Linux-ready MILS kernel gains POSIX
Nov 18, 2008 — by Eric Brown — from the LinuxDevices Archive — 5 viewsLynuxWorks is shipping version 2.0 of its Linux-compatible separation kernel and hypervisor for high assurance systems. Aimed at multiple independent levels of security (MILS) applications in the aerospace, government, and defense industries, LynxSecure 2.0 offers enhancements including improved multi-processor support and a lightweight POSIX run-time environment, says the company.
Announced in February, LynxSecure 2.0 is primarily targeted at military applications, but can also be used in multi-domain secure systems applications within the medical, financial services, and industrial control industries, says the company. The separation kernel is certified to the U.S. Defense Department's Common Criteria EAL-7 (Evaluated Assurance Level 7), and complies with the aerospace industry's DO-178B certification, says LynuxWorks.
LynxSecure 2.0 architecture
(Click to enlarge)
LynxSecure 2.0 partitions system resources among guest operating systems (OSes), while also sequestering data and controlling information flow, says LynuxWorks. The separation kernel comprises a hypervisor and a new “ultra high-reliability” real-time POSIX API. LynxSecure 2.0's POSIX API is said to enable real-time critical applications to run directly on the separation kernel itself, maintaining hard real-time characteristics and determinism. At the same time, the hypervisor lets multiple and diverse OSes, such as its own Bluecat Linux distro and LynxOS real-time OS (RTOS), share a single- or multi-processor system, says the company. Virtualized OSes have “100 percent application binary compatibility” with standalone versions, the company said.
Major features for version 2.0 are said to include:
- Multi-processing support
- Security enhancements for policy enforcement, including controlled communication between guest OSes
- Enables guests with different security policies to co-exist using the same processor
- Supports POSIX, Linux ABI, and ARINC standards
- Device assignments can link specific devices to specific guest OSes
- Configuration tool for platform configuration and security policy definition
- Virtual networking between guest OSes
Stated Arun Subbarao, VP of engineering at LynuxWorks, “Other solutions have provided emulation layers to run guest operating systems, but this slows system performance. LynxSecure is a Type-1 hypervisor, running directly on system hardware and providing platform virtualization to the guest OS. This architecture provides near-native performance for the guest OS and superior security, since LynxSecure has complete control of the hardware.”
Availability
LynxSecure 2.0 is available now, says LynuxWorks, More information about the product may be found here.
This article was originally published on LinuxDevices.com and has been donated to the open source community by QuinStreet Inc. Please visit LinuxToday.com for up-to-date news and articles about Linux and open source.