This page was not yet optimized for use on mobile devices.
L4Re Secure Separation Kernel CC Version 1.0.1
CSV information ?
| Status | active |
|---|---|
| Valid from | 18.02.2025 |
| Valid until | 18.02.2030 |
| Scheme | 🇩🇪 DE |
| Manufacturer | Kernkonzept GmbH |
| Category | Operating Systems |
| Security level | EAL4+, ALC_FLR.3 |
Heuristics summary ?
Certificate ID: BSI-DSZ-CC-1177-2025
Certificate ?
Extracted keywords
Security level
EAL 4, EAL 2, EAL 4 augmentedSecurity Assurance Requirements (SAR)
ALC_FLR.3, ALC_FLRCertificates
BSI-DSZ-CC-1177-2025Standards
ISO/IEC 15408, ISO/IEC 18045File metadata
| Title | Urkunde BSI-DSZ-CC-1177-2025 |
|---|---|
| Subject | Common Criteria, Certification, Zertifizierung, Kernkonzept, Mikrokernel L4Re |
| Keywords | "Common Criteria, Certification, Zertifizierung, Kernkonzept, Mikrokernel L4Re" |
| Author | Bundesamt für Sicherheit in der Informationstechnik |
| Pages | 1 |
Certification report ?
Extracted keywords
Vendor
NXPSecurity level
EAL 4, EAL 2, EAL 1, EAL 4 augmentedClaims
OE.HARDWARE, OE.PHYSICAL, OE.NOEVILSecurity Assurance Requirements (SAR)
ALC_FLR.3, ALC_FLRCertificates
BSI-DSZ-CC-1177-2025Evaluation facilities
atsecCertification process
being maintained, is not given any longer. In particular, prior to the dissemination of confidential documentation and information related to the TOE or resulting from the evaluation and certification, 7] Final Evaluation Technical Report, Version 2, 2025-02-04, atsec information security GmbH, (confidential document) 7 specifically • AIS 1 Anforderungen an Aufbau und Inhalt von Einzelprüfberichten für Evaluationen, Separation Kernel CC, Version 1.0.1 Konfigurationsliste, Version 1.0, 2024-11-18, Kernkonzept GmbH (confidential document) [9] L4Re Secure Boot Guidance, 2022-10-07, Kernkonzept GmbH [10] L4Re Configuration GuidanceStandards
AIS 1, AIS 14, AIS 19, AIS 23, AIS 32, ISO/IEC 15408, ISO/IEC 18045, ISO/IEC 17065Technical reports
BSI 7148File metadata
| Title | Certification Report BSI-DSZ-CC-1177-2025 |
|---|---|
| Subject | Common Criteria, Certification, Zertifizierung, Kernkonzept, Mikrokernel L4Re |
| Keywords | "Common Criteria, Certification, Zertifizierung, Kernkonzept, Mikrokernel L4Re" |
| Author | Bundesamt für Sicherheit in der Informationstechnik |
| Pages | 22 |
Frontpage
| Certificate ID | BSI-DSZ-CC-1177-2025 |
|---|---|
| Certified item | L4Re Secure Separation Kernel CC Version 1.0.1 |
| Certification lab | BSI |
| Developer | Kernkonzept GmbH |
Security target ?
Extracted keywords
Protocols
VPNVendor
NXPSecurity level
EAL4, EAL 4Claims
O.CONFIDENTIALITY, O.INTEGRITY, O.AVAILABILITY, T.DISCLOSURE, T.MODIFICATION, T.DEPLETION, A.ENVIRONMENT, A.PHYSICAL, A.NOEVIL, OE.HARDWARE, OE.PHYSICAL, OE.NOEVILSecurity Assurance Requirements (SAR)
ADV_ARC.1, ADV_FSP.4, ADV_IMP.1, ADV_TDS.3, AGD_OPE.1, AGD_PRE.1, ALC_FLR.3, ALC_CMC.4, ALC_CMS.4, ALC_DEL.1, ALC_DVS.1, ALC_LCD.1, ALC_TAT.1, ATE_COV.2, ATE_DPT.1, ATE_FUN.1, ATE_IND.2, AVA_VAN.3, ASE_CCL.1, ASE_ECD.1, ASE_INT.1, ASE_OBJ.2, ASE_REQ.2, ASE_SPD.1, ASE_TSS.1Security Functional Requirements (SFR)
FDP_ACC, FDP_ACC.2, FDP_ACF, FDP_ACF.1, FDP_IFC.2, FDP_IFC.2.1, FDP_IFC.2.2, FDP_IFF.1, FDP_IFF.1.1, FDP_IFF.1.2, FDP_IFF.1.3, FDP_IFF.1.4, FDP_IFF.1.5, FDP_RIP.1, FDP_RIP.1.1, FDP_ACC.1, FIA_UID.2, FIA_UID.2.1, FMT_MSA, FMT_MSA.3, FMT_MTD, FMT_MTD.1, FMT_SMF.1, FMT_SMF.1.1, FMT_MSA.1, FMT_SMR, FMT_SMR.1, FMT_SMF, FPR_UNO.1, FPR_UNO.1.1Certificates
BSI-DSZ-CC-1177Side-channel analysis
side channelsFile metadata
| Title | Security Target for L4Re Secure Separation Kernel CC 1.0.1 |
|---|---|
| Subject | L4Re SSK |
| Keywords | L4Re Operating System Framework, L4Re Hypervisor, Microkernel, Operating system |
| Author | Kernkonzept GmbH |
| Pages | 61 |
Heuristics ?
