Skip to main content Skip to main navigation



Secure European virtualisation for trustworthy applications in critical domains

  • Duration:

The mission of the EURO-MILS project is to develop a solution for virtualization of heterogeneous resources and provide strong guarantees for isolation of resources by means of Common Criteria certification with usage of formal methods.

Based on embedded systems, cyber-physical networks are part of our society, and gain wider spread and importance. Next generations of aircraft and cars will be tightly interconnected with each other, with the internet, and other infrastructures. The same holds for many industries and areas of our life such as healthcare, energy, finance, and mobile. Non-secured network devices can be hacked and exploited to affect their functionality, change control, or steal specific information. In order to provide secure and safe trustworthiness and exclude devastating, unauthorized use of critical systems, to control access in an organized and certifiable fashion, the EURO-MILS project is introducing into the European trustworthy ICT landscape a verified and design-validated MILS platform: a small virtualization platform that offers the secure decomposition of complex embedded systems into independent components.

As the aim is ambitious, our work is put onto very strong foundations:

  • The MILS approach in generally has already been tried and tested in the US.
  • The separation kernel to be used in the EURO-MILS project has undergone avionic certification and is deployed in commercial aircrafts.
  • EURO-MILS consortium members have high industry expertise and experience in computer-supported verification (“formal methods”) and assurance validation (“Common Criteria” certification).

To address the problem of trustworthiness, we introduce the certified MILS platform into the ecosystem of European trustworthy ICT. The EURO-MILS platform will

  • fit the technological, business, and legal environments
  • generate trust by design – the EURO-MILS platform will allow composition of complex trustworthy systems following the MILS approach
  • generate trust by high-assurance – the EURO-MILS platform will go through a computer-supported verification (“formal methods”) as well as a strong human validation (“Common Criteria” security standard certification)
  • be strongly aligned with European industrial needs and two prototypes in avionics and automotive will be co-developed to the MILS platform.

Multiple Independent Levels of Security (MILS) is a high-assurance security architecture based on the concepts of resources separation and controlled information flow. The cornerstone of the architecture and the MILS platform is a separation mechanism that encapsulates trusted and untrusted applications in compartments. It reduces mutual dependencies to communications over channels explicitly defined by policies. This key component has to be non-bypassable, evaluatable, always invoked, and tamperproof (NEAT). A powerful way to implement a MILS architecture is using embedded virtualization techniques, where multiple virtual machines can run simultaneously on the same processor. To be relevant to the objectives of the project, the embedded virtualization solution must be sufficiently safe and secure.


Technikon Forschungs- und Planungsgesellschaft mbH, SYSGO AG, Universiteit Gent, Airbus, EADS Deutschland GmbH - Innovation Works, OpenSynergy GmbH, European Aeronautic Defence and Space Company EADS France SAS, University of Paris-Sud 11 / LRI, Thales Communications & Security SA, Open Universiteit Nederland, T-Systems International GmbH, SYSGO SAS, JEMM Research SARL


EU - European Union

EU - European Union