Your search keyword '"Tummeltshammer, Peter"' showing total 6 results

1. Security certification experience for industrial cyberphysical systems using Common Criteria and IEC 62443 certifications in certMILS

Author

Hohenegger, Andreas, Krummeck, Gerald, Baños, Janie, Ortega, Alvaro, Hager, Michal, Sterba, Jiri, Kertis, Tomaš, Prochazka, Jan, Novobilsky, Petr, Caracuel, Benito, Ramos, Francisco, Lourdes Sanz, Ana, Eschweiler, Dominik, Gries, Caspar, Blasum, Holger, Vögler, Torsten, Neškudla, Jan, Rollo, Jan, Burgstaller, Lisa, Truskaller, Martina, Koch, Klaus-Michael, Hametner, Reinhard, Rauscher, Sandro, Tummeltshammer, Peter, Golatowski, Frank, and Schulz, Thorsten

Subjects

security certification, ComputerApplications_COMPUTERSINOTHERSYSTEMS, MILS, common criteria, cyberphysical systems

Abstract

Security concerns become increasingly important in safe-ty-critical industrial cyberphysical systems. Different options for security certification exist. We describe a Common Criteria certification for a MILS separation kernel, and IEC 62443 analysis and certifications for the smart grid, railway and subway pilots using the MILS approach in the research project certMILS.

Published

2021

2. Time-multiplexed multiple-constant multiplication

Author

Tummeltshammer, Peter, Hoe, James C., and Puschel, Markus

Subjects

Circuit designer, Integrated circuit design, Multiplexer, Time division multiplexing -- Analysis, Circuit design -- Analysis, Multiplexers -- Usage

Published

2007

3. Regulative Baseline: Compositional Security Evaluation

Author

Hohenegger, Andreas, Blasum, Holger, Tverdyshev, Sergey, Garcia, Luis, Álvarez de Sotomayor, Amelia, Caracuel, Benito, Kertis, Tomáš, Krummeck, Gerald, Kurth, Helmut, Persson, Staffan, Hametner, Reinhard, Paultisch, Michael, Tummeltshammer, Peter, and Hager, Michal

Subjects

composition, assurance, 11. Sustainability, security dependencies, methodology, security evaluations

Abstract

In the focus of the certMILS project are cyber physical systems (CPS). These combine physical and software elements and, with the advances of industry, such automated solutions increasingly take over critical tasks in all areas of our society. Smart grids, safety-critical transport systems and in general industrial control systems – CPS can take on many faces but are commonly characterized by their complexity. CPS are composed of specialized parts and COTS elements, typically by different parties. Due to CPS’ criticality, there is a high need for assurance in the correct (safe and secure) operation of the entire systems and, consequently, they are often subject to regulations. That is, the components and/or complete systems must be certified according to standards, applicable to the respective sector. For instance, the IEC 62443 series of standards deals with complete industrial automation and control systems, the ISO 27000 series with information security management systems (processes), and the Common Criteria (CC) with subsystems of IT products. Even though these different frameworks share some common principles, a diversity of approaches prevails. It is not always easily reconciled. The present report provides an overview of the various standards applicable to different critical applications. It points out that the regulative situation is sometimes unsatisfactorily incomplete or conflicting where different standards apply. Prerequisite for the certification according to any standard is a successful evaluation according to its principles. The rigor of such evaluations will normally increase with increasing criticality of the application, but is in practice eventually a trade-off between assurance needs and economic feasibility. A common theme of security evaluations of CPS is therefore the desire to derive assurance for composed systems from that established for their components (subsystems). The objective here is that the results of the component’s evaluation can be reused to render the evaluation of complex systems economically feasible, or possible at all. In particular, their evaluation/certification would not need to be repeated from scratch if one or more system components are changed. To this end, one of the relevant and broadly applied industry standards, the CC knows the concept of compositional evaluation. However, despite the rather generic formulation of this CC aspect, and the promise that it holds, it has hardly found application. The issues that hinder its success are described by the present document, as well as an alternative method, intended for smart cards and similar applications, that received more attention but likewise suffers from shortcomings. In summary, the benefit of the CC compositional evaluation approach is minor for low assurance evaluations. Very high assurance cannot be gained as it foresees a limited transfer of design documentation. This is owed to the fact that component developers will not always easily share these secrets. MILS systems, that borrow their name to this project, arose from the requirement to gain assurance in the security properties of computers. They feature a layered structure in which security-critical functions are concentrated in a part, called the separation kernel, which is intentionally small enough to permit evaluation with great rigour. In applications, such as CPS, these layers are always combined with other elements, such as the hardware platform or software running on top of the separation kernel. At first glance, MILS systems seem to lend themselves to compositional evaluation, as they are well structured and characterized by strong security policies. However, the various conceivable applications of compositional evaluation suggested by MILS applications still pose challenges for the existing methods if high assurance is required. It is the purpose of the present report to describe the different approaches and what they have to offer for this type of system.

