HASELNUSS stands for "Hardwarebasierte Sicherheitsplattform für Eisenbahn-Leit- und Sicherungstechnik"
For the next generation railway signaling infrastructure, there is a trend to use COTS hardware as the computing elements and open network for the communication. Usage of the COTS hardware and open network introduces a security issues that directly affect the safety of the signaling infrastructure. Due to the high criticality nature of the infrastructure, there are strict standards that specify the methodology for the development and evaluation of the signaling infrastructure.
In the Haselnuss project, we are developing a security platform for the railway interlocking system that solves some of the existing security issues of the existing/proposed command and control architecture. The Haselnuss platform will apply MILS concepts [1 ], use hardware security module – TPM 2.0 that acts as the hardware security anchor, and PikeOS operating system that acts as the separation kernel to achieve strong isolation between the safety and security applications. This platform will include functional blocks needed for ensuring a secure life-cycle of interlocking systems once they are deployed in the field. This include secure boot to prevent unauthorized modification/tampering of software and configuration, security monitoring for detecting anomalies in the system, measured boot and remote attestation for measuring and providing evidence about the system integrity to a remote party, secure update to react to the discovery of security vulnerabilities or software bugs in the deployed system.
The main role of SYSGO in Haselnuss project is to provide the separation kernel, which will be part of MILS Core for integrating the safety critical application together with the newly developed security enhancing applications on one hardware platform. SYSGO will provide support for support for the secure boot, measured boot, and secure update will functionality. Also, PikeOS will be extended with tracing and monitoring infrastructure that provides insight into the application’s runtime behavior and network activities without losing the safety (real-time) and security guarantees. In this project, a strong emphasis is placed on following the methodology specified by the safety and security standards required for the railway [EN50128, EN50129, IEC62443, CommonCriteria]. By this, we aim to make the HASELNUSS platform, not just a prototype implementation but rather a certifiable platform that can be used in the high-critical railway infrastructure that needs approval from the certification authorities.
For more information please visit the official project website.