CSIRO’s Data61 has entered a partnership with Munich-based secure hardware developer Hensoldt Cyber to provide an attack-resilient open source operating system for devices.
The partnership has been in place since April, but the two organisations decided to go public with the announcement after Hensoldt secured an unnamed client for the product in the industrial automation sector.
The two companies are on tight time line to complete their work. Hensoldt is scheduled to start delivering orders for the product next year.
Under the terms of the partnership, Hensoldt will brand and market the product. Data61 won’t be eligible for a royalty or any other ongoing financial return from sales of products based on its software development but will receive a fee-for-service payment and retain rights to use it for other applications.
Data61 Trustworthy Systems Chief Research Scientist, Professor Gernot Heiser, said the arrangement meant that the organisation received funding for work that it would have pursued in the ordinary course of operations without handcuffing it to one application.
“From CSIRO’s point of view it’s a very good deal because they are funding the development of this open source software without impacting on our rights to it and at the same time we get to see it deployed in real world mission critical products,” Prof Heiser said.
Data61 will supply the core smarts for secure system control devices built around Hensoldt processors. One or multiple devices could be used for critical control components in applications ranging from autonomous vehicles to defence hardware.
Data61 will adapt its advanced open source seL4 operating system to meet the needs of Hensoldt’s processor architecture.
“It’s the only operating system out there with provable security. We have mathematical proofs that it’s always behaving according to specifications and enforcing security. There’s nothing else out there that does that,” Prof Heiser said.
To develop software under open source software license conditions, Data61 is obliged to share its developments with the open source developer community for ongoing collaborative development.
Prof Heiser acknowledged the historical debate over whether open source software was inherently more or less secure due to the collaborative and unrestricted nature of its development conditions. However, he said that mathematical certainty of security built in to seL4 set aside from other open source projects.
“This is a unique situation in that you can show in a public reproducible way that this thing is secure. You can’t do that with any other system. Having it open source just means that people can independently confirm that,” he said.
Prof Heiser also revealed that CSIRO was close taking a prototype for a secure desktop computing application jointly developed with the Defence Science and Technology Organisation to the product stage.
The device, a cross domain desktop compositor, allows for secure access from a single terminal to multiple networks of varying classification concurrently with guaranteed isolation.
Following extensive testing in defence and government settings, Data61 has lined up a commercialisation partner to market the product to the military.