This page was not yet optimized for use on mobile devices.

L4Re Secure Separation Kernel CC Version 1.0.1

CSV information

Status	active
Valid from	18.02.2025
Valid until	18.02.2030
Scheme	🇩🇪 DE
Manufacturer	Kernkonzept GmbH
Category	Operating Systems
Security level	EAL4+, ALC_FLR.3

Heuristics summary

Certificate ID: BSI-DSZ-CC-1177-2025

Certificate

Certificate PDF TXT

Extracted keywords

Security level

EAL 4, EAL 2, EAL 4 augmented

Security Assurance Requirements (SAR)

ALC_FLR.3, ALC_FLR

Certificates

BSI-DSZ-CC-1177-2025

Standards

ISO/IEC 15408, ISO/IEC 18045

File metadata

Title	Urkunde BSI-DSZ-CC-1177-2025
Subject	Common Criteria, Certification, Zertifizierung, Kernkonzept, Mikrokernel L4Re
Keywords	"Common Criteria, Certification, Zertifizierung, Kernkonzept, Mikrokernel L4Re"
Author	Bundesamt für Sicherheit in der Informationstechnik
Pages	1

Certification report

Certification report PDF TXT

Extracted keywords

Vendor

NXP

Security level

EAL 4, EAL 2, EAL 1, EAL 4 augmented

Claims

OE.HARDWARE, OE.PHYSICAL, OE.NOEVIL

Security Assurance Requirements (SAR)

ALC_FLR.3, ALC_FLR

Certificates

BSI-DSZ-CC-1177-2025

Evaluation facilities

atsec

Certification process

being maintained, is not given any longer. In particular, prior to the dissemination of confidential documentation and information related to the TOE or resulting from the evaluation and certification, 7] Final Evaluation Technical Report, Version 2, 2025-02-04, atsec information security GmbH, (confidential document) 7 specifically • AIS 1 Anforderungen an Aufbau und Inhalt von Einzelprüfberichten für Evaluationen, Separation Kernel CC, Version 1.0.1 Konfigurationsliste, Version 1.0, 2024-11-18, Kernkonzept GmbH (confidential document) [9] L4Re Secure Boot Guidance, 2022-10-07, Kernkonzept GmbH [10] L4Re Configuration Guidance

Standards

AIS 1, AIS 14, AIS 19, AIS 23, AIS 32, ISO/IEC 15408, ISO/IEC 18045, ISO/IEC 17065

Technical reports

BSI 7148

File metadata

Title	Certification Report BSI-DSZ-CC-1177-2025
Subject	Common Criteria, Certification, Zertifizierung, Kernkonzept, Mikrokernel L4Re
Keywords	"Common Criteria, Certification, Zertifizierung, Kernkonzept, Mikrokernel L4Re"
Author	Bundesamt für Sicherheit in der Informationstechnik
Pages	22

Frontpage

Certificate ID	BSI-DSZ-CC-1177-2025
Certified item	L4Re Secure Separation Kernel CC Version 1.0.1
Certification lab	BSI
Developer	Kernkonzept GmbH

Security target

Security target PDF TXT

Extracted keywords

Protocols

VPN

Vendor

NXP

Security level

EAL4, EAL 4

Claims

O.CONFIDENTIALITY, O.INTEGRITY, O.AVAILABILITY, T.DISCLOSURE, T.MODIFICATION, T.DEPLETION, A.ENVIRONMENT, A.PHYSICAL, A.NOEVIL, OE.HARDWARE, OE.PHYSICAL, OE.NOEVIL

Security Assurance Requirements (SAR)

ADV_ARC.1, ADV_FSP.4, ADV_IMP.1, ADV_TDS.3, AGD_OPE.1, AGD_PRE.1, ALC_FLR.3, ALC_CMC.4, ALC_CMS.4, ALC_DEL.1, ALC_DVS.1, ALC_LCD.1, ALC_TAT.1, ATE_COV.2, ATE_DPT.1, ATE_FUN.1, ATE_IND.2, AVA_VAN.3, ASE_CCL.1, ASE_ECD.1, ASE_INT.1, ASE_OBJ.2, ASE_REQ.2, ASE_SPD.1, ASE_TSS.1

Security Functional Requirements (SFR)

FDP_ACC, FDP_ACC.2, FDP_ACF, FDP_ACF.1, FDP_IFC.2, FDP_IFC.2.1, FDP_IFC.2.2, FDP_IFF.1, FDP_IFF.1.1, FDP_IFF.1.2, FDP_IFF.1.3, FDP_IFF.1.4, FDP_IFF.1.5, FDP_RIP.1, FDP_RIP.1.1, FDP_ACC.1, FIA_UID.2, FIA_UID.2.1, FMT_MSA, FMT_MSA.3, FMT_MTD, FMT_MTD.1, FMT_SMF.1, FMT_SMF.1.1, FMT_MSA.1, FMT_SMR, FMT_SMR.1, FMT_SMF, FPR_UNO.1, FPR_UNO.1.1

Certificates

BSI-DSZ-CC-1177

Side-channel analysis

side channels

File metadata

Title	Security Target for L4Re Secure Separation Kernel CC 1.0.1
Subject	L4Re SSK
Keywords	L4Re Operating System Framework, L4Re Hypervisor, Microkernel, Operating system
Author	Kernkonzept GmbH
Pages	61

Heuristics

Automated inference - use with caution

All attributes shown in this section (e.g., links between certificates, products, vendors, and known CVEs) are generated by automated heuristics and have not been reviewed by humans. These methods can produce false positives or false negatives and should not be treated as definitive without independent verification. For details on our data sources and inference methods, see our methodology. If you believe any information here is inaccurate or harmful, please submit feedback.

