SlideShare a Scribd company logo

Citadel Platform Architecture

Download as PPTX, PDF
R
RamnGonzlezRuiz2

Key elements Dynamic Distributed MILS platform Dynamic MILS platform with deterministic networking Mechanisms for dynamic reconfiguration and configuration introspection Declarative dynamic architecture modeling and verification Language to describe reconfigurable systems architecture, component models, failure models and fault propagation Theory and framework for dynamic reconfiguration Theory and framework for adaptation Language to express critical properties to be verified Compositional verification framework Monitoring, Adaptation, Configuration, & Certification Assurance Planes Assurance-based security evaluation methodology and runtime mechanisms for just-in-time certification of adaptive systems

Engineering
1 of 49
CITADEL Platform Architecture The Open Group Training - Context - CITADEL platform architecture 1
Top-level architecture of an adaptive CITADEL system The Open Group Training - Context - CITADEL platform architecture 2 Concept of operation of the CITADEL platform
CITADEL Adaptive MILS Framework  Key elements  Dynamic Distributed MILS platform ● Dynamic MILS platform with deterministic networking ● Mechanisms for dynamic reconfiguration and configuration introspection  Declarative dynamic architecture modeling and verification ● Language to describe reconfigurable systems architecture, component models, failure models and fault propagation ● Theory and framework for dynamic reconfiguration ● Theory and framework for adaptation ● Language to express critical properties to be verified ● Compositional verification framework  Monitoring, Adaptation, Configuration, & Certification Assurance Planes  Assurance-based security evaluation methodology and runtime mechanisms for just-in-time certification of adaptive systems The Open Group Training - Context - CITADEL platform architecture 3
CITADEL property spec language Language translation Dynamic Separation kernel Dynamic TTEthernet Configuration Change Monitor Adaptive MILS Evidential Tool Bus Static Config Tools Configuration Change Agent Dynamic MILS Platform CITADEL modeling language Offline Verification Framework Runtime Monitoring plug-in framework Offline Configuration Synthesis Online config’n synth Adaptive MILS Runtime Adaptation System Monitoring System Online Verification Framework Dynamic MNS Certification Assurance Artefact Repository Config Dynamic Config’n Primitives Config Chg Policy Adaptive MILS Evidential Tool Bus CITADEL MILS Platform with Adaptation The Open Group Training - Context - CITADEL platform architecture 4
Top-level architecture of an adaptive CITADEL system The Open Group Training - Context - CITADEL platform architecture 5 The Planes of the CITADEL Framework
The Open Group Training - Context - CITADEL platform architecture 6 Planes of the CITADEL Framework Separation Kernel FOUNDATIONAL PLANE OPERATIONAL PLANE(S) MONITORING PLANE / FW MFS MNS MEA MCS Fault Diagnoser COMMSTATE RESOURCE P 1 P 2 P 3 P 5 P 4 MILS Platform MILS Platform CONFIGURATION ADAPTATIONPLANE(S) Target Config (RE-)CONFIGURATIONPLANE Config Cmds Config Cmds Config Cmds FDI Exceptions Exceptions Exceptions Exceptions Introspection Observations & Events Certification Assurance Artifact
Schematic of CITADEL Framework Plane interactions and system Model The Open Group Training - Context - CITADEL platform architecture 7 The central formal artifact is the system model The CITADEL Framework uses the system model for various purposes Parametrized architecture Properties Reconfiguration transitions Certification Assurance Plane Model Operational Plane (dynamic application) Foundational Plane (dynamic platform) Analysis tools Engineer represents specifies is used by Monitoring Plane Configuration Plane Adaptation Plane FBK Software Modeling and Verification 13 Detailed training on each of the CITADEL Framework planes are provided in the respective CITADEL training modules.
Introduction to the CITADEL components The Open Group Training - Context - CITADEL platform architecture 8 The Operational Plane(s)
MILS Policy Architecture: “Boxes and Arrows Diagram” Showing System Decomposition C2 C4C1 C3 C5 Circles represent subjects or objects Arrows represent information flow Trusted Subject Represents logical structure abstracted from physical resources “Boxes” represent logical or physical resources Untrusted Subjects The Open Group Training - Context - CITADEL platform architecture 9
MILS Platform – Provides Straightforward Realisation of Policy Architecture Architecture Realisation SK, with other MILS foundational components, form the MILS Platform allowing operational components to share physical resources while enforcing Isolation and Information Flow Control Validity of the architecture assumes that the only interactions of the circles (operational components) is through the arrows depicted in the diagram R 1 R 2 R 3 R 5 R 4 MILS Platform The Open Group Training - Context - CITADEL platform architecture 10
Policy Architecture with Isolated Subsystems R 1 R 2 MILS Platform R 3 R 5 R 4 Q 2 Q 5 R 3Q1 R 4 The Open Group Training - Context - CITADEL platform architecture 11
MILS Platform Q 2 Q 5 R 4 The Open Group Training - Context - CITADEL platform architecture 12 Isolated Subsystems as Distinct “Operational” Planes R 1 R 2 R 3 R 5 R 4 Q 2 Q 5 R 3Q1 R 4 MILS PlatformOPERATIONAL PLANE R 1 R 2 R 3 R 4 R 5 MILS PlatformOPERATIONAL PLANE Q1 R 3 The two disconnected components of this policy architecture represent distinct subsystems or applications … … and may be thought of as distinct operational planes. … and may be considered as distinct operational planes. Planes can be used as a convenient organisational principle to facilitate conceptual understanding or graphical representation of complex systems
Introduction to the CITADEL components The Open Group Training - Context - CITADEL platform architecture 13 The Foundational Plane
Foundational Plane: the MILS Platform definition  The minimal MILS platform is a separation kernel  The separation kernel idea was introduced by Rushby in 1981, and subsequently elaborated in the Separation Kernel Protection Profile (SKPP)  A separation kernel includes all of the hardware, firmware and software that are required to satisfy the SKPP  A MILS platform consists of a separation kernel plus zero or more of the other MILS foundational components  The MILS platform is defined by the MILS Platform Protection Profile (MPPP)  Each MILS foundational component includes all of the hardware, firmware and software required to satisfy its PP 14The Open Group Training - Context - CITADEL platform architecture 14
The MILS Platform: Components A MILS separation kernel (SK) is the base component of the MILS platform Provides shared use of processor resources, memory, and device I/O spaces Making these available in the form of “exported resources” While permitting only explicitly permitted information flow among exported resources The SK is the combination of the physical resources represented by the hardware, and the firmware and software that is used to manage it securely Additional MILS foundational components compose with the SK and each other Each providing shared use of another kind of physical resource Making these available as additional types of exported resources Also managing information flow among the created resource abstractions Each foundational component is the combination of physical resources represented by hardware, firmware, and software. MILS Network System (MNS), MILS Console System (MCS), MILS File System (MFS), MILS Extended Attributes (MEA), MILS Audit System (MAS) These foundational components combine to seamlessly provide a diverse collection of exported resources from which systems may be constructed. The Open Group Training - Context - CITADEL platform architecture 15
The MILS Platform: a Composition of Foundational (resource-sharing) Components SW HW SW MP SW HW SW HW SK (MSK) Network (MNS) Console (MCS) File (MFS)     Exported Resources  Additive Composition Extended Attributes (MEA) Audit (MAS) SW HW SW MP additive compositionality – e.g., a Partitioning Kernel  Partitioning Net = Partitioning (Kernel + Net) MP = MILS Platform  The Open Group Training - Context - CITADEL platform architecture 16
The Distributed MILS Platform SW HW SW HW SK MNS MCS   Exported Resources  Additive Composition SW HW additive compositionality property – e.g., a Partitioning kernel  Partitioning network system = Partitioning (kernel + network system) MNS = MILS Network System MCS = MILS Console System Console for some AppsDistributed MILS nodes The minimal MILS platform is SK alone. The Distributed MILS Project (EC FP7) implemented Distributed MILS nodes with SK and MILS Network System (MNS) (MNS) using Time-Triggered Ethernet, and one of the D-MILS demonstrators implemented a special-purpose MILS Console System (MCS). CITADEL implements a new MNS using Time-Sensitive Networking (TSN) with a new SK. An updated version of the D-MILS MCS was developed for CITADEL. The Open Group Training - Context - CITADEL platform architecture 17 Min
The MILS Platform: Assurance Ambitions Security assurance requirements as found in MPPP, SKPP, MNSPP, and MCSPP  Formal specification and verification required to achieve a high Evaluation Assurance Level (EAL) according to the International Common Criteria Additional MILS-specific assurance requirements  Explicit assurance case, formal specification encouraged in PP/ST (Security Target) Compositional assurance  Composability of components assured by separation kernel functions/properties  Additive compositionality of components implies ● MSK + foundational component acts as a separation kernel with added resource type ● Configuration-time cross-component configuration data coordination ● Initialization-time sequencing of component initialization ● Runtime independence of physical resource managing components ● MSK provides global resource identifiers for all exported resources ● Simple dependence by MILS Extended Attributes on memory and file storage to provide a binding of extended attributes to exported resources of other foundational components Abstract specification of platform components must be satisfied by refined component specifications in component PPs and STs  Consistency and proper refinement demonstrated when PPs and STs are evaluated  Internal consistency and well-formedness of specs checked in each document The Open Group Training - Context - CITADEL platform architecture 18
