CERTMILS - Compositional security certification for medium- to high-assurance COTS-based systems in environments with emerging threats

Date: 
01/01/2017 to 31/12/2017

Introduction

certMILS aims to reduce the complexity of the certification of cyber-physical systems dramatically by use of a trustworthy MILS platform (Multiple Independent Levels of Security) within the cyber-physical system, which is simple, small, and certified for the highest level.

Such a platform enables compositional security certification, which is applied in three different pilots. To be marketable as product for a large scope of ICT/cyberphysical systems, the platform has a powerful API configuration, supports open common and domain specific APIs (e.g. POSIX, ARINC) as well as consistently addresses existing domain safety standards/regulations.

Who is the project designed for?

Objective 1: Transfer know-how in compositional safety certification to security certification
Objective 2: Make certification of composed systems affordable
Objective 3: Preservation of certified assurance throughout operational deployment
Objective 4: Involvement of all stakeholders in different industry domains
Objective 5: Certified European MILS platform and MILS Platform Protection Profile
Objective 6: Develop and apply compositional certification methodology on three industrial pilots
Objective 7: Guidelines and templates for MILS certification

How is your project benefitting the end-user?

Previously isolated embedded systems have become connected to the Internet, thus becoming cyber-physical systems. For instance in transportation, for passenger as well as operator comfort, almost all means of transportation (airplanes, trains, cars, and ships) are networked. Due to the havoc potential of a malicious attacker, the security of cyber-physical systems has obtained a lot of interest. However, unlike many other IT systems, cyber-physical systems usually have already been heavily scrutinised for safety for decades.

While the safety protection against accidental faults does not address security, there are already established safety methods as well as “safety certification stakeholders”. Securing and certifying cyber-physical systems therefore must respect the existing safety certification processes. certMILS generates rich interaction between developers, evaluation laboratories and certification authorities in three European countries resulting in:

  • Validated modular Protection Profile
  • Standardised and validated methodology for evaluating and certifying high assurance products
  • Guidelines for compositional security for developers and evaluators

Please briefly describe the results your project achieved so far

Currently, we are in month 15 (April 2018) of the certMILS project. Within the first project year the work progress was well on track. A report on the state-of-the-art for compositional evaluations has been written. This report describes the different ways compositions are currently performed for evaluations using ISO/IEC 15408 (Common Criteria) as of today.

The certMILS team is currently working on a Common Criteria object, which can be used as an stand-alone Protection Profile or as a Base-PP for a modular PP (Base-PP plus extended packages). The scope of this Base-PP is a Separation Kernel that can serve as a basis for a MILS platform. The Separation Kernel provides a basis for multiple partitions where each partition gets its resources assigned by the Separation Kernel. The minimum set of resources that the Separation Kernel must be able to assign to partitions are computer memory and processing time. As such, the Separation Kernel is an operating system with minimized functionality leaving higher level functions, usually provided by a general purpose operating system like file systems, network protocols and application management, to be provided by the partitions. The Base-PP contains the basic functions of the Separation Kernel and it will be accompanied by a number of extensions / PP-modules addressing areas where specific Separation Kernels handle functions in a different way.

What are the next steps for your project?

The consortium is working on the first draft of the Base MILS Platform Protection profile (PP), which is a Common Criteria object. The scope of the PP is to serve a basis for a certified European MILS platform. In addition, the certMILS team is currently planning the 4th International Workshop on MILS: Architecture and Assurance for Security Systems, which will be co-located with the IEEE/IFIP International Conference on Dependable Systems and Networks (DSN 2018: see https://dsn2018.uni.lu/) in Luxembourg.

Week: 
Monday, 12 February, 2018

News

Share your view to identify EU-US priorities on cybersecurity and privacy R&I

The AEGIS project is working to promote cybersecurity and privacy dialogue and cooperation between the US and the EU.

As part of its activities AEGIS is conducting an online survey to identify R&I priorities for EU-US cooperation in cybersecurity and privacy.

Events

28/06/2018
Free Live Cybersecurity Webinar – Cyberwatching.eu: opportunities for CS&P clusters

Cyberwatching.eu launch the first webinar for clusters that are actively working in Cybersecurity and Privacy, in order to share experiences and information on how they can help their members to keep up to date in these sectors.

One of the main goals of cyberwatching.eu project is to take advantage of the results of previous European R&D projects to build new product and services, fostering synergies among different European clusters. In this webinar we will give you an overview of:

10/10/2018 to 11/10/2018
Transatlantic ICT Forum 2018