Certificate ID: BSI-DSZ-CC-1177-2025
Extracted SARs
ADV_ARC.1, ADV_FSP.4, ADV_IMP.1, ADV_TDS.3, AGD_OPE.1, AGD_PRE.1, ALC_CMC.4, ALC_CMS.4, ALC_DEL.1, ALC_DVS.1, ALC_FLR.3, ALC_LCD.1, ALC_TAT.1, ASE_CCL.1, ASE_ECD.1, ASE_INT.1, ASE_OBJ.2, ASE_REQ.2, ASE_SPD.1, ASE_TSS.1, ATE_COV.2, ATE_DPT.1, ATE_FUN.1, ATE_IND.2, AVA_VAN.3Scheme data ?
| Cert Id | BSI-DSZ-CC-1177-2025 | |
|---|---|---|
| Product | L4Re Secure Separation Kernel CC, Version 1.0.1 | |
| Vendor | Kernkonzept GmbH | |
| Certification Date | 18.02.2025 | |
| Category | Operating systems | |
| Url | https://www.bsi.bund.de/SharedDocs/Zertifikate_CC/CC/Betriebssysteme/1177.html | |
| Enhanced | ||
| Product | L4Re Secure Separation Kernel CC, Version 1.0.1 | |
| Applicant | Kernkonzept GmbH Buchenstraße 16 b 01097 Dresden Deutschland | |
| Evaluation Facility | atsec information security GmbH | |
| Assurance Level | EAL4+,ALC_FLR.3 | |
| Certification Date | 18.02.2025 | |
| Expiration Date | 17.02.2030 | |
| Report Link | https://www.bsi.bund.de/SharedDocs/Downloads/DE/BSI/Zertifizierung/Reporte/Reporte1100/1177a_pdf.pdf?__blob=publicationFile&v=3 | |
| Target Link | https://www.bsi.bund.de/SharedDocs/Downloads/DE/BSI/Zertifizierung/Reporte/Reporte1100/1177b_pdf.pdf?__blob=publicationFile&v=2 | |
| Cert Link | https://www.bsi.bund.de/SharedDocs/Downloads/DE/BSI/Zertifizierung/Reporte/Reporte1100/1177c_pdf.pdf?__blob=publicationFile&v=3 | |
| Description | The TOE is the L4Re Secure Separation Kernel CC 1.0.1 (L4Re SSK). L4Re SSK is a distribution of the open-source L4Re Operating System Framework. As such it is based on the L4Re Microkernel. The L4Re Microkernel is a 3rd-generation microkernel with a state-of-the-art capability-based mandatory access control security model. It allows the separation of applications into different security domains, information flow control, and, subject to access control, dynamic assignment of resources and communication channels. Further the L4Re Microkernel supports static workloads alongside dynamic workloads, which allows to start, restart and shutdown applications during runtime. L4Re SSK is configured to act as a separation kernel, to provide the security features claimed by the ST. The TOE supports native applications as well as virtual machines (VMs). Access to every resource including but not limited to memory, hardware devices and CPU cores is protected by capabilities. Applications and VMs can only access a resource if they possess a capability with suitable permissions for that resource. | |
References ?
No references are available for this certificate.
Updates ?
-
21.04.2025 The certificate data changed.
Certificate changed
The state of the certificate object was updated.
- The report property was updated, with the
{'download_ok': True, 'convert_ok': True, 'extract_ok': True, 'pdf_hash': '34a9a862bc155444a6fb7d1ca69e650ebfb17aa75991172c7c95e35afdbc0855', 'txt_hash': '4a291a9a11df75921ac3479bd93e9466e9c3182df8a2196b583adc69cae5b07e'}data. - The st property was updated, with the
{'download_ok': True, 'convert_ok': True, 'extract_ok': True, 'pdf_hash': '62d0adec9d2a9be2782738e3891aa1c917992993f6d3398c443ee2568dbe605f', 'txt_hash': '0dd5da9907591574a54793a5d2115ba4dc77d0dd01c4b5eeec8646c28002a278'}data. - The cert property was updated, with the
{'download_ok': True, 'convert_ok': True, 'extract_ok': True, 'pdf_hash': 'be9644c1e97d2d0900cda0f861201d5c274118ba68e87583880a91873e1aaa9d', 'txt_hash': '34cfc642a1c8404c99870b04dfbbbffb906cd84b7529d80bad58db7d5daaa498'}data.
The PDF extraction data was updated.
