Powerful collaborations, cutting edge science and curious minds coming together for a glimpse of the future. Stay tuned as we look at the latest updates on some of the most promising technology projects.

Powerful collaborations, cutting edge science and curious minds coming together for a glimpse of the future. Stay tuned as we look at the latest updates on some of the most promising technology projects.

Hello and welcome. I'm Peter Balint from Technikon. And today we look at the certMILS project once again. As you recall, this EU funded effort is researching ways of keeping complex systems safe and secure. The last time we talked about trains and power grids that could benefit by rapid and efficient safety certification methodologies. That's the goal of certMILS. Using the existing MILS or multiple independent levels of security platform, certMILS seeks to find ways of shortening, simplifying and implementing new certification methodologies with the ultimate goal of efficient security in embedded systems across Europe. Today we speak with Holger Blasum from SYSGO and Thorsten Schulz from the University of Rostock also in Germany. Both gentlemen are project partners in certMILS. They join us remotely from their home offices today. Welcome, and I'll ask you Holger What is certMILS and where does the name come from?

Hello and welcome. I'm Peter Balint from Technikon. And today we look at the certMILS project once again. As you recall, this EU funded effort is researching ways of keeping complex systems safe and secure. The last time we talked about trains and power grids that could benefit by rapid and efficient safety certification methodologies. That's the goal of certMILS. Using the existing MILS or multiple independent levels of security platform, certMILS seeks to find ways of shortening, simplifying and implementing new certification methodologies with the ultimate goal of efficient security in embedded systems across Europe. Today we speak with Holger Blasum from SYSGO and Thorsten Schulz from the University of Rostock also in Germany. Both gentlemen are project partners in certMILS. They join us remotely from their home offices today. Welcome, and I'll ask you Holger What is certMILS and where does the name come from?

So the idea of certMILS is that we demonstrate how to certify modern embedded systems that are safety and security critical so is is also called cyber physical systems and that we... to do this we not only say that we CERT that certify this is where CERT is coming from, but we also introduce that we intend... or that we do apply a certain methodology which is by using MILS systems. MILS itself means multiple independent levels of security and or safety. And maybe MILS is something that needs some explanation and actually the easiest way to explain MILS in my eyes is to start with what everybody knows -that's operating systems and computers and how they relate to our everyday life. So if you are sitting at a computer desktop or laptop then you probably want to use that computer which is itself a fairly general purpose machine to do different tasks at your desktop that might be you want to surf the Internet with your browser. You might want to have some document editing you might have spreadsheets you might have things like teleconferencing software. You might have some drawing software and you have this different task of telecommunicating, drawing, writing text, writing structured data in spreadsheets and so on and you have different applications for that. That is on your desktop or laptop you have an ecosystem of completely different applications that were also written by different teams and everybody was doing the applications at getting what they are really good at. Say for instance, for the Internet browsers for surfing the Internet you can... you can choose among say Firefox, Chrome, Edge and many others or Opera to name a European company. And again for the document editing you could choose between say Microsoft Word, LibraOffice Writer and things like that. And you'll have different tremendous teams behind all these applications. That's in the background; do their job when you need them -but you can also have different applications open at the same time and then magically even if you say you're using teleconferencing system and you're editing a document the same time maybe a document that you're showing and maybe you're browsing at the same time these applications usually do not interfere which is -as they do not get into each other's way. I mean sometimes they do. And then on the desktop operating system we noticed oh the system is frozen -the spreadsheet is calculating and they can't use the browser or vice versa. But it's not happening that often. And the magic behind this that is that these applications that have been developed by completely different teams by great teams that were optimizing for their own things that they don't interfere. That's the operating system and the operating system is in charge that you can run these things at the same time or seemingly at the same time on a single computer without interference and magically having aligned these things. Now next I go to things that we don't see in every day life that often but we are going to embedded systems. Embedded systems are things that are deep inside the magics of everyday technology to say of the last time Sandro and Thorsten were talking about trains and it's about the control systems of trains themselves within the trains. It's about the control systems of interlocking systems that allow where the trains are run. And again these traditionally has been very... starting in the 1970s 80s 90s very simple devices and they are now becoming networked to the Internet because that's useful for monitoring them. So if I'm talking about these embedded devices, some frequent cloud applications or needs that we see is that we have to run a controlled on a such a device it's also called an actuator that we say brake, please now brake... stop or kind of release the brake again or that we say the signal shall go green or red or whatever. So this is.. part of this is that the embedded system is actually controlling and the device. A second common pattern that you have in an embedded system is that you need some remote monitoring of the thing that's an operator of say several thousand interlocks on a railroad grid can see the overall state of each interlock: is it open or is it closed and remotely also inspect the kind of health status of the device for instance does it react properly? Maybe it's getting rusty or whatever. Thirdly there was also a talk... that was also talked by Sandro and Thorsten last time is the importance... is the need to have updates of the system to react to security challenges. And this, well there are different ways of doing this either can be done locally by a trusted operator doing it the traditional way, coming with some `USB stick or something like that doing an update on site or you do it remotely. If you're allowed to do it remotely then again you have quite strong security requirements that this update function does not interfere with the monitoring and the actuator control. So coming back to the original topic of interference, again on these embedded devices it's very important that these applications do not interfere with each other. So that say if somebody is monitoring the status of an inter locking signal, it should never interfere with the action or functionality of giving a signal of the interlock or braking system it should never... it must never interfere with the braking itself. Therefore we need for an embedded device, we need an operating system that is really really reliable in keeping this different task apart from each other. The concept is the same as described on the desktop operating system or laptop and the mobile device, but here on the embedded device it's an absolute priority that the actuator that the control is really executed within say 10 or 50 or 100 milliseconds within a defined range and that is not just ninety nine percent reliable but close to 100 percent reliable. And this is the ecological niche of certain kinds of embedded operating systems that are called MILS operating systems that are that share many design principles with the general purpose in the operating systems, but as a special feature they have a strong emphasis that they were designed to keep the applications apart and also to allow for some more static configurations. And usually these systems are more simple than than desktop operating systems. So MILS separation kernel is a thousand times smaller than say Windows or Linux or the big operating system so that you can make a really thorough and deep analysis of it and have a better understanding. So it has less features but also less complexity and is suited to this kind of embedded systems that have comparatively still simpler functions than a desktop operating system, but that conversely do very critical things that must not be interrupted or interfered with.

