Separation kernels and VMs enable secure mission critical edge computing - Embedded.com

Separation kernels and VMs enable secure mission critical edge computing

Lynx Software Technologies has added three new product bundles to its MOSA.ic platform to enable secure mission critical edge computing capabilities to be added to industrial, avionics, satellite and UAV applications. The first of these will be rolled out for industrial robotics.

Based on a separation kernel hypervisor which supports a variety of operating systems, MOSA.ic is a software framework for building and integrating complex multi-core safety or security critical systems using independent virtualized application modules. The separation kernel and virtualized machines allow system architects to subdivide systems into smaller, independent stacks which include only the dependencies required. This is in contrast to traditional RTOS platforms where hardware control, real-time scheduling, security, multimedia, and application runtime services are integrated into a common stack servicing all applications on all CPU cores.

With MOSA.ic (right), the separation kernel and virtualized machines allow system architects to subdivide systems into smaller, independent stacks which include only the dependencies required. This is incontrast to traditional RTOS platforms (left). (Image: Lynx Software Technologies).

Hence Lynx is initially rolling out three MOSA.ic bundles: for industrial, for UAVs/satellites, and for avionics. These allow developers to access opportunities associated with industrial digital transformation, drones, personal aviation and commercial spaceflight. Bypassing the restrictions imposed by typical embedded approaches to mission critical systems, these bundles allow developers to create flexible and intelligent edge computing solutions that feature robust system-safety mechanisms, state-of-the-art security, and real-time-time determinism with sub-microsecond latency.

Tailored to handle emerging use cases, such as industrial robotics, drone aviation, and increasingly large and complex satellite constellations carrying payloads owned and accessed by multiple users, the LYNX MOSA.ic bundles provide the tools needed to deploy systems efficiently and manage assets securely and safely.

The three domain optimized bundles of the MOSA.ic software framework (Image: Lynx Software Technologies).

The three domain-optimized bundles contain common features of the LYNX MOSA.ic software framework, which brings together resources that include real-time operating systems (RTOS), bare metal, and third-party operating systems. MOSA.ic for avionics and MOSA.ic for UAVs/satellites support Arm and x86 processor architectures. Both include LynxOS-178, Lynx’s proven DO-178 certified operating system, the LynxSecure separation kernel hypervisor, Linux, a rich set of tools, and support for the SR-IOV extension to the PCIe specification.

The initial alpha release of MOSA.ic for industrial removes Lynx’s RTOS and adds Azure IoT Edge and Windows 10 support for x86 platforms, as well as providing virtual PLC functionality to let manufacturing organizations quickly scale, reconfigure, and update software-driven capacity.

Future code drops will further extend capabilities including guest operating systems, IoT connectivity, and processor architectures.

Speaking about the new product bundles to embedded.com, Ian Ferguson, VP marketing and strategic alliances at Lynx Software Technologies, said, “Increasingly, as we look at our separation kernel hypervisor, we realized that the core of it which isolates applications and provides fine-grained control of hardware, is actually applicable for a wider range of applications. So, we are building on that foundation of the separation kernel and putting other technologies around that for other verticals.”

“If we come down to the separation kernel, we really focus on security and isolation of what’s going on in these different partitions. We actually set up those partitions at boot and those virtual machines are isolated. As we’re moving from the aerospace and defense space and build a profile into industrial, the issue becomes more about security of these virtual machines.”

Ferguson highlighted a use case of an industrial customer, in which equipment on the factory floor had historically built hundreds of thousands or millions of a particular product. Now, in some of those factories, the need to be much more nimble and adjust what is manufactured, even to the point of doing custom runs, is where the MOSA.ic separation kernel comes in useful to protect security and confidentiality of the design’s intellectual property.

In the MOSA.ic approach, in this industrial application, each virtual machine is isloated from others using the Lynx separation kernel hypervisor. (Image: Lynx Software Technologies).

He said he couldn’t go into the detail because, but said, “Imagine a machine that needs to be more nimble at creating a particular product where the secret sauce of what it is being built is owned by the OEM. The equipment manufacturer builds that system and allows the OEM to download software to actually control and configure how the system prints out the product. You need to make sure that software downloaded by the OEM is in a sandbox and can be assured that the technology is safe and cannot be reverse engineered; and that that software when it is downloaded doesn’t accidentally or deliberately crash the whole machine. So this idea of tamperproof partitions: setting up these very isolated partitions in an area we haven’t really necessarily thought about.”

“This is basically the idea of multiple things going down onto a consolidated node, and making sure that one system doesn’t crash another, and being able to deliver that in a deterministic real time way. When we set up the cores, we will allocate cores, I/O and memory on a per virtual machine basis. And no matter what Linux is doing, no matter what Windows is doing on that consolidated node, the real time aspects of that product is still going to have access to the software needed to actually guarantee the determinism of responding to a real-time event in microseconds. There’s no sharing of memory, you cannot have one virtual machine crash another. And we are RTOS agnostic. Some of our rivals will lean towards their own operating system in their environments.”

Ferguson added that since its hypervisor is right on top of the hardware, this is ideal for doing more work around anomaly detection, isolation of faults, and ensuring that if something does go wrong the fault is identified early and handled so that the fault doesn’t cascade into other areas. “So working in partnership with silicon partners, we are going to be able to harness some of our skills in maintaining isolation of different virtual machines, and also detect if hardware does go wrong – for example, you do get memory faults on hardware that’s been deployed for a while. We can intercept those things, sandbox them, and ensure the hardware doesn’t cause human injuries and failure.”

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.