Overview

Concept

To be resilient, a system must be adaptable. Trustworthy adaptation requires that a system can be dynamically reconfigured at runtime without compromising the robustness and integrity of the system. Traditional certification practices have conservatively required critical systems to be static, and required assessment of the entire integrated system for certification. Adaptability has been at odds with certification. Adaptive MILS will extend MILS, a successful paradigm for rigorously developed and assured composable static systems, with adaptation mechanisms and a framework within which those mechanisms may be safely and securely employed for reconfiguration within the constraints of a configuration policy.

The Need for Trustworthy Adaptive Systems

Critical infrastructures, systems of autonomous systems, cloud computing for safety- and security-critical applications, are all dynamic systems that demand reliability, robustness, resilience, security, and other attributes we refer to generically as dependability. These systems while proving highassurance must be developed, certified, deployed, and maintained at an affordable cost. Moreover, the modern environment has become hostile for the critical infrastructures requiring constantly adapting their safety and security behaviour.

Extending MILS to Adaptive Systems

MILS is a component-based approach to develop and certify critical systems. Current MILS implementations provide only for fixed runtime architectures as they are based on statically configured MILS platforms. That is, the configuration information used to configure the exported resources of the separation kernel, and other MILS resource-sharing foundational components making up the MILS platform, is finalized before initialization of the MILS platform. After initialization there is no creation or destruction of exported resources, and no changes in the information flow policy. This is a characteristic shared with safety-critical real-time operating systems (RTOSs). The rationale, inherited from the safety domain, is that only static systems can be adequately well understood and analyzed to achieve the required level of confidence that they will behave as expected. The approach has also been applied to security-critical systems needing the highest levels of assurance. A MILS platform that implements a full and flexible ability to change its configuration during runtime is said to be dynamic.

Project Objective

The CITADEL project has built upon the MILS technology accomplishments of D-MILS and Euro-MILS, and performed the research and development necessary to create adaptive MILS systems. We propose to use adaptive MILS in new and evolving adaptive systems contexts having strategic focus within the EU, such as Critical Infrastructures and the Internet of Things, where adaptability is a crucial ingredient for the safety and security of future systems, and where the rigorous construction and verification made possible by MILS holds particular promise.

The project has achieved in its final phase the demonstration of the capabilities of the adaptive MILS technology in several industrial contexts and application scenarios, and has layed the technical foundations for a certification framework for the use of adaptive MILS components and systems in critical infrastructure applications.

CITADEL is an Innovation Action partly funded by the Horizon 2020 Programme of the European Union under grant agreement no. 700665.

Project News

Presentation of the paper "Model-Based Run-Time Synthesis of Architectural Configurations for Adaptive MILS Systems" at SAFECOMP 2019

The paper "Model-Based Run-Time Synthesis of Architectural Configurations for Adaptive MILS Systems" has been presented at the 38th International Conference on Computer Safety, Reliability and Security (SAFECOMP 2019, https://conferences.ncl.ac.uk/safecomp2019/) on 11 September 2019 in front of an audience of about 80 conference participants from research and industry.

Read more…
Started by Ivan Stojic
0 Replies

Paper on Run-Time Architecture Synthesis for Adaptive MILS

The paper "Model-Based Run-Time Synthesis of Architectural Configurations for Adaptive MILS Systems" has been accepted for publication in the proceedings of the 38th International Conference on Computer Safety, Reliability and Security (SAFECOMP 2019, https://conferences.ncl.ac.uk/safecomp2019/). The conference will be held in Turku, Finland on 10 - 13 September 2019.

Read more…
Started by Ivan Stojic
0 Replies

Paper on Modeling and Programming Dynamic Reconfigurable Systems in DR-BIP

The paper "Four Exercises in Programming Dynamic Recongurable Systems: Methodology and Solution in DR-BIP" has been accepted for publication in the proceedings of the 8th International Symposium On Leveraging Applications of Formal Methods, Verification and Validation (ISOLA 2018).  The paper will be presented next week at the symposium, which will be held in Limassol, Cyprus, from 05 to 09 November 2018. 

Read more…
Started by Marius Bozga
0 Replies

Project Partners

 

 

 

 

 

 

 

 

 

 

 

 

 

The CITADEL project receives funding from the European Union's Horizon 2020 Research and Innovation Programme under grant agreement No. 700665.
The contents of this website do not necessarily reflect the position of the European Commission and the European Commission is not responsible for any use that may be made of the information it contains.