So the idea of certMILS is that we demonstrate how to certify modern embedded systems that are safety and security critical so is is also called cyber physical systems and that we... to do this we not only say that we CERT that certify this is where CERT is coming from, but we also introduce that we intend... or that we do apply a certain methodology which is by using MILS systems. MILS itself means multiple independent levels of security and or safety. And maybe MILS is something that needs some explanation and actually the easiest way to explain MILS in my eyes is to start with what everybody knows -that's operating systems and computers and how they relate to our everyday life. So if you are sitting at a computer desktop or laptop then you probably want to use that computer which is itself a fairly general purpose machine to do different tasks at your desktop that might be you want to surf the Internet with your browser. You might want to have some document editing you might have spreadsheets you might have things like teleconferencing software. You might have some drawing software and you have this different task of telecommunicating, drawing, writing text, writing structured data in spreadsheets and so on and you have different applications for that. That is on your desktop or laptop you have an ecosystem of completely different applications that were also written by different teams and everybody was doing the applications at getting what they are really good at. Say for instance, for the Internet browsers for surfing the Internet you can... you can choose among say Firefox, Chrome, Edge and many others or Opera to name a European company. And again for the document editing you could choose between say Microsoft Word, LibraOffice Writer and things like that. And you'll have different tremendous teams behind all these applications. That's in the background; do their job when you need them -but you can also have different applications open at the same time and then magically even if you say you're using teleconferencing system and you're editing a document the same time maybe a document that you're showing and maybe you're browsing at the same time these applications usually do not interfere which is -as they do not get into each other's way. I mean sometimes they do. And then on the desktop operating system we noticed oh the system is frozen -the spreadsheet is calculating and they can't use the browser or vice versa. But it's not happening that often. And the magic behind this that is that these applications that have been developed by completely different teams by great teams that were optimizing for their own things that they don't interfere. That's the operating system and the operating system is in charge that you can run these things at the same time or seemingly at the same time on a single computer without interference and magically having aligned these things. Now next I go to things that we don't see in every day life that often but we are going to embedded systems. Embedded systems are things that are deep inside the magics of everyday technology to say of the last time Sandro and Thorsten were talking about trains and it's about the control systems of trains themselves within the trains. It's about the control systems of interlocking systems that allow where the trains are run. And again these traditionally has been very... starting in the 1970s 80s 90s very simple devices and they are now becoming networked to the Internet because that's useful for monitoring them. So if I'm talking about these embedded devices, some frequent cloud applications or needs that we see is that we have to run a controlled on a such a device it's also called an actuator that we say brake, please now brake... stop or kind of release the brake again or that we say the signal shall go green or red or whatever. So this is.. part of this is that the embedded system is actually controlling and the device. A second common pattern that you have in an embedded system is that you need some remote monitoring of the thing that's an operator of say several thousand interlocks on a railroad grid can see the overall state of each interlock: is it open or is it closed and remotely also inspect the kind of health status of the device for instance does it react properly? Maybe it's getting rusty or whatever. Thirdly there was also a talk... that was also talked by Sandro and Thorsten last time is the importance... is the need to have updates of the system to react to security challenges. And this, well there are different ways of doing this either can be done locally by a trusted operator doing it the traditional way, coming with some `USB stick or something like that doing an update on site or you do it remotely. If you're allowed to do it remotely then again you have quite strong security requirements that this update function does not interfere with the monitoring and the actuator control. So coming back to the original topic of interference, again on these embedded devices it's very important that these applications do not interfere with each other. So that say if somebody is monitoring the status of an inter locking signal, it should never interfere with the action or functionality of giving a signal of the interlock or braking system it should never... it must never interfere with the braking itself. Therefore we need for an embedded device, we need an operating system that is really really reliable in keeping this different task apart from each other. The concept is the same as described on the desktop operating system or laptop and the mobile device, but here on the embedded device it's an absolute priority that the actuator that the control is really executed within say 10 or 50 or 100 milliseconds within a defined range and that is not just ninety nine percent reliable but close to 100 percent reliable. And this is the ecological niche of certain kinds of embedded operating systems that are called MILS operating systems that are that share many design principles with the general purpose in the operating systems, but as a special feature they have a strong emphasis that they were designed to keep the applications apart and also to allow for some more static configurations. And usually these systems are more simple than than desktop operating systems. So MILS separation kernel is a thousand times smaller than say Windows or Linux or the big operating system so that you can make a really thorough and deep analysis of it and have a better understanding. So it has less features but also less complexity and is suited to this kind of embedded systems that have comparatively still simpler functions than a desktop operating system, but that conversely do very critical things that must not be interrupted or interfered with.

