SOFTWARE TOOLS: LynuxWorks launches next-gen separation kernel/hypervisor for high assurance systems -

SOFTWARE TOOLS: LynuxWorks launches next-gen separation kernel/hypervisor for high assurance systems

San Jose, Calif. – Just released by Lynuxworks is LynxSecure 2.0, a new next-generation separation kernel and embedded hypervisor for high assurance systems.

LynxSecure provides a standards-based, secure, multi-domain computational platform that serves as a trusted foundation for applications with low, medium and high assurance requirements that are all running concurrently on a single system. It allows legacy applications to run unmodified, enabling systems to be modernized with increased information sharing and security.

According to Arun Subbarao, vice president of engineering at LynuxWorks, LynxSecure was designed to minimize lifecycle costs (initial and tech refresh) of high assurance evaluation, certification and accreditation by using automated tools and the correct-by-construction methodology for formal methods and artifacts.

He said automation provides dramatic schedule, cost and risk advantages over traditional brute force approaches to formal methods. LynxSecure's use of automated formal methods allows technology insertions to occur seamlessly, which according to the company significantly reduces the time to achieve a Common Criteria Evaluation Assurance Level 7 (EAL-7) evaluation and subsequent re-evaluations.

LynxSecure 2.0 virtualizes the underlying hardware to enable multiple, heterogeneous operating systems (OS) to coexist on the same platform, making it a platform well-suited for today and tomorrow's advanced hardware architectures. LynxSecure is also optimized to take full advantage of Intel's Virtualization technology.

“Emulation layers have been used to run guest operating systems, but this slows system performance,” said Subbarao. “It is a Type-1 hypervisor, running directly on system hardware and providing platform virtualization to the guest OS. This architecture provides near-native performance for the guest OS and superior security, since LynxSecure has complete control of the hardware.”

Traditional systems require a separate processor and system, one for each deployed OS environment and supported applications. The ability of LynxSecure to consolidate heterogeneous OS environments enables developers to engage a diverse array of applications on a single processor, which reduces hardware costs and allows for easier reuse of legacy software.

In addition, LynxSecure supports a lightweight Application Run-Time environment that can be used for creating secure applications without an intervening OS, which can be evaluated to the required assurance level up to EAL-7.

LynxSecure, with its extremely small code size, maintains hard real-time characteristics and determinism for real-time applications. According to the company, the software is the first separation kernel & hypervisor to bring multi-core processor support to the high assurance world, providing scalability from deeply embedded applications up to workstations and servers.

LynxSecure is designed to run on any 32-bit or 64-bit processor with a memory management unit (MMU) and provides 100% application binary compatibility between a standalone OS and its virtualized version. Based on open standards, it offers the highest real-time, safety and security capabilities, conforming to the MILS standard and certifiable to DO-178B level A.

Other key features in LynxSecure 2.0 include: multiprocessing, which enables developers to take advantage of the latest, multi-core processor designs Security enhancements for policy enforcement, including controlled communication between guest operating systems; and allows guests that need to execute under significantly different security policies to co-exist on the same processor

To learn more, go to

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.