Certificate ID

BSI-DSZ-CC-1177-2025

Extracted SARs

ADV_ARC.1, ADV_FSP.4, ADV_IMP.1, ADV_TDS.3, AGD_OPE.1, AGD_PRE.1, ALC_CMC.4, ALC_CMS.4, ALC_DEL.1, ALC_DVS.1, ALC_FLR.3, ALC_LCD.1, ALC_TAT.1, ASE_CCL.1, ASE_ECD.1, ASE_INT.1, ASE_OBJ.2, ASE_REQ.2, ASE_SPD.1, ASE_TSS.1, ATE_COV.2, ATE_DPT.1, ATE_FUN.1, ATE_IND.2, AVA_VAN.3

Scheme data

Enhanced
Cert Id	BSI-DSZ-CC-1177-2025
Product	L4Re Secure Separation Kernel CC, Version 1.0.1
Vendor	Kernkonzept GmbH
Certification Date	18.02.2025
Category	Operating systems
Url	https://www.bsi.bund.de/SharedDocs/Zertifikate_CC/CC/Betriebssysteme/1177.html
	Product	L4Re Secure Separation Kernel CC, Version 1.0.1
	Applicant	Kernkonzept GmbH Buchenstraße 16 b 01097 Dresden Deutschland
	Evaluation Facility	atsec information security GmbH
	Assurance Level	EAL4+,ALC_FLR.3
	Certification Date	18.02.2025
	Expiration Date	17.02.2030
	Report Link	https://www.bsi.bund.de/SharedDocs/Downloads/DE/BSI/Zertifizierung/Reporte/Reporte1100/1177a_pdf.pdf?__blob=publicationFile&v=3
	Target Link	https://www.bsi.bund.de/SharedDocs/Downloads/DE/BSI/Zertifizierung/Reporte/Reporte1100/1177b_pdf.pdf?__blob=publicationFile&v=2
	Cert Link	https://www.bsi.bund.de/SharedDocs/Downloads/DE/BSI/Zertifizierung/Reporte/Reporte1100/1177c_pdf.pdf?__blob=publicationFile&v=3
	Description	The TOE is the L4Re Secure Separation Kernel CC 1.0.1 (L4Re SSK). L4Re SSK is a distribution of the open-source L4Re Operating System Framework. As such it is based on the L4Re Microkernel. The L4Re Microkernel is a 3rd-generation microkernel with a state-of-the-art capability-based mandatory access control security model. It allows the separation of applications into different security domains, information flow control, and, subject to access control, dynamic assignment of resources and communication channels. Further the L4Re Microkernel supports static workloads alongside dynamic workloads, which allows to start, restart and shutdown applications during runtime. L4Re SSK is configured to act as a separation kernel, to provide the security features claimed by the ST. The TOE supports native applications as well as virtual machines (VMs). Access to every resource including but not limited to memory, hardware devices and CPU cores is protected by capabilities. Applications and VMs can only access a resource if they possess a capability with suitable permissions for that resource.

References

No references are available for this certificate.

Updates Feed

15.12.2025

The certificate data changed.
Certificate changed

The state of the certificate object was updated.

The report property was updated, with the {'json_hash': None} values inserted.

The st property was updated, with the {'json_hash': None} values inserted.

The cert property was updated, with the {'json_hash': None} values inserted.

The computed heuristics were updated.

The scheme_data property was set to {'cert_id': 'BSI-DSZ-CC-1177-2025', 'product': 'L4Re Secure Separation Kernel CC, Version 1.0.1', 'vendor': 'Kernkonzept GmbH', 'certification_date': '2025-02-18', 'category': 'Operating systems', 'url': 'https://www.bsi.bund.de/SharedDocs/Zertifikate_CC/CC/Betriebssysteme/1177.html', 'enhanced': {'product': 'L4Re Secure Separation Kernel CC, Version 1.0.1', 'applicant': 'Kernkonzept GmbH Buchenstraße 16 b 01097 Dresden Deutschland', 'evaluation_facility': 'atsec information security GmbH', 'assurance_level': 'EAL4+,ALC_FLR.3', 'certification_date': '2025-02-18', 'expiration_date': '2030-02-17', 'report_link': 'https://www.bsi.bund.de/SharedDocs/Downloads/DE/BSI/Zertifizierung/Reporte/Reporte1100/1177a_pdf.pdf?__blob=publicationFile&v=3', 'target_link': 'https://www.bsi.bund.de/SharedDocs/Downloads/DE/BSI/Zertifizierung/Reporte/Reporte1100/1177b_pdf.pdf?__blob=publicationFile&v=2', 'cert_link': 'https://www.bsi.bund.de/SharedDocs/Downloads/DE/BSI/Zertifizierung/Reporte/Reporte1100/1177c_pdf.pdf?__blob=publicationFile&v=3', 'description': 'The TOE is the L4Re Secure Separation Kernel CC 1.0.1 (L4Re SSK). L4Re SSK is a distribution of the open-source L4Re Operating System Framework. As such it is based on the L4Re Microkernel. The L4Re Microkernel is a 3rd-generation microkernel with a state-of-the-art capability-based mandatory access control security model. It allows the separation of applications into different security domains, information flow control, and, subject to access control, dynamic assignment of resources and communication channels. Further the L4Re Microkernel supports static workloads alongside dynamic workloads, which allows to start, restart and shutdown applications during runtime. L4Re SSK is configured to act as a separation kernel, to provide the security features claimed by the ST. The TOE supports native applications as well as virtual machines (VMs). Access to every resource including but not limited to memory, hardware devices and CPU cores is protected by capabilities. Applications and VMs can only access a resource if they possess a capability with suitable permissions for that resource.'}}.
19.05.2025

The certificate data changed.
Certificate changed

The computed heuristics were updated.

The scheme_data property was set to None.
21.04.2025

The certificate data changed.
Certificate changed

The state of the certificate object was updated.

The report property was updated, with the {'download_ok': True, 'convert_ok': True, 'extract_ok': True, 'pdf_hash': '34a9a862bc155444a6fb7d1ca69e650ebfb17aa75991172c7c95e35afdbc0855', 'txt_hash': '4a291a9a11df75921ac3479bd93e9466e9c3182df8a2196b583adc69cae5b07e'} data.