So that's a great analogy using a desktop operating system to sort of illustrate the importance of things working together. And it sounds to me like in certMILS this is the goal -things have to work together and there really can't be any mistakes and there has to be some kind of certification that says these things work together. Am I seeing this in the right way?

So that's a great analogy using a desktop operating system to sort of illustrate the importance of things working together. And it sounds to me like in certMILS this is the goal -things have to work together and there really can't be any mistakes and there has to be some kind of certification that says these things work together. Am I seeing this in the right way?

Yes this... the you're actually bringing up the second four letters of certMILS. So far I had only explained the MILS acronym and now we can go for the CERT, for the certification. So, what in the end this certification so certification is in my eyes, that people construct an argument why a system is secure. Why a system is safe and that this argument can inspect it... can be inspected by different people and then they can agree on this analysis that the architecture, that the design of the system that is being certified is safe and secure against in safety, random faults and in security, malicious attackers. And now we can can maybe bring the certMILS together. So now I gave a general view on certification and in one of the MILS workshops where we're talking a lot about certification because, Peter as you rightly say, certification is important for these kinds of critical systems. That was actually five years ago Kateryna Netkachova made an argument about security cases. So these are structured arguments how to present security of complex system

Yes this... the you're actually bringing up the second four letters of certMILS. So far I had only explained the MILS acronym and now we can go for the CERT, for the certification. So, what in the end this certification so certification is in my eyes, that people construct an argument why a system is secure. Why a system is safe and that this argument can inspect it... can be inspected by different people and then they can agree on this analysis that the architecture, that the design of the system that is being certified is safe and secure against in safety, random faults and in security, malicious attackers. And now we can can maybe bring the certMILS together. So now I gave a general view on certification and in one of the MILS workshops where we're talking a lot about certification because, Peter as you rightly say, certification is important for these kinds of critical systems. That was actually five years ago Kateryna Netkachova made an argument about security cases. So these are structured arguments how to present security of complex system

OK, and Thorsten I want to throw something out to you. We talk about embedded systems; w hat is the likelihood that the average person on street encounters an embedded system is this something that's part of their lives or is it something that maybe they have never been in contact with?