- The report_metadata property was set to
{'pdf_file_size_bytes': 326892, 'pdf_is_encrypted': False, 'pdf_number_of_pages': 22, '/Author': 'Bundesamt für Sicherheit in der Informationstechnik', '/Keywords': '"Common Criteria, Certification, Zertifizierung, Kernkonzept, Mikrokernel L4Re"', '/Subject': 'Common Criteria, Certification, Zertifizierung, Kernkonzept, Mikrokernel L4Re', '/Title': 'Certification Report BSI-DSZ-CC-1177-2025', 'pdf_hyperlinks': {'_type': 'Set', 'elements': ['http://www.commoncriteriaportal.org/cc/', 'https://www.sogis.eu/', 'https://www.bsi.bund.de/AIS', 'http://www.commoncriteriaportal.org/', 'https://www.commoncriteriaportal.org/', 'https://www.bsi.bund.de/zertifizierung', 'https://www.bsi.bund.de/zertifizierungsreporte', 'https://www.bsi.bund.de/']}}. - The st_metadata property was set to
{'pdf_file_size_bytes': 621521, 'pdf_is_encrypted': False, 'pdf_number_of_pages': 61, '/Author': 'Kernkonzept GmbH', '/Keywords': 'L4Re Operating System Framework, L4Re Hypervisor, Microkernel, Operating system', '/Subject': 'L4Re SSK', '/Title': 'Security Target for L4Re Secure Separation Kernel CC 1.0.1', 'pdf_hyperlinks': {'_type': 'Set', 'elements': ['https://l4re.org/doc/group__l4__icu__api.html']}}. - The cert_metadata property was set to
{'pdf_file_size_bytes': 230300, 'pdf_is_encrypted': False, 'pdf_number_of_pages': 1, '/Author': 'Bundesamt für Sicherheit in der Informationstechnik', '/Keywords': '"Common Criteria, Certification, Zertifizierung, Kernkonzept, Mikrokernel L4Re"', '/Subject': 'Common Criteria, Certification, Zertifizierung, Kernkonzept, Mikrokernel L4Re', '/Title': 'Urkunde BSI-DSZ-CC-1177-2025', 'pdf_hyperlinks': {'_type': 'Set', 'elements': []}}. - The report_frontpage property was set to
{'DE': {'match_rules': ['(BSI-DSZ-CC-.+?) (?:for|For) (.+?) from (.*)'], 'cert_id': 'BSI-DSZ-CC-1177-2025', 'cert_item': 'L4Re Secure Separation Kernel CC Version 1.0.1', 'developer': 'Kernkonzept GmbH', 'cert_lab': 'BSI'}}. - The report_keywords property was set to
{'cc_cert_id': {'DE': {'BSI-DSZ-CC-1177-2025': 12}}, 'cc_protection_profile_id': {}, 'cc_security_level': {'EAL': {'EAL 4': 5, 'EAL 2': 3, 'EAL 1': 1, 'EAL 4 augmented': 3}}, 'cc_sar': {'ALC': {'ALC_FLR.3': 4, 'ALC_FLR': 3}}, 'cc_sfr': {}, 'cc_claims': {'OE': {'OE.HARDWARE': 1, 'OE.PHYSICAL': 1, 'OE.NOEVIL': 1}}, 'vendor': {'NXP': {'NXP': 1}}, 'eval_facility': {'atsec': {'atsec': 3}}, 'symmetric_crypto': {}, 'asymmetric_crypto': {}, 'pq_crypto': {}, 'hash_function': {}, 'crypto_scheme': {}, 'crypto_protocol': {}, 'randomness': {}, 'cipher_mode': {}, 'ecc_curve': {}, 'crypto_engine': {}, 'tls_cipher_suite': {}, 'crypto_library': {}, 'vulnerability': {}, 'side_channel_analysis': {}, 'technical_report_id': {'BSI': {'BSI 7148': 1}}, 'device_model': {}, 'tee_name': {}, 'os_name': {}, 'cplc_data': {}, 'ic_data_group': {}, 'standard_id': {'BSI': {'AIS 1': 1, 'AIS 14': 1, 'AIS 19': 1, 'AIS 23': 1, 'AIS 32': 1}, 'ISO': {'ISO/IEC 15408': 4, 'ISO/IEC 18045': 4, 'ISO/IEC 17065': 2}}, 'javacard_version': {}, 'javacard_api_const': {}, 'javacard_packages': {}, 'certification_process': {'ConfidentialDocument': {'being maintained, is not given any longer. In particular, prior to the dissemination of confidential documentation and information related to the TOE or resulting from the evaluation and certification': 1, '7] Final Evaluation Technical Report, Version 2, 2025-02-04, atsec information security GmbH, (confidential document) 7 specifically • AIS 1 Anforderungen an Aufbau und Inhalt von Einzelprüfberichten für Evaluationen': 1, 'Separation Kernel CC, Version 1.0.1 Konfigurationsliste, Version 1.0, 2024-11-18, Kernkonzept GmbH (confidential document) [9] L4Re Secure Boot Guidance, 2022-10-07, Kernkonzept GmbH [10] L4Re Configuration Guidance': 1}}}. - The st_keywords property was set to
