Abstract
In an increasingly interconnected world, where critical infrastructures strongly depend on software applications there is the need to rely on software with demonstrated guarantees of reliability, availability, safety and security. Above all, Operating Systems (OSs) used in critical contexts must have specific characteristics to ensure the correct functioning of software applications and to protect from accidental and malicious failures that could lead to catastrophic consequences. To ensure a secure application layer, applications must run on OSs that possess specific properties, adequate quality and high robustness.
This paper presents an OS qualification methodology, which helps designers to select an operating system (or hypervisor) suitable for being employed in a specific critical context. The methodology includes quality, safety, and security evaluations, according to the desired OS properties and the specific context of use. For each evaluation, the procedure is described through the application of different standards (e. g. ISO/IEC 25040, EN50128, ISO26262, ISO/IEC 15408, etc.), thus considering all the necessary aspects with respect to today’s technical and regulatory needs. Finally, an application of the qualifying methodology is presented, showing the safety and security evaluation of a Xen Hypervisor integrated in a railway infrastructure.
Enrico Schiavone is actually with ALSTOM Ferroviaria S.p.A.
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
References
Knight, J.C.: Safety critical systems: challenges and directions. In: Proceedings of the 24th International Conference on Software Engineering. ICSE (2002)
CEI EN 50129. Railway applications - Communication, signalling and processing systems - Safety related electronic systems for signalling (2018)
RedHat. Che cos’è l’Internet of Things (IoT)? https://www.redhat.com/it/topics/internet-of-things/what-is-iot. Accessed Aug 2021
D2.2 “State of the Art”. AMBER Assessing, Measuring, and Benchmarking Resilience (2009)
D3.4. “Assessment and analysis guidelines for Off-The-Shelf Product-based Systems Important for Safety” v04, CEMSIS - Cost Effective Modernisation of Systems Important to Safety (2004)
Connelly, S., Becht, H.: Developing a methodology for the use of COTS operating systems with safety-related software. In: Proceedings of the Australian System Safety Conference (2011)
Pierce, R.H.: Great Britain, and Health and Safety Executive. Preliminary assessment of Linux for Safety related systems (2002)
Mazzeo, G., et al.: SIL2 assessment of an active/standby COTS-based Safety-related system. Reliab. Eng. Syst. Saf. 176, 125–134 (2018)
Xen Project. Requirements. https://wiki.xenproject.org/wiki/Automotive_Requirements
ISO 25000. The ISO/IEC 25000 series of standards. https://iso25000.com/index.php/en/iso-25000-standards?limit=4&limitstart=0. Accessed Sept 2020
CEI EN 50128. Railway applications - Communication, signalling and processing systems - Software for railway control and protection systems (2020)
ISO. 26262 “Functional Safety Road Vehicles”
Troy, G.: Introduction to the Common Criteria for IT Security (ISO 15408) (1999)
Railnova. Access rolling stock data remotely. https://www.railnova.eu/remotely-access-rolling-stock-data/
Siemens. SIDOOR - Automatic door control systems for railway applications. https://new.siemens.com/global/en/products/automation/products-for-specific-requirements/sidoor-automatic-door-controls/sidoor-for-railway-applications.html
Toshiba Infrastructure Systems & Solutions Corporation. Air Conditioning System. https://www.railnova.eu/remotely-access-rolling-stock-data/. Accessed Aug 2021
Veovo. Netherlands Railways Optimizes Operations and Improves Revenue. https://veovo.com/discover/news/netherlands-railways-veovo-technology-to-improve-traveler-experience/
Hayashi, A., Ito, Y., Ishikawa, K.: East Japan railway company, “Earthquake disaster prevention and required performance of railway facilities in Japan”. In: 17th U.S.-Japan-New Zealand Workshop on the Improvement of Structural Engineering and Resilience (2018)
Stadler, J.J., Seidl, N.J.: Software failure modes and effects analysis. General Electric Healthcare (2013)
OWASP. Static Code Analysis. https://owasp.org/www-community/controls/Static_Code_Analysis
ScienceDirect. Fault Injection. https://www.sciencedirect.com/topics/computer-science/fault-injection
CESG Certification Body. Certification Report No. CRP270 Citrix XenServer 6.0.2 Platinum Edition. Issue 1.0. (2012)
National Information Assurance Partnership. Protection Profile for Virtualization (2016)
Radio Technical Commission for Aeronautics. DO-178B, Software Considerations in Airborne Systems and Equipment Certification (1992)
IEC/TR 61508. Functional safety of electrical/electronic/programmable electronic safety-related systems (2011)
ISO/IEC 25040. Systems and software engineering—Systems and software Quality Requirements and Evaluation (SQuaRE)—Evaluation process (2011)
Acknowledgments
The research described in this paper has been supported by the project MAIA “Monitoraggio Attivo dell’Infrastruttura” funded by MIUR PON 14-20 (id code ARS01_00353).
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2023 The Author(s), under exclusive license to Springer Nature Switzerland AG
About this paper
Cite this paper
Bicchierai, I., Schiavone, E., Itria, M.L., Bondavalli, A., Falai, L. (2023). A Methodology for the Qualification of Operating Systems and Hypervisors for the Deployment in IoT Devices. In: Guiochet, J., Tonetta, S., Schoitsch, E., Roy, M., Bitsch, F. (eds) Computer Safety, Reliability, and Security. SAFECOMP 2023 Workshops. SAFECOMP 2023. Lecture Notes in Computer Science, vol 14182. Springer, Cham. https://doi.org/10.1007/978-3-031-40953-0_11
Download citation
DOI: https://doi.org/10.1007/978-3-031-40953-0_11
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-031-40952-3
Online ISBN: 978-3-031-40953-0
eBook Packages: Computer ScienceComputer Science (R0)