Secure® The Foundation of the Lynx MOSA.ic Framework

LYNX MOSA.ic Framework Key markets include: ® Windows®), Fully featured or The LYNX MOSA.ic framework extends • Industrial • Automotive simple scheduler-like RTOS, or Enhanced the LynxSecure • Medical • Defense bare-metal applications called Lynx Simple with independent capabilities that can be • Aerospace • Cyber Security Applications. LynxSecure provides immu- combined to address safety and security • Financial Technologies table hardware-enforced separation between challenges across a broad range of complex, each to ensure that each multi-core safety or security centric systems. Common use cases include: critical sys- will run independent and free of interference The LYNX MOSA.ic framework allows tems that will undergo multi-year block from power-on until power-off. these systems to be realized in a Robust, upgrades; real-time systems which require Rapid, and Reusable fashion performance or flexibility beyond what Lynx Simple Application (LSA) across multiple generations of products. is available from a RTOS; any connected The Lynx Simple Application (LSA) is platform that protects critical functions and an enhanced bare-metal application used The LYNX MOSA.ic framework supports: data from unauthorized access. to encapsulate critical safety or security functions. Unlike an RTOS, there are no • LynxOS-178 – FAA DO-178B/C DAL A RTOS LynxSecure runs directly on the plat- underlying asynchronous software activities • form to separate hardware resources into to affect the predictability, performance or • Windows™ virtual machines used to host software worst-case execution timing. • 3rd party OS – Security OS, AUTOSAR, including: Traditional general purpose or Ada, commercial RTOS legacy (e.g. Linux® or • Virtual Device Server • Full Server • Lynx Simple Application (LSA) • LSA.store - Bare-Metal Crypto Module • Advanced Scheduling LSA

LynxSecure

The LynxSecure separation kernel hypervi- Windows LynxOS-178 Linux sor serves as the foundation of the LYNX MOSA.ic framework. Lynx Simple Application

The technology was designed to satisfy Software Lynx Simple Kernel Application Real-time high assurance computing Emulated Hardware Instance Kernel (Paravitualized) Kernel (Paravitualized) requirements in support of the NIST, NSA Common Criteria, and NERC CIP CPU Privilege evaluation processes which are used to regulate military and industrial computing environments. Hardware

Figure 1: Platform integrity through isolated domains LSAs can reuse available microcontroller These LynxSecure tunables allow developers Advantages code, or they can be wholly new functions. to explicitly define how a compute platform Better Safety and Security LSAs can be more easly deployed in future executes with traceable evidence — from - Least privilege model — Guests receive only upgrades than the equivalent functionality specification to instantiation, establishing what is necessary within an RTOS. Some developers use LSAs platform integrity for the following - Immutable configuration — Hardware, side-by-side with Linux or RTOS. Others design patterns: security, scheduling use them independently, each with dedicat- • Safety & Security Domain Isolation - No underlying RTOS or “Root OS” — Smaller ed hardware resources; advanced scheduling; • Trusted Execution Environments attack surface, less complexity and fast, low latency communications. • Reference Monitor Plugins More Design Freedom • E.g. Firewalls, IDS, Encryption, Guards - Distributed architecture Advanced Scheduling LSA - Advanced scheduling policies A virtual machine can execute on a LynxSecure provides a scalable solution - Zero copy communications fully dedicated processor, or on a shared supporting deeply embedded systems to Faster Development processor using traditional RTOS-like high-end workstations and servers for - Modular design scheduling policies. avionics products, weapons systems, and - Traceable from specification to instantiation critical infrastructure control systems. Lynx Advanced Scheduling LSA allows developers to build unique scheduling al- Security Foundation gorithms that ensure the precise and proper The LYNX MOSA.ic framework, allows execution, timing, and pipelining of critical multiple types of operating systems and tasks; even under the most complicated bare-metal applications to share a single system scenarios. physical hardware platform. High Performance OS Interconnects LynxSecure upholds the principles of least LSAs provide the ability to dedicate privilege featuring limited kernel space hardware to critical functions without the functionality, lightweight simple design, uncertainties of an underlying multicore and explicit granular authorization of all OS. Lynx Advanced Scheduling allows system control functions. Unlike traditional the execution of these tasks to be precisely OS and hypervisor kernels that include controlled to meet the requirements of drivers, I/O stacks, and application APIs, complex systems. the LynxSecure separation kernel exports, per the requirements of the developer, all High performance OS interconnects provide I/O and application support to developer- security-policy enforced, zero copy, fast and specified guest(s) running in user space. low latency communications between criti- LynxSecure kernel space functionality is cal functions. These interconnects allow any limited to resource partitioning, controlling software asset to be securely connected with data flow between partitions, and mediating another asset to efficiently and securely pass access to system state change functions. data through the processing pipeline. This provides a robust foundation for the development of high assurance, high Platform Assurance with LynxSecure performance, safety critical and completely The LynxSecure separation kernel hypervisor secure systems. offers advanced resource scheduling, and security controls that exceed traditional op- erating systems and micro-kernel offerings.

Lynx Software Lynx Software Lynx Software ©2019 Lynx Software Technologies, Inc. Technologies, Inc. Technologies UK Technologies France Lynx Software Technologies and the Lynx Software Technologies logo are trademarks, and 855 Embedded Way 400 Thames Valley Park Drive 38 Avenue Pierre Curie LynxOS and BlueCat are registered 1.800.255.5969 San Jose, CA 95138-1018 Thames Valley Park 78210 Saint-Cyr-l’École trademarks of Lynx Software Technologies, Inc. +1 (800) 255-5969 Reading, RG6 1PT France Linux is a registered trademark of Linus Torvalds. +1 (408) 979-3900 United Kingdom +33 (0) 1 30 85 06 00 All other trademarks are the trademarks and registered +1 (408) 9793-920 fax +44 (0) 118 965 3827 +33 (0) 130 85 06 06 fax trademarks of their respective owners. [email protected] +44 (0) 118 965 3840 fax www.lynx.com All rights reserved. Printed in the USA.