Lynx Software Technologies has confirmed that both its ARM and Intel LynxSecure customers’ are protected from Meltdown, the infamous hardware vulnerability that has exposed almost every other operating system based computer system on the planet. LynxSecure is a true high assurance separation kernel virtualisation technology founded on a robust design.
Alternative to traditional centralised resource and service oriented designs seen in most operating systems and hypervisors, LynxSecure provides a decentralised approach. One where each guest computing environment is self-sufficient. The autonomy of each guest environment obviates the need for the kernel to provide global services.
It is by the nature of the distributed autonomous design approach LynxSecure was immune to Meltdown, where attacker processes/VMs were able to derive kernel and guest private memory as a result of central service oriented kernel designs that required access to all guest memory.
Commenting, John Blevins, Director of Products at Lynx Software Technologies said: “The fact that LynxSecure is not vulnerable to attacks such as Meltdown further validates the ‘secure by design’ principles on which it was founded.
He continued: “Every virtualisation user expects that their sub-system or address space is completely separate from other users of the same processor or system. Meltdown exposes the fundamentally insecure design of almost every other virtualisation and separation kernel implementation, because those virtualisation solutions do not isolate their kernel from the virtualised environments it hosts.”
The consequences of a failed high assurance design go far beyond a possible breach, which can be catastrophic to a business. The real cost of recovery to a highly assured system status may potentially require both operating system patches and application code recompilation, or worse, the complete redesign of the original system which has now been shown to be fundamentally unable to meet a high assurance standard.
Using an architecturally sound separation kernel for high assurance system design can significantly reduce the incidence of security vulnerabilities in sensitive systems.
Blevins concluded: “Systems are becoming increasingly complex and need to be architected from the ground up with both safety and security in mind. This is especially true of Industrial IoT applications, medical applications and ADAS systems, where the consequences of even a single failure are extremely serious. LynxSecure facilitates the creation of complex, high assurance systems that are both safe and secure by design.”