The MILS Platform (MP) Assurance Case Compose assurance cases using Assume-Guarantee Reasoning Assumptions of the MP assurance case are obligations on the MSK, MNS and MCS components’ assurance cases Assured Claims from component assurance cases become evidence for MP assurance case MP Claims Sub-case Sub-case Sub-case Inference rule Inference rule MILS Platform Assurance Argument MSK Claims MNS Claims MCS Claims Inference rule Inference rule Inference rule Inference rule Inference rule Inference rule MSK Assurance Argument MNS Assurance Argument MCS Assurance Argument Assume GuaranteeGuarantee The Open Group Training - Context - CITADEL platform architecture 19 Evidence Evidence Evidence
Introduction to the CITADEL components The Open Group Training - Context - CITADEL platform architecture 20 The Configuration Plane
 In the CITADEL framework, the configuration plane (XP), plays an executive role which is to reconfigure the Adaptive MILS system.  Reconfiguration performed by XP covers mainly:  The MILS policy architecture: ● subjects, ● communication between subjects, and ● the deployment of subjects.  The MILS monitoring system: ● monitor applications, and ● monitoring virtual sensors.  To achieve reconfiguration, XP interacts with other planes of the CITADEL framework, namely the Adaptation Plane (AP), the Monitoring Plane (MP), the Operational Plane (OP) and the Foundational Plane (FP) as shown in the next slide. (Re-)Configuration Plane (XP) The Open Group Training - Context - CITADEL platform architecture 21
XP Interactions with other planes 22 Adaptation Plane (AP) 1- target configurationnotification 2- reconfiguration step notification 2- reconfiguration step notification Foundational (FP)/Operational Planes (OP) … Reconfiguration Plane (XP) Monitoring Plane (MP) Node 1 S1 Si … TSN Net. PikeOS Node M Si+1 SN … PikeOS 1. XP receives a target configuration from AP, i.e. the new system configuration to reach. 2. Based on that, XP issues reconfiguration commands to reconfigure MP and OP. 3. XP always expects a notification back from the reconfigured planes. Training - Context - CITADEL platform architecture 4. Notification back to AP. The Open Group 22
Reconfiguration operation: overview 23 Configuration Plane Operational/Foundational Planes Curent intermediate Configuration Target intermediate Configuration … Intermediate Abstract Configurations Current Concrete Configuration … Small Step Small Steps Primitive Primitives Target Concrete Configuration …Primitives Current Architecture (SLIM Model + Parameter Vector1) Adaptation Plane Target Architecture (SLIM Model + Parameter Vector2) Big Step XP proceeds by refining a high-level reconfiguration objective (big step) into an intermediate plan (small steps) then into low-level primitives. Training - Context - CITADEL platform architectureThe Open Group 23
 The Configuration plane is designed as a back-end and a front-end  The back-end ● encompasses the Reconfiguration Planner and the Reconfiguration State Controller  The front-end ● consists of multiple instances of Configuration Change Agents XP Overall design The Open Group Training - Context - CITADEL platform architecture 24
Deployment of new configuration by the XP The Open Group Training - Context - CITADEL platform architecture 25 reconfiguration commands Foundational (FP)/Operational Planes (OP) … XP back-end Node 1 S1 Si … TSN Net. PikeOS Node M Si+1 SN … PikeOS Planner Controller Reconfig. planNotification XP front -end XP front -end Notification Notification  The XP back-end is to be deployed on the same node as the other CITADEL framework components. It is deployed as a partition on PikeOS.  The front-end is deployed on the different nodes of the distributed MILS Platform. Each node of the system hosts an XP front-end Configuration Change Agent (CCA).
Introduction to the CITADEL components The Open Group Training - Context - CITADEL platform architecture 26 The Monitoring Plane
 Monitors components in the Operational Plane and resources in the Foundational Plane, and generates alarms when it detects specified patterns, and reports to the Adaptation Plane  Monitors may be derived form the architectural model properties and other security policy specifications  CITADEL MP performs both Network and State monitoring  Network monitoring extracts and analyses message features  Strategies: signatures, white-box, learning, feature-binning  State monitoring is based on the flexible and extensible Kaspersky Security System (KSS), which provides a framework for the construction of monitoring applications and the virtual sensors they need to detect network and state events and changes  Allows specification of security and monitoring policies distinct from the monitoring implementation and applications Monitoring Plane (MP) The Open Group Training - Context - CITADEL platform architecture 27
Architectural Design Pattern of the Kaspersky Security System The Open Group Training - Context - CITADEL platform architecture 28 Detached Security System Architectural Design Kaspersky Lab UK Training – Advanced Technical Module – State Monitoring
 The KSS architecture and its framework are designed to provide support for diverse security policies, including monitoring policies  The specification framework consists of ● a set of policy templates for the security server ● interface definition language (IDL) ● component definition language (CDL) ● entity definition language (EDL) ● security specification language (CFG) ● toolchain to translate CFG specification into executable code Monitoring Specification The Open Group Training - Context - CITADEL platform architecture 29
KSS: Policy Definition Framework The Open Group Training - Context - CITADEL platform architecture 30 KSS: Policy Definition Framework
Multilayer security configuration The Open Group Training - Context - CITADEL platform architecture 31 Multilayer security configuration
Implementation Example The Open Group Training - Context - CITADEL platform architecture 32 Implementation Example
Implementation scheme for CITADEL state monitoring The Open Group Training - Context - CITADEL platform architecture 33Kaspersky Lab UK Training – Advanced Technical Module – State Monitoring 37 Implementation Scheme
Introduction to the CITADEL components The Open Group Training - Context - CITADEL platform architecture 34 The Adaptation Plane
 Adaptation Engine is the core component of the AP  Evaluator is a helper component that performs model-based reasoning to find the next architectural configuration  Context Awareness provides a display of current context on the MILS Console System The Adaptation Plane (AP) The Open Group Training - Context - CITADEL platform architecture 35
Adaptation Plane architecture The Open Group Training - Context - CITADEL platform architecture 36
Adaptation plane components and their inputs The Open Group Training - Context - CITADEL platform architecture 37
Handling of alarms/commands by the Adaptation Engine The Open Group Training - Context - CITADEL platform architecture 38
Introduction to the CITADEL components The Open Group Training - Context - CITADEL platform architecture 39 The Certification Assurance Plane
 Certification is a judgment that a system is adequately safe/secure/whatever for a given application in a given environment  Should be based on explicit credible evidence  Should be systematic and repeatable  CP builds a “Certification Assurance Artifact” that can be presented on demand to a certification authority  Adaptive MILS Evidential Tool Bus (AM-ETB) is a subsystem that automates the building and maintenance of an assurance case for the current configuration of the system The Certification Assurance Plane (CP) The Open Group Training - Context - CITADEL platform architecture 40
 Assurance case patterns are instantiated to create a concrete assurance case  Patterns may be added to the library  Components in patterns may be modified, added or deleted  Patterns developed for CITADEL represent the top-level claims of the system, the Adaptive MILS planes, and the operational plane Modular Assurance Cases The Open Group Training - Context - CITADEL platform architecture 41
Top-level Adaptive MILS argument The Open Group Training - Context - CITADEL platform architecture 42
Assurance case argument pattern structure The Open Group Training - Context - CITADEL platform architecture 43
 instantiation of AC patterns  develop/instantiate recursively the pattern goals for given parameters (system model and properties, tools)  produce a flat assurance case  track errors  when evidence nodes are encountered trigger evidence (re-)construction and (re- )validation AM-ETB Core Workflow The Open Group Training - Context - CITADEL44
AC Pattern Instantiation: Example {P} is safe {P} is deadlock-free foreach standard {X} in iso- xxx, iso-yyy {P} conforms to {X} {X} certificate for {P} S2S1 Policy architecture « A » {P} is deadlock-free foreach subject {S} of {P} {P} composition is deadlock-free {S} is deadlock-free Proof-of- deadlock- freedom {S} Deadlock-free composition {P} Top (main) AC pattern The Open Group Training - Context - CITADEL45
AC Pattern Instantiation: Example {P} is safe {P} is deadlock-free foreach standard {X} in iso- xxx, iso-yyy {P} conforms to {X} {X} certificate for {P} S2S1 Policy architecture « A » A is safe A is deadlock-free foreach standard A conforms to iso- xxx A certificate for iso-xxx A conforms to iso- yyy A certificate for iso-yyy Pattern « call » needing to be further instantiated… The Open Group Training - Context - CITADEL46
The Open Group Training - Context - CITADEL 47 AC Pattern Instantiation: Example {P} is deadlock-free foreach subject {S} of {P} {P} composition is deadlock-free {S} is deadlock-free Proof-of- deadlock- freedom {S} Deadlock-free composition {P} S2S1 Policy architecture « A » A is deadlock-free foreach subject S of A A composition is deadlock-free S1 is deadlock-free Proof-of- deadlock- freedom S1 Deadlock-free composition of A S2 is deadlock-free Proof-of- deadlock- freedom S2
The Open Group Training - Context - CITADEL 48 AC Pattern Instantiation: Example A is deadlock-free foreach subject S of A A composition is deadlock-free S1 is deadlock-free Proof-of- deadlock- freedom S1 Deadlock-free composition of A S2 is deadlock-free Proof-of- deadlock- freedom S2 S2S1 Policy architecture « A » A is safe A is deadlock-free foreach standard A conforms to iso- xxx A certificate for iso-xxx A conforms to iso- yyy A certificate for iso-yyy Assurance Case for « A » Current implementation available at svn/Tech-Notes/ETB1/code/v1/
 Assurance cases for static MILS  Modular presentation of argumentation and evidence for system properties  Structured according to system model  Dynamic assurance cases for the Adaptive MILS Framework  Patterns to cover dynamic architectures  Just-in-time assurance case update for new configuration  “Certifier-in-the-Box” – must successfully create an assurance case for the next configuration The Open Group Training - Context - CITADEL platform architecture 49 MILS Assurance Cases

