#	Pagina
attuale pagina	/open-h2020/projects/202704/results.html
-1	/open-h2020/projects/221913/index.html
-2	/open-h2020/projects/196263/index.html

Report

Teaser, summary, work performed and final results

Periodic Reporting for period 1 - CITADEL (Critical Infrastructure Protection using Adaptive MILS)

Teaser

Summary

The fundamental principle on which the CITADEL project has been founded is that to be resilient, a system must be adaptable. Critical infrastructures, systems of autonomous systems, cloud computing for safety- and security-critical applications, are all dynamic systems that demand reliability, robustness, resilience, security, and other attributes we refer to generically as dependability. These systems while proving high assurance must be developed, certified, deployed, and maintained at an affordable cost. Moreover, the modern environment has become hostile for the critical infrastructures requiring constantly adapting their safety and security behaviour.
Trustworthy adaptation requires that a system can be dynamically reconfigured at runtime without compromising the robustness and integrity of the system. Traditional certification practices have conservatively required critical systems to be static, and required assessment of the entire integrated system for certification. Adaptability has been at odds with certification. The Adaptive MILS technologies that will be developed in CITADEL will extend MILS, a successful paradigm for rigorously developed and assured composable static systems, with adaptation mechanisms and a framework within which those mechanisms that may be safely and securely employed for reconfiguration within the constraints of a configuration policy.
MILS is a component-based approach to develop and certify critical systems. Current MILS implementations provide only for fixed runtime architectures as they are based on statically configured MILS platforms. That is, the configuration information used to configure the exported resources of the separation kernel, and other MILS resource-sharing foundational components making up the MILS platform, is finalised before initialization of the MILS platform. After initialization there is no creation or destruction of exported resources, and no changes in the information flow policy. This is a characteristic shared with safety-critical real-time operating systems (RTOSs). The rationale, inherited from the safety domain, is that only static systems can be adequately well understood and analysed to achieve the required level of confidence that they will behave as expected. The approach has also been applied to security-critical systems needing the highest levels of assurance. A MILS platform that implements a full and flexible ability to change its configuration during runtime is said to be dynamic.
The CITADEL project will build on the MILS technology accomplishments of D-MILS and Euro-MILS, and carry out the research and development necessary to create adaptive MILS systems. Adaptive MILS will support a new generation of evolving adaptive systems critical Infrastructures in Europe, where adaptability is a crucial ingredient for the safety and security of future systems, and where the rigorous construction and verification made possible by MILS particular benefits.

Work performed

The project is progressing as expected with the focus in the first months being the definition of the industrial Demonstrator requirements for the project technologies in providing improved security for critical infrastructures. These industrial requirements have provided the basis to establish the detailed technical requirements that drive the technology development tasks within the project, which were completed on schedule with workpackage 2 being finalised.
In the subsequent months, the first technologies developments have been undertaken in each of the development workpackages according to schedule, with first deliverables describing the CITADEL Modelling and Specification Languages, and the specification of the interfaces and workflow for the Adaptive MILS Evidential Tool Bus, which supports the assurance approach that has been specified in the Certification Readiness Report. An early version of the extended separation kernel, which is a key component of the Adaptive MILS platform was also completed.
Preparatory work for the evaluations of the project technologies within the context of the three critical infrastructure industrial demonstrators has been carried with an initial assessment of the Technology Readiness Levels of each of the baseline technologies that will be used for developing the Adaptive MILS components, along with the specification of the methodology and metrics that will be used in evaluating the impact the project technologies have when deployed within the industrial demonstrators that are representative of key European critical infrastructure domains.
Complementing the technology development and evaluations work in the project have been tasks to establish the initial dissemination and exploitation strategy for the project and supporting actions of defining the training strategy and plans, which will facilitate the take-up by industry of the project technologies (deliverable D6.5) and also preparation of promotional materials including the project website and periodic updates.

Final results

The project expects to achieve in its final phase the demonstration of the capabilities of the adaptive MILS technology in several industrial contexts and application scenarios, and lay the technical foundations for a certification framework for the use of adaptive MILS components and systems in critical infrastructure applications.
The specific technological ambitions of the CITADEL project include the following:
â€¢ Create the worldâ€™s first distributed adaptive MILS platform for safety/security-critical infrastructures allowing regulated critical infrastructure to operate safely in a hostile environment combining the previous results from diverse research projects in the MILS domain into a product-grade platform.
â€¢ Develop a user-friendly modelling language to describe reconfigurable systems and a high-assurance framework for adaptive reconfiguration providing a top-to-bottom (from high-level abstract declarative specifications to fine-grained configuration change invocations), and end-to-end (from specification of necessary properties to the verification and certification of systems possessing those properties) solution for complete and trustworthy development.
â€¢ Develop a European high-assurance security evaluation methodology that benefits European critical infrastructures based on the well-established Common Criteria framework to assess and build-up assurance guarantees for adaptive systems. In the face of constantly changing hostile environments, this is a key to highly resilient critical infrastructures which have to comply with multiple regulation requirements.
â€¢ Demonstrate technology readiness to TRL7 of CITADEL technologies for adoption in European critical infrastructures by carrying out field tests of technologies within three European critical infrastructures according to the operatorsâ€™ certification constraints.

The adaptive MILS technologies being developed in the CITADEL project will establish a common framework for safety- and security-critical systems construction and certification, encouraging innovation among component and service suppliers, and leading to improved dependability while reducing the cost to develop, certify and deploy trustworthy critical infrastructure systems across Europe.