Embedded Solution Product of the Year

Product Name: LynxElement Unikernel

Company: Lynx Software Technologies

Entry Statement

Executive Summary
Lynx new LynxElement is the industry’s first Unikernel to be POSIX compatible and available for commercial use. It will make a critical difference to reducing the vulnerability of mission critical systems such as aircraft systems, autonomous vehicles and critical infrastructure to external threats.

Innovation
Unikernel applications offer an elegant architectural improvement in security and scalability over virtual appliances and container apps and work best for applications requiring speed, agility and a small attack surface for increased security and certifiability. The use of Unikernels, which allow pre-built applications using libraries, reduces the attack surface. Unikernels are also very well suited as a component for mission-critical systems with heterogeneous workloads that need the coexistence of RTOS, Linux, Unikernel and bare-metal guests. Existing open-source Unikernel implementations haven’t seen great success due to a lack of adequate functionality, no clear path to safety certification and immature toolchains for debugging and producing images. Lynx has directly addressed these issues with the release of LynxElement.

Lynx has based LynxElement on its commercially proven LynxOS-178 real-time operating system, to enable compatibility between the Unikernel and the standalone LynxOS-178 product. This allows customers to freely transport applications between each environment and is FACE and POSIX API compatible. The Lynx framework thus provides built-in security for the Unikernel, paving a solid path to security and safety certification in mission-critical applications and making it enterprise-ready. LynxElement will be offered as part of the LYNX MOSA.ic portfolio of products for a diverse set of mission-critical use cases. It is available for both Intel and Arm processor architectures.

Differentiation
Lynx’s safety pedigree provides customers with confidence that the operating systems on which LynxElement is based are secure and ready for deployment in high-performance, highly secure and safety-certifiable systems. LynxElement offers increased density, better security, speed, and small size as compared with different approaches. This enables the predictability of systems to be determined by properties of the separation kernel, which we view as the foundational approach to the next generation of component-based development.

Customer Impact
The initial focus of LynxElement is centered on security, and a common use case would be to run security components like IDS and VPNs. By using a data diode and filter, the Unikernel can enable a customer to replace a Linux virtual machine, to save memory space and drastically reduce the attack space while guaranteeing timing requirements and safety certifiability. LynxElement is being trialed by existing Lynx customers and additional organizations including the Navy, Air Force and Army organizations worldwide, which have seen initial success.

Testimonial
Lynx developed the safety-critical Unikernel solution with the help of DESE Research, Inc. a leader in the development of innovative, high technology products for the defense, energy, space and environmental industries. “The solution we’ve developed with Lynx promises an incredibly flexible, efficient and robust alternative to common RTOS solutions for Army aviation platforms,” said Michael Kirkpatrick, CEO of DESE Research. “We’ve created the opportunity for customers to now host multiple real-time capabilities in parallel on a single multiprocessor device without impacting safety or performance, while also enabling the development of platform architectures with lower overall SWaP.”

For more information about the LynxElement visit http://www.lynx.com/products/lynxelement