Research and development of CITADEL project technologies will continue through May 2019. Many deliverables are confidential due to the sensitivities related to protecting Europe's Critical Infrastructures, however the following public results developed during the first half of the project are available for download:
D3.1 CITADEL Modeling and Specification Languages
This report proposes a new modeling language suitable to describe a dynamic system architecture. The language has a formal semantics to enable verification with formal methods. It supports the design of the communication among components and the monitoring of failures. Finally, it comes with a property specification language to formalize the system properties that must be ensured by the system architecture and protected from component failures such as malfunctioning or disruption of the communication network.
D3.2 CITADEL Verification Techniques and Tools
This deliverable presents the extensions developed for verification techniques and tools in order to cope with dynamic reconfigurable systems. In general, the complexity of system models is significantly increased when dynamic reconfiguration is considered. Research work in CITADEL has lead to the development of expressive modeling formalisms and original verification methods, capable of dealing with specific classes of infinite state systems and safety and security properties.
D4.3 MILS Adaptation System
This deliverable describes the interfaces and architecture of the Adaptation Plane, a subsystem of the CITADEL Framework which refines the general concept of the MILS Adaptation System. The Adaptation Plane is decomposed into four subcomponents with clearly defined functions and interfaces. Two subcomponents essential for the function of the Adaptation Plane are Adaptation Engine which, based on a table of adaptation rules, triggers the adaptation following a manual operator command or an incoming alarm which signifies departure from the nominal system behavior, and Evaluator Module which is a computational engine that synthesizes the next architectural configuration of the system. The other subcomponents are Context Awareness which identifies the current context under which the CITADEL Framework and the application are used/operated, and State Estimator which estimates internal states of the application components.
D4.4 MILS Monitoring System
This deliverable describes a monitoring system composed of a communications monitoring component and a state monitoring component that work together to detect faults and attacks on MILS platforms. Both forms of monitoring are important to detect different kinds of problems: the communications monitor analyzes network-related events, whereas the state monitor analyzes events internal to the monitored system. The use of both monitoring approaches allows a more complete view of events that affect the monitored system.
D5.1 Interfaces and workflow definition for Adaptive-MILS Evidential Tool Bus
This report proposes a preliminary design of the Adaptive-MILS Evidential Tool Bus (AM-ETB) and interfaces for integration within the CITADEL proposed workflow. The primary objective of AM- ETB is to enable the timely re-construction of assurance cases for Adaptive-MILS systems along their evolution, and therefore to support a dynamic re-evaluation and/or re-certification process. In the proposed design, AM-ETB coordinates the construction of an assurance case by using (1) assurance case patterns, that is, generic arguments and reasoning schemes for Adaptive-MILS, (2) up-to-date system models and properties, that is, faithful abstractions of the system configuration and functionality and (3) machineable evidence, that is, automatically checkable analysis and validation results obtained using dedicated tools on system models.
D5.2 Adaptive-MILS Evidential Tool Bus for tool integration and assurance
This report describes the implementation of the Adaptive-MILS Evidential Tool Bus (AM-ETB) and interfaces for integration within the CITADEL proposed workflow. The primary objective of AM-ETB is to enable the timely re-construction of assurance cases for Adaptive-MILS systems along their evolution, and therefore to support a dynamic re-evaluation and/or re-certification process.
D5.5 Methodology for Industrial Evaluation and Readiness Assessment
This report presents the methodology to monitor and evaluate the achievement of the CITADEL project objectives, by means of the three industrial demonstrators planned to be implemented in the project. In addition, it defines the means to verify that the CITADEL solutions implemented in each demonstrator meets preestablished operational objectives and levels of technological maturity.