LYNXSECURE: SEPARATION KERNEL HYPERVISOR
LynxSecure is a simple and elegant platform technology that controls hardware resources according to an intuitive information flow modeling language. It is the foundation of the LYNX MOSA.ic™ framework and was designed to satisfy real-time, high assurance computing requirements used to regulate military and industrial computing environments, such as NIST, NSA Common Criteria, and NERC CIP.
BENEFITS OF LYNXSECURE
Our focus is on reducing program risk, development, costs, and timelines. LynxSecure:
- Provides a simplest path to DO178C DAL certification for mixed criticality architectures
- Is a strong foundational element on which to create secure platforms that harness multicore processors
- Has resiliency to cyberattack through unmodifiable allocation of minimum resources for each partition (“Least Privilege”)
FUTURE-PROOFED, CYBER RESILIENT, DETERMINISTIC SOFTWARE PLATFORMS
The Military and Aerospace segment continues to be challenged with the need to improve development cycles and program costs. As systems increasingly become connected, the threat of cyber terrorism rears its head to add a step function in system complexity. These systems need a software foundation that isolates software applications from each other to ensure functions perform precisely as they are intended. There is also a requirement to be able to securely update these platforms with new functionality and/or mitigation techniques to counter latest cyber threats.
LynxSecure is a simple and elegant platform technology that harnesses the hardware virtualization capabilities of modern multicore processors. It was designed to satisfy the strictest real-time, high assurance computing requirements used to regulate military and aerospace computing environments, such as NIST, NSA Common Criteria, NERC CIP and DO178C.
The grounds up design provides the strongest immunity to system attack, with applications immutably allocated the minimum resources required to perform their task (“Least Privilege”). Unlike alternative approaches, there no single point of failure, the separation kernel remains out of the data plane for the system, isolating applications from each other and avoiding the need to include operating system service interfaces which have been identified as one of the focuses for hackers to enter systems).