Hard Partitioning Secures Embedded Virtual Machines

Hard Partitioning Secures Embedded Virtual Machines

June 28, 2019
Lynx Software’s MOSA.ic delivers hard, virtual-machine configurations for safety- and security-related applications.

Hypervisors and virtual machines (VM) are finding homes in embedded systems. They provide isolation, allowing multiple applications and operating systems to take advantage of multicore hardware that’s becoming more common in embedded applications—especially those in the safety- and security-related spaces. Part of the challenge in those spaces, though, is delivering a system that can be certified.

Most hypervisors are designed to dynamically create and run VMs. This is very useful in data centers and servers where the load changes regularly. But, it tends to be less useful in embedded systems, particularly when trying to certify a system. That’s because the dynamic configuration process must be certified in addition to the VMs. A simpler approach would be to use static allocations, which is the path Lynx Software took with its Lynx MOSA.ic (see figure).

Lynx Software’s MOSA.ic lets developers define fixed virtual-machine configurations, including connectivity between them, and then gets out of the way.

Lynx MOSA.ic addresses the U.S. Department of Defense’s Modular Open Systems Approach (MOSA). MOSA is actually designed to enhance competition, facilitate technology refresh, incorporate innovation, reduce costs, and improve interoperability in defense systems. However, it does so by partitioning the systems in a fashion that allows components to be more easily replaced. Many of these systems require certification and address safety- and security-related applications.

Lynx MOSA.ic takes a minimalist, static approach to VMs. The hypervisor is even simpler than its dynamic alternatives, enabling a designer to specify in fine detail the resources and configuration of the VMs within the system and their interconnections.

What’s in a Word?

Lynx came up with new terminology to describe their system. Rooms are essentially VM partitions managed using Lynx Secure hypervisor technology. There are passageways between rooms, which are typically shared memory spaces for communication between VMs or bare-metal applications. Rooms can be partitioned and there are other architectural features designed to handle security and privileges.

Essentially, the entire system is specified ahead of time and put in place at boot time. No changes are made after that point to the VM environments. Rooms/VMs can be filled, run, and shut down, but linkages between rooms will not change. 

Resources, including external devices, can be managed within a room and hierarchical definitions are possible. The distributed, least privilege design and maximum complexity reduction between application interfaces and trusted hardware-control abstraction layers minimizes attack vectors. This makes Lynx MOSA.ic more resilient to advanced subversive exploits. It also simplifies certification for multicore/multiroom systems.

One might think that Lynx MOSA.ic is only applicable to MOSA applications such as military and avionic areas, but it’s equally applicable to other areas like medical and automotive.

Lynx MOSA.ic uses a text-based configuration specification language to define a system of rooms and pathways. These control the allocation cores in a multicore system and their scheduling policies.

LSAs

Lynx MOSA.ic supports Lynx Simple Application (LSA) guests that can inhabit a room. These bare-metal applications can control resources without the overhead of an OS. Lynx provides the Z-Scheduler to handle real-time scheduling framework of LSAs across rooms. The simple tasking models provide direct control over timer and asynchronous events to maximize CPU throughput, execution flow-control comprehensibility, and deterministic operation.

One of the LSAs is LSA.store. It implements the XTS-AES-256 bare-metal cryptographic algorithms designed to encrypt data streams over passageways. An LSA.store module can be placed between a clear-text guest and physical disk controller driver guest to provide robust data-at-rest protection. The combination creates a non-bypassable, tamper-proof security architecture that ensures keys and crypto algorithms are isolated from internal application and external network threats.

About the Author

William G. Wong | Senior Content Director

I am Editor of Electronic Design focusing on embedded, software, and systems. As Senior Content Director, I also manage Microwaves & RF and I work with a great team of editors to provide engineers, programmers, developers and technical managers with interesting and useful articles and videos on a regular basis. Check out our free newsletters to see the latest content.>

You can send press releases for new products for possible coverage on the website. I am also interested in receiving contributed articles for publishing on our website. Use our template and send to me along with a signed release form. 

Check out my blog, AltEmbedded on Electronic Design, as well as his latest articles on this site that are listed below. 

You can my social media via these links:

I earned a Bachelor of Electrical Engineering at the Georgia Institute of Technology and a Masters in Computer Science from Rutgers University. I still do a bit of programming using everything from C and C++ to Rust and Ada/SPARK. I do a bit of PHP programming for Drupal websites. I have posted a few Drupal modules.  

I still get a hand on software and electronic hardware. Some of this can be found on our Kit Close-Up video series. You can also see me on many of our TechXchange Talk videos. I am interested in a range of projects from robotics to artificial intelligence. 

Sponsored Recommendations

MMIC Medium-Power Amplifier Covers 6 to 12 GHz

Nov. 11, 2024
Mini-Circuits is a global leader in the design and manufacturing of RF, IF, and microwave components from DC to 86GHz.

RF Amplifier and Filter Testing with Mini-Circuits Power Sensors

Nov. 11, 2024
RF power sensors are essential for accurately measuring RF components like filters and amplifiers, focusing on parameters such as insertion loss and gain. Employing instruments...

High-Frequency Modules to 110 GHz

Nov. 11, 2024
Mini-Circuits’ wide selection of high-frequency modules are designed, assembled and tested in-house by the best talent in the industry at our Deer Park Technology Center. The ...

Defense Technology: From Sea to Space

Oct. 31, 2024
Learn about these advancements in defense technology, including smart sensors, hypersonic weapons, and high-power microwave systems.