First commercial unikernel with POSIX compatibility

Technology News | June 16, 2022

By Nick Flaherty

Authentication & Encryption Software & Embedded tools

Lynx Software Technologies has launched a unikernel that it says is the first to be POSIX compatible for real time operation and available for commercial use.

LynxElement will be offered as part of the MOSA.ic range for mission-critical embedded applications.

Lynx favours a unikernel approach rather than hypervisors or virtual machines to provide more security with third-party or open-source software. Lynx has based LynxElement on its commercially proven LynxOS-178 real-time operating system to enable compatibility between the Unikernel and the standalone LynxOS-178 product. This allows designers to move applications between each environment and is compatible with the POSIX API and US FACE requirements.

The initial focus of LynxElement for security on both Intel and Arm multicore processor architectures. A common use case would be to run security components such as virtual private networks (VPNs). By using a one way software ‘data diode’ and filter, the unikernel can enable a customer to replace a Linux virtual machine, to save memory space and drastically reduce the attack surface while guaranteeing timing requirements and safety certifiability.

Unikernels work best for applications requiring speed, agility and a small attack surface for increased security and certifiability such as aircraft systems, autonomous vehicles and critical infrastructure. These run pre-built applications using their own libraries, reducing the attack surface thht comes from sharing resources. This also supports the secure use of containerised applications using Kubernetes or Docker which are increasingly moving from the enterprise to embedded designs, largely driven by the need to support AI frameworks.

Related Lynx articles

Unikernels are also very well suited as a component for mission-critical systems with heterogeneous workloads that need the coexistence of RTOS, Linux, Unikernel and bare-metal guest operating systems.

However Lynx says existing open-source unikernel implementations haven’t seen great success due to a lack of adequate functionality, no clear path to safety certification and immature toolchains for debugging and producing images.

Lynx has developed the MOSA.ic’s software framework for building and integrating complex multi-core safety- or security-critical systems, The framework provides built-in security for the unikernel, supporting security and safety certification in mission-critical applications and making it enterprise-ready.

“Lynx’s safety pedigree enables us to provide customers with confidence that our operating systems are secure and ready for deployment in high-performance, highly secure and safety-certifiable systems,” said Pavan Singh, vice president of product management at Lynx Software Technologies. “LynxElement offers increased density, better security, speed, and small size as compared with different approaches. This enables the predictability of systems to be determined by properties of the separation kernel, which we view as the foundational approach to the next generation of component-based development.”

Lynx developed the safety-critical Unikernel solution with the help of DESE Research. “The solution we’ve developed with Lynx promises an incredibly flexible, efficient and robust alternative to common RTOS solutions for Army aviation platforms,” said Michael Kirkpatrick, CEO of DESE Research. “We’ve created the opportunity for customers to now host multiple real-time capabilities in parallel on a single multiprocessor device without impacting safety or performance, while also enabling the development of platform architectures with lower overall SWaP.”

LynxElement is being evaluated by existing Lynx customers and additional organizations including naval, air force and army organizations worldwide.

www.lynx.com/products/lynxelement