Lynx Software Technologies’ LynxSafe targets user compute platforms that must meet mandatory compliance requirements like those outlined in the Commercial Solutions for Classified (CSfC) specification (see figure). It allows enterprise IT teams to utilize hypervisor technology to create isolated partitions that can run multiple secured operating systems.
The multilevel system supports different levels of security for business and personal domains that’s even more important with many more people working remotely due to COVID-19. This forces a zero-trust environment to isolate and secure applications that users will need in their daily activities. The technology can also be applied to secure endpoints like edge servers.
LynxSafe is based on the LynxSecure separation kernel, which is design to be secure and to provide secure isolated virtual-machine environments for operating systems such as Linux or Windows. It can run VPNs in isolated partitions to force communications through secure connections as well as preventing attacks through the isolated operating systems. It also can provide secure storage where the encryption is managed outside of the isolated operating systems.
Secure key and data storage as well as remote management allow IT management to control what connections are allowed between particular operating systems and applications on a device and the VPN-linked networks at other locations that could be enterprise sites or a secured cloud environment. Meanwhile, users can run unsecured applications in other partitions.
User operating systems like Linux and Windows aren’t modified in any fashion; therefore, existing applications will work normally. It’s simply the connections and storage they can use, which is limited—not by the applications or operating systems themselves—but rather the LynxSafe software.
With such external management, features like encrypted storage and secure boot can be managed by IT. Thus, even if a laptop is lost, access to the storage and use of communication will not be possible. Most operating systems like Linux and Windows have this type of feature, but if they’re compromised then all bets are off. If an operating system running under LynxSafe is compromised, it will not have access to compromise the secured storage or VPN that’s inaccessible with the operating system.