The certMILS project capitalises on major progresses done in research projects EURO-MILS, D-MILS, pSHIELD and converts them into a market innovation. It utilises reusage strategies developed and successfully applied for safety artefacts in RECOMP and pSafeCer. It will bring closer to certification on-going engineering results in EMC2, CITADEL, and S3P. Finally, certMILS implements the critical parts of the certification roadmap defined by the MILS Community. Thus, the project is perfectly positioned within past and on-going activities as well as community understanding to achieve the claimed ambitious objectives and maximum impact. Detailed position to the relevant projects is described below.
The MILS Community is a global international, open membership, not-for-profit technology consortium that will become the leading competence network on MILS architecture and technologies. FOLLOW the MILS Community for more information.
certMILS naturally builds on results from other EU and national projects in which certMILS partners were actively involved in. The project is engaged in various cooperation activities with those projects and also certMILS project results might be useful for them in a later stage. A more detailed overview of these projects is given below:
(Click on the '+' to expand/collapse projects)
Expand all | Collapse all
CITADEL will investigate adaptive mechanisms for distributed MILS systems with preservation of security properties. These mechanisms will be tested in several demonstrators. The result of the projects targets to be a technical foundation for security evaluation of adaptive systems however no certification and no cooperation with national authorities is planned. There is a preliminary agreement between the certMILS and CITADEL consortiums to cooperate on adaptive mechanisms, e.g. CITADEL could provide technical foundations to be used in the development and compositional evaluation of certMILS pilots.
S3P is a technology driven project for smart platforms in industrial automation and industrial IoT. certMILS will profit from presenting the developed strategy and approaches for compositional certification, which are not considered in S3P.
The project Safe4RAIL aims to create safety concepts for mixed-critical Ethernet-based networking as well as a mixed-criticality application framework, including the brake-by-wire concept. The project will provide recommendations for standardization and certification of next generation TCMS embedded platform.
EMC2 is a huge ARTEMIS project (98 partners) working on various topics in embedded multi-core systems for mixed criticality applications in dynamic and changeable real-time environments. Most of the works are around design methods, analysis, and development of systems based on multicore hardware/SoC with mixed-critical requirements (criticality in the sense of time awareness and level of assurance and non-functional properties such as power consumption) and its usage in safety critical systems. Security is addressed as a number of technologies, e.g. security HW, side-channels of multi-core. Security assurance and security certification is out of the scope of the EMC2 project. certMILS plans to reuse the security analysis of multi-core platforms from EMC2 as all potential hardware platforms are based on multicore systems.
EURO-MILS research project has created the base for the certMILS. Joint work of industry, evaluation labs, and different certification authorities allowed discovering diverging attitudes of how to integrate hardware and scope of a component under certification. These obstacles will be solved in the cert-MILS project. EURO-MILS has published a draft PP for a part of the MILS platform. certMILS will use this PP as a baseline for developing a more modular MILS Platform PP. It has worked on CC evaluation of an earlier version of the PikeOS separation kernel, which had undergone partial CC evaluation in EUROMILS. To the extent possible, CC development artefacts of PikeOS developed for EURO-MILS will be taken as input in certMILS. EURO-MILS has also made a first report on the harmonisation of CC highassurance in France and Germany. One of lessons learned from the harmonisation effort is that the certMILS project duration has been chosen to allow execution of meaningful communication with all involved certification authorities.
SESAMO develops a component-oriented design methodology based upon modeldriven technology, which jointly addresses safety and security aspects and their interrelation for networked embedded systems in multiple domains. certMILS will assess how the developed tool-chain can be used to generated mode-based assurance case for the pilots and its applicability for compositional security case.
D-MILS focused on stretching the MILS principle over the network to create a distributed MILS system. The main technical topics were a MILS network subsystem with a hardware-based, timetriggered Ethernet “backplane”. A tool-chain to configure and analyze assurance of such a network-based distributed MILS system has been developed. D-MILS did not make any attempt neither on certification, nor on evaluation strategies and work with ITSEF, nor on methodologies for creating compositional assurance.
pSHIELD developed a roadmap and nSHIELD implemented the roadmap. These projects identified several technologies for building an architectural framework for Security, Privacy and Dependability (SPD). The goal of the framework is to guarantee that considered technologies for SPD are composable and do not introduce contradictions/conflicts. Security was presented by a security agent (a specific intrusion detection system) and overall algorithm how the components’ SPD properties can be combined and analysed. nSHIELD did not consider compositional evaluation, building security assurance case, and security certification, which is done in certMILS. certMILS will assess those SPD properties and methods to analyse and combine them for applicability in compositional security assurance case/security architecture required for CC evaluation and certification.
These ARTEMIS projects work on a framework for compositional development and composable certification of safety related systems. Security was not addressed in these two projects. certMILS plans to assess these framework to apply in pilots evaluations.
RECOMP considered compositional safety on multi-cores, but security was not considered (no malicious attacks). This was justified in the closed environments considered in RECOMP, but is not sufficient for larger and open systems. In RECOMP a strategy for a re-use of safety certification artefacts between two safety standards has been developed and successfully applied. certMILS will apply the experience in re-usage of safety certification artefacts and extend it to security. Thus, certMILS has a potential to be the first project to demonstrate compositional safety and security certification at the same time.