Skip to main content

Compositional security certification for medium- to high-assurance COTS-based systems in environments with emerging threats

Objective

certMILS develops a security certification methodology for Cyber-physical systems (CPS). CPS are characterised by safety-critical nature, complexity, connectivity, and open technology. A common downside to CPS complexity and openness is a large attack surface and a high degree of dynamism that may lead to complex failures and irreparable physical damage. The legitimate fear of security or functional safety vulnerabilities in CPS results in arduous testing and certification processes. Once fielded, many CPS suffer from the motto: never change a running system.
certMILS increases the economic efficiency and European competitiveness of CPS development, while demonstrating the effectiveness of safety & security certification of composable systems.
The project employs a security-by-design concept originating from the avionics industry: Multiple Independent Levels of Security (MILS), which targets controlled information flow and resource usage amongst software applications. certMILS reduces certification complexity, promotes re-use, and enables secure updates to CPS throughout its life-cycle by providing certified separation of applications, i.e. if an application within a complex CPS fails or starts acting maliciously, other applications are unaffected.
Security certification of complex systems to medium-high assurance levels is not solved today. The existing monolithic approaches cannot cope with the complexity of modern CPS. certMILS uses ISO/IEC 15408 and IEC 62443 to develop and applies a compositional security certification methodology to complex composable safety-critical systems operating in constantly evolving hostile environments. certMILS core results are standardised in a protection profile.certMILS develops three composable industrial CPS pilots (smart grid, railway, subway), certifies security of critical re-useable components, and ensures security certification for the pilots by certification labs in three EU countries with involvement of the authorities.

Call for proposal

H2020-DS-LEIT-2016
See other projects for this call

Funding Scheme

IA - Innovation action

Coordinator

TECHNIKON FORSCHUNGS- UND PLANUNGSGESELLSCHAFT MBH
Address
Burgplatz 3A
9500 Villach
Austria
Activity type
Private for-profit entities (excluding Higher or Secondary Education Establishments)
EU contribution
€ 270 692,65

Participants (10)

ATSEC INFORMATION SECURITY GMBH
Germany
EU contribution
€ 433 650
Address
Steinstrasse 70
81667 Muenchen
Activity type
Private for-profit entities (excluding Higher or Secondary Education Establishments)
SCHNEIDER ELECTRIC ESPANA SA
Spain
EU contribution
€ 390 250
Address
Bac De Roda 52 Edif A
08019 Barcelona
Activity type
Private for-profit entities (excluding Higher or Secondary Education Establishments)
DEKRA TESTING AND CERTIFICATION SAU
Spain
EU contribution
€ 343 875
Address
Calle Severo Ochoa 2 Parque Tecnologico Campanillas
29590 Malaga
Activity type
Private for-profit entities (excluding Higher or Secondary Education Establishments)
THALES AUSTRIA GMBH
Austria
EU contribution
€ 440 125
Address
Handelskai 92
1200 Wien
Activity type
Private for-profit entities (excluding Higher or Secondary Education Establishments)
UNICONTROLS A.S.

Participation ended

Czechia
EU contribution
€ 139 769,86
Address
Krenicka 2257
100 00 Praha
Activity type
Private for-profit entities (excluding Higher or Secondary Education Establishments)
SYSGO SRO
Czechia
EU contribution
€ 501 900
Address
Zeleny Pruh 1560/99
140 00 Praha
Activity type
Private for-profit entities (excluding Higher or Secondary Education Establishments)
UNIVERSITAET ROSTOCK
Germany
EU contribution
€ 458 250
Address
Universitatsplatz 1
18055 Rostock
Activity type
Higher or Secondary Education Establishments
ELEKTROTECHNICKY ZKUSEBNI USTAV, SP
Czechia
EU contribution
€ 154 525
Address
Pod Lisem 129/2, Troja
182 00 Praha
Activity type
Private for-profit entities (excluding Higher or Secondary Education Establishments)
SYSGO GMBH
Germany
EU contribution
€ 663 018,13
Address
Am Pfaffenstein 8
55270 Klein Winternheim
Activity type
Private for-profit entities (excluding Higher or Secondary Education Establishments)
Q-MEDIA, S.R.O.
Czechia
EU contribution
€ 202 999,99
Address
Pocernicka 272/96
108 00 Praha
Activity type
Private for-profit entities (excluding Higher or Secondary Education Establishments)