Critical infrastructures (CI) rely on complex safety- and security-critical ICT systems placed into unpredictable environments and forced to cope with unexpected events and threats while exhibiting safe adaptive behavior. Recent security trends stress continuous adaptation to increase attacker work factor and to confound reverse-engineering. Critical CI systems must undergo extensive and costly scrutiny under diverse certification regimes. Improved, effective and affordable development and certification methods are essential.
CITADEL will provide innovative platform technology, methodology and tools for development, deployment, and certification of adaptive MILS systems for CI, to be demonstrated in three industrial CI use cases. The solution enables robust and resilient CI through monitoring and adaptive self-healing mechanisms that respond to natural and malicious occurrences by intelligently reconfiguring hosts, functions, and networks, while maintaining essential functions and defences.
CITADEL is based on MILS, an approach featuring modular construction and compositional assurance, reducing the time and cost for development, certification, and maintenance of dependable systems. The MILS platform, based on a separation kernel, manages physical resources while establishing and enforcing a verified application architecture.
Leveraging advances from the D-MILS and EURO-MILS projects, CITADEL will extend the MILS approach by adding dynamic reconfiguration to the MILS platform, and Monitoring and Adaptation Systems enabling resilience to adversity while preserving vital system properties.
CITADEL supports certification of Adaptive MILS systems by analyzing configuration change mechanisms, adaptation system, configuration properties, and configuration change policies with automated verification tools, and by providing an innovative runtime evidence management agent to automatically generate up-to-date certification assurance artifacts as the system adapts.