Recommended

Resume
ResumeResume
Resume
Cristel Joy Rodriguez
 
Internship Report
Internship ReportInternship Report
Internship Report
Jobayer Ahmmed
 
Internship Final Report
Internship Final ReportInternship Final Report
Internship Final Report
Anisa Yahdi
 
Internship Report on Financial Analysis of Delta Life Insurance Company Ltd.
Internship Report on Financial Analysis of Delta Life Insurance Company Ltd.Internship Report on Financial Analysis of Delta Life Insurance Company Ltd.
Internship Report on Financial Analysis of Delta Life Insurance Company Ltd.
Manas Saha
 
Narrative
NarrativeNarrative
Narrative
Christian Bocalan
 
Sharekhan Internship Report
Sharekhan Internship ReportSharekhan Internship Report
Sharekhan Internship Report
Soumyaajeet Patra
 
Mongo DB in gaming industry
Mongo DB in gaming industryMongo DB in gaming industry
Mongo DB in gaming industry
Dmitry Makarchuk
 
Attachment report Victor
Attachment report VictorAttachment report Victor
Attachment report Victor
Ng'eno Victor
 

Recommended

Resume
ResumeResume
Resume
Cristel Joy Rodriguez
 
Internship Report
Internship ReportInternship Report
Internship Report
Jobayer Ahmmed
 
Internship Final Report
Internship Final ReportInternship Final Report
Internship Final Report
Anisa Yahdi
 
Internship Report on Financial Analysis of Delta Life Insurance Company Ltd.
Internship Report on Financial Analysis of Delta Life Insurance Company Ltd.Internship Report on Financial Analysis of Delta Life Insurance Company Ltd.
Internship Report on Financial Analysis of Delta Life Insurance Company Ltd.
Manas Saha
 
Narrative
NarrativeNarrative
Narrative
Christian Bocalan
 
Sharekhan Internship Report
Sharekhan Internship ReportSharekhan Internship Report
Sharekhan Internship Report
Soumyaajeet Patra
 
Mongo DB in gaming industry
Mongo DB in gaming industryMongo DB in gaming industry
Mongo DB in gaming industry
Dmitry Makarchuk
 
Attachment report Victor
Attachment report VictorAttachment report Victor
Attachment report Victor
Ng'eno Victor
 
Advanced tech module - state monitoring
Advanced tech module - state monitoringAdvanced tech module - state monitoring
Advanced tech module - state monitoring
RamnGonzlezRuiz2
 
CIE_overview
CIE_overviewCIE_overview
CIE_overview
Percy Green
 
SLTS kernel and base-layer development in the Civil Infrastructure Platform
SLTS kernel and base-layer development in the Civil Infrastructure PlatformSLTS kernel and base-layer development in the Civil Infrastructure Platform
SLTS kernel and base-layer development in the Civil Infrastructure Platform
Yoshitake Kobayashi
 
Update CMDB Using Discovery Topology (BMC ADDM)
Update CMDB Using Discovery Topology (BMC ADDM) Update CMDB Using Discovery Topology (BMC ADDM)
Update CMDB Using Discovery Topology (BMC ADDM)
Vyom Labs
 
Mils architectural approach
Mils architectural approachMils architectural approach
Mils architectural approach
RamnGonzlezRuiz2
 
Applying Linux to the Civil Infrastructure
Applying Linux to the Civil InfrastructureApplying Linux to the Civil Infrastructure
Applying Linux to the Civil Infrastructure
Yoshitake Kobayashi
 
avionics-architectures1.ppt
avionics-architectures1.pptavionics-architectures1.ppt
avionics-architectures1.ppt
NikhilSingh400874
 
Enhancement of ARINC 653 for Multi-core Hardware.pptx
Enhancement of ARINC 653 for Multi-core Hardware.pptxEnhancement of ARINC 653 for Multi-core Hardware.pptx
Enhancement of ARINC 653 for Multi-core Hardware.pptx
Abrar Hafiz
 
Michael_Joshua_Validation
Michael_Joshua_ValidationMichael_Joshua_Validation
Michael_Joshua_Validation
MichaelJoshua
 
Introduction to citadel
Introduction to citadelIntroduction to citadel
Introduction to citadel
RamnGonzlezRuiz2
 
Learn About the FACE Standard for Avionics Software and a Ready-to-Go COTS Pl...
Learn About the FACE Standard for Avionics Software and a Ready-to-Go COTS Pl...Learn About the FACE Standard for Avionics Software and a Ready-to-Go COTS Pl...
Learn About the FACE Standard for Avionics Software and a Ready-to-Go COTS Pl...
Real-Time Innovations (RTI)
 
Creating Microservices Application with IBM Cloud Private (ICP) - ICP Archite...
Creating Microservices Application with IBM Cloud Private (ICP) - ICP Archite...Creating Microservices Application with IBM Cloud Private (ICP) - ICP Archite...
Creating Microservices Application with IBM Cloud Private (ICP) - ICP Archite...
PT Datacomm Diangraha
 
SysML for embedded system engineering - Academy Camp 2015
SysML for embedded system engineering - Academy Camp 2015SysML for embedded system engineering - Academy Camp 2015
SysML for embedded system engineering - Academy Camp 2015
Régis Castéran
 
A Decentralized Reference Architecture for Cloud-native Applications V2.0
A Decentralized Reference Architecture for Cloud-native Applications V2.0A Decentralized Reference Architecture for Cloud-native Applications V2.0
A Decentralized Reference Architecture for Cloud-native Applications V2.0
Asanka Abeysinghe
 
Whats new in Enterprise 5.0 Product Suite
Whats new in Enterprise 5.0 Product SuiteWhats new in Enterprise 5.0 Product Suite
Whats new in Enterprise 5.0 Product Suite
Micro Focus
 
Hitchhiker's guide to Cloud-Native Build Pipelines and Infrastructure as Code
Hitchhiker's guide to Cloud-Native Build Pipelines and Infrastructure as CodeHitchhiker's guide to Cloud-Native Build Pipelines and Infrastructure as Code
Hitchhiker's guide to Cloud-Native Build Pipelines and Infrastructure as Code
Robert van Mölken
 
Generic Vehicle Architecture – DDS at the Core.
Generic Vehicle Architecture – DDS at the Core.Generic Vehicle Architecture – DDS at the Core.
Generic Vehicle Architecture – DDS at the Core.
Real-Time Innovations (RTI)
 
Vblock Infrastructure Packages — integrated best-of-breed packages from VMwar...
Vblock Infrastructure Packages — integrated best-of-breed packages from VMwar...Vblock Infrastructure Packages — integrated best-of-breed packages from VMwar...
Vblock Infrastructure Packages — integrated best-of-breed packages from VMwar...
Eric Sloof
 
DoD Architecture Framework Overview
DoD Architecture Framework OverviewDoD Architecture Framework Overview
DoD Architecture Framework Overview
Alessio Mosto
 