The st property was updated, with the {'download_ok': True, 'convert_ok': True, 'extract_ok': True, 'pdf_hash': '62d0adec9d2a9be2782738e3891aa1c917992993f6d3398c443ee2568dbe605f', 'txt_hash': '0dd5da9907591574a54793a5d2115ba4dc77d0dd01c4b5eeec8646c28002a278'} data.

The cert property was updated, with the {'download_ok': True, 'convert_ok': True, 'extract_ok': True, 'pdf_hash': 'be9644c1e97d2d0900cda0f861201d5c274118ba68e87583880a91873e1aaa9d', 'txt_hash': '34cfc642a1c8404c99870b04dfbbbffb906cd84b7529d80bad58db7d5daaa498'} data.

The PDF extraction data was updated.

The report_metadata property was set to {'pdf_file_size_bytes': 326892, 'pdf_is_encrypted': False, 'pdf_number_of_pages': 22, '/Author': 'Bundesamt für Sicherheit in der Informationstechnik', '/Keywords': '"Common Criteria, Certification, Zertifizierung, Kernkonzept, Mikrokernel L4Re"', '/Subject': 'Common Criteria, Certification, Zertifizierung, Kernkonzept, Mikrokernel L4Re', '/Title': 'Certification Report BSI-DSZ-CC-1177-2025', 'pdf_hyperlinks': {'_type': 'Set', 'elements': ['https://www.bsi.bund.de/AIS', 'http://www.commoncriteriaportal.org/cc/', 'https://www.commoncriteriaportal.org/', 'https://www.bsi.bund.de/zertifizierung', 'http://www.commoncriteriaportal.org/', 'https://www.bsi.bund.de/zertifizierungsreporte', 'https://www.bsi.bund.de/', 'https://www.sogis.eu/']}}.

The st_metadata property was set to {'pdf_file_size_bytes': 621521, 'pdf_is_encrypted': False, 'pdf_number_of_pages': 61, '/Author': 'Kernkonzept GmbH', '/Keywords': 'L4Re Operating System Framework, L4Re Hypervisor, Microkernel, Operating system', '/Subject': 'L4Re SSK', '/Title': 'Security Target for L4Re Secure Separation Kernel CC 1.0.1', 'pdf_hyperlinks': {'_type': 'Set', 'elements': ['https://l4re.org/doc/group__l4__icu__api.html']}}.

The cert_metadata property was set to {'pdf_file_size_bytes': 230300, 'pdf_is_encrypted': False, 'pdf_number_of_pages': 1, '/Author': 'Bundesamt für Sicherheit in der Informationstechnik', '/Keywords': '"Common Criteria, Certification, Zertifizierung, Kernkonzept, Mikrokernel L4Re"', '/Subject': 'Common Criteria, Certification, Zertifizierung, Kernkonzept, Mikrokernel L4Re', '/Title': 'Urkunde BSI-DSZ-CC-1177-2025', 'pdf_hyperlinks': {'_type': 'Set', 'elements': []}}.

The report_frontpage property was set to {'DE': {'match_rules': ['(BSI-DSZ-CC-.+?) (?:for|For) (.+?) from (.*)'], 'cert_id': 'BSI-DSZ-CC-1177-2025', 'cert_item': 'L4Re Secure Separation Kernel CC Version 1.0.1', 'developer': 'Kernkonzept GmbH', 'cert_lab': 'BSI'}}.

The report_keywords property was set to {'cc_cert_id': {'DE': {'BSI-DSZ-CC-1177-2025': 12}}, 'cc_protection_profile_id': {}, 'cc_security_level': {'EAL': {'EAL 4': 5, 'EAL 2': 3, 'EAL 1': 1, 'EAL 4 augmented': 3}}, 'cc_sar': {'ALC': {'ALC_FLR.3': 4, 'ALC_FLR': 3}}, 'cc_sfr': {}, 'cc_claims': {'OE': {'OE.HARDWARE': 1, 'OE.PHYSICAL': 1, 'OE.NOEVIL': 1}}, 'vendor': {'NXP': {'NXP': 1}}, 'eval_facility': {'atsec': {'atsec': 3}}, 'symmetric_crypto': {}, 'asymmetric_crypto': {}, 'pq_crypto': {}, 'hash_function': {}, 'crypto_scheme': {}, 'crypto_protocol': {}, 'randomness': {}, 'cipher_mode': {}, 'ecc_curve': {}, 'crypto_engine': {}, 'tls_cipher_suite': {}, 'crypto_library': {}, 'vulnerability': {}, 'side_channel_analysis': {}, 'technical_report_id': {'BSI': {'BSI 7148': 1}}, 'device_model': {}, 'tee_name': {}, 'os_name': {}, 'cplc_data': {}, 'ic_data_group': {}, 'standard_id': {'BSI': {'AIS 1': 1, 'AIS 14': 1, 'AIS 19': 1, 'AIS 23': 1, 'AIS 32': 1}, 'ISO': {'ISO/IEC 15408': 4, 'ISO/IEC 18045': 4, 'ISO/IEC 17065': 2}}, 'javacard_version': {}, 'javacard_api_const': {}, 'javacard_packages': {}, 'certification_process': {'ConfidentialDocument': {'being maintained, is not given any longer. In particular, prior to the dissemination of confidential documentation and information related to the TOE or resulting from the evaluation and certification': 1, '7] Final Evaluation Technical Report, Version 2, 2025-02-04, atsec information security GmbH, (confidential document) 7 specifically • AIS 1 Anforderungen an Aufbau und Inhalt von Einzelprüfberichten für Evaluationen': 1, 'Separation Kernel CC, Version 1.0.1 Konfigurationsliste, Version 1.0, 2024-11-18, Kernkonzept GmbH (confidential document) [9] L4Re Secure Boot Guidance, 2022-10-07, Kernkonzept GmbH [10] L4Re Configuration Guidance': 1}}}.

