Lynuxworks LynxSecure 5.0 separation kernel and hypervisor
Lynuxworks' LynxSecure 5.0 hypervisor is based on the separation kernel that is designed for Common Criteria EAL-7 security certification. It is designed to handle safety critical applications such as DO-178B avionics. LynxSecure implements a Multiple Independent Levels of Security/Safety (MILS) architecture (Fig. 1),
The latest version of LynxSecure supports Intel's latest processors including Sandy Bridge plus 32-bit Atom support. The latter allows 32-bit guest operating systems like Red Hat Enterprise Linux 5.2 and LynxOS-SE 6.0. The Sandy Bridge improvements include support for Intel's Extended Page Table (EPT), Page Attribute Table (PAT) and the Advanced Vector Extensions (see Intel's AVX Scales To 1024 bit Vector Math ). Intel' 64-bit full virtualization (FV) suppor allows virtualized paritions to run as fast as paravirtualized systems. Virtualized operating systems can run in SMP mode.
LynxSecure utilized a fixed-cyclic ARINC 653-based scheduler manager. LynxSecure 5.0 supports direct device assignment as well as device sharing. It implements a new secure device virtualization mechanism that supports network, graphics, USB, disk, audio, and KVM devices. LynxSecure's policy-driven, inter-partition communication mechanism provides high performance and security when using these devices.
The system includes new target configuration tools that support auto configuration. This latest operating system is integrated with Lynuxworks' Eclipse-based Luminosity IDE. A streamlined target-resident version of Luminosity is included specifically to meet the needs of IT administrators.
LynxSecure can target a range of systems including laptops with limited resources. It also targets security-critical military, medical and avionics embedded applications.