Cisco project ideas
Cisco project ideasCisco project ideas
Cisco project ideas
VIT University
 
Certification readiness strategy
Certification readiness strategyCertification readiness strategy
Certification readiness strategy
RamnGonzlezRuiz2
 
Citadel training on context awareness solution
Citadel training on context awareness solutionCitadel training on context awareness solution
Citadel training on context awareness solution
RamnGonzlezRuiz2
 

More Related Content

Similar to Citadel Platform Architecture

Advanced tech module - state monitoring
Advanced tech module - state monitoringAdvanced tech module - state monitoring
Advanced tech module - state monitoring
RamnGonzlezRuiz2
 
CIE_overview
CIE_overviewCIE_overview
CIE_overview
Percy Green
 
SLTS kernel and base-layer development in the Civil Infrastructure Platform
SLTS kernel and base-layer development in the Civil Infrastructure PlatformSLTS kernel and base-layer development in the Civil Infrastructure Platform
SLTS kernel and base-layer development in the Civil Infrastructure Platform
Yoshitake Kobayashi
 
Update CMDB Using Discovery Topology (BMC ADDM)
Update CMDB Using Discovery Topology (BMC ADDM) Update CMDB Using Discovery Topology (BMC ADDM)
Update CMDB Using Discovery Topology (BMC ADDM)
Vyom Labs
 
Mils architectural approach
Mils architectural approachMils architectural approach
Mils architectural approach
RamnGonzlezRuiz2
 
Applying Linux to the Civil Infrastructure
Applying Linux to the Civil InfrastructureApplying Linux to the Civil Infrastructure
Applying Linux to the Civil Infrastructure
Yoshitake Kobayashi
 
avionics-architectures1.ppt
avionics-architectures1.pptavionics-architectures1.ppt
avionics-architectures1.ppt
NikhilSingh400874
 
Enhancement of ARINC 653 for Multi-core Hardware.pptx
Enhancement of ARINC 653 for Multi-core Hardware.pptxEnhancement of ARINC 653 for Multi-core Hardware.pptx
Enhancement of ARINC 653 for Multi-core Hardware.pptx
Abrar Hafiz
 
Michael_Joshua_Validation
Michael_Joshua_ValidationMichael_Joshua_Validation
Michael_Joshua_Validation
MichaelJoshua
 
Introduction to citadel
Introduction to citadelIntroduction to citadel
Introduction to citadel
RamnGonzlezRuiz2
 
Learn About the FACE Standard for Avionics Software and a Ready-to-Go COTS Pl...
Learn About the FACE Standard for Avionics Software and a Ready-to-Go COTS Pl...Learn About the FACE Standard for Avionics Software and a Ready-to-Go COTS Pl...
Learn About the FACE Standard for Avionics Software and a Ready-to-Go COTS Pl...
Real-Time Innovations (RTI)
 
Creating Microservices Application with IBM Cloud Private (ICP) - ICP Archite...
Creating Microservices Application with IBM Cloud Private (ICP) - ICP Archite...Creating Microservices Application with IBM Cloud Private (ICP) - ICP Archite...
Creating Microservices Application with IBM Cloud Private (ICP) - ICP Archite...
PT Datacomm Diangraha
 
SysML for embedded system engineering - Academy Camp 2015
SysML for embedded system engineering - Academy Camp 2015SysML for embedded system engineering - Academy Camp 2015
SysML for embedded system engineering - Academy Camp 2015
Régis Castéran
 
A Decentralized Reference Architecture for Cloud-native Applications V2.0
A Decentralized Reference Architecture for Cloud-native Applications V2.0A Decentralized Reference Architecture for Cloud-native Applications V2.0
A Decentralized Reference Architecture for Cloud-native Applications V2.0
Asanka Abeysinghe
 
Whats new in Enterprise 5.0 Product Suite
Whats new in Enterprise 5.0 Product SuiteWhats new in Enterprise 5.0 Product Suite
Whats new in Enterprise 5.0 Product Suite
Micro Focus
 
Hitchhiker's guide to Cloud-Native Build Pipelines and Infrastructure as Code
Hitchhiker's guide to Cloud-Native Build Pipelines and Infrastructure as CodeHitchhiker's guide to Cloud-Native Build Pipelines and Infrastructure as Code
Hitchhiker's guide to Cloud-Native Build Pipelines and Infrastructure as Code
Robert van Mölken
 
Generic Vehicle Architecture – DDS at the Core.
Generic Vehicle Architecture – DDS at the Core.Generic Vehicle Architecture – DDS at the Core.
Generic Vehicle Architecture – DDS at the Core.
Real-Time Innovations (RTI)
 
Vblock Infrastructure Packages — integrated best-of-breed packages from VMwar...
Vblock Infrastructure Packages — integrated best-of-breed packages from VMwar...Vblock Infrastructure Packages — integrated best-of-breed packages from VMwar...
Vblock Infrastructure Packages — integrated best-of-breed packages from VMwar...
Eric Sloof
 
DoD Architecture Framework Overview
DoD Architecture Framework OverviewDoD Architecture Framework Overview
DoD Architecture Framework Overview
Alessio Mosto
 
Cisco project ideas
Cisco project ideasCisco project ideas
Cisco project ideas
VIT University
 

Similar to Citadel Platform Architecture (20)

Advanced tech module - state monitoring
Advanced tech module - state monitoringAdvanced tech module - state monitoring
Advanced tech module - state monitoring
 
CIE_overview
CIE_overviewCIE_overview
CIE_overview
 
SLTS kernel and base-layer development in the Civil Infrastructure Platform
SLTS kernel and base-layer development in the Civil Infrastructure PlatformSLTS kernel and base-layer development in the Civil Infrastructure Platform
SLTS kernel and base-layer development in the Civil Infrastructure Platform
 
Update CMDB Using Discovery Topology (BMC ADDM)
Update CMDB Using Discovery Topology (BMC ADDM) Update CMDB Using Discovery Topology (BMC ADDM)
Update CMDB Using Discovery Topology (BMC ADDM)
 
Mils architectural approach
Mils architectural approachMils architectural approach
Mils architectural approach
 
Applying Linux to the Civil Infrastructure
Applying Linux to the Civil InfrastructureApplying Linux to the Civil Infrastructure
Applying Linux to the Civil Infrastructure
 
avionics-architectures1.ppt
avionics-architectures1.pptavionics-architectures1.ppt
avionics-architectures1.ppt
 
Enhancement of ARINC 653 for Multi-core Hardware.pptx
Enhancement of ARINC 653 for Multi-core Hardware.pptxEnhancement of ARINC 653 for Multi-core Hardware.pptx
Enhancement of ARINC 653 for Multi-core Hardware.pptx
 
Michael_Joshua_Validation
Michael_Joshua_ValidationMichael_Joshua_Validation
Michael_Joshua_Validation
 
Introduction to citadel
Introduction to citadelIntroduction to citadel
Introduction to citadel
 
Learn About the FACE Standard for Avionics Software and a Ready-to-Go COTS Pl...
Learn About the FACE Standard for Avionics Software and a Ready-to-Go COTS Pl...Learn About the FACE Standard for Avionics Software and a Ready-to-Go COTS Pl...
Learn About the FACE Standard for Avionics Software and a Ready-to-Go COTS Pl...
 
Creating Microservices Application with IBM Cloud Private (ICP) - ICP Archite...
Creating Microservices Application with IBM Cloud Private (ICP) - ICP Archite...Creating Microservices Application with IBM Cloud Private (ICP) - ICP Archite...
Creating Microservices Application with IBM Cloud Private (ICP) - ICP Archite...
 
SysML for embedded system engineering - Academy Camp 2015
SysML for embedded system engineering - Academy Camp 2015SysML for embedded system engineering - Academy Camp 2015
SysML for embedded system engineering - Academy Camp 2015
 
A Decentralized Reference Architecture for Cloud-native Applications V2.0
A Decentralized Reference Architecture for Cloud-native Applications V2.0A Decentralized Reference Architecture for Cloud-native Applications V2.0
A Decentralized Reference Architecture for Cloud-native Applications V2.0
 
Whats new in Enterprise 5.0 Product Suite
Whats new in Enterprise 5.0 Product SuiteWhats new in Enterprise 5.0 Product Suite
Whats new in Enterprise 5.0 Product Suite
 
Hitchhiker's guide to Cloud-Native Build Pipelines and Infrastructure as Code
Hitchhiker's guide to Cloud-Native Build Pipelines and Infrastructure as CodeHitchhiker's guide to Cloud-Native Build Pipelines and Infrastructure as Code
Hitchhiker's guide to Cloud-Native Build Pipelines and Infrastructure as Code
 
Generic Vehicle Architecture – DDS at the Core.
Generic Vehicle Architecture – DDS at the Core.Generic Vehicle Architecture – DDS at the Core.
Generic Vehicle Architecture – DDS at the Core.
 
