Combating cyber attacks is increasingly crucial for both commercial and government applications. Suppliers who can address both with efficiency have a competitive edge.
Use Case Focus
- Audience: Any company delivering secure systems
- Sector: Commercial and Government
- Market Segment: Communications, Financial, Military
- Subsegment: Secure Systems
- Hardware: x86, PowerPC, CAVIUM, other
- Software: PikeOS, ELinOS
"The PikeOS MILS kernel is becoming more relevant today as both industry and government take more seriously their responsibilities to keep private information confidential while at the same time enabling ever increasing connectivity and information access to secured users."
- Consolidate security subsystems on a single platform.
- Isolate high functionality code from high security code in mutually protected partitions.
- Achieve security certification for both commercial and government applications
- Save development and maintenance costs with a unified hardware platform and software development environment
Although the need to deal with security threats was first recognized for defense systems, in today’s world malicious attacks are resulting in large financial losses and services outages in many industries. Historically, most commercial systems have been developed with haphazard attention to security concerns, resulting in tremendous costs and business risks. Suppliers have a clear competitive edge if they are able to leverage the security technology developed for defense systems certification and efficiently apply its principles in commercial markets.
Due to hardware and software advancements as well as cost containment pressures, there is an increasing desire to house multiple systems on a single platform that can meet diverse and independent security requirements. This need led to the development of the MILS (Multiple Independent Levels of Security) architecture. While initially developed with defense systems in mind, MILS concepts are relevant to many different industry sectors that require security from different types of threats to be managed in a cost-effective manner. MILS offers a suitable architecture not only for military systems, but also applications as diverse as medical, industrial, and financial systems. MILS accomplishes the goal of supporting diverse levels of security by following a layered approach to implementing various security concepts.
Security standards are defined by the Common Criteria (CC), an international standard for security requirements. The CC defines multiple levels of security in the form of Evaluation Assurance Levels (EALs), with the highest level defined as EAL 7. Approaches to enforcing security must be layered and incremental in order to address an evolving environment populated by resourceful attackers. Again, this holds true in both military and commercial application domains.
Beyond the scope of any competing technology, PikeOS is taking direct aim and achieving security assurance all the way to EAL 7. As part of the Verisoft XT project, funded by BMBF (German Ministry of Education and Research), SYSGO is pursuing the formal verification of PikeOS using an innovative enhanced code verification approach that provides:
- memory framing properties, that is, absence of illegitimate memory accesses on some sections of code and
- functional correctness, that is, implementation honoring the formal specification on some parts of the kernel.
The resulting formal work can be inserted into dependability frameworks such as the Common Criteria, ISO/EIC 61508 or DO-178B, offering the widest range and deepest level of security options available for all varieties of public and private sector projects.
Non-defense government and commercial industries requiring multi-level secure solutions are many and varied. Some examples include:
The PikeOS real-time operating system is based on a MILS-conformant microkernel, which supervises every hardware access. Such a kernel must be sufficiently simple to enable a formal analysis of properties, and for each high-assurance subsystem to be modular so that it can be decomposed to elements sufficiently primitive to support analysis of security properties. PikeOS is built on a trusted microkernel consisting of about 5,000 lines of code. Its three-layer architecture is ideally suited to the design of secure systems: the trusted microkernel operating in supervisor mode; system software / middleware running in user mode; and the application layer containing virtual machine “personalities” and hosting application modules.
Although designed with defense systems in mind, the PikeOS MILS architecture is equally applicable to non-defense systems requiring differing levels of security housed within a single architecture, thus providing a modular approach to the optimal mix of tradeoffs between security, cost, and development schedule.