{'cc_cert_id': {'DE': {'BSI-DSZ-CC-1177': 2}}, 'cc_protection_profile_id': {}, 'cc_security_level': {'EAL': {'EAL4': 2, 'EAL 4': 1}}, 'cc_sar': {'ADV': {'ADV_ARC.1': 1, 'ADV_FSP.4': 1, 'ADV_IMP.1': 1, 'ADV_TDS.3': 1}, 'AGD': {'AGD_OPE.1': 1, 'AGD_PRE.1': 1}, 'ALC': {'ALC_FLR.3': 6, 'ALC_CMC.4': 1, 'ALC_CMS.4': 1, 'ALC_DEL.1': 1, 'ALC_DVS.1': 1, 'ALC_LCD.1': 1, 'ALC_TAT.1': 1}, 'ATE': {'ATE_COV.2': 1, 'ATE_DPT.1': 1, 'ATE_FUN.1': 1, 'ATE_IND.2': 1}, 'AVA': {'AVA_VAN.3': 1}, 'ASE': {'ASE_CCL.1': 1, 'ASE_ECD.1': 1, 'ASE_INT.1': 1, 'ASE_OBJ.2': 1, 'ASE_REQ.2': 1, 'ASE_SPD.1': 1, 'ASE_TSS.1': 1}}, 'cc_sfr': {'FDP': {'FDP_ACC': 30, 'FDP_ACC.2': 8, 'FDP_ACF': 30, 'FDP_ACF.1': 20, 'FDP_IFC.2': 7, 'FDP_IFC.2.1': 1, 'FDP_IFC.2.2': 1, 'FDP_IFF.1': 6, 'FDP_IFF.1.1': 1, 'FDP_IFF.1.2': 1, 'FDP_IFF.1.3': 1, 'FDP_IFF.1.4': 1, 'FDP_IFF.1.5': 1, 'FDP_RIP.1': 5, 'FDP_RIP.1.1': 1, 'FDP_ACC.1': 4}, 'FIA': {'FIA_UID.2': 6, 'FIA_UID.2.1': 1}, 'FMT': {'FMT_MSA': 39, 'FMT_MSA.3': 15, 'FMT_MTD': 5, 'FMT_MTD.1': 1, 'FMT_SMF.1': 5, 'FMT_SMF.1.1': 1, 'FMT_MSA.1': 5, 'FMT_SMR': 6, 'FMT_SMR.1': 6, 'FMT_SMF': 1}, 'FPR': {'FPR_UNO.1': 5, 'FPR_UNO.1.1': 1}}, 'cc_claims': {'O': {'O.CONFIDENTIALITY': 19, 'O.INTEGRITY': 5, 'O.AVAILABILITY': 11}, 'T': {'T.DISCLOSURE': 2, 'T.MODIFICATION': 2, 'T.DEPLETION': 2}, 'A': {'A.ENVIRONMENT': 2, 'A.PHYSICAL': 2, 'A.NOEVIL': 2}, 'OE': {'OE.HARDWARE': 2, 'OE.PHYSICAL': 2, 'OE.NOEVIL': 2}}, 'vendor': {'NXP': {'NXP': 1}}, 'eval_facility': {}, 'symmetric_crypto': {}, 'asymmetric_crypto': {}, 'pq_crypto': {}, 'hash_function': {}, 'crypto_scheme': {}, 'crypto_protocol': {'VPN': {'VPN': 1}}, 'randomness': {}, 'cipher_mode': {}, 'ecc_curve': {}, 'crypto_engine': {}, 'tls_cipher_suite': {}, 'crypto_library': {}, 'vulnerability': {}, 'side_channel_analysis': {'SCA': {'side channels': 3}}, 'technical_report_id': {}, 'device_model': {}, 'tee_name': {}, 'os_name': {}, 'cplc_data': {}, 'ic_data_group': {}, 'standard_id': {}, 'javacard_version': {}, 'javacard_api_const': {}, 'javacard_packages': {}, 'certification_process': {}}. - The cert_keywords property was set to
{'cc_cert_id': {'DE': {'BSI-DSZ-CC-1177-2025': 1}}, 'cc_protection_profile_id': {}, 'cc_security_level': {'EAL': {'EAL 4': 1, 'EAL 2': 1, 'EAL 4 augmented': 1}}, 'cc_sar': {'ALC': {'ALC_FLR.3': 1, 'ALC_FLR': 1}}, 'cc_sfr': {}, 'cc_claims': {}, 'vendor': {}, 'eval_facility': {}, 'symmetric_crypto': {}, 'asymmetric_crypto': {}, 'pq_crypto': {}, 'hash_function': {}, 'crypto_scheme': {}, 'crypto_protocol': {}, 'randomness': {}, 'cipher_mode': {}, 'ecc_curve': {}, 'crypto_engine': {}, 'tls_cipher_suite': {}, 'crypto_library': {}, 'vulnerability': {}, 'side_channel_analysis': {}, 'technical_report_id': {}, 'device_model': {}, 'tee_name': {}, 'os_name': {}, 'cplc_data': {}, 'ic_data_group': {}, 'standard_id': {'ISO': {'ISO/IEC 15408': 2, 'ISO/IEC 18045': 2}}, 'javacard_version': {}, 'javacard_api_const': {}, 'javacard_packages': {}, 'certification_process': {}}. - The report_filename property was set to
1177a_pdf.pdf. - The st_filename property was set to
1177b_pdf.pdf. - The cert_filename property was set to
1177c_pdf.pdf.
The computed heuristics were updated.