The st_keywords property was set to {'cc_cert_id': {'DE': {'BSI-DSZ-CC-1177': 2}}, 'cc_protection_profile_id': {}, 'cc_security_level': {'EAL': {'EAL4': 2, 'EAL 4': 1}}, 'cc_sar': {'ADV': {'ADV_ARC.1': 1, 'ADV_FSP.4': 1, 'ADV_IMP.1': 1, 'ADV_TDS.3': 1}, 'AGD': {'AGD_OPE.1': 1, 'AGD_PRE.1': 1}, 'ALC': {'ALC_FLR.3': 6, 'ALC_CMC.4': 1, 'ALC_CMS.4': 1, 'ALC_DEL.1': 1, 'ALC_DVS.1': 1, 'ALC_LCD.1': 1, 'ALC_TAT.1': 1}, 'ATE': {'ATE_COV.2': 1, 'ATE_DPT.1': 1, 'ATE_FUN.1': 1, 'ATE_IND.2': 1}, 'AVA': {'AVA_VAN.3': 1}, 'ASE': {'ASE_CCL.1': 1, 'ASE_ECD.1': 1, 'ASE_INT.1': 1, 'ASE_OBJ.2': 1, 'ASE_REQ.2': 1, 'ASE_SPD.1': 1, 'ASE_TSS.1': 1}}, 'cc_sfr': {'FDP': {'FDP_ACC': 30, 'FDP_ACC.2': 8, 'FDP_ACF': 30, 'FDP_ACF.1': 20, 'FDP_IFC.2': 7, 'FDP_IFC.2.1': 1, 'FDP_IFC.2.2': 1, 'FDP_IFF.1': 6, 'FDP_IFF.1.1': 1, 'FDP_IFF.1.2': 1, 'FDP_IFF.1.3': 1, 'FDP_IFF.1.4': 1, 'FDP_IFF.1.5': 1, 'FDP_RIP.1': 5, 'FDP_RIP.1.1': 1, 'FDP_ACC.1': 4}, 'FIA': {'FIA_UID.2': 6, 'FIA_UID.2.1': 1}, 'FMT': {'FMT_MSA': 39, 'FMT_MSA.3': 15, 'FMT_MTD': 5, 'FMT_MTD.1': 1, 'FMT_SMF.1': 5, 'FMT_SMF.1.1': 1, 'FMT_MSA.1': 5, 'FMT_SMR': 6, 'FMT_SMR.1': 6, 'FMT_SMF': 1}, 'FPR': {'FPR_UNO.1': 5, 'FPR_UNO.1.1': 1}}, 'cc_claims': {'O': {'O.CONFIDENTIALITY': 19, 'O.INTEGRITY': 5, 'O.AVAILABILITY': 11}, 'T': {'T.DISCLOSURE': 2, 'T.MODIFICATION': 2, 'T.DEPLETION': 2}, 'A': {'A.ENVIRONMENT': 2, 'A.PHYSICAL': 2, 'A.NOEVIL': 2}, 'OE': {'OE.HARDWARE': 2, 'OE.PHYSICAL': 2, 'OE.NOEVIL': 2}}, 'vendor': {'NXP': {'NXP': 1}}, 'eval_facility': {}, 'symmetric_crypto': {}, 'asymmetric_crypto': {}, 'pq_crypto': {}, 'hash_function': {}, 'crypto_scheme': {}, 'crypto_protocol': {'VPN': {'VPN': 1}}, 'randomness': {}, 'cipher_mode': {}, 'ecc_curve': {}, 'crypto_engine': {}, 'tls_cipher_suite': {}, 'crypto_library': {}, 'vulnerability': {}, 'side_channel_analysis': {'SCA': {'side channels': 3}}, 'technical_report_id': {}, 'device_model': {}, 'tee_name': {}, 'os_name': {}, 'cplc_data': {}, 'ic_data_group': {}, 'standard_id': {}, 'javacard_version': {}, 'javacard_api_const': {}, 'javacard_packages': {}, 'certification_process': {}}.

The cert_keywords property was set to {'cc_cert_id': {'DE': {'BSI-DSZ-CC-1177-2025': 1}}, 'cc_protection_profile_id': {}, 'cc_security_level': {'EAL': {'EAL 4': 1, 'EAL 2': 1, 'EAL 4 augmented': 1}}, 'cc_sar': {'ALC': {'ALC_FLR.3': 1, 'ALC_FLR': 1}}, 'cc_sfr': {}, 'cc_claims': {}, 'vendor': {}, 'eval_facility': {}, 'symmetric_crypto': {}, 'asymmetric_crypto': {}, 'pq_crypto': {}, 'hash_function': {}, 'crypto_scheme': {}, 'crypto_protocol': {}, 'randomness': {}, 'cipher_mode': {}, 'ecc_curve': {}, 'crypto_engine': {}, 'tls_cipher_suite': {}, 'crypto_library': {}, 'vulnerability': {}, 'side_channel_analysis': {}, 'technical_report_id': {}, 'device_model': {}, 'tee_name': {}, 'os_name': {}, 'cplc_data': {}, 'ic_data_group': {}, 'standard_id': {'ISO': {'ISO/IEC 15408': 2, 'ISO/IEC 18045': 2}}, 'javacard_version': {}, 'javacard_api_const': {}, 'javacard_packages': {}, 'certification_process': {}}.

The report_filename property was set to 1177a_pdf.pdf.

The st_filename property was set to 1177b_pdf.pdf.

The cert_filename property was set to 1177c_pdf.pdf.

The computed heuristics were updated.

The cert_lab property was set to ['BSI'].

The cert_id property was set to BSI-DSZ-CC-1177-2025.