OK, and Thorsten I want to throw something out to you. We talk about embedded systems; w hat is the likelihood that the average person on street encounters an embedded system is this something that's part of their lives or is it something that maybe they have never been in contact with?

I think for most of us listening to this podcast like everybody that's listening to this has been in contact with an embedded system. So just in the morning if you walk past... one of the earliest ones that we name embedded systems basically also been washing machines and basically any device that you mainly physically interact with in your home environment will be that what we consider an embedded system. So because of their physical interaction. But then also for home devices as Holger just like on the other hand Holger just mentioned the certification. So we also have that for home devices so that our home devices like our toaster doesn't get mad at us just because we plugged in the price of bread the wrong way. So there is certification that they do the right thing. And... but there's typically more strict certification going on with systems that can harm not just one person maybe just scratch their finger. But like for we have the larger infrastructure systems where you can harm hundreds and thousands of people. So that's a bit of a different embedded system category that we're talking about. But yes I think that basically everybody has been in contact with what you call... what what we call embedded systems.

I think for most of us listening to this podcast like everybody that's listening to this has been in contact with an embedded system. So just in the morning if you walk past... one of the earliest ones that we name embedded systems basically also been washing machines and basically any device that you mainly physically interact with in your home environment will be that what we consider an embedded system. So because of their physical interaction. But then also for home devices as Holger just like on the other hand Holger just mentioned the certification. So we also have that for home devices so that our home devices like our toaster doesn't get mad at us just because we plugged in the price of bread the wrong way. So there is certification that they do the right thing. And... but there's typically more strict certification going on with systems that can harm not just one person maybe just scratch their finger. But like for we have the larger infrastructure systems where you can harm hundreds and thousands of people. So that's a bit of a different embedded system category that we're talking about. But yes I think that basically everybody has been in contact with what you call... what what we call embedded systems.

So we could say that they're everywhere. They're ubiquitous. There's no getting around embedded systems for anybody basically.

So we could say that they're everywhere. They're ubiquitous. There's no getting around embedded systems for anybody basically.

Right. Right. Correctly. So even like I was thinking I was just walking outside of my home would be the first thing to see would be a traffic light. It's part of the infrastructure also it's maybe hard to say that it's an embedded system because actually sticking out of the ground. But this is exactly the the things that we interact with everyday and that we rely on with our basically with our integrity of our health and our body. Right.

Right. Right. Correctly. So even like I was thinking I was just walking outside of my home would be the first thing to see would be a traffic light. It's part of the infrastructure also it's maybe hard to say that it's an embedded system because actually sticking out of the ground. But this is exactly the the things that we interact with everyday and that we rely on with our basically with our integrity of our health and our body. Right.

I was thinking about the probably the battery controller and an e-bike is already an embedded system. Then you have dozens of processors in any car. If you're going by train you also have dozens if not hundreds of processors in a train, airplanes have a lot of them so they're really, regardless of the way of transportation you use, relevant for you.

I was thinking about the probably the battery controller and an e-bike is already an embedded system. Then you have dozens of processors in any car. If you're going by train you also have dozens if not hundreds of processors in a train, airplanes have a lot of them so they're really, regardless of the way of transportation you use, relevant for you.

And tell us about the certMILS project as it sits today. Let's sort of take the temperature a little bit. How long of a project is this?

And tell us about the certMILS project as it sits today. Let's sort of take the temperature a little bit. How long of a project is this?

It's a four year project. We intentionally made it long because we anticipated that we... that certification takes time. Certification is a communication endeavor and therefore it's not only us who can do things but we also have to talk with certification authorities and also the people making the certification standards.