- The cert_lab property was set to
['BSI']. - The cert_id property was set to
BSI-DSZ-CC-1177-2025. - The extracted_sars property was updated, with the
{'_type': 'Set', 'elements': [{'_type': 'sec_certs.sample.sar.SAR', 'family': 'ASE_INT', 'level': 1}, {'_type': 'sec_certs.sample.sar.SAR', 'family': 'ALC_CMC', 'level': 4}, {'_type': 'sec_certs.sample.sar.SAR', 'family': 'ASE_ECD', 'level': 1}, {'_type': 'sec_certs.sample.sar.SAR', 'family': 'ADV_IMP', 'level': 1}, {'_type': 'sec_certs.sample.sar.SAR', 'family': 'ATE_COV', 'level': 2}, {'_type': 'sec_certs.sample.sar.SAR', 'family': 'ASE_TSS', 'level': 1}, {'_type': 'sec_certs.sample.sar.SAR', 'family': 'ALC_TAT', 'level': 1}, {'_type': 'sec_certs.sample.sar.SAR', 'family': 'ASE_SPD', 'level': 1}, {'_type': 'sec_certs.sample.sar.SAR', 'family': 'ALC_DEL', 'level': 1}, {'_type': 'sec_certs.sample.sar.SAR', 'family': 'ALC_LCD', 'level': 1}, {'_type': 'sec_certs.sample.sar.SAR', 'family': 'AGD_OPE', 'level': 1}, {'_type': 'sec_certs.sample.sar.SAR', 'family': 'AVA_VAN', 'level': 3}, {'_type': 'sec_certs.sample.sar.SAR', 'family': 'AGD_PRE', 'level': 1}, {'_type': 'sec_certs.sample.sar.SAR', 'family': 'ALC_CMS', 'level': 4}, {'_type': 'sec_certs.sample.sar.SAR', 'family': 'ATE_FUN', 'level': 1}, {'_type': 'sec_certs.sample.sar.SAR', 'family': 'ADV_ARC', 'level': 1}, {'_type': 'sec_certs.sample.sar.SAR', 'family': 'ASE_OBJ', 'level': 2}, {'_type': 'sec_certs.sample.sar.SAR', 'family': 'ADV_TDS', 'level': 3}, {'_type': 'sec_certs.sample.sar.SAR', 'family': 'ATE_DPT', 'level': 1}, {'_type': 'sec_certs.sample.sar.SAR', 'family': 'ASE_REQ', 'level': 2}, {'_type': 'sec_certs.sample.sar.SAR', 'family': 'ALC_DVS', 'level': 1}, {'_type': 'sec_certs.sample.sar.SAR', 'family': 'ADV_FSP', 'level': 4}, {'_type': 'sec_certs.sample.sar.SAR', 'family': 'ATE_IND', 'level': 2}, {'_type': 'sec_certs.sample.sar.SAR', 'family': 'ASE_CCL', 'level': 1}]}values added.
- The report property was updated, with the
-
07.04.2025 The certificate was first processed.
New certificate
A new Common Criteria certificate with the product name L4Re Secure Separation Kernel CC Version 1.0.1 was processed.
Raw data
{
"_type": "sec_certs.sample.cc.CCCertificate",
"category": "Operating Systems",
"cert_link": "https://www.commoncriteriaportal.org/nfs/ccpfiles/files/epfiles/1177c_pdf.pdf",
"dgst": "7929b54ea442ff99",
"heuristics": {
"_type": "sec_certs.sample.cc.CCCertificate.Heuristics",
"annotated_references": null,
"cert_id": "BSI-DSZ-CC-1177-2025",
"cert_lab": [
"BSI"
],
"cpe_matches": null,
"direct_transitive_cves": null,
"eal": "EAL4+",
"extracted_sars": {
"_type": "Set",
"elements": [
{
"_type": "sec_certs.sample.sar.SAR",
"family": "ASE_SPD",
"level": 1
},
{
"_type": "sec_certs.sample.sar.SAR",
"family": "ADV_TDS",
"level": 3
},
{
"_type": "sec_certs.sample.sar.SAR",
"family": "ASE_ECD",
"level": 1
},
{
"_type": "sec_certs.sample.sar.SAR",
"family": "ATE_IND",
"level": 2
},
{
"_type": "sec_certs.sample.sar.SAR",
"family": "ALC_CMC",
"level": 4
},
{
"_type": "sec_certs.sample.sar.SAR",
"family": "ASE_INT",
"level": 1
},
{
"_type": "sec_certs.sample.sar.SAR",
"family": "ASE_TSS",
"level": 1
},
{
"_type": "sec_certs.sample.sar.SAR",
"family": "ALC_TAT",
"level": 1
},
{
"_type": "sec_certs.sample.sar.SAR",
"family": "ADV_IMP",
"level": 1
},
{
"_type": "sec_certs.sample.sar.SAR",
"family": "ALC_FLR",
"level": 3
},
{
"_type": "sec_certs.sample.sar.SAR",
"family": "ATE_FUN",
"level": 1
},
{
"_type": "sec_certs.sample.sar.SAR",
"family": "ASE_CCL",
"level": 1
},
{
"_type": "sec_certs.sample.sar.SAR",
"family": "AGD_PRE",
"level": 1
},
{
"_type": "sec_certs.sample.sar.SAR",
"family": "ADV_FSP",
"level": 4
},
{
"_type": "sec_certs.sample.sar.SAR",
"family": "ASE_REQ",
"level": 2
},
{
"_type": "sec_certs.sample.sar.SAR",
"family": "ATE_COV",
"level": 2
},
{
"_type": "sec_certs.sample.sar.SAR",
"family": "ALC_DVS",
"level": 1
},
{
"_type": "sec_certs.sample.sar.SAR",
"family": "ALC_LCD",
"level": 1
},
{
"_type": "sec_certs.sample.sar.SAR",
