Improve security of FMUs

[chrbertsch]

• brought up by EKS-INTEC
• secure exchange and the possibility to „Sign and Check“ of FMUs
• Could be handled in a layered standard (t.b.d. if released by the FMI project or by some other organization)
• on the agenda for the F2F Meeting in Munich Dec 2024

@christian-wolf-eks : could you please provide more information?

[christian-wolf-eks]

General context:

• Execution of FMUs implies executing DLL/SO binary code => security implications
• In inter-company cooperation, foreign code must not be executed without checks
• In DIAMOND research project a common data model should be generated, exchange of (virtual commissioning) simulation models are planned by means of FMU
  • Problem was identified that FMU exchange will not work out of the box due to company policies
• Separation of problem
  • Usage of hashes+cryptographic signature to technically validate FMU's authenticity based on its origin (company)
  • Trust in foreign companies can be offloaded to classical approaches like contracts and mutual committments
• Work in Diamond project to tackle problem in working group (also on a broader scope)

Regarding layered standard:

• Currently, a first draft version of a layered standard is under heavy work, some progress is made, not clear how far this will be on Dec 2nd 2024
• Ideally, the layered standard should be backed by the FMI project in the long run (to avoid deprecation/archiving of the LS after end of the diamond project), plan was to provide a first rather complete suggestion of the LS
• Scope is to check the FMU against intentional and unintentional changes of files in the archive
  • All files are hashed
  • The hashes are cryptographically signed and thus sealed
  • T.B.D.: How far should best practices be defined on how to import/export corresponding FMUs regarding security and cryptography, distribution of certificates/CAs/...

I will update eventually this commment if new information come up