It's a four year project. We intentionally made it long because we anticipated that we... that certification takes time. Certification is a communication endeavor and therefore it's not only us who can do things but we also have to talk with certification authorities and also the people making the certification standards.

OK. Makes sense. Yes. And so it is deliberately made to be a long project four year project. And how far are you at this point?

OK. Makes sense. Yes. And so it is deliberately made to be a long project four year project. And how far are you at this point?

From the time line we are in the fourth and last year. Actually with certification it's sometimes hard to... give exact timelines because it's it's a little bit maybe it can be likened to a legal dispute at the court or something... so the parties have to agree that the argument is sound and that may take all the time it needs to take. Therefore I would say we are in good progress but it's particular for a certification project it's hard to give an exact metric saying we are now at 78 percent or something.

From the time line we are in the fourth and last year. Actually with certification it's sometimes hard to... give exact timelines because it's it's a little bit maybe it can be likened to a legal dispute at the court or something... so the parties have to agree that the argument is sound and that may take all the time it needs to take. Therefore I would say we are in good progress but it's particular for a certification project it's hard to give an exact metric saying we are now at 78 percent or something.

And Thorsten for you at the end of this project how do you know it's a success or what will make you happy at the end of the project and in a position where you could say yeah we've done our job?

And Thorsten for you at the end of this project how do you know it's a success or what will make you happy at the end of the project and in a position where you could say yeah we've done our job?

So looking at the certification that that Holger just mentioned if that goes goes ahead... I mean it always takes a little bit longer and we're also starting to see very small delays towards the end of the project which we basically did foresee but since we're heading for the final months of the project and we still have the timeline that we're going to get the certification goals that we wanted to achieve and we are really looking forward into achieving that towards the end maybe maybe a few weeks after we'll see how the how the external authorities can can work with the whole workload and the the situation of other workloads that they have to face. So once I can see all the certification artifacts being being passing by official grounds and this will be the one achievement and the other achievement would be to see the the architecture and the methodology that we set out to actually be also used beyond our own project partners. So in other systems and other designs around the world. So if we can see there then I think we really achieved something. So I mean it is a EU project and we're really striving to to have other partners in the European Union involved in this. Also beyond our project partners but obviously we're also happy to export that methodology and the way it's been done worldwide. So we have been just even though this was a <INAUDIBLE> for you but we've also been reaching out to other companies and and programming and system developer system designers around the world for example also in Australia and in the US and we're quite happy that we got positive feedback on our methodology and the certification process that we're doing so already this has been quite a little bit of success for the projects I guess. Yes. One of the reasons that the EU is funding this project is also to get a methodology and get kind of almost a unity on the certification approach as to make it successful and more more usable for a lot of users. So, I mean the whole European Union also depends on on exporting technologies in worldwide use. So if it's just us 10 project partners using the kind of technology and approach that's not much work but I mean it's something but it's really important to get the technology and approaches being used by other vendors and partners in the market. So and I'm quite happily looking forward for that, yes.

So looking at the certification that that Holger just mentioned if that goes goes ahead... I mean it always takes a little bit longer and we're also starting to see very small delays towards the end of the project which we basically did foresee but since we're heading for the final months of the project and we still have the timeline that we're going to get the certification goals that we wanted to achieve and we are really looking forward into achieving that towards the end maybe maybe a few weeks after we'll see how the how the external authorities can can work with the whole workload and the the situation of other workloads that they have to face. So once I can see all the certification artifacts being being passing by official grounds and this will be the one achievement and the other achievement would be to see the the architecture and the methodology that we set out to actually be also used beyond our own project partners. So in other systems and other designs around the world. So if we can see there then I think we really achieved something. So I mean it is a EU project and we're really striving to to have other partners in the European Union involved in this. Also beyond our project partners but obviously we're also happy to export that methodology and the way it's been done worldwide. So we have been just even though this was a <INAUDIBLE> for you but we've also been reaching out to other companies and and programming and system developer system designers around the world for example also in Australia and in the US and we're quite happy that we got positive feedback on our methodology and the certification process that we're doing so already this has been quite a little bit of success for the projects I guess. Yes. One of the reasons that the EU is funding this project is also to get a methodology and get kind of almost a unity on the certification approach as to make it successful and more more usable for a lot of users. So, I mean the whole European Union also depends on on exporting technologies in worldwide use. So if it's just us 10 project partners using the kind of technology and approach that's not much work but I mean it's something but it's really important to get the technology and approaches being used by other vendors and partners in the market. So and I'm quite happily looking forward for that, yes.

