HYDRA is so unique in its design, that the NSA's SPOCK program called it a "paradigm shift in server technology." Part of what makes HYDRA so unique is that it is based on a hard real-time operating system (RTOS) rather than a general-purpose OS (GPOS) such as Linux, BSD, or Windows. In other words, HYDRA is a true embedded system.

An embedded system is typically a small device built for a specific purpose. Perhaps the best way to identify an embedded system is by example. Consider the following table.

Embedded Systems

General-Purpose Systems

  • Missile Avionics Controls
  • Inertial Guidance System
  • Telephone Switch
  • Anti-lock Braking System
  • iPod
  • Radiotherapy Machine
  • Engine Controller
  • Microwave Oven
  • Oscilloscope
  • Programmable Logic Controller
  • Home Computer
  • Intrusion Detection System
  • Web Server
  • Firewalls (with very few exceptions)
  • Home DVR
  • Email Server
  • X-Box
  • Virus Scanner Appliance
  • Phones Using Windows Mobile
  • Dedicated Network Appliance

As you can see, HYDRA has more in common with an F-22 fighter jet than it does with a typical network appliance. Designing an enterprise-scale embedded system such as HYDRA is no small task, and indeed requires time, resources, and discipline far greater than Linux or BSD-based appliances. The advantages, however, make this rare combination more than worth it.

Would you fly on a 747 if there was a chance it would blue-screen (crash)? What if you could hack its navigation system using the in-flight entertainment system? Systems that require a high degree of reliability and security, like those on the 747, can not use a general-purpose OS, and neither can HYDRA.

This is not at all because of any flaw in systems such as Windows, BSD or Linux. In fact, all these operating systems are known to be very capable and stable to varying degrees. However none of them can reach the same levels of assurance as HYDRA, because they do not need to, and subsequently they were simply not designed to.


A system like Linux can never know all possible usage scenarios or intended input, and thus represents a true triumph of computer science that it does so many things so well without even knowing about them up front. The downside is that this makes for a rather complex system (the kernel alone has ~7 million lines of code). In contrast, HYDRA's knows exactly what it needs to do, and subsequently its entire application plus the kernel is only several hundred thousand lines of code. Devices like HYDRA that are purpose-built have the luxury of being much smaller with more complete requirements, increasing their testability and reducing the odds of any defects.


Defects are also a major source of software vulnerabilities, so fewer defects means greater security. The largest source of vulnerabilities, however, is bad assumptions and a subsequent bad design. A small embedded system can be built from nothing, adding the minimum requirements. This leaves no left-over design elements or unchecked usage assumptions to create possible weaknesses. It can also be designed to run only its primary code, unlike a GPOS whose very design is to allow it to run any code loaded into it, which could include spyware, malware, and viruses.

HYDRA is not more secure simply because it is a true real-time embedded system, but rather it had to be an embedded system to achieve its security posture. For more information click on the sub-items in the menu at right, Download one of our whitepapers, or Contact Us directly.

Interesting external links:
Embedded Security Framework
Calculating Exploitability
Vulnerabilities Concerning Linux
Vulnerabilities Concerning BSD
Vulnerabilities Concerning Microsoft
Interview on Reliable Software