Published

2017

4. Using Formal Methods for Verification and Validation in Railway.

Author

Reichl, Klaus, Fischer, Tomas, and Tummeltshammer, Peter

Published

2016

5. Multiple constant multiplication by time-multiplexed mapping of addition chains.

Author

Tummeltshammer, Peter, Hoe, James C., and Püschel, Markus

Published

2004

6. Regulative Baseline: Compositional Security Evaluation

Author

Hohenegger, Andreas, Blasum, Holger, Tverdyshev, Sergey, Garcia, Luis, Álvarez de Sotomayor, Amelia, Caracuel, Benito, Kertis, Tomáš, Krummeck, Gerald, Kurth, Helmut, Persson, Staffan, Hametner, Reinhard, Paultisch, Michael, Tummeltshammer, Peter, and Hager, Michal

Subjects

composition, assurance, 11. Sustainability, security dependencies, methodology, security evaluations

Abstract

In the focus of the certMILS project are cyber physical systems (CPS). These combine physical and software elements and, with the advances of industry, such automated solutions increasingly take over critical tasks in all areas of our society. Smart grids, safety-critical transport systems and in general industrial control systems – CPS can take on many faces but are commonly characterized by their complexity. CPS are composed of specialized parts and COTS elements, typically by different parties. Due to CPS’ criticality, there is a high need for assurance in the correct (safe and secure) operation of the entire systems and, consequently, they are often subject to regulations. That is, the components and/or complete systems must be certified according to standards, applicable to the respective sector. For instance, the IEC 62443 series of standards deals with complete industrial automation and control systems, the ISO 27000 series with information security management systems (processes), and the Common Criteria (CC) with subsystems of IT products. Even though these different frameworks share some common principles, a diversity of approaches prevails. It is not always easily reconciled. The present report provides an overview of the various standards applicable to different critical applications. It points out that the regulative situation is sometimes unsatisfactorily incomplete or conflicting where different standards apply. Prerequisite for the certification according to any standard is a successful evaluation according to its principles. The rigor of such evaluations will normally increase with increasing criticality of the application, but is in practice eventually a trade-off between assurance needs and economic feasibility. A common theme of security evaluations of CPS is therefore the desire to derive assurance for composed systems from that established for their components (subsystems). The objective here is that the results of the component’s evaluation can be reused to render the evaluation of complex systems economically feasible, or possible at all. In particular, their evaluation/certification would not need to be repeated from scratch if one or more system components are changed. To this end, one of the relevant and broadly applied industry standards, the CC knows the concept of compositional evaluation. However, despite the rather generic formulation of this CC aspect, and the promise that it holds, it has hardly found application. The issues that hinder its success are described by the present document, as well as an alternative method, intended for smart cards and similar applications, that received more attention but likewise suffers from shortcomings. In summary, the benefit of the CC compositional evaluation approach is minor for low assurance evaluations. Very high assurance cannot be gained as it foresees a limited transfer of design documentation. This is owed to the fact that component developers will not always easily share these secrets. MILS systems, that borrow their name to this project, arose from the requirement to gain assurance in the security properties of computers. They feature a layered structure in which security-critical functions are concentrated in a part, called the separation kernel, which is intentionally small enough to permit evaluation with great rigour. In applications, such as CPS, these layers are always combined with other elements, such as the hardware platform or software running on top of the separation kernel. At first glance, MILS systems seem to lend themselves to compositional evaluation, as they are well structured and characterized by strong security policies. However, the various conceivable applications of compositional evaluation suggested by MILS applications still pose challenges for the existing methods if high assurance is required. It is the purpose of the present report to describe the different approaches and what they have to offer for this type of system.