Compositional security certification for medium- to high-assurance COTS-based systems in environments with emerging threats
Mission of certMILS:certMILS develops a security certification methodology for Cyber-physical systems (CPS). CPS are characterised by safety-critical nature, complexity, connectivity and open technology. certMILS aims to increase the economic efficiency and European competitiveness of CPS development, while demonstrating the effectiveness of safety & security certification of composable systems.
Motivation:Previously isolated physical systems have become connected to the Internet, thus becoming cyber-physical systems. For instance in transportation, for passenger as well as operator comfort, almost all means of transportation (airplanes, trains, cars, and ships) are networked. Due to the havoc potential of a malicious attacker, the security of cyber-physical systems has obtained a lot of interest. However, unlike many other IT systems, cyber-physical systems usually have already been heavily scrutinised for safety for decades. While the safety protection against accidental faults does not address security, there are already established safety methods as well as “safety certification stakeholders”. Securing and certifying cyber-physical systems therefore must respect the existing safety certification processes. certMILS generates rich interaction between developers, evaluation laboratories and certification authorities in three European countries resulting in:
• Validated modular Protection Profile
• Standardised and validated methodology for evaluating and certifying high assurance products
• Guidelines for compositional security for developers and evaluators.
|certMILS Leaflet [PDF] 998 kB|