Industry’s first commercial Unikernel with POSIX compatibility
Lynx Software Technologies (Lynx), a specialist in Mission Critical Edge, released LynxElement, the industry’s first unikernel to be POSIX compatible and available for commercial use. LynxElement will be offered as part of the LYNX MOSA.ic portfolio of products for a diverse set of mission-critical use cases.
Third-party or open-source software has a high vulnerability of putting any application of any organisation at risk, but the possible threats and security impact on mission-critical software is even greater. Unikernels work best for applications requiring speed, agility, and a small attack surface for increased security and certifiability such as aircraft systems, autonomous vehicles and critical infrastructure. The use of Unikernels, which allow pre-built applications using libraries, reduces the attack surface. Unikernels are also very well suited as a component for mission-critical systems with heterogeneous workloads that need the coexistence of RTOS, Linux, Unikernel and bare-metal guests. Existing open-source Unikernel implementations haven’t seen great success due to a lack of adequate functionality, no clear path to safety certification and immature toolchains for debugging and producing images.
Utilising LYNX MOSA.ic’s software framework for building and integrating complex multi-core safety- or security-critical systems, Lynx has based its Unikernel product on its commercially proven LynxOS-178 real-time operating system, to enable compatibility between the Unikernel and the standalone LynxOS-178 product. This allows customers to freely transport applications between each environment and is FACE and POSIX API compatible. The Lynx framework provides built-in security for the Unikernel, paving a solid path to security and safety certification in mission-critical applications and making it enterprise-ready.
“Lynx’s safety pedigree enables us to provide customers with confidence that our operating systems are secure and ready for deployment in high-performance, highly secure and safety-certifiable systems,” said Pavan Singh, Vice President of product management at Lynx Software Technologies. “LynxElement offers increased density, better security, speed, and small size as compared with different approaches. This enables the predictability of systems to be determined by properties of the separation kernel, which we view as the foundational approach to the next generation of component-based development.”
Lynx developed the safety-critical Unikernel solution with the help of DESE Research, Inc.
“The solution we’ve developed with Lynx promises an incredibly flexible, efficient and robust alternative to common RTOS solutions for Army aviation platforms,” said Michael Kirkpatrick, CEO of DESE Research. “We’ve created the opportunity for customers to now host multiple real-time capabilities in parallel on a single multiprocessor device without impacting safety or performance, while also enabling the development of platform architectures with lower overall SWaP.”
The initial focus of LynxElement is centered on security, and a common use case would be to run security components like IDS and VPNs. By using a data diode and filter, the Unikernel can enable a customer to replace a Linux virtual machine, to save memory space and drastically reduce the attack space while guaranteeing timing requirements and safety certifiability.
LynxElement is being trailed by existing Lynx customers and additional organizations including the Navy, Air Force and Army organisations worldwide, which have seen initial success. The LynxElement product is available for both Intel and Arm processor architectures.