Secure communications for connected cars, infrastructure, & safety critical IoT

March 01, 2016 // By Graham Prophet
An updated version of LynxSecure from Lynx Software Technologies adds secure bare-metal networking and advanced cloud-based threat detection capabilities. The system continues to use the principles of separation kernel, and as Lynx code runs on ‘bare metal’ there is no possibility for attackers to subvert it from a lower level.

The LynxSecure 5.3 Separation Kernel Hypervisor is announced with a capability that extends the principle of domain separation to the network connection. At the same time, in partnership with Webroot, Lynx revealed real time cloud-based threat detection for guest operating systems hosted by LynxSecure.


Commenting, Robert Day, Vice President, Marketing at Lynx Software Technologies, said, “The success of connected cars, connected infrastructure and other safety-critical IoT applications rests on the resolution of two key security challenges. The first is the robust protection of not only the gateways and endpoints, but also the lines of communication between them, and then from the gateway out over the Internet. The second is real time threat detection, as well as containment. With today’s announcement, we are delivering both – opening the path to a new generation of connected vehicles, a vast array of safety critical infrastructure and for further industrial and mainstream IT deployments.”


LynxSecure 5.3 is a DoD certified secure virtualisation solution based on separation kernel technology. When deployed in an IoT gateway, LynxSecure implements the robust separation of domains, ensuring that the Operational Technology (OT) network hosting the IoT endpoints is securely isolated from the wider Information Technology (IT) network. With a tiny trusted code-base, LynxSecure provides IoT endpoints and gateways with the protection they need by reducing the attack surface exploitable by malicious agents to an absolute minimum, and securely controlling any communications between the OT and IT domains.


LynxSecure 5.3 is the enabling platform for LSA.connect, a secure network encryption component built using LynxSecure bare metal applications (LSAs). In its simplest configuration, LSA.Connect can be used to encrypt network traffic without exposing a large attack surface to malicious agents by housing the network encryption algorithms in their own secure domain, away from both the operating system connected to the internet and the encryption keys themselves. In a more sophisticated configuration, LSA.connect can be used to extend the