Security Governance Filters

Modern digital infrastructures are becoming increasingly complex and interconnected. Cloud platforms, artificial intelligence infrastructures, connected vehicles and large-scale cyber-physical systems combine numerous software layers, protocol stacks and operational interfaces. In such environments, attempting to secure every component of the infrastructure is unrealistic. Large software stacks inevitably contain vulnerabilities, making traditional perimeter security mechanisms increasingly fragile.

A more robust architectural approach consists in introducing strongly verifiable control points capable of mediating interactions between security domains and governing critical operations.

This paper revisits the concept of security filters, originally introduced for protecting critical IoT and cyber-physical infrastructures. Unlike traditional firewalls that operate on low-level protocol elements and rely on large trusted computing bases, security filters enforce explicit high-level policies on commands and data flows. When implemented on top of formally verified microkernels and minimal trusted components, such filters drastically reduce the attack surface and provide strong assurance guarantees.

We argue that formally verified security filters constitute the simplest form of programmable security governance anchors and can therefore be considered minimal instances of Trusted Security Governance Platforms (TSGP). Beyond this conceptual role, security filters also represent one of the most practical governance anchors for constructing security architectures based on Trusted Security Governance Platforms.

The paper also analyzes the robustness advantages of this architecture compared to traditional firewall-based approaches. By minimizing the trusted computing base to a formally verified microkernel and a small filtering application, the architecture eliminates large classes of vulnerabilities inherent to traditional network security devices.

Finally, we present emerging industrial deployments of these mechanisms within the security core of next-generation Software Defined Vehicles (SDV) and discuss ongoing work exploring similar architectures for avionics systems where critical information exchanges between onboard subsystems must be strictly governed.

These deployments illustrate how governance-based security architectures can move from research concepts to large-scale cyber-physical infrastructures.