Vblock Infrastructure Packages — integrated best-of-breed packages from VMwar...
Vblock Infrastructure Packages — integrated best-of-breed packages from VMwar...Vblock Infrastructure Packages — integrated best-of-breed packages from VMwar...
Vblock Infrastructure Packages — integrated best-of-breed packages from VMwar...
 
DoD Architecture Framework Overview
DoD Architecture Framework OverviewDoD Architecture Framework Overview
DoD Architecture Framework Overview
 
Cisco project ideas
Cisco project ideasCisco project ideas
Cisco project ideas
 

More from RamnGonzlezRuiz2

Certification readiness strategy
Certification readiness strategyCertification readiness strategy
Certification readiness strategy
RamnGonzlezRuiz2
 
Citadel training on context awareness solution
Citadel training on context awareness solutionCitadel training on context awareness solution
Citadel training on context awareness solution
RamnGonzlezRuiz2
 
Assurance Cases
Assurance CasesAssurance Cases
Assurance Cases
RamnGonzlezRuiz2
 
CITADEL configuration and reconfiguration synthesis
CITADEL configuration and reconfiguration synthesisCITADEL configuration and reconfiguration synthesis
CITADEL configuration and reconfiguration synthesis
RamnGonzlezRuiz2
 
Adaptive MILS Evidential Tool Bus
Adaptive MILS Evidential Tool BusAdaptive MILS Evidential Tool Bus
Adaptive MILS Evidential Tool Bus
RamnGonzlezRuiz2
 
Configuring monitoring
Configuring monitoringConfiguring monitoring
Configuring monitoring
RamnGonzlezRuiz2
 
Communications monitoring
Communications monitoringCommunications monitoring
Communications monitoring
RamnGonzlezRuiz2
 
State monitoring configuration
State monitoring configurationState monitoring configuration
State monitoring configuration
RamnGonzlezRuiz2
 
Software Modeling and Verification
Software Modeling and VerificationSoftware Modeling and Verification
Software Modeling and Verification
RamnGonzlezRuiz2
 
Modeling, Specification and Verification Tools
Modeling, Specification and Verification ToolsModeling, Specification and Verification Tools
Modeling, Specification and Verification Tools
RamnGonzlezRuiz2
 
Model based adaptation training
Model based adaptation trainingModel based adaptation training
Model based adaptation training
RamnGonzlezRuiz2
 
Adaptation-Engine traning
Adaptation-Engine traningAdaptation-Engine traning
Adaptation-Engine traning
RamnGonzlezRuiz2
 

More from RamnGonzlezRuiz2 (12)

Certification readiness strategy
Certification readiness strategyCertification readiness strategy
Certification readiness strategy
 
Citadel training on context awareness solution
Citadel training on context awareness solutionCitadel training on context awareness solution
Citadel training on context awareness solution
 
Assurance Cases
Assurance CasesAssurance Cases
Assurance Cases
 
CITADEL configuration and reconfiguration synthesis
CITADEL configuration and reconfiguration synthesisCITADEL configuration and reconfiguration synthesis
CITADEL configuration and reconfiguration synthesis
 
Adaptive MILS Evidential Tool Bus
Adaptive MILS Evidential Tool BusAdaptive MILS Evidential Tool Bus
Adaptive MILS Evidential Tool Bus
 
Configuring monitoring
Configuring monitoringConfiguring monitoring
Configuring monitoring
 
Communications monitoring
Communications monitoringCommunications monitoring
Communications monitoring
 
State monitoring configuration
State monitoring configurationState monitoring configuration
State monitoring configuration
 
Software Modeling and Verification
Software Modeling and VerificationSoftware Modeling and Verification
Software Modeling and Verification
 
Modeling, Specification and Verification Tools
Modeling, Specification and Verification ToolsModeling, Specification and Verification Tools
Modeling, Specification and Verification Tools
 
Model based adaptation training
Model based adaptation trainingModel based adaptation training
Model based adaptation training
 
Adaptation-Engine traning
Adaptation-Engine traningAdaptation-Engine traning
Adaptation-Engine traning
 

Recently uploaded

spirit beverages ppt without graphics.pptx
spirit beverages ppt without graphics.pptxspirit beverages ppt without graphics.pptx
spirit beverages ppt without graphics.pptx
Madan Karki
 
Casting-Defect-inSlab continuous casting.pdf
Casting-Defect-inSlab continuous casting.pdfCasting-Defect-inSlab continuous casting.pdf
Casting-Defect-inSlab continuous casting.pdf
zubairahmad848137
 
Presentation of IEEE Slovenia CIS (Computational Intelligence Society) Chapte...
Presentation of IEEE Slovenia CIS (Computational Intelligence Society) Chapte...Presentation of IEEE Slovenia CIS (Computational Intelligence Society) Chapte...
Presentation of IEEE Slovenia CIS (Computational Intelligence Society) Chapte...
University of Maribor
 
Textile Chemical Processing and Dyeing.pdf
Textile Chemical Processing and Dyeing.pdfTextile Chemical Processing and Dyeing.pdf
Textile Chemical Processing and Dyeing.pdf
NazakatAliKhoso2
 
Properties Railway Sleepers and Test.pptx
Properties Railway Sleepers and Test.pptxProperties Railway Sleepers and Test.pptx
Properties Railway Sleepers and Test.pptx
MDSABBIROJJAMANPAYEL
 
CSM Cloud Service Management Presentarion
CSM Cloud Service Management PresentarionCSM Cloud Service Management Presentarion
CSM Cloud Service Management Presentarion
rpskprasana
 
Engineering Drawings Lecture Detail Drawings 2014.pdf
Engineering Drawings Lecture Detail Drawings 2014.pdfEngineering Drawings Lecture Detail Drawings 2014.pdf
Engineering Drawings Lecture Detail Drawings 2014.pdf
abbyasa1014
 
A SYSTEMATIC RISK ASSESSMENT APPROACH FOR SECURING THE SMART IRRIGATION SYSTEMS
A SYSTEMATIC RISK ASSESSMENT APPROACH FOR SECURING THE SMART IRRIGATION SYSTEMSA SYSTEMATIC RISK ASSESSMENT APPROACH FOR SECURING THE SMART IRRIGATION SYSTEMS
A SYSTEMATIC RISK ASSESSMENT APPROACH FOR SECURING THE SMART IRRIGATION SYSTEMS
IJNSA Journal
 
Harnessing WebAssembly for Real-time Stateless Streaming Pipelines
Harnessing WebAssembly for Real-time Stateless Streaming PipelinesHarnessing WebAssembly for Real-time Stateless Streaming Pipelines
Harnessing WebAssembly for Real-time Stateless Streaming Pipelines
Christina Lin
 
学校原版美国波士顿大学毕业证学历学位证书原版一模一样
学校原版美国波士顿大学毕业证学历学位证书原版一模一样学校原版美国波士顿大学毕业证学历学位证书原版一模一样
学校原版美国波士顿大学毕业证学历学位证书原版一模一样
171ticu
 
Understanding Inductive Bias in Machine Learning
Understanding Inductive Bias in Machine LearningUnderstanding Inductive Bias in Machine Learning
Understanding Inductive Bias in Machine Learning
SUTEJAS
 
Eric Nizeyimana's document 2006 from gicumbi to ttc nyamata handball play
Eric Nizeyimana's document 2006 from gicumbi to ttc nyamata handball playEric Nizeyimana's document 2006 from gicumbi to ttc nyamata handball play
Eric Nizeyimana's document 2006 from gicumbi to ttc nyamata handball play
enizeyimana36
 
Redefining brain tumor segmentation: a cutting-edge convolutional neural netw...
Redefining brain tumor segmentation: a cutting-edge convolutional neural netw...Redefining brain tumor segmentation: a cutting-edge convolutional neural netw...
Redefining brain tumor segmentation: a cutting-edge convolutional neural netw...
IJECEIAES
 
Recycled Concrete Aggregate in Construction Part II
Recycled Concrete Aggregate in Construction Part IIRecycled Concrete Aggregate in Construction Part II
Recycled Concrete Aggregate in Construction Part II
Aditya Rajan Patra
 
basic-wireline-operations-course-mahmoud-f-radwan.pdf
basic-wireline-operations-course-mahmoud-f-radwan.pdfbasic-wireline-operations-course-mahmoud-f-radwan.pdf
basic-wireline-operations-course-mahmoud-f-radwan.pdf
NidhalKahouli2
 
Question paper of renewable energy sources
Question paper of renewable energy sourcesQuestion paper of renewable energy sources
Question paper of renewable energy sources
mahammadsalmanmech
 
