LynxSecure

Last updated
LynxSecure
Developer(s) Lynx Software Technologies
Stable release
6.0 [1] / October 2017
Operating system Linux and LynxOS
Type Hypervisor
License Proprietary
Website www.lynx.com/products/lynxsecure-separation-kernel-hypervisor

LynxSecure is a least privilege real-time separation kernel hypervisor from Lynx Software Technologies designed for safety and security critical applications found in military, avionic, industrial, and automotive markets.

Contents

Overview

Leveraging multi-core CPU hardware virtualization features and smaller than a microkernel (as small as 15kB), LynxSecure is primarily targeted to raise the assurance of systems that perform critical computing functions in regulated environments. Common use cases include; separating critical apps from internet domains, isolating security functions from application domains, verifying and filtering inter-domain communication. LynxSecure lives underneath applications and operating systems, runs completely transparent and cannot be tampered with. The software can be embedded into a broad class of devices from embedded to IT platforms. The stripped-down design aims to raise assurance of the host by removing the possibility of CPU privilege escalation and provide extremely tight control over CPU scheduling. Rather than attempting to shape system behavior indirectly by issuing commands to platform APIs according to a programming manual, LynxSecure allows developers to directly control system behavior through a unique system architecture specification written by the developer and enforced solely by the processor.

With a traditional architecture, all hardware resources are owned by the real-time operating system (RTOS). This controls the CPU cores, memory, and peripherals. Applications must request access to those resources via APIs like fork(), malloc(), and write(). The RTOS is a monolithic collection of libraries that manages task scheduling, memory partitioning, and device I/O. This large block of code needs to be safety certified and bug free to be secure. A separation kernel relies on hardware virtualization functionality to do the heavy lifting. This creates efficient, tamper-proof, and non-bypassable virtual machines. Hardware resources are robustly partitioned into almost zero overhead VMs populated with a mix of OSes, RTOSes, and bare-metal applications. Mixed criticality safety systems can be constructed that minimize high Design Assurance Levels (DAL) source lines of code (SLOC) counts to reduce certification costs and technical risks of future programs.

LynxSecure supports paravirtualized Linux and LynxOS real-time operating systems, as well as full virtualization of the Windows operating system. It was also announced in 2020 that LynxSecure would support FreeRTOS, [2] the market share leader in real-time operating systems, [3] as a Guest OS.

LynxSecure is built to conform to the MILS (Multiple Independent Levels of Security) architecture so that virtualization can be used in embedded systems with requirements for high assurance. It was also designed to satisfy real-time, high assurance computing requirements used to regulate military and industrial computing environments, such as NIST, NSA Common Criteria, and NERC CIP.

By default, LynxSecure uses an ARINC 653-based fixed-cyclic scheduler to manage processing time, but dynamic priority scheduling policies are also permitted.

Additional features

Key Updates and Releases

LynxSecure 2.0, released in 2008, featuring multiprocessing; support for POSIX, Linux ABI, and ARINC; device assignment capabilities that allows devices to be assigned to specific guest operating systems; and a configuration tool for platform configuration and security policy definition.

LynxSecure 3.0 was released in 2009 [4] with the ability to run fully virtualized guest operating systems simultaneously on the same hardware as para-virtualized and real-time operating systems with each running in their own secure partition. Building on LynxSecure 2.0, LynxSecure 3.0 added full virtualization, meaning that guest operating systems can run unmodified on top of LynxSecure. Other features in LynxSecure 3.0 included 1) Addition of para-virtualized 64-bit Linux as a guest OS. 2) Security enhancements for supporting audit & built-in tests 3) Flexible scheduling and 4) enhanced bootloader.

