New Security Approach by Celtic-Plus project ODSI
The ODSI project has developed a new security model based on isolation mechanisms and a new certification methodology to guarantee a high level of security for systems based on embedded devices, as required for the Internet of Things (IoT). ODSI delivers components to enable implicit trust for IoT devices, which addresses a major security challenge in view of the rapid growth of the IoT market.
IoT devices are for instance connected cars, video systems, sensors and manufacturing tools. Such IoT devices are increasingly the target of malicious agents who attack their connectivity. Frequently, these IoT devices are not updated after release. Thus, a vulnerability discovered after the distribution to the customers is often not fixed. As a consequence, thousands to millions of IoT devices could be hacked by malicious actors. ODSI components enable a high level of security for systems based on connected embedded products that implicitly can be trusted as a secure system.
The ODSI project has developed software components and a methodology to achieve security you can trust, as it is based on mathematical proofs which cannot be denied. The ODSI partners developed two kernels, to serve as the foundations of the Trusted Computing Base (TCB) of a device i.e. the software components running inside a device on which the security of the whole device is based. These kernels are modelled using a formal language, i.e. a mathematically sound computing language. Thus, using logic, proofs can be applied on these kernels to demonstrate that their security features work as expected. Once formally proven as secure, the models can be used to generate a binary which can be executed on a real hardware device with a high level of assurance, as the conversion process retains the security properties of the models.
Evaluation is an essential task to validate the claimed robustness of security functions. The ODSI project provides different security functions, such as the memory isolation offered by the proven kernels. The ODSI platform is composed of multiple components with different security levels, which leads to a difficult evaluation as regards to cost, time and effort. ODSI proposes a lego methodology evaluation approach to obtain:
- System approach applicable to IoT platforms,
- Use-case driven evaluation with a reduction of the perimeter of the evaluation’s target to cover only the required security functions,
- Evaluation with reduced time, cost and effort,
- High robustness level of the selected security functions when needed,
- Plug-and-play integration in order to allow components exchanges and upgrades.
Fig1: Use cases on top of the ODSI platform
In an ODSI platform, the proven kernels provide isolation to the entire platform and permits the execution of security-critical applications on a trusted foundation. Once the kernel is evaluated, the building-block evaluation methodology should allow to demonstrate that the entire platform is robust against high-level attacks.
Based on the work performed during the ODSI project, the industrial partners involved have improved their industrial offers, and in some cases even created new businesses. Furthermore, thanks to ODSI expertise, communications between partners and their overall security maturity level have improved.
The ODSI solution covers:
- Proven isolation that offers minimal functioning kernel as a secure root to build on top of it. As part of the proven multi-level security solution with minimal design, proven tools and toolchains able to support future development cycles of ODSI isolation solutions now exist.
- Top level management, authentication and communication channels for different isolated environments. Solutions for a multi-tenant IoT device isolation domain authentication and authorization, including a network manager that allows for secure delivery and reception of requests among different isolated domains.
- An evaluation methodology for complex integrated systems. Enabling different robustness levels within an integrated system whilst increasing the robustness of security functions when needed by the context. The solution is tailored to dynamic systems, it is plug-and-play capable of updating, adding, removing or replacing a component that results in significant reduction of evaluation costs of complex systems.
The ODSI Project started in November 2015 and has complete its work in October 2018.
The consortium, led by Orange France, included 11 partners from 3 different countries:
- France: CityPassenger S.A., Internet of Trust S.A.S., Orange S.A., Université de Lille, Prove & Run S.A.S.
- Spain: Ingenieria del Poliuretano-Flexible, Innovalia Association, Nextel S.A., Software Quality Systems S.A.
- Romania: Beia Consult International, Resonate MP4 Romania
For further information, see the project website at: https://www.celticplus.eu/project-odsi/