Unit-III-ELECTROCHEMICAL STORAGE DEVICES.ppt
Unit-III-ELECTROCHEMICAL STORAGE DEVICES.pptUnit-III-ELECTROCHEMICAL STORAGE DEVICES.ppt
Unit-III-ELECTROCHEMICAL STORAGE DEVICES.ppt
KrishnaveniKrishnara1
 
DEEP LEARNING FOR SMART GRID INTRUSION DETECTION: A HYBRID CNN-LSTM-BASED MODEL
DEEP LEARNING FOR SMART GRID INTRUSION DETECTION: A HYBRID CNN-LSTM-BASED MODELDEEP LEARNING FOR SMART GRID INTRUSION DETECTION: A HYBRID CNN-LSTM-BASED MODEL
DEEP LEARNING FOR SMART GRID INTRUSION DETECTION: A HYBRID CNN-LSTM-BASED MODEL
gerogepatton
 
Manufacturing Process of molasses based distillery ppt.pptx
Manufacturing Process of molasses based distillery ppt.pptxManufacturing Process of molasses based distillery ppt.pptx
Manufacturing Process of molasses based distillery ppt.pptx
Madan Karki
 
Advanced control scheme of doubly fed induction generator for wind turbine us...
Advanced control scheme of doubly fed induction generator for wind turbine us...Advanced control scheme of doubly fed induction generator for wind turbine us...
Advanced control scheme of doubly fed induction generator for wind turbine us...
IJECEIAES
 

Recently uploaded (20)

spirit beverages ppt without graphics.pptx
spirit beverages ppt without graphics.pptxspirit beverages ppt without graphics.pptx
spirit beverages ppt without graphics.pptx
 
Casting-Defect-inSlab continuous casting.pdf
Casting-Defect-inSlab continuous casting.pdfCasting-Defect-inSlab continuous casting.pdf
Casting-Defect-inSlab continuous casting.pdf
 
Presentation of IEEE Slovenia CIS (Computational Intelligence Society) Chapte...
Presentation of IEEE Slovenia CIS (Computational Intelligence Society) Chapte...Presentation of IEEE Slovenia CIS (Computational Intelligence Society) Chapte...
Presentation of IEEE Slovenia CIS (Computational Intelligence Society) Chapte...
 
Textile Chemical Processing and Dyeing.pdf
Textile Chemical Processing and Dyeing.pdfTextile Chemical Processing and Dyeing.pdf
Textile Chemical Processing and Dyeing.pdf
 
Properties Railway Sleepers and Test.pptx
Properties Railway Sleepers and Test.pptxProperties Railway Sleepers and Test.pptx
Properties Railway Sleepers and Test.pptx
 
CSM Cloud Service Management Presentarion
CSM Cloud Service Management PresentarionCSM Cloud Service Management Presentarion
CSM Cloud Service Management Presentarion
 
Engineering Drawings Lecture Detail Drawings 2014.pdf
Engineering Drawings Lecture Detail Drawings 2014.pdfEngineering Drawings Lecture Detail Drawings 2014.pdf
Engineering Drawings Lecture Detail Drawings 2014.pdf
 
A SYSTEMATIC RISK ASSESSMENT APPROACH FOR SECURING THE SMART IRRIGATION SYSTEMS
A SYSTEMATIC RISK ASSESSMENT APPROACH FOR SECURING THE SMART IRRIGATION SYSTEMSA SYSTEMATIC RISK ASSESSMENT APPROACH FOR SECURING THE SMART IRRIGATION SYSTEMS
A SYSTEMATIC RISK ASSESSMENT APPROACH FOR SECURING THE SMART IRRIGATION SYSTEMS
 
Harnessing WebAssembly for Real-time Stateless Streaming Pipelines
Harnessing WebAssembly for Real-time Stateless Streaming PipelinesHarnessing WebAssembly for Real-time Stateless Streaming Pipelines
Harnessing WebAssembly for Real-time Stateless Streaming Pipelines
 
学校原版美国波士顿大学毕业证学历学位证书原版一模一样
学校原版美国波士顿大学毕业证学历学位证书原版一模一样学校原版美国波士顿大学毕业证学历学位证书原版一模一样
学校原版美国波士顿大学毕业证学历学位证书原版一模一样
 
Understanding Inductive Bias in Machine Learning
Understanding Inductive Bias in Machine LearningUnderstanding Inductive Bias in Machine Learning
Understanding Inductive Bias in Machine Learning
 
Eric Nizeyimana's document 2006 from gicumbi to ttc nyamata handball play
Eric Nizeyimana's document 2006 from gicumbi to ttc nyamata handball playEric Nizeyimana's document 2006 from gicumbi to ttc nyamata handball play
Eric Nizeyimana's document 2006 from gicumbi to ttc nyamata handball play
 
Redefining brain tumor segmentation: a cutting-edge convolutional neural netw...
Redefining brain tumor segmentation: a cutting-edge convolutional neural netw...Redefining brain tumor segmentation: a cutting-edge convolutional neural netw...
Redefining brain tumor segmentation: a cutting-edge convolutional neural netw...
 
Recycled Concrete Aggregate in Construction Part II
Recycled Concrete Aggregate in Construction Part IIRecycled Concrete Aggregate in Construction Part II
Recycled Concrete Aggregate in Construction Part II
 
basic-wireline-operations-course-mahmoud-f-radwan.pdf
basic-wireline-operations-course-mahmoud-f-radwan.pdfbasic-wireline-operations-course-mahmoud-f-radwan.pdf
basic-wireline-operations-course-mahmoud-f-radwan.pdf
 
Question paper of renewable energy sources
Question paper of renewable energy sourcesQuestion paper of renewable energy sources
Question paper of renewable energy sources
 
Unit-III-ELECTROCHEMICAL STORAGE DEVICES.ppt
Unit-III-ELECTROCHEMICAL STORAGE DEVICES.pptUnit-III-ELECTROCHEMICAL STORAGE DEVICES.ppt
Unit-III-ELECTROCHEMICAL STORAGE DEVICES.ppt
 
DEEP LEARNING FOR SMART GRID INTRUSION DETECTION: A HYBRID CNN-LSTM-BASED MODEL
DEEP LEARNING FOR SMART GRID INTRUSION DETECTION: A HYBRID CNN-LSTM-BASED MODELDEEP LEARNING FOR SMART GRID INTRUSION DETECTION: A HYBRID CNN-LSTM-BASED MODEL
DEEP LEARNING FOR SMART GRID INTRUSION DETECTION: A HYBRID CNN-LSTM-BASED MODEL
 
Manufacturing Process of molasses based distillery ppt.pptx
Manufacturing Process of molasses based distillery ppt.pptxManufacturing Process of molasses based distillery ppt.pptx
Manufacturing Process of molasses based distillery ppt.pptx
 
Advanced control scheme of doubly fed induction generator for wind turbine us...
Advanced control scheme of doubly fed induction generator for wind turbine us...Advanced control scheme of doubly fed induction generator for wind turbine us...
Advanced control scheme of doubly fed induction generator for wind turbine us...
 