LynxSecure 4.0 added support for the Intel Core i7 and i5 processor families and enabled new configurations of guest operating systems as well as an updated version (4.7) of the Luminosity Integrated Development Environment (IDE). [5]

LynxSecure 5.0 included changes which increased performance for fully virtualized guest operating systems and added 64-bit and Symmetric Multi-processing (SMP) guest OS virtualization support. Additionally, a device-sharing facility for systems with limited physical devices was added that complemented existing direct device assignment mechanism that had been available in previous versions of LynxSecure. By implementing a new secure device virtualization mechanism, managed from a secure partition on LynxSecure, limited physical devices could be virtualized and shared between guest OSes. [6]

LynxSecure 6.0 brought LynxSecure to the Arm® architecture for the first time. The initial port was available on the Xilinx Zynq Ultrascale+ MPSoC and was displayed at Arm TechCon. [1]

Related Research Articles

<span class="mw-page-title-main">Operating system</span> Software that manages computer hardware resources

An operating system (OS) is system software that manages computer hardware and software resources, and provides common services for computer programs.

<span class="mw-page-title-main">Embedded operating system</span> Type of computer operating system

An embedded operating system is an operating system for embedded computer systems. Embedded operating systems are a computer system designed to increase functionality and reliability for achieving a specific task. Depending on the method used for Computer multitasking, this type of operating system might be considered a real-time operating system (RTOS).

<span class="mw-page-title-main">Cooperative Linux</span> Software to run both Windows and Linux

Cooperative Linux, abbreviated as coLinux, is software which allows Microsoft Windows and the Linux kernel to run simultaneously in parallel on the same machine.

<span class="mw-page-title-main">MontaVista</span> Software company

MontaVista Software is a company that develops embedded Linux system software, development tools, and related software. Its products are made for other corporations developing embedded systems such as automotive electronics, communications equipment, mobile phones, and other electronic devices and infrastructure.

<span class="mw-page-title-main">UEFI</span> Operating system and firmware specification

Unified Extensible Firmware Interface is a specification that defines the architecture of the platform firmware used for booting the computer hardware and its interface for interaction with the operating system. Examples of firmware that implement the specification are AMI Aptio, Phoenix SecureCore, TianoCore EDK II, InsydeH2O. UEFI replaces the BIOS which was present in the boot ROM of all personal computers that are IBM PC compatible, although it can provide backwards compatibility with the BIOS using CSM booting. Intel developed the original Extensible Firmware Interface (EFI) specification. Some of the EFI's practices and data formats mirror those of Microsoft Windows. In 2005, UEFI deprecated EFI 1.10.

The LynxOS RTOS is a Unix-like real-time operating system from Lynx Software Technologies. Sometimes known as the Lynx Operating System, LynxOS features full POSIX conformance and, more recently, Linux compatibility. LynxOS is mostly used in real-time embedded systems, in applications for avionics, aerospace, the military, industrial process control and telecommunications. As such, it is compatible with military-grade security protocol such as wolfSSL, a popular Transport Layer Security (TLS/SSL) library.

A hypervisor is a type of computer software, firmware or hardware that creates and runs virtual machines. A computer on which a hypervisor runs one or more virtual machines is called a host machine, and each virtual machine is called a guest machine. The hypervisor presents the guest operating systems with a virtual operating platform and manages the execution of the guest operating systems. Unlike an emulator, the guest executes most instructions on the native hardware. Multiple instances of a variety of operating systems may share the virtualized hardware resources: for example, Linux, Windows, and macOS instances can all run on a single physical x86 machine. This contrasts with operating-system–level virtualization, where all instances must share a single kernel, though the guest operating systems can differ in user space, such as different Linux distributions with the same kernel.

OS-level virtualization is an operating system (OS) virtualization paradigm in which the kernel allows the existence of multiple isolated user space instances, called containers, zones, virtual private servers (OpenVZ), partitions, virtual environments (VEs), virtual kernels, or jails. Such instances may look like real computers from the point of view of programs running in them. A computer program running on an ordinary operating system can see all resources of that computer. However, programs running inside of a container can only see the container's contents and devices assigned to the container.

<span class="mw-page-title-main">Protection ring</span> Layer of protection in computer systems

In computer science, hierarchical protection domains, often called protection rings, are mechanisms to protect data and functionality from faults and malicious behavior.

<span class="mw-page-title-main">PikeOS</span> Real-time operating system

PikeOS is a commercial hard real-time operating system (RTOS) featuring a separation kernel-based hypervisor. This hypervisor supports multiple logical partition types for various operating systems (OS) and applications, each referred to as a GuestOS. PikeOS is designed to facilitate the development of certifiable smart devices for the Internet of Things (IoT) by adhering to the high standards of quality, safety, and security across different industries. In instances where memory management units (MMU) are not present but memory protection units (MPU) are available on controller-based systems, PikeOS for MPU is an option for critical real-time applications, ensuring safety and security.

