HASPOC

HASPOC project partners

The HASPOC project consists of a number of active partners and is supported by a qualified reference group.

Active Partners

The HASPOC project is coordinated by SICS. The Security Lab at SICS brings in expertize in secure platforms, hypervisor construction and development as well as formal methods for proving security characteristics.
The project fits the SICS Security Lab's interest profile well and will allow the research work to be exploited in usable and secure products.

Contact: Rolf Blom (rolfb@sics.se)
Links: HASPOC project description on the SICS website
Ericsson Research is involved in the work to establish security certification standards for entities in mobile phone systems. Furthermore, Ericsson brings deep knowledge in trust anchoring and secure operation of radio network components and in particular of mobile phones. In addition, Ericsson contributes with comprehensive knowledge of system aspects and life cycle management.
Formal aspects and security certification of products is an upcoming requirement in the mobile phone industry. The results of the HASPOC project are directly applicable in future Ericsson product development.

Links: Ericsson Homepage
Sectra will focus on the development of hardware that will host the software platform developed and design patterns for the design of CC evaluated security products. Sectra has a successful record of crypto equipment development.
This project is an extension of ongoing developments to allow the use of virtualization in high assurance security products.

Contact: Robin von Post (rvp@sectra.com)
Links: Sectra Homepage
Tutus will apply the developed platform to one of their crypto products to discover gaps in requirements and to demonstrate the practical applicability of the secure platform. Tutus also has a successful record of crypto equipment development and has extensive experience in CC evaluation.
This project is a good match to Tutus' ambition to use virtualization in future CC certified products.

Links: Tutus Homepage
T2 Data will provide secure boot solutions including code verification on the ARM-platform as well as the tools and processes for secure issuing and management of software releases of security critical software considering the complete device life-cycle. T2 Data will as well provide expertise in secure software release and licenses management.
T2 Data has recently switched from mainly offering IT consultancy to being a product company with the new product MAIA continuous control center. Secure management of critical software is a natural step in expanding this strategy.

Links: T2 Data Homepage
Atsec AB is dedicated to all aspects of IT security, ranging from management consultancy to technical investigations and implementation of security solutions. Atsec is an accredited IT Security Evaluation Facility (ITSEF) under the Swedish, German and U.S. Common Criteria schemes under the Common Criteria Recognition Arrangement. With more than 100 Common Criteria evaluations atsec brings in leading competence in CC and in design and evaluation of products to be certified.
The HASPOC project will further develop atsec's insights into the use of formal methods and critical design aspects of virtualized solutions aiming for CC certification.

Links: Atsec Homepage
The KTH Royal Institute of Technology is the largest and oldest technical university in Sweden. As part of the department for Theoretical Computer Science, Professor Mads Dam leads an internationally well recognized research group with extensive experience in software security. Areas of expertize include security specification and analysis techniques, software and systems monitoring, information flow control, authorization and access control, and most recently, provably secure execution platforms. KTH will take responsibility for the formal security specification and verification of the platform kernel.
The project fits KTH's interest profile well and manifests the research work in usable and secure products.

Contact: Mads Dam (mfd@kth.se)

Reference Group

MSB has taken on a liaison role against SAMFI, a group for cooperation in information security issues between government authorities.
MSB will deliver Essential Security Requirements, a preparatory stage for defining a CC Protection Profile (PP). This work will be done in cooperation with SAMFI members. A protection profile may be developed by SAMFI depending on the outcome of the ESR work.

Links: MSB homepage
PTS monitors electronic communications (telephony, the Internet and radio) in Sweden and works with utilization of resources and secure communications.
PTS will liaise with NTSG, the National Telecommunications Coordination Group.

Links: PTS Homepage
Swedish Armed Forces / MUST is responsible for security approval of information security products for the Swedish armed defense and equipment used to protect information of national interest. It uses CC as a requirements tool and has a long experience in defining security requirements and performing security evaluations.

Links: the MUST directorate on the website of the Swedish Armed Forces
ABB Research has cutting edge industrial expertize on security requirements in critical infrastructures like process automation systems and energy production and distribution in e.g. smart electrical grids. ABB also has a deep knowledge in security requirements and solutions for operations and maintenance of security and safety critical systems.

Links: ABB in Sweden