Citadel Platform Architecture

  • 1. CITADEL Platform Architecture The Open Group Training - Context - CITADEL platform architecture 1
  • 2. Top-level architecture of an adaptive CITADEL system The Open Group Training - Context - CITADEL platform architecture 2 Concept of operation of the CITADEL platform
  • 3. CITADEL Adaptive MILS Framework  Key elements  Dynamic Distributed MILS platform ● Dynamic MILS platform with deterministic networking ● Mechanisms for dynamic reconfiguration and configuration introspection  Declarative dynamic architecture modeling and verification ● Language to describe reconfigurable systems architecture, component models, failure models and fault propagation ● Theory and framework for dynamic reconfiguration ● Theory and framework for adaptation ● Language to express critical properties to be verified ● Compositional verification framework  Monitoring, Adaptation, Configuration, & Certification Assurance Planes  Assurance-based security evaluation methodology and runtime mechanisms for just-in-time certification of adaptive systems The Open Group Training - Context - CITADEL platform architecture 3
  • 4. CITADEL property spec language Language translation Dynamic Separation kernel Dynamic TTEthernet Configuration Change Monitor Adaptive MILS Evidential Tool Bus Static Config Tools Configuration Change Agent Dynamic MILS Platform CITADEL modeling language Offline Verification Framework Runtime Monitoring plug-in framework Offline Configuration Synthesis Online config’n synth Adaptive MILS Runtime Adaptation System Monitoring System Online Verification Framework Dynamic MNS Certification Assurance Artefact Repository Config Dynamic Config’n Primitives Config Chg Policy Adaptive MILS Evidential Tool Bus CITADEL MILS Platform with Adaptation The Open Group Training - Context - CITADEL platform architecture 4
  • 5. Top-level architecture of an adaptive CITADEL system The Open Group Training - Context - CITADEL platform architecture 5 The Planes of the CITADEL Framework
  • 6. The Open Group Training - Context - CITADEL platform architecture 6 Planes of the CITADEL Framework Separation Kernel FOUNDATIONAL PLANE OPERATIONAL PLANE(S) MONITORING PLANE / FW MFS MNS MEA MCS Fault Diagnoser COMMSTATE RESOURCE P 1 P 2 P 3 P 5 P 4 MILS Platform MILS Platform CONFIGURATION ADAPTATIONPLANE(S) Target Config (RE-)CONFIGURATIONPLANE Config Cmds Config Cmds Config Cmds FDI Exceptions Exceptions Exceptions Exceptions Introspection Observations & Events Certification Assurance Artifact
  • 7. Schematic of CITADEL Framework Plane interactions and system Model The Open Group Training - Context - CITADEL platform architecture 7 The central formal artifact is the system model The CITADEL Framework uses the system model for various purposes Parametrized architecture Properties Reconfiguration transitions Certification Assurance Plane Model Operational Plane (dynamic application) Foundational Plane (dynamic platform) Analysis tools Engineer represents specifies is used by Monitoring Plane Configuration Plane Adaptation Plane FBK Software Modeling and Verification 13 Detailed training on each of the CITADEL Framework planes are provided in the respective CITADEL training modules.
  • 8. Introduction to the CITADEL components The Open Group Training - Context - CITADEL platform architecture 8 The Operational Plane(s)
  • 9. MILS Policy Architecture: “Boxes and Arrows Diagram” Showing System Decomposition C2 C4C1 C3 C5 Circles represent subjects or objects Arrows represent information flow Trusted Subject Represents logical structure abstracted from physical resources “Boxes” represent logical or physical resources Untrusted Subjects The Open Group Training - Context - CITADEL platform architecture 9
  • 10. MILS Platform – Provides Straightforward Realisation of Policy Architecture Architecture Realisation SK, with other MILS foundational components, form the MILS Platform allowing operational components to share physical resources while enforcing Isolation and Information Flow Control Validity of the architecture assumes that the only interactions of the circles (operational components) is through the arrows depicted in the diagram R 1 R 2 R 3 R 5 R 4 MILS Platform The Open Group Training - Context - CITADEL platform architecture 10
  • 11. Policy Architecture with Isolated Subsystems R 1 R 2 MILS Platform R 3 R 5 R 4 Q 2 Q 5 R 3Q1 R 4 The Open Group Training - Context - CITADEL platform architecture 11
  • 12. MILS Platform Q 2 Q 5 R 4 The Open Group Training - Context - CITADEL platform architecture 12 Isolated Subsystems as Distinct “Operational” Planes R 1 R 2 R 3 R 5 R 4 Q 2 Q 5 R 3Q1 R 4 MILS PlatformOPERATIONAL PLANE R 1 R 2 R 3 R 4 R 5 MILS PlatformOPERATIONAL PLANE Q1 R 3 The two disconnected components of this policy architecture represent distinct subsystems or applications … … and may be thought of as distinct operational planes. … and may be considered as distinct operational planes. Planes can be used as a convenient organisational principle to facilitate conceptual understanding or graphical representation of complex systems
  • 13. Introduction to the CITADEL components The Open Group Training - Context - CITADEL platform architecture 13 The Foundational Plane
  • 14. Foundational Plane: the MILS Platform definition  The minimal MILS platform is a separation kernel  The separation kernel idea was introduced by Rushby in 1981, and subsequently elaborated in the Separation Kernel Protection Profile (SKPP)  A separation kernel includes all of the hardware, firmware and software that are required to satisfy the SKPP  A MILS platform consists of a separation kernel plus zero or more of the other MILS foundational components  The MILS platform is defined by the MILS Platform Protection Profile (MPPP)  Each MILS foundational component includes all of the hardware, firmware and software required to satisfy its PP 14The Open Group Training - Context - CITADEL platform architecture 14
  • 15. The MILS Platform: Components A MILS separation kernel (SK) is the base component of the MILS platform Provides shared use of processor resources, memory, and device I/O spaces Making these available in the form of “exported resources” While permitting only explicitly permitted information flow among exported resources The SK is the combination of the physical resources represented by the hardware, and the firmware and software that is used to manage it securely Additional MILS foundational components compose with the SK and each other Each providing shared use of another kind of physical resource Making these available as additional types of exported resources Also managing information flow among the created resource abstractions Each foundational component is the combination of physical resources represented by hardware, firmware, and software. MILS Network System (MNS), MILS Console System (MCS), MILS File System (MFS), MILS Extended Attributes (MEA), MILS Audit System (MAS) These foundational components combine to seamlessly provide a diverse collection of exported resources from which systems may be constructed. The Open Group Training - Context - CITADEL platform architecture 15
  • 16. The MILS Platform: a Composition of Foundational (resource-sharing) Components SW HW SW MP SW HW SW HW SK (MSK) Network (MNS) Console (MCS) File (MFS)     Exported Resources  Additive Composition Extended Attributes (MEA) Audit (MAS) SW HW SW MP additive compositionality – e.g., a Partitioning Kernel  Partitioning Net = Partitioning (Kernel + Net) MP = MILS Platform  The Open Group Training - Context - CITADEL platform architecture 16
  • 17. The Distributed MILS Platform SW HW SW HW SK MNS MCS   Exported Resources  Additive Composition SW HW additive compositionality property – e.g., a Partitioning kernel  Partitioning network system = Partitioning (kernel + network system) MNS = MILS Network System MCS = MILS Console System Console for some AppsDistributed MILS nodes The minimal MILS platform is SK alone. The Distributed MILS Project (EC FP7) implemented Distributed MILS nodes with SK and MILS Network System (MNS) (MNS) using Time-Triggered Ethernet, and one of the D-MILS demonstrators implemented a special-purpose MILS Console System (MCS). CITADEL implements a new MNS using Time-Sensitive Networking (TSN) with a new SK. An updated version of the D-MILS MCS was developed for CITADEL. The Open Group Training - Context - CITADEL platform architecture 17 Min
  • 18. The MILS Platform: Assurance Ambitions Security assurance requirements as found in MPPP, SKPP, MNSPP, and MCSPP  Formal specification and verification required to achieve a high Evaluation Assurance Level (EAL) according to the International Common Criteria Additional MILS-specific assurance requirements  Explicit assurance case, formal specification encouraged in PP/ST (Security Target) Compositional assurance  Composability of components assured by separation kernel functions/properties  Additive compositionality of components implies ● MSK + foundational component acts as a separation kernel with added resource type ● Configuration-time cross-component configuration data coordination ● Initialization-time sequencing of component initialization ● Runtime independence of physical resource managing components ● MSK provides global resource identifiers for all exported resources ● Simple dependence by MILS Extended Attributes on memory and file storage to provide a binding of extended attributes to exported resources of other foundational components Abstract specification of platform components must be satisfied by refined component specifications in component PPs and STs  Consistency and proper refinement demonstrated when PPs and STs are evaluated  Internal consistency and well-formedness of specs checked in each document The Open Group Training - Context - CITADEL platform architecture 18
  • 19. The MILS Platform (MP) Assurance Case Compose assurance cases using Assume-Guarantee Reasoning Assumptions of the MP assurance case are obligations on the MSK, MNS and MCS components’ assurance cases Assured Claims from component assurance cases become evidence for MP assurance case MP Claims Sub-case Sub-case Sub-case Inference rule Inference rule MILS Platform Assurance Argument MSK Claims MNS Claims MCS Claims Inference rule Inference rule Inference rule Inference rule Inference rule Inference rule MSK Assurance Argument MNS Assurance Argument MCS Assurance Argument Assume GuaranteeGuarantee The Open Group Training - Context - CITADEL platform architecture 19 Evidence Evidence Evidence
