Embedded | August 02, 2011

Sysgo's SeSaM project fosters the high-level security domain

Sysgo started the two-year project SeSaM (Secure and Safe Microkernel) dedicated to the development and certification of high-assurance operating system components.
As the only Common Criteria (CC) protection profile for micro-kernels has been developed and can only be applied in the US, SeSaM has been established to create a European foundation in the Multiple Independent Levels of Security (MILS) domain. SeSaM is another important example of Sysgo's ability to offer solutions in the area of very high-level security.

Today, virtualization technologies are being used in safety- and security-critical application domains to consolidate heterogeneous legacy infrastructure grown over decades, a good example being aerospace. Another application domain is the growing networking of terminal devices that poses new requirements for the data security of embedded systems.

Thus, virtualization will be very likely the basis for the entire domain of embedded systems, as well as a key technology for IT systems in general. As an ideal foundation for such virtualization solutions, so-called microkernels have to meet both security and safety requirements. The SeSaM project shall strengthen competency in the field of high-assurance microkernels, develop assurance techniques for applied security assurance, and support future product developments.

"We are very proud to have well-known partners on board of that ambitious project," said Sergey Tverdyshev, project engineer at Sysgo and project manager of SeSaM. "Together we will pursue the goal of improving the development and certification of high-assurance operating system components in a way that is not available elsewhere today on the market."

In detail, the project has the following objectives:

- Security requirements for virtualization solutions: Considering current state of the art, requirements and policies for virtualization solutions shall be analyzed in an as generic as possible way. Hereby, a conceptual framework is generated that supports developments in the field by establishing definitions and requirements, thus enhancing comparability. In addition to a more general competency obtained in this import segment, a Protection Profile formulated on this basis will considerably ease further certification efforts.

- Security Target for a microkernel "Made in Germany": A security target for PikeOS will be prepared as a prototypical instantiation of the protection profile. In addition to validating the generic concepts worked out, this shall generate a sustainable basis for a certification of security-critical operating systems in Europe for EAL5.

- Formal Methods: Formal modelling has shown to be extremely useful, especially for requirements analysis. Description methods targeting the identified notions in virtualization solutions allow a further development to EAL6/7 and strengthen security competency, which will play a decisive role in the future.

- Modular system development and certification: Modular development and certification are indispensable - however in their vertical dimension (refinement) they lead to problems that are still not fully mastered. In the context of refining security requirements, a modular certification process shall also be worked out on a formal level. The aim is to find an appropriate solution that both leads to manageable proof obligations and is adequate for the implementation of PikeOS.


Please note the following: Critical comments are allowed and even encouraged. Discussions are welcome. Verbal abuse, insults and racist / homophobic remarks are not. Such comments will be removed.
Further details can be found here.
Load more news
January 20 2018 1:29 pm V9.1.4-1