WorkPackage 2 focus is to ensure that the security requirements of such a SoC or SiP are met all along its life from creation to field usage.
D2.1 – Security Requirements Specifications
This deliverable is confidential to the Consortium members and European Defence Agency as funder of the project.
The document defines the security objectives and requirements that shall or should be incorporated within the architecture and design of the SoC and SiP. The requirements do not cover applications using the SoC/SiP, but the security capabilities that are required to utilize the SoC/SiP in a variety of defence applications.
The requirements are a result of a process that starts with a collection of use cases. This process is related to the well-known process used in CC (Common Criteria), but since the SoC will not undergo any CC evaluation, the EXCEED process is not strictly bound to a CC Security Target Scheme. Risk analysis and threat analysis are performed in the use cases. Use cases, assets, risks and threats then form the basis for the security objectives. The security objectives create the basis for the security requirements. General security requirements not related to specific use cases are also covered in the document. In many cases these requirements will coincide with those derived from the use cases.
D2.6 – Lifecycle Management report
This deliverable is confidential to the Consortium members and European Defence Agency as funder of the project and owns a UE RESTREINT / EU RESTRICTED status. Only non-confidential / non-restricted information are provided below.
This document presents the lifecycle management needs of the SoCs integrated into the systems which are defined in the use-cases. All the phases (from the development to the end of life), roles (from the SoC developer to the end-user), according to the needs identified by the use-cases, are described. Assurance requirements are defined in order to gain confidence to development and production phases of the SoC as well as specific security-oriented requirements supporting the life cycle management of the SoC.
The life cycle management report is a complement of the D2.1 Security Requirements Specifications deliverable which is mainly oriented towards the functional security features of the SoC after delivery of the SoC to OEMs.
The deliverable details the following main objectives:
- Describe a generic life cycle, based on the state-of-the-art of the semiconductor industry
- Define the assets that should be protected during the development and the production of the SoC.
- Address vulnerabilities specific to the development and production of the SoC (including its associated tools and guidance) and define assurance requirements to mitigate them.
- Define a complement of functional requirements (towards the SoC and its associated tools in order to take into account the production of the SoC, integration of the SoC on its PCB and the development of user applications.