POSIX-compatible unikernel is a first, says Lynx Software Technologies
Described by Lynx Software Technologies as a major leap forward in the design of security and safety-critical systems, the LynxElement is claimed to be industry’s first unikernel to be Portable Operating System Interface (POSIX) -compatible and available for commercial use. LynxElement will be offered as part of the LYNX MOSA.ic portfolio for mission-critical use cases.
Unikernels are optimised for applications requiring speed, agility and a small attack surface, such as aircraft systems, autonomous vehicles and critical infrastructure. The use of Unikernels, which allow pre-built applications using libraries, reduces the attack surface, explained Lynx Software. They are also well suited as a component for mission-critical systems with heterogeneous workloads that need the co-existence of RTOS, Linux, Unikernel and bare-metal guests. Existing open source unikernel implementations have seen limited success due to a lack of adequate functionality, no clear path to safety certification and immature toolchains for debugging and producing images, said Lynx Software.
Utilising LYNX MOSA.ic’s software framework for building and integrating complex multi-core safety- or security-critical systems, Lynx has based its unikerne on its commercially proven LynxOS-178 real time operating system (RTOS), to enable compatibility between the unikernel and the standalone LynxOS-178 product. This allows customers to freely transport applications between each environment and is FACE (Future Airborne Capability Environment) and POSIX API compatible. The Lynx framework provides built-in security for the Unikernel, paving a solid path to security and safety certification in mission-critical applications and making it enterprise-ready.
Pavan Singh, vice president of product management at Lynx Software Technologies, said: “LynxElement offers increased density, better security, speed, and small size as compared with different approaches. This enables the predictability of systems to be determined by properties of the separation kernel, which we view as the foundational approach to the next generation of component-based development.”
Lynx developed the safety-critical unikernel with the help of DESE Research. “The solution we’ve developed with Lynx promises an incredibly flexible, efficient and robust alternative to common RTOS solutions for army aviation platforms,” said Michael Kirkpatrick, CEO of DESE Research. “We’ve created the opportunity for customers to now host multiple real-time capabilities in parallel on a single multiprocessor device without impacting safety or performance, while also enabling the development of platform architectures with lower overall SWaP.”
The initial focus of LynxElement is centred on security, and a common use case would be to run security components like IDS and VPNs. By using a data diode and filter, the unikernel can enable a customer to replace a Linux virtual machine, to save memory space and reduce the attack space while guaranteeing timing requirements and safety certifiability.
LynxElement is being trialled by existing Lynx customers and additional organisations including naval, air force and army organisations worldwide. The LynxElement product is available for both Intel and Arm processor architectures.