Mission of certMILS

certMILS develops a security certification methodology for Cyber-physical systems (CPS). CPS are characterised by safety-critical nature, complexity, connectivity and open technology. certMILS aims to increase the economic efficiency and European competitiveness of CPS development, while demonstrating the effectiveness of safety & security certification of composable systems.The "MILS" in certMILS stands for "Multiple Independent Levels of Safety/Security", indicating that certMILS uses a special kind of operating systems called "separation kernel" (SK). This kind of operating system focuses being highly deterministic and reliable and puts user functionality into the application layer.


Previously isolated physical systems have become connected to the Internet, thus becoming cyberphysical systems. For instance, in transportation, for passenger as well as operator comfort, almost all means of transportation (airplanes, trains, cars, and ships) are networked. Due to the havoc potential of a malicious attacker, the security of cyber-physical systems has obtained a lot of interest. However, unlike many other IT systems, cyber-physical systems usually have already been heavily scrutinised for safety for decades. While the safety protection against accidental faults does not address security, there are already established physical systems therefore must respect the existing safety certification processes.

certMILS generates rich interaction between developers, evaluation laboratories and certification authorities in three European countries resulting in: 

  • Validated modular Protection Profile
  • Standardised and validated methodology for evaluating and certifying high assurance products
  • Guidelines for compositional security for developers and evaluators.

Our approach is applied to three industrial pilots: smart grids, railway and subway.