Linux-friendly MILS kernel rev’d
Feb 26, 2008 — by Eric Brown — from the LinuxDevices Archive — 2 viewsLynuxWorks is readying a new version of its Linux-compatible separation kernel and hypervisor. Designed to provide multiple independent levels of security (MILS) in aerospace, government, and defense applications, LynxSecure 2.0 offers improved multiprocessor support, a lightweight POSIX run-time environment,… more flexible device assignments, and security enhancements, the company said.
LynuxWorks claims that LynxSecure, which has had a couple of years to mature now, can reduce hardware costs, improve security, and extend the lifespan of legacy software. It partitions system resources among guest OSes, sequesters data, and controls information flow, supporting multiple independent levels of security (MILS) in embedded systems, workstations, and servers. The need for MILS has grown as the military adopts NCW (network centric warfare) and GIG (global information grid) interconnections, says the company.
LynxSecure architecture
(Click to enlarge)
The LynxSecure 2.0 separation kernel comprises a hypervisor and a new “ultra high-reliability” real-time POSIX API. The hypervisor lets multiple and diverse operating systems share a single processor or multi-processor system, while the POSIX API lets real-time critical applications run directly on the separation kernel itself. The LynxSecure kernel maintains hard real-time characteristics and determinism, while providing non real-time applications “their own time slice of the processor,” the vendor said.
The separation kernel and hypervisor are particularly small and efficient, says LynuxWorks. The kernel itself is certified to the U.S. Defense Department's Common Criteria EAL-7 (Evaluated Assurance Level 7), and complies with the aerospace industry's DO-178B certification.
Version 2.0 helps to bring the hypervisor up to date with competitors such as VirtualLogix and Trango with features like improved multiprocessor support and the addition of the lightweight POSIX run-time environment. The new device assignment features enable specific devices to be assigned to their own partitions, improving system security when devices are communicating with external devices. The security enhancements focus on policy definition and enforcement, including controlled communication among partitions.
LynuxWorks notes one growing non-military application for the product: virtualizing Internet access within airline cockpits. Typically, this requires a separate computer system to keep insecure Internet access separate from flight controls. Yet with an embedded hypervisor like LynuxWorks, says the company, the web browser can operate on the same system in its own secure partition running Linux or Windows, without compromising the flight controls.
Stated Gurjot Singh, CEO, LynuxWorks, “Hypervisors might be the hot topic in computing these days, but LynuxWorks is no newcomer to this technology. LynxSecure 2.0 enables the creation of multi-level systems with advanced security needs, such as those commonly found in the military and other high-security industries, such as medical, financial services and industrial control.”
Availability
LynxSecure 2.0 will be available in summer 2008, says LynuxWorks. More information is available here.
This article was originally published on LinuxDevices.com and has been donated to the open source community by QuinStreet Inc. Please visit LinuxToday.com for up-to-date news and articles about Linux and open source.