  • 20. Introduction to the CITADEL components The Open Group Training - Context - CITADEL platform architecture 20 The Configuration Plane
  • 21.  In the CITADEL framework, the configuration plane (XP), plays an executive role which is to reconfigure the Adaptive MILS system.  Reconfiguration performed by XP covers mainly:  The MILS policy architecture: ● subjects, ● communication between subjects, and ● the deployment of subjects.  The MILS monitoring system: ● monitor applications, and ● monitoring virtual sensors.  To achieve reconfiguration, XP interacts with other planes of the CITADEL framework, namely the Adaptation Plane (AP), the Monitoring Plane (MP), the Operational Plane (OP) and the Foundational Plane (FP) as shown in the next slide. (Re-)Configuration Plane (XP) The Open Group Training - Context - CITADEL platform architecture 21
  • 22. XP Interactions with other planes 22 Adaptation Plane (AP) 1- target configurationnotification 2- reconfiguration step notification 2- reconfiguration step notification Foundational (FP)/Operational Planes (OP) … Reconfiguration Plane (XP) Monitoring Plane (MP) Node 1 S1 Si … TSN Net. PikeOS Node M Si+1 SN … PikeOS 1. XP receives a target configuration from AP, i.e. the new system configuration to reach. 2. Based on that, XP issues reconfiguration commands to reconfigure MP and OP. 3. XP always expects a notification back from the reconfigured planes. Training - Context - CITADEL platform architecture 4. Notification back to AP. The Open Group 22
  • 23. Reconfiguration operation: overview 23 Configuration Plane Operational/Foundational Planes Curent intermediate Configuration Target intermediate Configuration … Intermediate Abstract Configurations Current Concrete Configuration … Small Step Small Steps Primitive Primitives Target Concrete Configuration …Primitives Current Architecture (SLIM Model + Parameter Vector1) Adaptation Plane Target Architecture (SLIM Model + Parameter Vector2) Big Step XP proceeds by refining a high-level reconfiguration objective (big step) into an intermediate plan (small steps) then into low-level primitives. Training - Context - CITADEL platform architectureThe Open Group 23
  • 24.  The Configuration plane is designed as a back-end and a front-end  The back-end ● encompasses the Reconfiguration Planner and the Reconfiguration State Controller  The front-end ● consists of multiple instances of Configuration Change Agents XP Overall design The Open Group Training - Context - CITADEL platform architecture 24
  • 25. Deployment of new configuration by the XP The Open Group Training - Context - CITADEL platform architecture 25 reconfiguration commands Foundational (FP)/Operational Planes (OP) … XP back-end Node 1 S1 Si … TSN Net. PikeOS Node M Si+1 SN … PikeOS Planner Controller Reconfig. planNotification XP front -end XP front -end Notification Notification  The XP back-end is to be deployed on the same node as the other CITADEL framework components. It is deployed as a partition on PikeOS.  The front-end is deployed on the different nodes of the distributed MILS Platform. Each node of the system hosts an XP front-end Configuration Change Agent (CCA).
  • 26. Introduction to the CITADEL components The Open Group Training - Context - CITADEL platform architecture 26 The Monitoring Plane
  • 27.  Monitors components in the Operational Plane and resources in the Foundational Plane, and generates alarms when it detects specified patterns, and reports to the Adaptation Plane  Monitors may be derived form the architectural model properties and other security policy specifications  CITADEL MP performs both Network and State monitoring  Network monitoring extracts and analyses message features  Strategies: signatures, white-box, learning, feature-binning  State monitoring is based on the flexible and extensible Kaspersky Security System (KSS), which provides a framework for the construction of monitoring applications and the virtual sensors they need to detect network and state events and changes  Allows specification of security and monitoring policies distinct from the monitoring implementation and applications Monitoring Plane (MP) The Open Group Training - Context - CITADEL platform architecture 27
  • 28. Architectural Design Pattern of the Kaspersky Security System The Open Group Training - Context - CITADEL platform architecture 28 Detached Security System Architectural Design Kaspersky Lab UK Training – Advanced Technical Module – State Monitoring
  • 29.  The KSS architecture and its framework are designed to provide support for diverse security policies, including monitoring policies  The specification framework consists of ● a set of policy templates for the security server ● interface definition language (IDL) ● component definition language (CDL) ● entity definition language (EDL) ● security specification language (CFG) ● toolchain to translate CFG specification into executable code Monitoring Specification The Open Group Training - Context - CITADEL platform architecture 29
  • 30. KSS: Policy Definition Framework The Open Group Training - Context - CITADEL platform architecture 30 KSS: Policy Definition Framework
  • 31. Multilayer security configuration The Open Group Training - Context - CITADEL platform architecture 31 Multilayer security configuration
  • 32. Implementation Example The Open Group Training - Context - CITADEL platform architecture 32 Implementation Example
  • 33. Implementation scheme for CITADEL state monitoring The Open Group Training - Context - CITADEL platform architecture 33Kaspersky Lab UK Training – Advanced Technical Module – State Monitoring 37 Implementation Scheme
  • 34. Introduction to the CITADEL components The Open Group Training - Context - CITADEL platform architecture 34 The Adaptation Plane
  • 35.  Adaptation Engine is the core component of the AP  Evaluator is a helper component that performs model-based reasoning to find the next architectural configuration  Context Awareness provides a display of current context on the MILS Console System The Adaptation Plane (AP) The Open Group Training - Context - CITADEL platform architecture 35
  • 36. Adaptation Plane architecture The Open Group Training - Context - CITADEL platform architecture 36
  • 37. Adaptation plane components and their inputs The Open Group Training - Context - CITADEL platform architecture 37
  • 38. Handling of alarms/commands by the Adaptation Engine The Open Group Training - Context - CITADEL platform architecture 38
  • 39. Introduction to the CITADEL components The Open Group Training - Context - CITADEL platform architecture 39 The Certification Assurance Plane
  • 40.  Certification is a judgment that a system is adequately safe/secure/whatever for a given application in a given environment  Should be based on explicit credible evidence  Should be systematic and repeatable  CP builds a “Certification Assurance Artifact” that can be presented on demand to a certification authority  Adaptive MILS Evidential Tool Bus (AM-ETB) is a subsystem that automates the building and maintenance of an assurance case for the current configuration of the system The Certification Assurance Plane (CP) The Open Group Training - Context - CITADEL platform architecture 40
  • 41.  Assurance case patterns are instantiated to create a concrete assurance case  Patterns may be added to the library  Components in patterns may be modified, added or deleted  Patterns developed for CITADEL represent the top-level claims of the system, the Adaptive MILS planes, and the operational plane Modular Assurance Cases The Open Group Training - Context - CITADEL platform architecture 41
  • 42. Top-level Adaptive MILS argument The Open Group Training - Context - CITADEL platform architecture 42
  • 43. Assurance case argument pattern structure The Open Group Training - Context - CITADEL platform architecture 43
  • 44.  instantiation of AC patterns  develop/instantiate recursively the pattern goals for given parameters (system model and properties, tools)  produce a flat assurance case  track errors  when evidence nodes are encountered trigger evidence (re-)construction and (re- )validation AM-ETB Core Workflow The Open Group Training - Context - CITADEL44
  • 45. AC Pattern Instantiation: Example {P} is safe {P} is deadlock-free foreach standard {X} in iso- xxx, iso-yyy {P} conforms to {X} {X} certificate for {P} S2S1 Policy architecture « A » {P} is deadlock-free foreach subject {S} of {P} {P} composition is deadlock-free {S} is deadlock-free Proof-of- deadlock- freedom {S} Deadlock-free composition {P} Top (main) AC pattern The Open Group Training - Context - CITADEL45
  • 46. AC Pattern Instantiation: Example {P} is safe {P} is deadlock-free foreach standard {X} in iso- xxx, iso-yyy {P} conforms to {X} {X} certificate for {P} S2S1 Policy architecture « A » A is safe A is deadlock-free foreach standard A conforms to iso- xxx A certificate for iso-xxx A conforms to iso- yyy A certificate for iso-yyy Pattern « call » needing to be further instantiated… The Open Group Training - Context - CITADEL46
  • 47. The Open Group Training - Context - CITADEL 47 AC Pattern Instantiation: Example {P} is deadlock-free foreach subject {S} of {P} {P} composition is deadlock-free {S} is deadlock-free Proof-of- deadlock- freedom {S} Deadlock-free composition {P} S2S1 Policy architecture « A » A is deadlock-free foreach subject S of A A composition is deadlock-free S1 is deadlock-free Proof-of- deadlock- freedom S1 Deadlock-free composition of A S2 is deadlock-free Proof-of- deadlock- freedom S2
  • 48. The Open Group Training - Context - CITADEL 48 AC Pattern Instantiation: Example A is deadlock-free foreach subject S of A A composition is deadlock-free S1 is deadlock-free Proof-of- deadlock- freedom S1 Deadlock-free composition of A S2 is deadlock-free Proof-of- deadlock- freedom S2 S2S1 Policy architecture « A » A is safe A is deadlock-free foreach standard A conforms to iso- xxx A certificate for iso-xxx A conforms to iso- yyy A certificate for iso-yyy Assurance Case for « A » Current implementation available at svn/Tech-Notes/ETB1/code/v1/
  • 49.  Assurance cases for static MILS  Modular presentation of argumentation and evidence for system properties  Structured according to system model  Dynamic assurance cases for the Adaptive MILS Framework  Patterns to cover dynamic architectures  Just-in-time assurance case update for new configuration  “Certifier-in-the-Box” – must successfully create an assurance case for the next configuration The Open Group Training - Context - CITADEL platform architecture 49 MILS Assurance Cases