The Embedded Software Beat
A Q&A with John Blevins, Director of Marketing, LynuxWorks
This interview is the second in a series that we look to conduct during the course of 2012 with embedded software solution providers to share their views on their company, products, and state of the market.
VDC: LynuxWorks has been in the RTOS business for over 20 years; can you briefly introduce the company to our readers?
Blevins: LynuxWorks was founded in 1988 as Lynx Real Time Systems, and the first product, LynxOS, was designed to give embedded developers a high performance yet full featured Real Time Operating System. LynxOS offered UNIX & POSIX functionality for embedded systems without compromising real-time performance and determinism. As Linux emerged as an embedded operating system in the late 90s we changed our name to LynuxWorks and chose to offer a Linux distribution to give embedded developers the choice of embedded Linux or the high-performance LynxOS for building connected embedded systems. As we entered the new millennium we had many customers wanting us to add security and safety features to our LynxOS operating systems, and so we built two new versions, LynxOS-178, a safety critical OS that has been certified to the highest level of FAA safety certification, and LynxOS-SE that added security functionality to LynxOS. At this time we recognized that a new generation of product was needed to meet the upcoming challenges of security, multi-core and multi-OS systems in the embedded space. We started development from the ground up on this new product called LynxSecure in 2004 and designed the highest levels of security and modern virtualization into the product. LynxSecure has evolved into the most secure type zero hypervisor and separation kernel on the market today providing the ability to run multiple fully virtualized guests on a single platform.
VDC: What are the challenges engineers face today in designing and developing embedded devices and how are embedded software suppliers responding?
Blevins: Today, embedded developers face significant challenges due to the more complex and sophisticated hardware available. With increased processor bandwidth, higher memory densities and multi-core systems now commonly available, embedded developers are expected to create more complex products. It is becoming common to use virtualization technology to run multiple operating systems on a multi-core large-memory system. When designing a more sophisticated embedded system the developer must decide how to divide hardware resources (cores, memory, USB devices, etc) between the various guest operating systems and how to balance resources between real-time operating systems and non-real-time systems sharing the same hardware. The developers also face security challenges as they try to prevent non embedded OSes from corrupting their real-time OSes and applications. LynuxWorks has responded to these needs with our LynxSecure separation kernel and Hypervisor product which will allow the embedded developer to have very strict control over which resources are assigned to which operating systems. LynxSecure guarantees that resources assigned to an RTOS are never seen by the other guest OSes and are always available to the RTOS for the deterministic response times traditionally required by embedded applications.
VDC: You recently introduced a new version of LynxSecure, the Hypervisor. How would you categorize the market for virtualization for embedded systems, and what separates LynuxWorks from its competitors in this space?
Blevins: Virtualization has been growing in acceptance by embedded developers over the last two years. Embedded Systems designers want to recognize the common virtualization benefits of reduced size, weight, power, and cost (SWaPC) that the server market has been enjoying. However, they have concerns over maintaining both real-time performance and security in their system as they move to virtualization. Security is a problem that is affecting all segments of the embedded market. Embedded devices are routinely used in defense, medical, power, and financial applications where a security breach or compromised system may have dire consequences. More of these devices are now connected to the internet than ever before and are subject to continuous malware attacks. Some of these embedded devices are attempting to mix non-secure desktop type environments with secure RTOS applications on a single platform. The need to maintain the security of these mixed systems is higher now than ever before. LynxSecure is in its fifth generation and is rapidly being adopted by embedded developers who have secure virtualization requirements. LynxSecure is different than other hypervisors in that it is first and foremost a separation kernel that allows strict hardware provisioning between the various guest operating systems. LynxSecure is less than 20,000 lines of code and has been designed to achieve the highest levels of evaluation and certification. The LynxSecure separation kernel and hypervisor provides deterministic real-time performance and allows a developer to preserve the real-time requirements of an RTOS running on the same hardware as other desktop type operating systems. A common use of LynxSecure is to run legacy applications in an environment such as Windows next to an RTOS such as LynxOS-178, which may perform some critical safety function. Embedded systems that mix safety and security on a single platform will really benefit from LynxSecure.
VDC: Security has long been a major focus of LynuxWorks. Are OEMs doing enough to secure their devices in today’s increasingly connected world?
Blevins: Unfortunately not yet. It seems that many OEMs are waiting for something bad to occur before they begin to address their security issues. In the commercial segments we see famous security breaches in common devices like the Sony PlayStation. We see attacks on blogs such as the Gawker Media attack which revealed millions of commenter’s user names and passwords. We see attacks on security companies such as the Kaspersky attack which exposed sensitive database information. In more traditional embedded systems we see attacks like the Stuxnet virus which targeted Siemens industrial software and equipment through Windows. These attacks are helping create awareness of the need to address security concerns early in the design process of an embedded system.
VDC: LynuxWorks also delivers security solutions through ValidEdge, a wholly owned subsidiary. Can you briefly introduce this subsidiary to our readers?
Blevins: ValidEdge is a security appliance which sits on a network and analyzes thousands of malware samples. The ValidEdge MIS1300 device unpacks, un-encrypts, and un-obfuscates each malware sample before running both static and dynamic analysis on it. After collecting all details of what the malware does, what is hidden in its payload, what files it alters and so on the information is compiled into a report for the user. The ValidEdge appliances excel at detecting “zero day” malware which has never been seen before The ValidEdge MIS1300 appliances utilizes LynxSecure to run 6 copies of Windows simultaneously and to re-load them fresh after the analysis of each malware sample is completed. The ValidEdge product line is both an example of how useful LynxSecure can be as well as a commitment to help address security concerns in today’s “connected” world.
VDC: If you were to take a look a look into your crystal ball, how do see the opportunities for the embedded software market shaping up as we head to 2013?
Blevins: As the discussion above shows, LynuxWorks is greatly concerned with providing security solutions in the embedded market. We believe that the combination of more powerful hardware and virtualization technology will be subject to greater security risks and performance problems as more of these devices are connected to the network. LynuxWorks is poised for helping customers utilize today’s newer hardware to its full capacity by providing secure virtualization technology that will continue to guarantee real-time determinism, safety, and performance, as well as address the security concerns that come from such a complex networked system.
VDC: Thank you John.
Interested in participating in VDC’s “The Embedded Software Beat” series of interviews? Please reach out and let us know.