Software:LynxSecure
This article does not cite any external source. HandWiki requires at least one external source. See citing external sources. (October 2013) (Learn how and when to remove this template message) |
Type | Hypervisor |
---|---|
License | Proprietary software |
Website | www |
LynxSecure is a least privilege real-time Separation kernel Hypervisor from Lynx Software Technologies designed for safety and security critical applications found in military, avionic, industrial, and automotive markets. The stripped down design aims to raise assurance of the host by removing the possibility of CPU privilege escalation and provide extremely tight control over CPU scheduling.
With a traditional architecture, all hardware resources are owned by the real time operating system (RTOS). This controls the CPU cores, memory and peripherals. Applications must request access to those resources via APIs like fork(), malloc() and write(). The RTOS is a monolithic collection of libraries that manages task scheduling, memory partitioning and device I/O. This large block of code needs to be safety certified and bug free to be secure. A separation kernel relies on hardware virtualization functionality to do the heavy lifting. This creates efficient, tamper-proof, and non-bypassable virtual machines. Hardware resources are robustly partitioned into almost zero overhead VMs populated with a mix of OSes, RTOSes and bare-metal applications. Mixed criticality safety systems can be constructed that minimize high Design Assurance Levels (DAL) source lines of code (SLOC) counts to reduce certification costs and technical risks of future programs.
LynxSecure supports paravirtualized Linux and LynxOS real-time operating systems, as well as full virtualization of the Windows operating system. It was also announced in 2020 that LynxSecure would support FreeRTOS, the market share leader in real-time operating systems, as a Guest OS.
LynxSecure is built to conform to the MILS (Multiple Independent Levels of Security) architecture so that virtualization can be used in embedded systems with requirements for high assurance.
By default, LynxSecure uses an ARINC 653-based fixed-cyclic scheduler to manage processing time, but dynamic scheduling policies are also permitted.
This article uses only URLs for external sources. (2021) (Learn how and when to remove this template message) |
This article does not cite any external source. HandWiki requires at least one external source. See citing external sources. (2021) (Learn how and when to remove this template message) |