UCH Goes EAL4—The Foundation of an Eco System for Ambient Assisted Living: ISO/IEC 15408 Common Criteria Based Implementation of the ISO/IEC 24752 Universal Control Hub Middleware

We are interested in an alternative to “built-in one-size-fits-all” user interfaces for appliances and services in intelligent environments. The ISO/IEC 24752 Universal Remote Console (URC) technology provides an open box that can connect arbitrary users with arbitrary appliances and services. Its core is the Universal Control Hub (UCH), a middleware providing standardized abstract interfaces that serves as a contract between a personalized user interface and the appliances/services. The UCH allows for “plugging” a new user interface into the abstract interface to adapt it to the user’s needs. Whereas the URC approach applies to intelligent environments in general (IoT, IoS), it has shown to be particularly useful when accessibility is a mandatory requirement. In order to foster an ecosystem that allows for sharing third-party resources, the Open URC Alliance has been founded. However, third-party resources are potential threats, which can harm the platform, its connected appliances, and even other resources involved. In fact, we are convinced that future usage of networked technologies, such as the URC technology, will not be possible unless a user will trust it. In this paper, we describe a pioneering effort by which we through a security-by-design approach along the prescriptions of the ISO/IEC 15408 common criteria (CC) methodology systematically develop and implement a secure UCH that guarantees fundamentally necessary security–privacy–trust properties, such as access control, role concepts, correct transportation of sensitive data, etc. The implementation is targeting a certification on the evaluation assurance level 4, that is, Methodically Designed, Tested and Reviewed.