The extracted_sars property was updated, with the {'_type': 'Set', 'elements': [{'_type': 'sec_certs.sample.sar.SAR', 'family': 'ADV_TDS', 'level': 3}, {'_type': 'sec_certs.sample.sar.SAR', 'family': 'AVA_VAN', 'level': 3}, {'_type': 'sec_certs.sample.sar.SAR', 'family': 'ASE_CCL', 'level': 1}, {'_type': 'sec_certs.sample.sar.SAR', 'family': 'ATE_FUN', 'level': 1}, {'_type': 'sec_certs.sample.sar.SAR', 'family': 'ASE_OBJ', 'level': 2}, {'_type': 'sec_certs.sample.sar.SAR', 'family': 'ASE_INT', 'level': 1}, {'_type': 'sec_certs.sample.sar.SAR', 'family': 'ALC_CMC', 'level': 4}, {'_type': 'sec_certs.sample.sar.SAR', 'family': 'ASE_REQ', 'level': 2}, {'_type': 'sec_certs.sample.sar.SAR', 'family': 'AGD_PRE', 'level': 1}, {'_type': 'sec_certs.sample.sar.SAR', 'family': 'ATE_IND', 'level': 2}, {'_type': 'sec_certs.sample.sar.SAR', 'family': 'ATE_DPT', 'level': 1}, {'_type': 'sec_certs.sample.sar.SAR', 'family': 'ASE_ECD', 'level': 1}, {'_type': 'sec_certs.sample.sar.SAR', 'family': 'ADV_IMP', 'level': 1}, {'_type': 'sec_certs.sample.sar.SAR', 'family': 'ALC_LCD', 'level': 1}, {'_type': 'sec_certs.sample.sar.SAR', 'family': 'ASE_SPD', 'level': 1}, {'_type': 'sec_certs.sample.sar.SAR', 'family': 'ATE_COV', 'level': 2}, {'_type': 'sec_certs.sample.sar.SAR', 'family': 'ALC_DVS', 'level': 1}, {'_type': 'sec_certs.sample.sar.SAR', 'family': 'ALC_TAT', 'level': 1}, {'_type': 'sec_certs.sample.sar.SAR', 'family': 'AGD_OPE', 'level': 1}, {'_type': 'sec_certs.sample.sar.SAR', 'family': 'ALC_CMS', 'level': 4}, {'_type': 'sec_certs.sample.sar.SAR', 'family': 'ASE_TSS', 'level': 1}, {'_type': 'sec_certs.sample.sar.SAR', 'family': 'ALC_DEL', 'level': 1}, {'_type': 'sec_certs.sample.sar.SAR', 'family': 'ADV_FSP', 'level': 4}, {'_type': 'sec_certs.sample.sar.SAR', 'family': 'ADV_ARC', 'level': 1}]} values added.
07.04.2025

The certificate was first processed.

