LynuxWorks Offers New Security Protection for Connected Embedded Devices
New features added to the LynxSecure separation kernel help protect embedded systems from advanced cyber threats
SAN JOSE, CA, April 30, 2013–LynuxWorks, Inc., a world leader in secure virtualization and real-time operating systems (RTOS), today announced that they are adding new security features to the LynxSecure embedded hypervisor to offer real-time detection, alert and protection against new cyber threats - including zero-day rootkits and bootkits. As more embedded devices are connected to the outside world, as well as being connected to each other (machine-to-machine), the more they are vulnerable to malicious cyber threats seeking to threaten critical infrastructure, financial infrastructure and corporate domains.
LynxSecure is based on separation kernel technology and was designed from the ground up with security as a key design goal. Adding virtualization to the separation kernel allows for multiple different guest operating systems (OS), both real-time and general purpose, to run in secure domains on a single embedded system. LynxSecure 5.2 is the latest version of this established product and adds a new feature that offers real-time detection of stealthy advanced persistent threats such as rootkits.
Rootkits are the most sophisticated and lethal type of malware--stealthy and extremely potent. A device is often infected a long time before the actual cyber attack happens, with the cyber payload being secretly injected and remaining dormant until the attack is finally triggered. When the LynxSecure 5.2 product is used on embedded devices, it can help detect these malicious infections as they inject their payload, long before the start of the actual cyber attack.
“Connected embedded devices are now becoming vulnerable to the same types of cyber attacks that we commonly see in corporate computer networks,” said Robert Day, vice president of marketing at LynuxWorks. “By using LynxSecure, with its new cyber protection mechanisms as a secure foundation between the hardware and the OS, we can help identify and protect against these attacks before the real damage is done.”
A common trend in the embedded market is that developers are starting to use more general purpose OSes, such as Windows, Android and Linux for connected devices. These general purpose OSes offer familiar user interfaces, and benefit from the wide range of applications and devices that they support. Unfortunately, this trend also adds the potential for cyber threats that have been common in the desktop, laptop and mobile arena to now attack connected embedded devices.
These most advanced variants of these cyber threats, such as rootkits, work at the lowest levels of the OS they intend to attack. The approach to combating these insidious threats needs a mechanism that offers a completely different security posture: It must execute with a higher privilege than the attacked OS; provide complete control of the platform hardware; and monitor all activities of the OS and its applications. Also, this mechanism must be self-protecting, non-bypassable and tamper-proof.
The LynxSecure product, by the nature of its virtualization, resides beneath the OS, and allows any nefarious activity from advanced cyber threats to be observed, examined and prevented. This security architecture allows embedded developers to use general purpose OSes for their connected devices, often alongside traditional embedded RTOSes on the same hardware, with the extra protection against today’s and tomorrow’s advanced cyber threats.
LynxSecure is a “Type-0” hypervisor which features a new, least privilege architecture that differentiates from type 1 hypervisors by removing the un-needed functionality from the “security sensitive” hypervisor mode. LynxSecure provides the ability to fully virtualize multiple unmodified guest OSs and includes real-time development tools to give developers granular control over hardware platform resources for managing guest OS resource allocation, execution scheduling, and intercommunication. By combining the best-of-breed capabilities of the separation kernel technology, virtualization and real-time development tools, LynxSecure provides unmatched capabilities to build advanced integrated solutions on standard commercial-off-the-shelf (COTS) embedded targets.
LynuxWorks is world leader in secure virtualization and open and reliable real-time operating systems (RTOS). The company's LynxOS family of OSes offers open standards with the highest level of safety and security features, enabling many mission-critical systems in defense, avionics and other industries. The latest product in the portfolio, the award winning LynxSecure offers a secure separation kernel and hypervisor that forms a virtualization platform for securing both embedded and IT systems. Since it was established in 1988, LynuxWorks has created technology that has been successfully deployed in thousands of designs and millions of products made by leading communications, avionics, aerospace/defense, and consumer electronics companies. LynuxWorks' headquarters are located in San Jose, CA. For more information, visit www.lynuxworks.com .
LynuxWorks is a trademark and LynxOS is a registered trademark of LynuxWorks, Inc. Other brand or product names are registered trademarks or trademarks of the respective holders.
Peter van der Sluijs
+44 (0) 1296 628180
Photo caption: New features added to the LynxSecure separation kernel help protect embedded systems from advanced cyber threats