Press Releases

Security Certification

SYSGO's SeSaM project fosters the High-Level Security Domain

SYSGO, a leading supplier of certifiable operating systems, announces the start of the two-year project SeSaM (Secure and Safe Microkernel) dedicated to the development and certification of high-assurance operating system components.

As the only Common Criteria (CC) protection profile for micro-kernels has been developed and can only be applied in the US, SeSaM has been established to create a European foundation in the Multiple Independent Levels of Security (MILS) domain. SeSaM is another important example of SYSGO's ability to offer solutions in the area of very high-level security.

Today, virtualization technologies are being used in safety- and security-critical application domains to consolidate heterogeneous legacy infrastructure grown over decades, a good example being aerospace. Another application domain is the growing networking of terminal devices that poses new requirements for the data security of embedded systems. Thus, virtualization will be very likely the basis for the entire domain of embedded systems, as well as a key technology for IT systems in general. As an ideal foundation for such virtualization solutions, so-called microkernels have to meet both security and safety requirements. The SeSaM project shall strengthen competency in the field of high-assurance microkernels, develop assurance techniques for applied security assurance, and support future product developments.

"We are very proud to have well-known partners on board of that ambitious project," said Sergey Tverdyshev, project engineer at SYSGO and project manager of SeSaM. "Together we will pursue the goal of improving the development and certification of high-assurance operating system components in a way that is not available elsewhere today on the market."

In detail, the project has the following objectives:

  • Security requirements for virtualization solutions: Considering current state of the art, requirements and policies for virtualization solutions shall be analyzed in an as generic as possible way. Hereby, a conceptual framework is generated that supports developments in the field by establishing definitions and requirements, thus enhancing comparability. In addition to a more general competency obtained in this import segment, a Protection Profile formulated on this basis will considerably ease further certification efforts.
  • Security Target for a microkernel "Made in Germany": A security target for PikeOS will be prepared as a prototypical instantiation of the protection profile. In addition to validating the generic concepts worked out, this shall generate a sustainable basis for a certification of security-critical operating systems in Europe for EAL5
  • Formal Methods: Formal modelling has shown to be extremely useful, especially for requirements analysis. Description methods targeting the identified notions in virtualization solutions allow a further development to EAL6/7 and strengthen security competency, which will play a decisive role in the future.
  • Modular system development and certification: Modular development and certification are indispensable - however in their vertical dimension (refinement) they lead to problems that are still not fully mastered. In the context of refining security requirements, a modular certification process shall also be worked out on a formal level. The aim is to find an appropriate solution that both leads to manageable proof obligations and is adequate for the implementation of PikeOS.

About SeSaM

SeSaM is a two-year joint research project of DFKI GmbH (, EADS Innovation Works (, Fraunhofer IESE (, and SYSGO ( and it is funded by the IT security program ( of the German Ministry of Education and Research (BMBF) (

The aim of the project is to create a foundation for the development and certification of high-assurance operating system components. In particular, the project is about virtualization for centralized platforms that run applications of different criticality. A focus is set on the early development phase, that is, on the definition of security requirements that result in the formulation of a corresponding security policy. Initially this should be done in a generic way using existing approaches and then be instantiated for a concrete system.

More information about SYSGO Security at

PikeOS RTOS & Hypervisor

RTOS & Hypervisor

Learn more

PikeOS for MPU

PikeOS for MPU

Learn more

ELinOS Embedded Linux

Embedded Linux

Learn more

Need more Information?

Contact us