"family": "ATE_DPT",
"level": 1
},
{
"_type": "sec_certs.sample.sar.SAR",
"family": "ALC_DEL",
"level": 1
},
{
"_type": "sec_certs.sample.sar.SAR",
"family": "AGD_OPE",
"level": 1
},
{
"_type": "sec_certs.sample.sar.SAR",
"family": "ALC_CMS",
"level": 4
},
{
"_type": "sec_certs.sample.sar.SAR",
"family": "AVA_VAN",
"level": 3
},
{
"_type": "sec_certs.sample.sar.SAR",
"family": "ASE_OBJ",
"level": 2
},
{
"_type": "sec_certs.sample.sar.SAR",
"family": "ADV_ARC",
"level": 1
}
]
},
"extracted_versions": {
"_type": "Set",
"elements": [
"1.0.1"
]
},
"indirect_transitive_cves": null,
"next_certificates": null,
"prev_certificates": null,
"protection_profiles": null,
"related_cves": null,
"report_references": {
"_type": "sec_certs.sample.certificate.References",
"directly_referenced_by": null,
"directly_referencing": null,
"indirectly_referenced_by": null,
"indirectly_referencing": null
},
"scheme_data": {
"category": "Operating systems",
"cert_id": "BSI-DSZ-CC-1177-2025",
"certification_date": "2025-02-18",
"enhanced": {
"applicant": "Kernkonzept GmbH Buchenstra\u00dfe 16 b 01097 Dresden Deutschland",
"assurance_level": "EAL4+,ALC_FLR.3",
"cert_link": "https://www.bsi.bund.de/SharedDocs/Downloads/DE/BSI/Zertifizierung/Reporte/Reporte1100/1177c_pdf.pdf?__blob=publicationFile\u0026v=3",
"certification_date": "2025-02-18",
"description": "The TOE is the L4Re Secure Separation Kernel CC 1.0.1 (L4Re SSK). L4Re SSK is a distribution of the open-source L4Re Operating System Framework. As such it is based on the L4Re Microkernel. The L4Re Microkernel is a 3rd-generation microkernel with a state-of-the-art capability-based mandatory access control security model. It allows the separation of applications into different security domains, information flow control, and, subject to access control, dynamic assignment of resources and communication channels. Further the L4Re Microkernel supports static workloads alongside dynamic workloads, which allows to start, restart and shutdown applications during runtime. L4Re SSK is configured to act as a separation kernel, to provide the security features claimed by the ST. The TOE supports native applications as well as virtual machines (VMs). Access to every resource including but not limited to memory, hardware devices and CPU cores is protected by capabilities. Applications and VMs can only access a resource if they possess a capability with suitable permissions for that resource.",
"evaluation_facility": "atsec information security GmbH",
"expiration_date": "2030-02-17",
"product": "L4Re Secure Separation Kernel CC, Version 1.0.1",
"report_link": "https://www.bsi.bund.de/SharedDocs/Downloads/DE/BSI/Zertifizierung/Reporte/Reporte1100/1177a_pdf.pdf?__blob=publicationFile\u0026v=3",
"target_link": "https://www.bsi.bund.de/SharedDocs/Downloads/DE/BSI/Zertifizierung/Reporte/Reporte1100/1177b_pdf.pdf?__blob=publicationFile\u0026v=2"
},
"product": "L4Re Secure Separation Kernel CC, Version 1.0.1",
"url": "https://www.bsi.bund.de/SharedDocs/Zertifikate_CC/CC/Betriebssysteme/1177.html",
"vendor": "Kernkonzept GmbH"
},
"st_references": {
"_type": "sec_certs.sample.certificate.References",
"directly_referenced_by": null,
"directly_referencing": null,
"indirectly_referenced_by": null,
"indirectly_referencing": null
},
"verified_cpe_matches": null
},
"maintenance_updates": {
"_type": "Set",
"elements": []
},
"manufacturer": "Kernkonzept GmbH",
"manufacturer_web": "https://kernkonzept.com",
"name": "L4Re Secure Separation Kernel CC Version 1.0.1",
"not_valid_after": "2030-02-18",
"not_valid_before": "2025-02-18",
"pdf_data": {
"_type": "sec_certs.sample.cc.CCCertificate.PdfData",
"cert_filename": "1177c_pdf.pdf",
"cert_frontpage": null,
"cert_keywords": {
"asymmetric_crypto": {},
"cc_cert_id": {
"DE": {
"BSI-DSZ-CC-1177-2025": 1
}
},
"cc_claims": {},
"cc_protection_profile_id": {},
"cc_sar": {
"ALC": {
"ALC_FLR": 1,
"ALC_FLR.3": 1
}
},
"cc_security_level": {
"EAL": {
"EAL 2": 1,
"EAL 4": 1,
"EAL 4 augmented": 1
