The following paragraphs aim at introducing the project in a nutshell:
In the modern information society, digital infrastructures provide and control close to all important services and production systems in society. At the same time, end-users, industry, and society in general face a rapidly increasing cyber threat situation. In order to guarantee reliable and available services withstanding those threats, security solutions for critical digital services and infrastructures are needed. The Digital Agenda for Sweden (PDF) points out some challenges: Control systems for vital services must be secure, networks must handle communications securely and there is a need for use of encryption to provide communications privacy and integrity. One of the key challenges is to establish a high degree of platform security.
Recently, warnings were raised with regard to the security of the embedded systems which we currently use for communication purposes like routers and modems or as controlling units. It was pointed out that a large share of them lack in SW quality and maintainability opening up for attacks.
Governments, big organizations and authorities are increasingly starting to require an independent verification (certification) of claimed security properties of deployed products and systems. For IT-solutions, a well-established method is to use the Common Criteria (CC) (ISO 15408) framework and certify products according to defined and internationally recognized security requirements and assurance levels. The CC addresses protection of assets from unauthorized disclosure, modification, or loss of use. Requirements for high assurance level CC certification of security products come from Swedish authorities and other customers. In the project reference group we have representatives for Swedish authorities (MSB, PTS and MUST) developing product requirements as well as regulating use of certified products.
The ultimate project target is to provide security for critical digital services and infrastructures by development of a trusted,
cost and resource efficient virtualized COTS (ARM) platform with proven and Common Criteria certified security properties.
Customer requirements and market competition require that future security products deliver stronger and verified protection, can be developed faster, use less resources (hardware, energy), and become physically smaller. To this end, virtualization is a powerful tool both for efficiency and protection as virtualization can be a security mechanism in itself offering isolation of different services running on a computing platform. However, for customers to place trust in a product such as a hypervisor, in particular if it is new to the marketplace, the claimed security properties must be backed up by evidence, and the best evidence available is a formal and machine checkable proof. The platform will cover trust anchoring, boot system, hypervisor functionality, and required security related life-cycle management features.
A key activity will be to integrate, in terms of understanding and use/development of supporting tools, the formal verification currently under way with the CC evaluation process.
The developed technology will, in addition to specific security products like crypto equipment, secure mobile phones, and firewalls, be applicable in a wide range of areas like SCADA systems, mobile communication networks, vehicular, avionics, and medical systems, cloud application platforms, and also for devices in the Internet of Things (IoT).
To gain market success and contribute to business growth, it is necessary to have highly secure and competitive products. Products need to be resource efficient with respect to cost of production, time for development, physical size and power consumption while maintaining strong security assertions. A virtualized solution influences all these factors in a positive way and will markedly increase the competitiveness of a product on the international market.
The platform will be open source, making it possible to independently evaluate the solution and increase trust.
More details on the roject can be found in: