Common Criteria Certification for Real-Time Applications with IoT Gateways
Protection against cyberattacks is becoming increasingly important. Data and IP theft are bad, because data is the gold of the 21st century. Sabotage of real-time and Safety applications is even worse. After all, life and limb are at stake here.
To best secure IoT-connected systems in critical infrastructures, the highest Cybersecurity is required in addition to functional Safety. The leading standard is Common Criteria (CC), which is a worldwide recognized standard supported by many countries. Using compliance matrices, it is easy to achieve the levels of industry standards such as DO-356A/ED-203A, IEC 62443 or ISO/SAE 21434.
The presentation introduces the CC model, explains its functional and assurance components and, using the example of a secure gateway, explains how to proceed during development, what to look out for and what value an EAL 5+ certified RTOS offers in such applications.
Findings from the presentation include: By using the EAL 5+ certified OS as part of a CC EAL-certified Hardware Abstraction Layer (HAL), the Security domain is split into two layers: The application layer and the platform layer. Benefit: The scope of the CC evaluation is limited to the application layer. If the application layer uses the separation properties of the platform layer, components are isolated efficiently, and security goals are achieved more easily. Platform evaluation requires the extension of the CC certification of the OS.
More information at www.sysgo.com/common-criteria