LynxSecure offers advanced resource scheduling and security controls that exceed traditional operating systems and microkernel offerings. These LynxSecure tunables allow developers to explicitly define how a computer platform executes with traceable evidence from specification to instantiation, establishing platform integrity for design patterns that include:
• Safety and security domain isolation
• Trusted execution environments
• Reference monitor plugins such as firewalls and encryption
Get Evaluation Version
WHAT TO EXPECT
Your information is always considered completely confidential and is not shared with anyone outside of Lynx Software Technologies without your expressed permission.
We respond to these form inputs within 1-2 business days.
The information you provide will help Lynx to better understand your requirements at the high level and enable us to do research on your behalf so that we can be best prepared for our next interaction.