Securing a Multicore, Dual OS, Wireless Medical Platform

Prototype, off-the-shelf platform proves both technical viability of Linux-based software and chip-board package with wireless sensor array for hospital patients.

A Linux-based software company has teamed up with chip and board manufacturers to deliver a proof-of-concept (PoC) secure wireless sensor platform for the medical community. The PoC or prototype platform was designed to eliminate the bulky and cumbersome wires that connect sensors on a hospital patient’s body to the computer-based monitoring equipment.

Using wireless technology, the prototype platform will enable the connection of more than 25 Bluetooth wireless biometric sensors to a patient’s body. The platform will then graphically portray the patient’s sensor data on a computer running a Microsoft Window’s operating system.

A software application, called LynxSecure by LynuxWorks, uses virtualization technology to enable both Linux and Windows operating systems to run in parallel on a hardware platform – a Portwell Mini-ITX board with an Intel® Core™2 Duo processor. This prototype demonstrates to the medical community both the proof of a wireless sensor approach as well as the integration of commercially available subsystems to create the platform.

But one obstacle remains. Can patient sensitive data be securely transmitted to a hardware platform that runs two different operating systems?

Dual OS Security Problems

Today’s designers have the luxury and challenge of designing systems with multicore processors. Such processors can execute multiple programs and program threads simultaneously. With that capability, however, comes the fear that a program running on one CPU core could inadvertently or intentionally gain access to the data being used by another core on the same chip. This issue can be especially critical for military and various personal and business applications. For them, data and communication channels must remain isolated from each other. Any breach would be intolerable.

To eliminate this risk, LynuxWorks Inc. (San Jose, CA) unveiled the LynxSecure 4.0 secure separation kernel and embedded hypervisor at the Embedded Systems Conference. It vows to provide impenetrable barriers in a multiprocessor environment when multiple guest operating systems (OSs) are running on processors, such as the Intel® Core™ i5 and Core™ i7 processors. Although LynxSecure has been widely used for many military programs to provide the highest levels of security, the just-released version 4.0 for the Intel Core i5 and Core i7 processor-based platforms can also be applied to industries like medical, industrial, automotive, networking, and consumer. It allows such industries to run multiple applications and different guest OSs on a single platform by isolating them into separate partitions. When using a multicore processor, the virtualized guest OSs can share a single core or be given dedicated access to a core. Now, with Version 4.0, they also have the ability to run in symmetric-multiprocessing (SMP) mode to leverage the parallelism that’s possible across multiple cores.

By providing strong barriers between the partitions, the software prevents unintended or dangerous software interactions. It also can prevent hackers from intentionally gaining access to secure information through another processor’s memory map. In addition, the ability to isolate the systems makes consolidating systems easier. Multiple, physically separate systems can now be combined on a single platform, thereby saving hardware cost and power. Designers also have the ability to innovate by creating new devices that leverage the ability to run multiple OSs and threads on a single processor.

With the hardware virtualization capabilities in the Intel Core i7 processor, the LynxSecure software can run unmodified guest OSs, such as Microsoft Windows, at near-native performance. Such performance would be much higher than other solutions, which rely on a traditional emulation-layer approach. Virtual networking is also included in LynxSecure. That feature allows Windows applications to seamlessly communicate via TCP/IP with other virtualized OSs (such as Linux) that are running in separate partitions. To ease software development, version 4.7 of the Luminosity integrated development environment provides a suite of development, debug, and analysis tools in an industry-standard Eclipse-based framework.

To learn more about today’s embedded medical and security technology, be sure to attend the upcoming Embedded Systems Conference (ESC) in Chicago, June 8-10, 2010


Dave Bursky is a well-recognized pundit on electronic design. He is Senior Contributing Editor for Chip Design magazine and a frequent contributor to Embedded Intel® Solutions magazine.





John Blyler can be reached at: jblyler@extensionmedia.com