Raw data

{
  "_type": "sec_certs.sample.cc.CCCertificate",
  "category": "Operating Systems",
  "cert_link": "https://www.commoncriteriaportal.org/nfs/ccpfiles/files/epfiles/1177c_pdf.pdf",
  "dgst": "7929b54ea442ff99",
  "heuristics": {
    "_type": "sec_certs.sample.cc.CCCertificate.Heuristics",
    "annotated_references": null,
    "cert_id": "BSI-DSZ-CC-1177-2025",
    "cert_lab": [
      "BSI"
    ],
    "cpe_matches": null,
    "direct_transitive_cves": null,
    "eal": "EAL4+",
    "extracted_sars": {
      "_type": "Set",
      "elements": [
        {
          "_type": "sec_certs.sample.sar.SAR",
          "family": "ALC_DEL",
          "level": 1
        },
        {
          "_type": "sec_certs.sample.sar.SAR",
          "family": "ALC_FLR",
          "level": 3
        },
        {
          "_type": "sec_certs.sample.sar.SAR",
          "family": "ADV_TDS",
          "level": 3
        },
        {
          "_type": "sec_certs.sample.sar.SAR",
          "family": "ADV_ARC",
          "level": 1
        },
        {
          "_type": "sec_certs.sample.sar.SAR",
          "family": "ALC_TAT",
          "level": 1
        },
        {
          "_type": "sec_certs.sample.sar.SAR",
          "family": "ASE_ECD",
          "level": 1
        },
        {
          "_type": "sec_certs.sample.sar.SAR",
          "family": "ATE_FUN",
          "level": 1
        },
        {
          "_type": "sec_certs.sample.sar.SAR",
          "family": "ASE_INT",
          "level": 1
        },
        {
          "_type": "sec_certs.sample.sar.SAR",
          "family": "ATE_DPT",
          "level": 1
        },
        {
          "_type": "sec_certs.sample.sar.SAR",
          "family": "AGD_OPE",
          "level": 1
        },
        {
          "_type": "sec_certs.sample.sar.SAR",
          "family": "ALC_CMS",
          "level": 4
        },
        {
          "_type": "sec_certs.sample.sar.SAR",
          "family": "ASE_REQ",
          "level": 2
        },
        {
          "_type": "sec_certs.sample.sar.SAR",
          "family": "AVA_VAN",
          "level": 3
        },
        {
          "_type": "sec_certs.sample.sar.SAR",
          "family": "ASE_TSS",
          "level": 1
        },
        {
          "_type": "sec_certs.sample.sar.SAR",
          "family": "ADV_FSP",
          "level": 4
        },
        {
          "_type": "sec_certs.sample.sar.SAR",
          "family": "ALC_LCD",
          "level": 1
        },
        {
          "_type": "sec_certs.sample.sar.SAR",
          "family": "ASE_OBJ",
          "level": 2
        },
        {
          "_type": "sec_certs.sample.sar.SAR",
          "family": "ALC_DVS",
          "level": 1
        },
        {
          "_type": "sec_certs.sample.sar.SAR",
          "family": "ALC_CMC",
          "level": 4
        },
        {
          "_type": "sec_certs.sample.sar.SAR",
          "family": "ATE_COV",
          "level": 2
        },
        {
          "_type": "sec_certs.sample.sar.SAR",
          "family": "ASE_CCL",
          "level": 1
        },
        {
          "_type": "sec_certs.sample.sar.SAR",
          "family": "ATE_IND",
          "level": 2
        },
        {
          "_type": "sec_certs.sample.sar.SAR",
          "family": "ADV_IMP",
          "level": 1
        },
        {
          "_type": "sec_certs.sample.sar.SAR",
          "family": "AGD_PRE",
          "level": 1
        },
        {
          "_type": "sec_certs.sample.sar.SAR",
          "family": "ASE_SPD",
          "level": 1
        }
      ]
    },
    "extracted_versions": {
      "_type": "Set",
      "elements": [
        "1.0.1"
      ]
    },
    "indirect_transitive_cves": null,
    "next_certificates": null,
    "prev_certificates": null,
    "protection_profiles": null,
    "related_cves": null,
    "report_references": {
      "_type": "sec_certs.sample.certificate.References",
      "directly_referenced_by": null,
      "directly_referencing": null,
      "indirectly_referenced_by": null,
      "indirectly_referencing": null
    },
    "scheme_data": {
      "category": "Operating systems",
      "cert_id": "BSI-DSZ-CC-1177-2025",
      "certification_date": "2025-02-18",
      "enhanced": {
        "applicant": "Kernkonzept GmbH Buchenstra\u00dfe 16 b 01097 Dresden Deutschland",
        "assurance_level": "EAL4+,ALC_FLR.3",
        "cert_link": "https://www.bsi.bund.de/SharedDocs/Downloads/DE/BSI/Zertifizierung/Reporte/Reporte1100/1177c_pdf.pdf?__blob=publicationFile\u0026v=3",
        "certification_date": "2025-02-18",
        "description": "The TOE is the L4Re Secure Separation Kernel CC 1.0.1 (L4Re SSK). L4Re SSK is a distribution of the open-source L4Re Operating System Framework. As such it is based on the L4Re Microkernel. The L4Re Microkernel is a 3rd-generation microkernel with a state-of-the-art capability-based mandatory access control security model. It allows the separation of applications into different security domains, information flow control, and, subject to access control, dynamic assignment of resources and communication channels. Further the L4Re Microkernel supports static workloads alongside dynamic workloads, which allows to start, restart and shutdown applications during runtime. L4Re SSK is configured to act as a separation kernel, to provide the security features claimed by the ST. The TOE supports native applications as well as virtual machines (VMs). Access to every resource including but not limited to memory, hardware devices and CPU cores is protected by capabilities. Applications and VMs can only access a resource if they possess a capability with suitable permissions for that resource.",
        "evaluation_facility": "atsec information security GmbH",
        "expiration_date": "2030-02-17",
        "product": "L4Re Secure Separation Kernel CC, Version 1.0.1",
        "report_link": "https://www.bsi.bund.de/SharedDocs/Downloads/DE/BSI/Zertifizierung/Reporte/Reporte1100/1177a_pdf.pdf?__blob=publicationFile\u0026v=3",
        "target_link": "https://www.bsi.bund.de/SharedDocs/Downloads/DE/BSI/Zertifizierung/Reporte/Reporte1100/1177b_pdf.pdf?__blob=publicationFile\u0026v=2"
      },
      "product": "L4Re Secure Separation Kernel CC, Version 1.0.1",
      "url": "https://www.bsi.bund.de/SharedDocs/Zertifikate_CC/CC/Betriebssysteme/1177.html",
      "vendor": "Kernkonzept GmbH"
    },
