Software security driven by an embedded

LynxSecure is a real-time inbetween network interfaces to Bare Metal Application Partition Virtual OS Partition Inter-Partition development platform that Communication encrypt data in motion generated Guest OS Critical Message User leverages multi-core CPU hard- Application Filter Application by applications before exposing the ware features to en- Access Control I/O Stacks data to public network interfaces. CPU Memory Virtual Hardware Scheduler Manager Device Drivers hance OEM embedded solutions vCPU & vRAM The LSA.connect components Virtual Hardware vCPU & vRAM Virtual Hardware I/O Devices with accelerated performance and vCPU & vRAM remain transparent to applica- security property enforcement. Hypervisor tions and are interoperable with Kernel Space CPU Scheduler Memory Manager any LynxSecure supported guest It is primarily targeted to raise , and works with the assurance of systems that CPU Physical Hardware RAM any IP supported network interface. perform critical computing func- LynxSecure protects the crypto tions in regulated environments. modules from exposed network Common use cases include; sepa- interfaces or internal application rating critical apps from internet Figure 1: Platform integrity through isolated domains domains, providing an architecture domains, isolating security functions Platform Integrity with LynxSecure vastly superior to kernel integrated from application domains, verifying software VPNs that can be bypassed by The LynxSecure SDK offers advanced and filtering inter-domain communication. malware or users. LSA.connect provides resource, scheduling, and security controls LynxSecure lives underneath applications robust network integrity between a wide and operating systems, runs completely that exceed traditional operating systems range of devices from IT infrastructure to transparent and cannot be tampered with. and micro-kernel offerings. These granular OT process controllers running in safety The software can be embedded into a broad controls allow developers to explicitly define critical environments. class of devices from embedded to how a computing platform executes with

IT platforms. traceable evidence - from specification to instantiation, establishing platform integ- LynxSecure Advantages The technology was designed to satisfy high rity for the following design patterns: assurance computing requirements in sup- • Safety & Security port of the NIST, NSA Common Criteria, Domain Isolation • Safety and Security Application Partitioning and NERC CIP evaluation processes which • Trusted Execution Environments • Trusted Application Protection are used to regulate military and industrial • Reference Monitor Plugins computing environments. • E.g. Firewalls, IDS, • Multi-channel Network Isolation Key markets include: Encryption, Guards • Multi-core Processing • Industrial Network Integrity with LSA.connect • Automotive • Support • Medical LSA.connect is a LynxSecure SDK expansion • Defense that allows developers to create comput- • Platform Consolidation • Aerospace ing devices with multiple independent • Real-time Execution Control • Cyber cryptographic channels that can tunnel over a common IP network and create nested • High Assurance Safety and Security encrypted enclaves. The expansion includes cryptographic modules that can be layered Certification Design Artifact Support functionality, Kernel: • Isolate memory lightweight simple • Isolate DMA & I/O interfaces design, and explicit • Isolate privileged CPU instructions granular • Isolate TPM interface authorization of • Isolate storage interfaces all system control • Isolate application space from system service space functions. Unlike • Isolate system service space traditional OS and from kernel space hypervisor kernels • Monitor inter VM/vCPU communication that include drivers, • Monitor system Start/Stop/Restart services • Support custom shared I/O stacks, and memory interfaces application APIs, • Support Multi-core, SMP, AMP processing the LynxSecure • Support real-time CPU scheduling separation kernel • Support I/O device sharing • Full Virtualization Support – exports all I/O and E.g. Windows, , LynxOS Figure 2: Networking integrity using multi-channel secure communications application support Highly scalable technology in user space. Instead SDK: LynxSecure provides a scalable solution LynxSecure limits its kernel space function- • Define virtual machines – CPUs, schedules, memory, I/O interfaces ality to resource partitioning, controlling ranging from deeply embedded systems to • Define communication high-end workstations and servers for the data flow between partitions, and mediate permissions design of applications in embedded avionics access to system state change functions. • Provide bare-metal libraries for system service products, weapons systems, and critical This provides a robust foundation for the and InterVM communications development of high assurance systems. • Provide Linux drivers for accelerated infrastructure control systems. communication and message interfaces for Linux guest VMs Virtualization of guest The LynxSecure separation kernel provides • Optional bare-metal crypto modules for virtual operating systems the foundational safety and security proper- in-line encryption network and storage services The use of and virtualization ties to host scalable, high performance, and technology allows multiple types of operat- completely secure architectures. ing systems to share a single physical hard- ware platform. Virtualization technology allows for significant cost savings through hardware consolidation, while retaining the ability to leverage the ecosystem of applica- tions that belong to different operating system domains into a single platform.

Least privilege architecture for building secure systems LynxSecure upholds the principles of least privilege featuring limited kernel space

Figure 3: LynxSecure architecture

©2016 Lynx Software Technologies, Inc. Lynx Software Lynx Software Lynx Software Lynx Software Technologies and the Technologies, Inc. Technologies UK Technologies France Lynx Software Technologies logo are trademarks, and 855 Embedded Way 400 Thames Valley Park Drive 38 Avenue Pierre Curie LynxOS and BlueCat are registered 1.800.255.5969 San Jose, CA 95138-1018 Thames Valley Park 78210 Saint-Cyr-l’École trademarks of Lynx Software Technologies, Inc. +1 (800) 255-5969 Reading, RG6 1PT France Linux is a registered trademark of Linus Torvalds. All other trademarks are the trademarks and registered +1 (408) 979-3900 United Kingdom +33 (0) 1 30 85 06 00 trademarks of their respective owners. +1 (408) 9793-920 fax +44 (0) 118 965 3827 +33 (0) 130 85 06 06 fax [email protected] +44 (0) 118 965 3840 fax All rights reserved. Printed in the USA. www.lynx.com