CERTMILS - Compositional security certification for medium- to high-assurance COTS-based systems in environments with emerging threats

Date: 
01/01/2017 to 31/12/2020

Introduction

certMILS aims to reduce the complexity of the certification of cyber-physical systems dramatically by use of a trustworthy MILS platform (Multiple Independent Levels of Security) within the cyber-physical system, which is simple, small, and certified for the highest level.

Such a platform enables compositional security certification, which is applied in three different pilots. To be marketable as product for a large scope of ICT/cyberphysical systems, the platform has a powerful API configuration, supports open common and domain specific APIs (e.g. POSIX, ARINC) as well as consistently addresses existing domain safety standards/regulations.

Who is the project designed for?

Objective 1: Transfer know-how in compositional safety certification to security certification
Objective 2: Make certification of composed systems affordable
Objective 3: Preservation of certified assurance throughout operational deployment
Objective 4: Involvement of all stakeholders in different industry domains
Objective 5: Certified European MILS platform and MILS Platform Protection Profile
Objective 6: Develop and apply compositional certification methodology on three industrial pilots
Objective 7: Guidelines and templates for MILS certification

How is your project benefitting the end-user?

Previously isolated embedded systems have become connected to the Internet, thus becoming cyber-physical systems. For instance in transportation, for passenger as well as operator comfort, almost all means of transportation (airplanes, trains, cars, and ships) are networked. Due to the havoc potential of a malicious attacker, the security of cyber-physical systems has obtained a lot of interest. However, unlike many other IT systems, cyber-physical systems usually have already been heavily scrutinised for safety for decades.

While the safety protection against accidental faults does not address security, there are already established safety methods as well as “safety certification stakeholders”. Securing and certifying cyber-physical systems therefore must respect the existing safety certification processes. certMILS generates rich interaction between developers, evaluation laboratories and certification authorities in three European countries resulting in:

  • Validated modular Protection Profile
  • Standardised and validated methodology for evaluating and certifying high assurance products
  • Guidelines for compositional security for developers and evaluators

Please briefly describe the results your project achieved so far

Currently, we are in month 15 (April 2018) of the certMILS project. Within the first project year the work progress was well on track. A report on the state-of-the-art for compositional evaluations has been written. This report describes the different ways compositions are currently performed for evaluations using ISO/IEC 15408 (Common Criteria) as of today.

The certMILS team is currently working on a Common Criteria object, which can be used as an stand-alone Protection Profile or as a Base-PP for a modular PP (Base-PP plus extended packages). The scope of this Base-PP is a Separation Kernel that can serve as a basis for a MILS platform. The Separation Kernel provides a basis for multiple partitions where each partition gets its resources assigned by the Separation Kernel. The minimum set of resources that the Separation Kernel must be able to assign to partitions are computer memory and processing time. As such, the Separation Kernel is an operating system with minimized functionality leaving higher level functions, usually provided by a general purpose operating system like file systems, network protocols and application management, to be provided by the partitions. The Base-PP contains the basic functions of the Separation Kernel and it will be accompanied by a number of extensions / PP-modules addressing areas where specific Separation Kernels handle functions in a different way.

What are the next steps for your project?

The consortium is working on the first draft of the Base MILS Platform Protection profile (PP), which is a Common Criteria object. The scope of the PP is to serve a basis for a certified European MILS platform. In addition, the certMILS team is currently planning the 4th International Workshop on MILS: Architecture and Assurance for Security Systems, which will be co-located with the IEEE/IFIP International Conference on Dependable Systems and Networks (DSN 2018: see https://dsn2018.uni.lu/) in Luxembourg.

News

UNICORN’s Validation Contest now open for participation!

UNICORN project is looking for SMEs and start-ups to test and validate the UNICORN platform by developing their own software or use-cases. The selected participants will receive 10.000€ funding each (find here a template for the contract)

Events

17/01/2019
Reinforcing Cyber Security in the EU: Building Coordinated Security, Confidence and Capability in the Cyber Domain

With 315 million Europeans using the internet each day, the provision of critical services and the functioning of a modern economy are now entirely dependent upon the robustness and safety of cyberspace and its infrastructure. Cyber security attacks are a growing source of threat and concern, while also representing a growing economic opportunity for Europe, with the market predicted to be worth over $100 Billion by 2018 (European Commission). Moreover, cyber attacks in the EU are constantly growing in both their frequency (quintuplicate between 2013 and 2017) and sophistication.