Security: a universal requirement
- PikeOS provides security levels according to the requirements of the MILS standard.
Although the need to deal with security threats was first recognized for defense systems, in today’s world malicious attacks are resulting in large financial losses and services outages in many industries. Historically, most commercial systems have been developed with haphazard attention to security concerns, resulting in tremendous costs and business risks. Suppliers have a clear competitive edge if they are able to leverage the security technology developed for defense systems certification and efficiently apply its principles in commercial markets.
Due to hardware and software advancements as well as cost containment pressures, there is an increasing desire to house multiple systems on a single platform that can meet diverse and independent security requirements. This need led to the development of the MILS (Multiple Independent Levels of Security) architecture. While initially developed with defense systems in mind, MILS concepts are relevant to many different industry sectors that require security from different types of threats to be managed in a cost-effective manner. MILS offers a suitable architecture not only for military systems, but also applications as diverse as medical, industrial, and financial systems. MILS accomplishes the goal of supporting diverse levels of security by following a layered approach to implementing various security concepts.
Security standards are defined by the Common Criteria (CC), an international standard for security requirements. The CC defines multiple levels of security in the form of Evaluation Assurance Levels (EALs), with the highest level defined as EAL 7. Approaches to enforcing security must be layered and incremental in order to address an evolving environment populated by resourceful attackers. Again, this holds true in both military and commercial application domains.
PikeOS: the foundation of a multi-level solution
Beyond the scope of any competing technology, PikeOS is taking direct aim and achieving security assurance all the way to EAL 7. As part of the Verisoft XT project, funded by BMBF (German Ministry of Education and Research), SYSGO is pursuing the formal verification of PikeOS using an innovative enhanced code verification approach that provides:
- memory framing properties, that is, absence of illegitimate memory accesses on some sections of code and
- functional correctness, that is, implementation honoring the formal specification on some parts of the kernel.
The resulting formal work can be inserted into dependability frameworks such as the Common Criteria, ISO/EIC 61508 or DO-178B, offering the widest range and deepest level of security options available for all varieties of public and private sector projects.
Non-defense government and commercial industries requiring multi-level secure solutions are many and varied. Some examples include:
Transportation | Airports | Industrial | Public Safety |
• Traffic Cost Optimization • On-line Data Transfer Management • On-line Transport Optimization • Statistical Route Data Analysis • Group Calls Control for Lines or Dedicated Areas • Traffic Acceleration Support • Traffic Light Prioritization • Telemetric Data Generation out of Localization Data using the “Bus as a Sensor” as an Input for overall Traffic Management Systems
| • Tower and Apron Control • Ground Handling Services • Follow-Me Vehicle Management • Push-Back Management • Security Personnel Support • Emergency and Rescue Services Management • Airlines Support • Catering Services Management • Technical Services Management
| • Digital Solution Management for Vulnerable Private and Secure Networks: • Power Plant • Refineries • Chemical Factories • Harbour and Public facilities
• Solutions Delivery • Provision of Efficient Uninterrupted Services • Communications Network and Cost Control • Emergency Function Management
| • Police and Security Service Assistance
• Classified Information Management, as Required by Government
• Solutions Delivery • Effective Operations Management • Secure and Timely Information Access • Personnel Safety Support • Cost Optimization • Multi-Service Cooperation Management
|
The PikeOS real-time operating system is based on a MILS-conformant microkernel, which supervises every hardware access. Such a kernel must be sufficiently simple to enable a formal analysis of properties, and for each high-assurance subsystem to be modular so that it can be decomposed to elements sufficiently primitive to support analysis of security properties. PikeOS is built on a trusted microkernel consisting of about 5,000 lines of code. Its three-layer architecture is ideally suited to the design of secure systems: the trusted microkernel operating in supervisor mode; system software / middleware running in user mode; and the application layer containing virtual machine “personalities” and hosting application modules.
Extending MILS architecture’s benefits
Although designed with defense systems in mind, the PikeOS MILS architecture is equally applicable to non-defense systems requiring differing levels of security housed within a single architecture, thus providing a modular approach to the optimal mix of tradeoffs between security, cost, and development schedule. The PikeOS approach provides developers with a decided competitive edge for such systems, for the following reasons:
- Platform Aggregation – PikeOS allows the use of a single, aggregate platform whereas competitors will require separate computers and networks for implementing both unclassified / unsecure and classified / secure components of a single system.
- Secure Linux – PikeOS offers the developmental ease of a secure Linux solution operating in a user mode partition.
- Scalable and Trusted OS – whether in single or multiple partition, PikeOS offers the ability to scale systems from very tightly embedded devices to sophisticated server systems.
- Unified Development Environment – A single hardware platform and a single integrated development environment accommodate different development subgroups, reducing costs of hardware, tools, training, and maintenance.
Achievements
PikeOS is and has been already used in different industrial and R&D projects. Industrial projects cannot be disclosed but early result on PikeOS ability to comply with Common Criteria standard.
To know more about SYSGO's participation in international projects focusing on security, please check Verisoft, TECOM and SeSaM related information.
PikeOS has also been used for a product successfully evaluated by a French security test lab CESTI. The French CESTI lab is an accredited security evaluation laboratory for Common Criteria security evaluations. The product has been developed by a global company, leader for defense and security. As a result, a certificate called "Certification de Sécurité de Premier Niveau" (CSPN), also called First Level Security Certification was delivered by the French Network and Information Security Agency (ANSSI). More information is available here.
This certificate is a first but important milestone in the on-going process to certify PikeOS according to the highest levels of security initiated by SYSGO for several years.
The current efforts, in particular through the already mentioned R&D projects, include formal code verification of the PikeOS micro-kernel for Common Criteria EAL 7, and creation of artifacts for Common Criteria EAL 5+, as well as involvement in various industrial projects requiring the highest level of security.