I mean, another outlets that I could make some shameless advertising here is the MILS community which is mils.community and just has an open mailing list that everybody can subscribe to to discuss MILS topics and we have been doing several public MILS workshops where also results of certMILS have been presented and shared.

I mean, another outlets that I could make some shameless advertising here is the MILS community which is mils.community and just has an open mailing list that everybody can subscribe to to discuss MILS topics and we have been doing several public MILS workshops where also results of certMILS have been presented and shared.

And this MILS community this is not a project, they're always there right it's ongoing?

And this MILS community this is not a project, they're always there right it's ongoing?

It's ongoing. So it's I don't know when actually we did we start... 2015 but at least well before certMILS.

It's ongoing. So it's I don't know when actually we did we start... 2015 but at least well before certMILS.

Why is it that the European Union would decide to fund a project like this?

Why is it that the European Union would decide to fund a project like this?

So I think there's there's two perspectives of this. So from my understanding almost seeing it from from the user perspective. So like in the other podcast we discussed about that we want to have the technology and we want to have it working and we want to have also reliable... reliably working but on the other hand so we need to have all this certification for our products. But with a new requirement -so we can't stop people from saying I want my trains or my smart grid to be smart and I want for example my airplanes to be on time and all these things. So like there's the demand for that and we basically with all the security measures that pop up we have to run behind it and to to keep things secure to actually keep them safe. So all that we want is we don't get harmed. We don't want one one to be injured or anything. So we're at this very moment basically running behind security protecting things that are being kind of smart into their network and things. And so the the idea or the concept of the European Union funding these kind of project is to do get behind these issues to keep things secure and safe also for the critical systems and and not rely on maybe on that there'll be some days some solution from from some ways in the world. So we want to have that technology within the European Union and we want to have it as soon as possible before we get hacked as we discussed in the other podcast.

So I think there's there's two perspectives of this. So from my understanding almost seeing it from from the user perspective. So like in the other podcast we discussed about that we want to have the technology and we want to have it working and we want to have also reliable... reliably working but on the other hand so we need to have all this certification for our products. But with a new requirement -so we can't stop people from saying I want my trains or my smart grid to be smart and I want for example my airplanes to be on time and all these things. So like there's the demand for that and we basically with all the security measures that pop up we have to run behind it and to to keep things secure to actually keep them safe. So all that we want is we don't get harmed. We don't want one one to be injured or anything. So we're at this very moment basically running behind security protecting things that are being kind of smart into their network and things. And so the the idea or the concept of the European Union funding these kind of project is to do get behind these issues to keep things secure and safe also for the critical systems and and not rely on maybe on that there'll be some days some solution from from some ways in the world. So we want to have that technology within the European Union and we want to have it as soon as possible before we get hacked as we discussed in the other podcast.

OK well you know I have to say thank you. You guys are doing the work that's sort of behind the scenes and very important in our society to keep people safe and secure in their daily lives. So this project goes a long way to ensuring our safety and the safety of everybody listening. So thank you for doing that. And good luck with the rest of the project and we may check in at the end to see how things are going and how the wrap up went. So best of luck to you

OK well you know I have to say thank you. You guys are doing the work that's sort of behind the scenes and very important in our society to keep people safe and secure in their daily lives. So this project goes a long way to ensuring our safety and the safety of everybody listening. So thank you for doing that. And good luck with the rest of the project and we may check in at the end to see how things are going and how the wrap up went. So best of luck to you

OK. Thanks.

OK. Thanks.

Thank you Peter.

Thank you Peter.

For more information about certMILS visit their web site at certmils.eu

For more information about certMILS visit their web site at certmils.eu

This podcast has been brought to you by Technikon. The certMILS project has received funding from the European Union's Horizon 2020 research and innovation program under grant agreement number 731456 .

This podcast has been brought to you by Technikon. The certMILS project has received funding from the European Union's Horizon 2020 research and innovation program under grant agreement number 731456 .