BSI grants German GEHEIM approval for Kernkonzept’s L4Re Secure Separation Kernel

Dresden, January 16, 2024 – The operating system L4Re Secure Separation Kernel has been approved by the German Federal Office for Information Security (BSI) for the processing of classified information up to classification level German GEHEIM.

L4Re is the first operating system solution of its kind to be approved by the BSI with this security level. Kernkonzept GmbH thus offers another important building block for IT security and digital sovereignty in Germany.

The completion of the evaluation process confirms the reliability, security, and quality of the L4Re technology, which is already used in many IT and VS security products for securely separating sensitive information, networks, or critical security functions. As a medium-sized, owner-managed company, Kernkonzept is currently the only manufacturer of VS IT solutions to have such a highly approved separation core.

“The approval of the L4Re Secure Separation Kernel marks the start of a new era for our customers, by us taking responsibility for the approval process and the associated requirements. As a particularly security-critical component in IT products, the operating system no longer has to be evaluated by our customers. This offers immense efficiency advantages – for manufacturers of VS IT products as well as for our country,” says Dr. Michael Hohmuth, Managing Director of Kernkonzept GmbH.

With the L4Re Secure Separation Kernel, manufacturers of VS products will now be able to use a separation kernel that has already been approved for German GEHEIM and thus get their products through the approval process more quickly. Previously, there was no other approved separation kernel, which is why manufacturers had to fully evaluate every operating system solution used in VS products.

The availability of the GEHEIM-approved L4Re Secure Separation Kernel means predictable costs and defined quality for manufacturers, users and evaluators.

The entire L4Re technology was developed strictly according to the principle of “Security by Design”. Attacks and technical malfunctions can therefore be ruled out from the outset. The basis for this is the very small Trusted Computing Base of the L4Re Secure Separation Kernel, with only around 30,000 lines of code and a capability-based mandatory access control (MAC). These two features form the basis for zero-trust security architectures that can be implemented directly with the L4Re Secure Separation Kernel.

A separation kernel ensures strict isolation between different security domains or classification levels within a computer system. Its main task is to ensure that the flow of information and interactions between these domains are controlled and secure. By implementing strong isolation mechanisms, a separation kernel helps to prevent unauthorized access, data leaks or interference between sensitive components. This is particularly important in scenarios where different levels of security or confidential information are present in the same computer environment at the same time.

Dr. Adam Lackorzynski, CTO and founder of Kernkonzept GmbH, is very satisfied with the approval of the L4Re Secure Separation Kernel VS by the BSI: “This shows that the strict orientation towards the Security by Design paradigm – from the open source solution L4Re in the 2000s to the professional IT security operating system solution by the trustworthy German manufacturer Kernkonzept – was the right way to go.”

BSI approval complies with the legal requirement to test IT security products and make a binding statement on the strength of the implemented security functions. In particular, IT security products that are used for the processing, transmission and storage of officially classified information (classified information, VS) in the area of the federal and state governments or at companies within the framework of federal or state government contracts require such an evaluation and assessment in accordance with the specifications of the classified information directive (VSA).

The BSI confirms the appropriateness of the IT security functions through an approval that specifies the maximum classification level of the classified information protected by the product. The L4Re Secure Separation Kernel was approved based on the VS requirements profile “Separation Kernel” for the protection of data classified as SECRET.

Since October 2021, the intensive evaluation process for the L4Re Secure Separation Kernel has been running in close consultation with the independent and BSI-accredited test centers atsec information security GmbH and SRC Security Research & Consulting GmbH, as well as the BSI.

The evidence provided by Kernkonzept relates not only to the secure and well-defined implementation of the product and the comprehensive, structured, and comprehensible product documentation. They also cover the entire organizational structure, including the company processes relevant to secure development, production, and product maintenance.

“With the processes that have been established with the approval project, we have made the L4Re technology even more secure,” explains Dr. Hendrik Tews, Head of Certification/Approval/Formal Methods at Kernkonzept.

“Providing the necessary evidence for approval is a major achievement. The high programming standards that have been in place since the early years as an open source project at the Technical University of Dresden and Kernkonzept’s consistent focus on complete automation in testing and further quality control have paid off in this project and made a significant contribution to Kernkonzept being able to master the approval of L4Re.”