Designing in Security from the Start: Q&A with Lynx Software
As the IoT expands, assisting RTOS customers in incorporating security into their designs.
Recently John Blevins, vice president, engineering & technology at Lynx Software Technologies, Inc. and Will Keegan, who is the company’s technical director, software security, responded to questions from EECatalog.
EECatalog: Please give us an overview of Lynx solutions as they relate particularly to the Future Airborne Capability Environment (FACE) technical standard.
John Blevins, Lynx: Lynx offers a DO-178 safety certified RTOS (LynxOS-178) that supports open standards such as POSIX and ARINC 653. As such, LynxOS-178 is tightly aligned with the API’s of the Operating Systems Segment (OSS) of the FACE Technical Standard. LynxOS-178 is uniquely positioned in that it includes the API’s of all three of the FACE profiles (Security, Safety Basic, and Safety Extended) allowing developers to create highly portable applications of varying complexity.
EECatalog: How is Lynx helping customers meet security requirements?
Blevins, Lynx: Over the last several years Lynx has observed that our traditional embedded customers are now beginning to worry about security. As billions of Internet of Things devices come onto the network for the first time RTOS customers are faced with bringing security into their product designs. Anticipating the need for security in embedded devices, Lynx has added numerous security features to our LynxOS RTOS to enable engineers to design in the needed security from the beginning.
Features such as Discretionary Access Control, Roles and Capabilities, Audit logging, Identification and Authentication, Quotas, Cryptography, Self-Test, Trusted Path, and Residual Information Protection allow our developers to build applications with multiple layers of security in their design, rather than just trying to bolt-on security to their products as an afterthought.
Lynx continues to poll both existing and new customers for additional security requirements in all market segments. We have found that technologies often pioneered in government and military programs can eventually benefit the commercial sectors.
EECatalog: What are three crucial things that can be done to assure that open standards continue to bring benefits across a wide swath of commercial and defense applications?
Blevins, Lynx: (1) RTOS vendors need to participate in the development and maintenance of the existing standards committees such as POSIX, ARINC, and FACE. It is a significant investment for companies to sponsor open standards efforts and join in organizations such as the OpenGroup, but without that participation open standards tend to fail.
(2) To be successful, Open Standards should be based on API’s that have gained the most momentum in the marketplace. It is much easier for companies to agree on a standard that is based on popular programming practice than to adopt something new or traditionally proprietary.
(3) Providing low cost training to customers on the benefits and cost savings of using open standards will prove very helpful. Lynx has supported open standards from our very beginning more than 28 years ago. Today, open standards continue to lower customers’ development costs and make it easier for them to move their applications between various operating systems, platforms, and architectures. With the recent explosion of network based devices and the rising complexity of software it will be even more important to establish open standards for security, networking and communication so that devices from a variety of developers will be able to work together seamlessly.
EECatalog: What features of LSA. connect are important to point out to embedded developers and system architects?
Will Keegan, Lynx: LSA.connect is a software defined IPsec encryption module that was designed to separate virtual network channels running in LynxSecure enabled platforms. It enables our concept of Encrypted Overlay Networking [EON], which leverages LSA. connect modules to create a globally distributed multi-channel communication architecture. EON allows the ability to dedicate independent ownership of cryptographic communication channels for LynxSecure tenants. The implementation is highly robust.
Each cryptographic channel receives a dedicated cryptographic engine and key management domain. LynxSecure protects the critical cryptographic components from both external network attacks and internal application attacks. The primary use of LSA.connect/EON is to provide a protected out-of-band communication channel for secure management of LynxSecure enabled platforms. The most important management routine is the Over-The-Air software/firmware update. The EON framework can also be extended by LynxSecure tenants to isolate tenant network channels as well. We see this ability to provide isolated communication channels as a very useful feature in industrial, automotive, and medical applications where the data in motion needs strong integrity and confidentiality protection constraints to satisfy safety and security system regulations.