Titel

certMILS: Compositional security certification for medium- to high-assurance COTS-based systems in environments with emerging threats

(EU, Horizon 2020)

Abstract

certMILS develops a security certification methodology for Cyber-physical systems (CPS). CPS are characterised by safety-critical nature, complexity, connectivity, and open technology. A common downside to CPS complexity and openness is a large attack surface and a high degree of dynamism that may lead to complex failures and irreparable physical damage. The legitimate fear of security or functional safety vulnerabilities in CPS results in arduous testing and certification processes. Once fielded, many CPS suffer from the motto: never change a running system.

certMILS increases the economic efficiency and European competitiveness of CPS development, while demonstrating the effectiveness of safety & security certification of composable systems.

The project employs a security-by-design concept originating from the avionics industry: Multiple Independent Levels of Security (MILS), which targets controlled information flow and resource usage amongst software applications.

certMILS reduces certification complexity, promotes re-use, and enables secure updates to CPS throughout its lifecycle by providing certified separation of applications, i.e. if an application within a complex CPS fails or starts acting maliciously, other applications are unaffected.

Security certification of complex systems to medium-high assurance levels is not solved today. The existing monolithic approaches cannot cope with the complexity of modern CPS. certMILS uses ISO/IEC 15408 and IEC 62443 to develop and applies a compositional security certification methodology to complex composable safetycritical systems operating in constantly evolving hostile environments. certMILS core results are standardised in a protection profile.

certMILS develops three composable industrial CPS pilots:

  • smart grid,
  • railway,
  • subway,

certifies security of critical re-useable components, and ensures security certification for the pilots by certification labs in three EU countries with involvement of the authorities.

Links

Project period

4 years  (01.01.2017 - 31.10.2020)

Research grant

This project has received funding from the European Union’s Horizon 2020 research and innovation programme under grant agreement No 731456

Industry Support

The Institute is supported by the company ANSYS / Esterel with licences for the formal software modelling system SCADE. The software is used for academic research in the openETCS and certMILS project and in education especially for embedded systems.

Principal investigators

Foto Thorsten Schulz

Dipl.-Ing.
Thorsten Schulz

E-Mail
Tel.: +49 381 498 7278
Raum: W1332

Foto Frank Golatowski

Dr.-Ing.
Frank Golatowski

E-Mail
Tel.: +49 381 498 7274
Raum: W1323

Foto Dirk Timmermann

Prof. Dr.-Ing.
Dirk Timmermann

E-Mail
Tel.: +49 381 498 7250
Raum: W1205

Foto Christian Haubelt

Prof. Dr.-Ing. habil.
Christian Haubelt

E-Mail
Tel.: +49 381 498 7280
Raum: W1201

Publications

Thorsten Schulz, Caspar Gries, Frank Golatowski, Dirk Timmermann:
Strategy for Security Certification of High Assurance Industrial Automation and Control Systems
In Proceedings of the IEEE 13th International Symposium on Industrial Embedded Systems (SIES), pp. 1-4, ISSN: 2150-3117, DOI: 10.1109/SIES.2018.8442081, Graz, Österreich, August 2018

Thorsten Schulz, Frank Golatowski, Dirk Timmermann:
In Search for a Simple Secure Protocol forSafety-Critical High-Assurance Applications
In Proceedings of the International Workshop on MILS: Architecture and Assurance for Secure Systems, pp. 1-4, DOI: 10.5281/zenodo.1306101, Luxemburg, Luxemburg, Juni 2018

Thorsten Schulz, Frank Golatowski, Dirk Timmermann:
Evaluation of a Formalized Encryption Library for Safety-Critical Embedded Systems Folien
Proceeding of the IEEE IES International Conference on Industrial Technology, Toronto, Canada, März 2017

Frank Golatowski, Thorsten Schulz, Mehmet Özer, Philipp Gorski:
Zugsteuerung nach dem Baukastenprinzip
In Elektronik, Nr. 18, pp. 42-49, ISSN: 0013-5658, Haar, Deutschland, September 2016