}
},
"cc_sfr": {},
"certification_process": {},
"cipher_mode": {},
"cplc_data": {},
"crypto_engine": {},
"crypto_library": {},
"crypto_protocol": {},
"crypto_scheme": {},
"device_model": {},
"ecc_curve": {},
"eval_facility": {},
"hash_function": {},
"ic_data_group": {},
"javacard_api_const": {},
"javacard_packages": {},
"javacard_version": {},
"os_name": {},
"pq_crypto": {},
"randomness": {},
"side_channel_analysis": {},
"standard_id": {
"ISO": {
"ISO/IEC 15408": 2,
"ISO/IEC 18045": 2
}
},
"symmetric_crypto": {},
"technical_report_id": {},
"tee_name": {},
"tls_cipher_suite": {},
"vendor": {},
"vulnerability": {}
},
"cert_metadata": {
"/Author": "Bundesamt f\u00fcr Sicherheit in der Informationstechnik",
"/Keywords": "\"Common Criteria, Certification, Zertifizierung, Kernkonzept, Mikrokernel L4Re\"",
"/Subject": "Common Criteria, Certification, Zertifizierung, Kernkonzept, Mikrokernel L4Re",
"/Title": "Urkunde BSI-DSZ-CC-1177-2025",
"pdf_file_size_bytes": 230300,
"pdf_hyperlinks": {
"_type": "Set",
"elements": []
},
"pdf_is_encrypted": false,
"pdf_number_of_pages": 1
},
"report_filename": "1177a_pdf.pdf",
"report_frontpage": {
"DE": {
"cert_id": "BSI-DSZ-CC-1177-2025",
"cert_item": "L4Re Secure Separation Kernel CC Version 1.0.1",
"cert_lab": "BSI",
"developer": "Kernkonzept GmbH",
"match_rules": [
"(BSI-DSZ-CC-.+?) (?:for|For) (.+?) from (.*)"
]
}
},
"report_keywords": {
"asymmetric_crypto": {},
"cc_cert_id": {
"DE": {
"BSI-DSZ-CC-1177-2025": 12
}
},
"cc_claims": {
"OE": {
"OE.HARDWARE": 1,
"OE.NOEVIL": 1,
"OE.PHYSICAL": 1
}
},
"cc_protection_profile_id": {},
"cc_sar": {
"ALC": {
"ALC_FLR": 3,
"ALC_FLR.3": 4
}
},
"cc_security_level": {
"EAL": {
"EAL 1": 1,
"EAL 2": 3,
"EAL 4": 5,
"EAL 4 augmented": 3
}
},
"cc_sfr": {},
"certification_process": {
"ConfidentialDocument": {
"7] Final Evaluation Technical Report, Version 2, 2025-02-04, atsec information security GmbH, (confidential document) 7 specifically \u2022 AIS 1 Anforderungen an Aufbau und Inhalt von Einzelpr\u00fcfberichten f\u00fcr Evaluationen": 1,
"Separation Kernel CC, Version 1.0.1 Konfigurationsliste, Version 1.0, 2024-11-18, Kernkonzept GmbH (confidential document) [9] L4Re Secure Boot Guidance, 2022-10-07, Kernkonzept GmbH [10] L4Re Configuration Guidance": 1,
"being maintained, is not given any longer. In particular, prior to the dissemination of confidential documentation and information related to the TOE or resulting from the evaluation and certification": 1
}
},
"cipher_mode": {},
"cplc_data": {},
"crypto_engine": {},
"crypto_library": {},
"crypto_protocol": {},
"crypto_scheme": {},
"device_model": {},
"ecc_curve": {},
"eval_facility": {
"atsec": {
"atsec": 3
}
},
"hash_function": {},
"ic_data_group": {},
"javacard_api_const": {},
"javacard_packages": {},
"javacard_version": {},
"os_name": {},
"pq_crypto": {},
"randomness": {},
"side_channel_analysis": {},
"standard_id": {
"BSI": {
"AIS 1": 1,
"AIS 14": 1,
"AIS 19": 1,
"AIS 23": 1,
"AIS 32": 1
},
"ISO": {
"ISO/IEC 15408": 4,
"ISO/IEC 17065": 2,
"ISO/IEC 18045": 4
}
},
"symmetric_crypto": {},
"technical_report_id": {
"BSI": {
"BSI 7148": 1
}
},
"tee_name": {},
"tls_cipher_suite": {},
"vendor": {
"NXP": {
"NXP": 1
}
},
"vulnerability": {}
},
"report_metadata": {
"/Author": "Bundesamt f\u00fcr Sicherheit in der Informationstechnik",
"/Keywords": "\"Common Criteria, Certification, Zertifizierung, Kernkonzept, Mikrokernel L4Re\"",
"/Subject": "Common Criteria, Certification, Zertifizierung, Kernkonzept, Mikrokernel L4Re",
"/Title": "Certification Report BSI-DSZ-CC-1177-2025",
"pdf_file_size_bytes": 326892,
"pdf_hyperlinks": {
"_type": "Set",
"elements": [
"https://www.bsi.bund.de/AIS",
"https://www.bsi.bund.de/",
"http://www.commoncriteriaportal.org/cc/",
"https://www.bsi.bund.de/zertifizierung",
"https://www.bsi.bund.de/zertifizierungsreporte",
"https://www.sogis.eu/",
"http://www.commoncriteriaportal.org/",
"https://www.commoncriteriaportal.org/"
]
},
"pdf_is_encrypted": false,
"pdf_number_of_pages": 22
