SYSGO’s PikeOS Security Certification Kit helps customers prepare their certification in projects that are aiming for a Common Criteria Evaluation Assurance Level (EAL) from the Federal Office for Information Security (BSI) or the Airbus SAR SAL up to the highest levels.
Common Criteria (ISO/IEC 15408) addresses protection of assets from unauthorised disclosure, modification, or loss of use.
The PikeOS certification approach is modular and hardware independent to the upmost extend. Certifications can be easily extended to different hardware platforms with additional certified components. The tool chain is qualified and the Security methods and considerations are adapted according to the respected vertical market. PikeOS is certified according to Common Criteria to fast-forward the approval processes. Other standards are met via compliance matrices.
The CertKit is a bundle of evidence for a specific PikeOS version. It contains:
Augmented Security Target
Certificate
Evaluation Technical Reports
Interface Documents such as KERN-IF and PSSW-IF
Safety Security Manual
The Certkit applies to the PikeOS Separation Kernel without BSP.
Also, a PikeOS BSP/Authority certification kit is available that additionally to the above can get an authority kit for ITSEF (IT Security Evaluation Facility) and the authority of the customer's choice. It contains full functional/design specification and source code. Each CertKit comes with a Security bulletin, mentioning known thread vectors and improvements.
Security Levels
Evaluation Assurance Levels (EAL)
EAL 1 - lowest
EAL 2
EAL 3
EAL 4
EAL 5
EAL 6
EAL 7 - highest
EAL 1 is functionally tested and EAL 2 is structurally tested, whereas EAL 6 and 7 are meant for specific products with a highly focused Security scope.
For most Security use cases, an RTOS level of EAL 3 to 5 is sufficient. SYSGO is continuously working on the next steps.
SYSGO also offers the Avionics Airbus Security certification standard SAR up to level SAL 4.
SYSGO's PikeOS achieves Common Criteria EAL 5+ Security Certification
AVA_VAN.5 in the Context of Real-Time Operating Systems
In the Common Criteria terminology, AVA_VAN.5 stands for Advanced Methodical Vulnerability Analysis. It is the highest level within the Vulnerability Assessment (AVA) family—indicating resistance to attackers with a high attack potential.
What it includes:
A methodical, structured vulnerability analysis using documentation such as Security architecture descriptions, functional specifications, design details, and implementation representations
Independent penetration testing targeting potential vulnerabilities under the assumption of high attacker capability
Strong evidence that the Target of Evaluation (TOE)—your RTOS—holds up against attackers with significant time, expertise, resources, and specialized tools
Why this matters in an RTOS Environment:
Real-time operating systems, especially those like PikeOS used in Safety-critical domains (Aviation, Automotive, etc.), rely on robust isolation and partitioning for security. When paired with AVA_VAN.5, it assures evaluators that the system:
Withstands deep, methodical attempts to break or bypass isolation guarantees
Maintains security functions like secure boot, partition enforcement, and robust access control even under highly capable attacks
PikeOS achieved EAL5+ by augmenting EAL5 with AVA_VAN (and other classes), effectively achieving EAL7-level vulnerability resistance in some areas—proving that only attackers beyond “High” potential could breach it in practice.
