A Separation Kernel is an operating system with a minimized kernel that simulates a distributed system. Separation Kernels divide the resources they manage into partitions, each of these has its own address scopes, receives CPU times according to mostly predefined rules, and may also be allocated to other resources such as I/O devices. Partitions can belong to different security domains, which can be reliably separated from each other by the Separation Kernel. The SK also usually distinguishes between trusted, privileged system partitions and normal, unprivileged user partitions.

The task of a Separation Kernel is to provide the partitions it manages with a runtime environment in which the subjects (processes, tasks, threads) associated with the partition can each use the resources allocated to the partition by the SK.
Partitions are strictly separated in time and space and cannot affect each other. Communication between partitions is only possible under strict control of the Separation Kernel and must have been explicitly configured.

The CI requirements profile listed here is classified as "VS-NUR FÜR DEN DIENSTGEBRAUCH" and is therefore only available to parties that can prove a corresponding need-to-know in accordance with the General Administrative Provision for the Material Protection of Classified Information (VSA--Verschlusssachenanweisung). If you are interested in the document please contact: vs-anforderungsprofile@bsi.bund.de