The following is a timeline of virtualization development. In computing, virtualization is the use of a computer to simulate another computer. Through virtualization, a host simulates a guest by exposing virtual hardware devices, which may be done through software or by allowing access to a physical device connected to the machine.

Lynx Software Technologies, Inc. is a San Jose, California software company founded in 1988. Lynx specializes in secure virtualization and open, reliable, certifiable real-time operating systems (RTOSes). Originally known as Lynx Real-Time Systems, the company changed its name to LynuxWorks in 2000 after acquiring, and merging with, ISDCorp, an embedded systems company with a strong Linux background. In May 2014, the company changed its name to Lynx Software Technologies.

A separation kernel is a type of security kernel used to simulate a distributed environment. The concept was introduced by John Rushby in a 1981 paper. Rushby proposed the separation kernel as a solution to the difficulties and problems that had arisen in the development and verification of large, complex security kernels that were intended to "provide multilevel secure operation on general-purpose multi-user systems." According to Rushby, "the task of a separation kernel is to create an environment which is indistinguishable from that provided by a physically distributed system: it must appear as if each regime is a separate, isolated machine and that information can only flow from one machine to another along known external communication lines. One of the properties we must prove of a separation kernel, therefore, is that there are no channels for information flow between regimes other than those explicitly provided."

Binary-code compatibility is a property of a computer system, meaning that it can run the same executable code, typically machine code for a general-purpose computer Central processing unit (CPU), that another computer system can run. Source-code compatibility, on the other hand, means that recompilation or interpretation is necessary before the program can be run on the compatible system.

SYSGO GmbH is a German information technologies company that supplies operating systems and services for embedded systems with high safety and security-related requirements, using Linux. For security-critical applications, the company offers the Hypervisor and RTOS PikeOS, an operating system for multicore processors and the foundation for intelligent devices in the Internet of Things (IoT).

<span class="mw-page-title-main">XtratuM</span> Hypervisor

XtratuM is a bare-metal hypervisor specially designed for embedded real-time systems available for the instruction sets LEON2/3/4, ARM v7 and V8 processors and RISC V processor.

An embedded hypervisor is a hypervisor that supports the requirements of embedded systems.

<span class="mw-page-title-main">TenAsys</span> American software company

TenAsys is a privately owned company providing real-time software and services based on the x86 Intel Architecture and Microsoft Windows operating system.

In computing, a system virtual machine is a virtual machine (VM) that provides a complete system platform and supports the execution of a complete operating system (OS). These usually emulate an existing architecture, and are built with the purpose of either providing a platform to run programs where the real hardware is not available for use, or of having multiple instances of virtual machines leading to more efficient use of computing resources, both in terms of energy consumption and cost effectiveness, or both. A VM was originally defined by Popek and Goldberg as "an efficient, isolated duplicate of a real machine".

References

  1. 1 2 Inc, Lynx Software Technologies (2017-10-25). "Lynx Software Technologies announces LynxSecure 6.0". GlobeNewswire News Room (Press release). Retrieved 2021-07-13.{{cite press release}}: |last= has generic name (help)
  2. DornerWorks (2021-02-01). "FreeRTOS on LynxSecure Enables Complex Industrial Systems with a Path to Certification". DornerWorks. Retrieved 2021-06-20.
  3. Marketing, Ian Ferguson | VP. "What Are the Most Popular Real-Time Operating Systems?". www.lynx.com. Retrieved 2021-06-20.
  4. EE Times, Online magazine (2009). "LynxSecure 3.0 Separation Kernel Hypervisor for High Assurance".
  5. "LynuxWorks enhances LynxSecure kernel". automation.com. Retrieved 2021-06-20.
  6. Eddy, Nathan (2011-03-04). "LynuxWorks Announces LynxSecure 5.0 Virtualization Performance Booster". eWEEK. Retrieved 2021-07-13.