    "st_references": {
      "_type": "sec_certs.sample.certificate.References",
      "directly_referenced_by": null,
      "directly_referencing": null,
      "indirectly_referenced_by": null,
      "indirectly_referencing": null
    },
    "verified_cpe_matches": null
  },
  "maintenance_updates": {
    "_type": "Set",
    "elements": []
  },
  "manufacturer": "Kernkonzept GmbH",
  "manufacturer_web": "https://kernkonzept.com",
  "name": "L4Re Secure Separation Kernel CC Version 1.0.1",
  "not_valid_after": "2030-02-18",
  "not_valid_before": "2025-02-18",
  "pdf_data": {
    "_type": "sec_certs.sample.cc.CCCertificate.PdfData",
    "cert_filename": "1177c_pdf.pdf",
    "cert_frontpage": null,
    "cert_keywords": {
      "asymmetric_crypto": {},
      "cc_cert_id": {
        "DE": {
          "BSI-DSZ-CC-1177-2025": 1
        }
      },
      "cc_claims": {},
      "cc_protection_profile_id": {},
      "cc_sar": {
        "ALC": {
          "ALC_FLR": 1,
          "ALC_FLR.3": 1
        }
      },
      "cc_security_level": {
        "EAL": {
          "EAL 2": 1,
          "EAL 4": 1,
          "EAL 4 augmented": 1
        }
      },
      "cc_sfr": {},
      "certification_process": {},
      "cipher_mode": {},
      "cplc_data": {},
      "crypto_engine": {},
      "crypto_library": {},
      "crypto_protocol": {},
      "crypto_scheme": {},
      "device_model": {},
      "ecc_curve": {},
      "eval_facility": {},
      "hash_function": {},
      "ic_data_group": {},
      "javacard_api_const": {},
      "javacard_packages": {},
      "javacard_version": {},
      "os_name": {},
      "pq_crypto": {},
      "randomness": {},
      "side_channel_analysis": {},
      "standard_id": {
        "ISO": {
          "ISO/IEC 15408": 2,
          "ISO/IEC 18045": 2
        }
      },
      "symmetric_crypto": {},
      "technical_report_id": {},
      "tee_name": {},
      "tls_cipher_suite": {},
      "vendor": {},
      "vulnerability": {}
    },
    "cert_metadata": {
      "/Author": "Bundesamt f\u00fcr Sicherheit in der Informationstechnik",
      "/Keywords": "\"Common Criteria, Certification, Zertifizierung, Kernkonzept, Mikrokernel L4Re\"",
      "/Subject": "Common Criteria, Certification, Zertifizierung, Kernkonzept, Mikrokernel L4Re",
      "/Title": "Urkunde BSI-DSZ-CC-1177-2025",
      "pdf_file_size_bytes": 230300,
      "pdf_hyperlinks": {
        "_type": "Set",
        "elements": []
      },
      "pdf_is_encrypted": false,
      "pdf_number_of_pages": 1
    },
    "report_filename": "1177a_pdf.pdf",
    "report_frontpage": {
      "DE": {
        "cert_id": "BSI-DSZ-CC-1177-2025",
        "cert_item": "L4Re Secure Separation Kernel CC Version 1.0.1",
        "cert_lab": "BSI",
        "developer": "Kernkonzept GmbH",
        "match_rules": [
          "(BSI-DSZ-CC-.+?) (?:for|For) (.+?) from (.*)"
        ]
      }
    },
    "report_keywords": {
      "asymmetric_crypto": {},
      "cc_cert_id": {
        "DE": {
          "BSI-DSZ-CC-1177-2025": 12
        }
      },
      "cc_claims": {
        "OE": {
          "OE.HARDWARE": 1,
          "OE.NOEVIL": 1,
          "OE.PHYSICAL": 1
        }
      },
      "cc_protection_profile_id": {},
      "cc_sar": {
        "ALC": {
          "ALC_FLR": 3,
          "ALC_FLR.3": 4
        }
      },
      "cc_security_level": {
        "EAL": {
          "EAL 1": 1,
          "EAL 2": 3,
          "EAL 4": 5,
          "EAL 4 augmented": 3
        }
      },
      "cc_sfr": {},
      "certification_process": {
        "ConfidentialDocument": {
          "7] Final Evaluation Technical Report, Version 2, 2025-02-04, atsec information security GmbH, (confidential document) 7 specifically \u2022 AIS 1 Anforderungen an Aufbau und Inhalt von Einzelpr\u00fcfberichten f\u00fcr Evaluationen": 1,
          "Separation Kernel CC, Version 1.0.1 Konfigurationsliste, Version 1.0, 2024-11-18, Kernkonzept GmbH (confidential document) [9] L4Re Secure Boot Guidance, 2022-10-07, Kernkonzept GmbH [10] L4Re Configuration Guidance": 1,
          "being maintained, is not given any longer. In particular, prior to the dissemination of confidential documentation and information related to the TOE or resulting from the evaluation and certification": 1
        }
      },
      "cipher_mode": {},
      "cplc_data": {},
      "crypto_engine": {},
      "crypto_library": {},
      "crypto_protocol": {},
      "crypto_scheme": {},
      "device_model": {},
      "ecc_curve": {},
      "eval_facility": {
        "atsec": {
          "atsec": 3
        }
      },
      "hash_function": {},
      "ic_data_group": {},
      "javacard_api_const": {},
      "javacard_packages": {},
      "javacard_version": {},
      "os_name": {},
      "pq_crypto": {},
      "randomness": {},
      "side_channel_analysis": {},
      "standard_id": {
        "BSI": {
          "AIS 1": 1,
          "AIS 14": 1,
          "AIS 19": 1,
          "AIS 23": 1,
          "AIS 32": 1
        },
        "ISO": {
          "ISO/IEC 15408": 4,
          "ISO/IEC 17065": 2,
          "ISO/IEC 18045": 4
        }
      },
      "symmetric_crypto": {},
      "technical_report_id": {
        "BSI": {
          "BSI 7148": 1
        }
      },
      "tee_name": {},
      "tls_cipher_suite": {},
      "vendor": {
        "NXP": {
          "NXP": 1
        }
      },
      "vulnerability": {}
    },
    "report_metadata": {
      "/Author": "Bundesamt f\u00fcr Sicherheit in der Informationstechnik",
      "/Keywords": "\"Common Criteria, Certification, Zertifizierung, Kernkonzept, Mikrokernel L4Re\"",
      "/Subject": "Common Criteria, Certification, Zertifizierung, Kernkonzept, Mikrokernel L4Re",
      "/Title": "Certification Report BSI-DSZ-CC-1177-2025",
      "pdf_file_size_bytes": 326892,
      "pdf_hyperlinks": {
        "_type": "Set",
        "elements": [
          "https://www.bsi.bund.de/zertifizierungsreporte",
          "https://www.bsi.bund.de/AIS",
          "https://www.sogis.eu/",
          "https://www.bsi.bund.de/zertifizierung",
          "https://www.commoncriteriaportal.org/",
          "http://www.commoncriteriaportal.org/",
          "http://www.commoncriteriaportal.org/cc/",
          "https://www.bsi.bund.de/"
        ]
      },
      "pdf_is_encrypted": false,
      "pdf_number_of_pages": 22
    },
    "st_filename": "1177b_pdf.pdf",
    "st_frontpage": null,
    "st_keywords": {
