Translartion. Region: Russians Fedetion –
Source: Peter the Great St Petersburg Polytechnic University – Peter the Great St Petersburg Polytechnic University –
The digital platform for the development and application of digital twins CML-Bench®, developed by Peter the Great St. Petersburg Polytechnic University, has received a certificate of compliance with the software security requirements of the Federal Service for Technical and Export Control (FSTEC of Russia) at the sixth level of trust. CML-Bench® is the first digital platform developed by SPbPU to receive a certificate allowing the processing of information with the confidentiality modes “Commercial Secret” and “For Official Use Only”.
The sixth level of trust allows the platform to be used at significant critical information infrastructure facilities of the third category, in government information systems and as part of automated production and technological process control systems of the third class* of information security, and personal data information systems of the third level** of security.
*In state information systems, there are three classes of information security, which are determined depending on the level of significance of the information processed in the information system and its scale (federal, regional, facility-based). The first class requires the greatest protection, the third class – the least protection. **When protecting personal data, the third level is the average level of security, which is used for personal data, the leakage of which may harm the data subject, but will not lead to significant risks.
Thus, in the context of changing legislation in the field of import substitution of software and increasing requirements for software security, the FSTEC of Russia certificate allows using the CML-Bench® digital platform for working with government agencies; government institutions and enterprises; Russian legal entities that own information systems, information and telecommunications networks, automated control systems operating in the field of healthcare, science, transport, communications, energy, as well as state registration of rights to real estate and transactions with it, banking and other areas of the financial market, fuel and energy complex, in the field of nuclear energy, defense, rocket and space, mining, metallurgy and chemical industries.
To ensure that the CML-Bench® digital platform meets the requirements of the sixth level of trust, specialists from the Advanced Engineering School of SPbPU “Digital Engineering” have developed and implemented a number of microservices in the software that provide protection against unauthorized access to information, implement identification and authentication functions, access control and registration of security events, in accordance with the requirements specified in the document “Information security requirements establishing levels of trust in technical information protection tools and information technology security tools”.
In particular, authentication services, user rights management, and an LDAP (LDAP) interaction service were implemented. CML-Bench® was also integrated with Keycloak (a program that helps users log into different sites and applications under one account and allows you to manage who has access to what) with CML-Bench®. At the same time, identifiers and object types were output to the log by security event types with the ability to customize the volume of recorded information. Event logging was implemented for all account types. The Circuit Breaker template was successfully implemented and support for CSRF tokens (a security tool in web applications) was added. Healthcheck checks were also added to the new services.
In March 2023, for the first time in the history of SPbPU, a license was received from the FSTEC of Russia for the development and production of means of protecting confidential information, including software tools for information protection; secure software (software and hardware) means of information processing and software (software and hardware) means of monitoring information security. After that, active work began on the allocation and refinement of the “security module” as part of the Digital Platform for the Development and Application of Digital Twins CML-Bench®. And a year and a half later, an FSTEC certificate was received confirming the compliance of the platform’s security level with the sixth trust level. For us, this is a very important result, since the structural divisions of the Advanced Engineering School of SPbPU “Digital Engineering” implement projects with high-tech companies from various industries that are subjects of critical information infrastructure, – commented Vice-Rector for Digital Transformation of SPbPU, Head of the Advanced Engineering School of SPbPU “Digital Engineering” Alexey Borovkov.
The refinement of the “security module” as part of the Digital Platform for the Development and Application of Digital Twins CML-Bench® was accompanied by updating the technical documentation and testing.
Certification tests on a special stand were carried out by the Scientific, Technical and Certification Center for Comprehensive Information Security (JSC Center Atomzashchitainform). As a result of the preparation of the research stand, along with the creation of conditions for testing, the absence of configuration vulnerabilities and signs of malware in the object of assessment, as well as potentially dangerous functional capabilities that appear during the installation and configuration of the object of assessment were checked. As a result, the CML-Bench® digital platform, based on the test results, confirmed the absence of current vulnerabilities and protection against the threat of unauthorized access to information contained in the product; against the threat of unauthorized transfer of information to information and telecommunication networks and other information systems; against the threat of unauthorized receipt of information about the product, as well as its nodes; the threat of denial of service.
The assessment of the certification test materials for compliance with information security requirements was carried out by the expert commission of the certification body FSTEC of Russia. Based on the expert opinion on the results of comprehensive certification tests of the digital platform for the development and use of digital twins CML-Bench®, a certificate of compliance with information security requirements was issued.
The certification was carried out on an initiative basis during the implementation of a project to design and create an automated digital engineering system jointly with Greenatom JSC in a subsidiary of TVEL JSC — CentroTech-Engineering LLC for further replication in the structures of TVEL JSC and Rosatom State Corporation.
For reference:
The CML-Bench® digital platform is a digital platform for the development and application of digital twins of both high-tech industrial products and goods, as well as technological and production processes for their manufacture, a system for managing activities in the field of system digital engineering. Since 2006, the CML-Bench® digital platform has been developed by employees of the Engineering Center (CompMechLab®) “Computer Engineering Center” of SPbPU and employees of the Computational Mechanics Laboratory LLC (CompMechLab®).
The CML-Bench® Digital Platform is used to develop projects for high-tech industries: engine building, power engineering, nuclear, oil and gas, special and railway engineering, aircraft and helicopter engineering, including unmanned aerial vehicles, automotive engineering, including electric transport, shipbuilding and shipbuilding, as well as marine engineering, nuclear energy, fuel and energy complex, medicine, high-performance sports, etc.
At the end of 2022, the CML-Bench® platform was deployed on the servers of Centrotech-Engineering LLC (part of the control circuit of the TVEL fuel company of the Rosatom State Corporation) as part of the project to create an automated digital engineering system. And in 2023, specialists from the Advanced Engineering School “Digital Engineering” of SPbPU developed a software module that allows for the seamless transfer of engineering data from one of the most popular PLM systems (engineering data and production process management systems) Teamcenter by Siemens to the CML-Bench® digital platform. The CML-Bench® digital platform formed the basis for the URANIA data and process management system for computational and experimental scientific research, used at the enterprises of the Rosatom State Corporation.
Please note: This information is raw content directly from the source of the information. It is exactly what the source states and does not reflect the position of MIL-OSI or its clients.