n
LynxSecure hypervisor sets a new stage in
hypervisor evolution - Type Zero, offering the
highest level of performance, reliability, and
security capabilities in platform virtualization.
Like other hypervisors, it provides the ability
to host multiple operating systems on a single
computing platform, including desktops, lap-
tops, and servers. However, Type Zero differ-
entiates itself from mainstream Type-1 and
Type-2 hypervisors through its unique archi-
tecture and configuration tools.
Type-2 hypervisors are computer emulation
applications that run on general purpose op-
erating systems. A Type-2 hypervisor allows
users to run multiple operating systems (OSs)
simultaneously on a single platform. For ex-
ample, a Windows 7 user can install a hypervi-
sor application like VMware Workstation, to
run a Windows XP guest OS on top of their
Windows 7 host OS. As an application the
Type-2 hypervisor is subject to performance,
security, and reliability penalties.
The hosted hypervisor incurs performance
hits because it competes with other user appli-
cations like web browsers and e mail clients
for system resources. Type 2 hypervisors are
weak in reliability and security because they
inherit the vulnerabilities of the user-controlled
host operating system. Type 1 hypervisors are
computer emulation software tightly integrated
with embedded OSs that run transparent to
the end-user. Type-1 hypervisors gain a signifi-
cant performance improvement over Type 2
hypervisors because they are self-hosted with
embedded OSs that are optimized for virtual-
ization. Type 1 hypervisors significantly reduce
the attack-surface over Type-2 hypervisors by
limiting access to the hypervisor to only system
administrators, preventing end-users and user
applications from tampering with the hypervisor.
Additionally Type-1 hypervisor vendors control
all the software that comprises the hypervisor
package including the virtualization functions
and OS functions, like device drivers and I/O
stacks. Control over the software package pre-
vents malicious software from being introduced
into the hypervisor foundation. The limited
access and strong control over the embedded
OS greatly increase the reliability of Type-1
hypervisors.
LynuxWorks introduces LynxSecure as a new
class of hypervisor Type Zero, based on a
new architecture that allows for higher levels
of performance, reliability, and security over
Type 1 hypervisors. The LynxSecure Type
Zero hypervisor is built from the ground up
with the minimum software components re-
quired to fully virtualize guest OSs and control
information flow between guest OSs. The
Type Zero architecture removes the need for
an embedded host OS to support virtualiza-
tion, allowing the hypervisor to run in an
LynxSecure Type Zero enables
ongoing hypervisor evolution
R
EAL
-
TIME
O
PERATING
S
YSTEMS
By Will Keegan,
LynuxWorks
This article discusses
the evolution of modern
hypervisor architectures,
from Type-2 to Type Zero,
and describes the perform-
ance, reliability, and security
benefits achieved through
LynxSecure Type Zero
architecture.
April 2014
34
Figure 1. Type Zero hypervisor