      "asymmetric_crypto": {},
      "cc_cert_id": {
        "DE": {
          "BSI-DSZ-CC-1177": 2
        }
      },
      "cc_claims": {
        "A": {
          "A.ENVIRONMENT": 2,
          "A.NOEVIL": 2,
          "A.PHYSICAL": 2
        },
        "O": {
          "O.AVAILABILITY": 11,
          "O.CONFIDENTIALITY": 19,
          "O.INTEGRITY": 5
        },
        "OE": {
          "OE.HARDWARE": 2,
          "OE.NOEVIL": 2,
          "OE.PHYSICAL": 2
        },
        "T": {
          "T.DEPLETION": 2,
          "T.DISCLOSURE": 2,
          "T.MODIFICATION": 2
        }
      },
      "cc_protection_profile_id": {},
      "cc_sar": {
        "ADV": {
          "ADV_ARC.1": 1,
          "ADV_FSP.4": 1,
          "ADV_IMP.1": 1,
          "ADV_TDS.3": 1
        },
        "AGD": {
          "AGD_OPE.1": 1,
          "AGD_PRE.1": 1
        },
        "ALC": {
          "ALC_CMC.4": 1,
          "ALC_CMS.4": 1,
          "ALC_DEL.1": 1,
          "ALC_DVS.1": 1,
          "ALC_FLR.3": 6,
          "ALC_LCD.1": 1,
          "ALC_TAT.1": 1
        },
        "ASE": {
          "ASE_CCL.1": 1,
          "ASE_ECD.1": 1,
          "ASE_INT.1": 1,
          "ASE_OBJ.2": 1,
          "ASE_REQ.2": 1,
          "ASE_SPD.1": 1,
          "ASE_TSS.1": 1
        },
        "ATE": {
          "ATE_COV.2": 1,
          "ATE_DPT.1": 1,
          "ATE_FUN.1": 1,
          "ATE_IND.2": 1
        },
        "AVA": {
          "AVA_VAN.3": 1
        }
      },
      "cc_security_level": {
        "EAL": {
          "EAL 4": 1,
          "EAL4": 2
        }
      },
      "cc_sfr": {
        "FDP": {
          "FDP_ACC": 30,
          "FDP_ACC.1": 4,
          "FDP_ACC.2": 8,
          "FDP_ACF": 30,
          "FDP_ACF.1": 20,
          "FDP_IFC.2": 7,
          "FDP_IFC.2.1": 1,
          "FDP_IFC.2.2": 1,
          "FDP_IFF.1": 6,
          "FDP_IFF.1.1": 1,
          "FDP_IFF.1.2": 1,
          "FDP_IFF.1.3": 1,
          "FDP_IFF.1.4": 1,
          "FDP_IFF.1.5": 1,
          "FDP_RIP.1": 5,
          "FDP_RIP.1.1": 1
        },
        "FIA": {
          "FIA_UID.2": 6,
          "FIA_UID.2.1": 1
        },
        "FMT": {
          "FMT_MSA": 39,
          "FMT_MSA.1": 5,
          "FMT_MSA.3": 15,
          "FMT_MTD": 5,
          "FMT_MTD.1": 1,
          "FMT_SMF": 1,
          "FMT_SMF.1": 5,
          "FMT_SMF.1.1": 1,
          "FMT_SMR": 6,
          "FMT_SMR.1": 6
        },
        "FPR": {
          "FPR_UNO.1": 5,
          "FPR_UNO.1.1": 1
        }
      },
      "certification_process": {},
      "cipher_mode": {},
      "cplc_data": {},
      "crypto_engine": {},
      "crypto_library": {},
      "crypto_protocol": {
        "VPN": {
          "VPN": 1
        }
      },
      "crypto_scheme": {},
      "device_model": {},
      "ecc_curve": {},
      "eval_facility": {},
      "hash_function": {},
      "ic_data_group": {},
      "javacard_api_const": {},
      "javacard_packages": {},
      "javacard_version": {},
      "os_name": {},
      "pq_crypto": {},
      "randomness": {},
      "side_channel_analysis": {
        "SCA": {
          "side channels": 3
        }
      },
      "standard_id": {},
      "symmetric_crypto": {},
      "technical_report_id": {},
      "tee_name": {},
      "tls_cipher_suite": {},
      "vendor": {
        "NXP": {
          "NXP": 1
        }
      },
      "vulnerability": {}
    },
    "st_metadata": {
      "/Author": "Kernkonzept GmbH",
      "/Keywords": "L4Re Operating System Framework, L4Re Hypervisor, Microkernel, Operating system",
      "/Subject": "L4Re SSK",
      "/Title": "Security Target for L4Re Secure Separation Kernel CC 1.0.1",
      "pdf_file_size_bytes": 621521,
      "pdf_hyperlinks": {
        "_type": "Set",
        "elements": [
          "https://l4re.org/doc/group__l4__icu__api.html"
        ]
      },
      "pdf_is_encrypted": false,
      "pdf_number_of_pages": 61
    }
  },
  "protection_profile_links": {
    "_type": "Set",
    "elements": []
  },
  "report_link": "https://www.commoncriteriaportal.org/nfs/ccpfiles/files/epfiles/1177a_pdf.pdf",
  "scheme": "DE",
  "security_level": {
    "_type": "Set",
    "elements": [
      "ALC_FLR.3",
      "EAL4+"
    ]
  },
  "st_link": "https://www.commoncriteriaportal.org/nfs/ccpfiles/files/epfiles/1177b_pdf.pdf",
  "state": {
    "_type": "sec_certs.sample.cc.CCCertificate.InternalState",
    "cert": {
      "_type": "sec_certs.sample.document_state.DocumentState",
      "convert_ok": true,
      "download_ok": true,
      "extract_ok": true,
      "json_hash": null,
      "pdf_hash": "be9644c1e97d2d0900cda0f861201d5c274118ba68e87583880a91873e1aaa9d",
      "txt_hash": "34cfc642a1c8404c99870b04dfbbbffb906cd84b7529d80bad58db7d5daaa498"
    },
    "report": {
      "_type": "sec_certs.sample.document_state.DocumentState",
      "convert_ok": true,
      "download_ok": true,
      "extract_ok": true,
      "json_hash": null,
      "pdf_hash": "34a9a862bc155444a6fb7d1ca69e650ebfb17aa75991172c7c95e35afdbc0855",
      "txt_hash": "4a291a9a11df75921ac3479bd93e9466e9c3182df8a2196b583adc69cae5b07e"
    },
    "st": {
      "_type": "sec_certs.sample.document_state.DocumentState",
      "convert_ok": true,
      "download_ok": true,
      "extract_ok": true,
      "json_hash": null,
      "pdf_hash": "62d0adec9d2a9be2782738e3891aa1c917992993f6d3398c443ee2568dbe605f",
      "txt_hash": "0dd5da9907591574a54793a5d2115ba4dc77d0dd01c4b5eeec8646c28002a278"
    }
  },
  "status": "active"
}

Sections

L4Re Secure Separation Kernel CC Version 1.0.1

CSV information

Heuristics summary

Certificate

Extracted keywords

Common Criteria

Security level

Security Assurance Requirements (SAR)

Certificates

Other

Standards

File metadata

Certification report

Extracted keywords

Device

Vendor

Common Criteria

Security level

Claims

Security Assurance Requirements (SAR)

Certificates

Evaluation facilities

Security

Certification process

Other

Standards

Technical reports

File metadata

Frontpage

Security target

Extracted keywords

Cryptography

Protocols

Device

Vendor

Common Criteria

Security level

Claims

Security Assurance Requirements (SAR)

Security Functional Requirements (SFR)

Certificates

Security

Side-channel analysis

File metadata

Heuristics

Automated inference - use with caution

Certificate ID

Extracted SARs

Scheme data

References

Updates Feed

Raw data

Toggle raw data