},
"st_filename": "1177b_pdf.pdf",
"st_frontpage": null,
"st_keywords": {
"asymmetric_crypto": {},
"cc_cert_id": {
"DE": {
"BSI-DSZ-CC-1177": 2
}
},
"cc_claims": {
"A": {
"A.ENVIRONMENT": 2,
"A.NOEVIL": 2,
"A.PHYSICAL": 2
},
"O": {
"O.AVAILABILITY": 11,
"O.CONFIDENTIALITY": 19,
"O.INTEGRITY": 5
},
"OE": {
"OE.HARDWARE": 2,
"OE.NOEVIL": 2,
"OE.PHYSICAL": 2
},
"T": {
"T.DEPLETION": 2,
"T.DISCLOSURE": 2,
"T.MODIFICATION": 2
}
},
"cc_protection_profile_id": {},
"cc_sar": {
"ADV": {
"ADV_ARC.1": 1,
"ADV_FSP.4": 1,
"ADV_IMP.1": 1,
"ADV_TDS.3": 1
},
"AGD": {
"AGD_OPE.1": 1,
"AGD_PRE.1": 1
},
"ALC": {
"ALC_CMC.4": 1,
"ALC_CMS.4": 1,
"ALC_DEL.1": 1,
"ALC_DVS.1": 1,
"ALC_FLR.3": 6,
"ALC_LCD.1": 1,
"ALC_TAT.1": 1
},
"ASE": {
"ASE_CCL.1": 1,
"ASE_ECD.1": 1,
"ASE_INT.1": 1,
"ASE_OBJ.2": 1,
"ASE_REQ.2": 1,
"ASE_SPD.1": 1,
"ASE_TSS.1": 1
},
"ATE": {
"ATE_COV.2": 1,
"ATE_DPT.1": 1,
"ATE_FUN.1": 1,
"ATE_IND.2": 1
},
"AVA": {
"AVA_VAN.3": 1
}
},
"cc_security_level": {
"EAL": {
"EAL 4": 1,
"EAL4": 2
}
},
"cc_sfr": {
"FDP": {
"FDP_ACC": 30,
"FDP_ACC.1": 4,
"FDP_ACC.2": 8,
"FDP_ACF": 30,
"FDP_ACF.1": 20,
"FDP_IFC.2": 7,
"FDP_IFC.2.1": 1,
"FDP_IFC.2.2": 1,
"FDP_IFF.1": 6,
"FDP_IFF.1.1": 1,
"FDP_IFF.1.2": 1,
"FDP_IFF.1.3": 1,
"FDP_IFF.1.4": 1,
"FDP_IFF.1.5": 1,
"FDP_RIP.1": 5,
"FDP_RIP.1.1": 1
},
"FIA": {
"FIA_UID.2": 6,
"FIA_UID.2.1": 1
},
"FMT": {
"FMT_MSA": 39,
"FMT_MSA.1": 5,
"FMT_MSA.3": 15,
"FMT_MTD": 5,
"FMT_MTD.1": 1,
"FMT_SMF": 1,
"FMT_SMF.1": 5,
"FMT_SMF.1.1": 1,
"FMT_SMR": 6,
"FMT_SMR.1": 6
},
"FPR": {
"FPR_UNO.1": 5,
"FPR_UNO.1.1": 1
}
},
"certification_process": {},
"cipher_mode": {},
"cplc_data": {},
"crypto_engine": {},
"crypto_library": {},
"crypto_protocol": {
"VPN": {
"VPN": 1
}
},
"crypto_scheme": {},
"device_model": {},
"ecc_curve": {},
"eval_facility": {},
"hash_function": {},
"ic_data_group": {},
"javacard_api_const": {},
"javacard_packages": {},
"javacard_version": {},
"os_name": {},
"pq_crypto": {},
"randomness": {},
"side_channel_analysis": {
"SCA": {
"side channels": 3
}
},
"standard_id": {},
"symmetric_crypto": {},
"technical_report_id": {},
"tee_name": {},
"tls_cipher_suite": {},
"vendor": {
"NXP": {
"NXP": 1
}
},
"vulnerability": {}
},
"st_metadata": {
"/Author": "Kernkonzept GmbH",
"/Keywords": "L4Re Operating System Framework, L4Re Hypervisor, Microkernel, Operating system",
"/Subject": "L4Re SSK",
"/Title": "Security Target for L4Re Secure Separation Kernel CC 1.0.1",
"pdf_file_size_bytes": 621521,
"pdf_hyperlinks": {
"_type": "Set",
"elements": [
"https://l4re.org/doc/group__l4__icu__api.html"
]
},
"pdf_is_encrypted": false,
"pdf_number_of_pages": 61
}
},
"protection_profile_links": {
"_type": "Set",
"elements": []
},
"report_link": "https://www.commoncriteriaportal.org/nfs/ccpfiles/files/epfiles/1177a_pdf.pdf",
"scheme": "DE",
"security_level": {
"_type": "Set",
"elements": [
"ALC_FLR.3",
"EAL4+"
]
},
"st_link": "https://www.commoncriteriaportal.org/nfs/ccpfiles/files/epfiles/1177b_pdf.pdf",
"state": {
"_type": "sec_certs.sample.cc.CCCertificate.InternalState",
"cert": {
"_type": "sec_certs.sample.document_state.DocumentState",
"convert_garbage": false,
"convert_ok": true,
"download_ok": true,
"extract_ok": true,
"pdf_hash": "be9644c1e97d2d0900cda0f861201d5c274118ba68e87583880a91873e1aaa9d",
"txt_hash": "34cfc642a1c8404c99870b04dfbbbffb906cd84b7529d80bad58db7d5daaa498"
},
"report": {
"_type": "sec_certs.sample.document_state.DocumentState",
"convert_garbage": false,
"convert_ok": true,
"download_ok": true,
"extract_ok": true,
"pdf_hash": "34a9a862bc155444a6fb7d1ca69e650ebfb17aa75991172c7c95e35afdbc0855",
"txt_hash": "4a291a9a11df75921ac3479bd93e9466e9c3182df8a2196b583adc69cae5b07e"
},
"st": {
"_type": "sec_certs.sample.document_state.DocumentState",
"convert_garbage": false,
"convert_ok": true,
"download_ok": true,
"extract_ok": true,
"pdf_hash": "62d0adec9d2a9be2782738e3891aa1c917992993f6d3398c443ee2568dbe605f",
"txt_hash": "0dd5da9907591574a54793a5d2115ba4dc77d0dd01c4b5eeec8646c28002a278"
}
},
"status": "active"
}