The MILS component integration approach to secure information sharing

To achieve the vision of information superiority, secure and timely sharing of information is needed between geographically separated platforms and users. However, often the producers and consumers of the information, as well as the information itself are separated in different security domains. A COTS marketplace of composable, high assurance components would not only make the vision of cross-domain information sharing achievable, but could also help to make it much more affordable than is currently possible. As part of the Multiple Independent Levels of Security/Safety initiative, AFRL's multi-year High Assurance Middleware for Embedded Systems (HAMES) program is conducting research in integrating trusted components in such a way that the security properties of the system can be predicted. MILS is characterized by a two-level approach to secure system design. At the policy level, a decomposition to a virtual architecture is performed while identifying the trusted components, the local policies and the communications channels. This is done in a way that minimizes complexity of trusted components and their policies. At the resource sharing level, implementation of components is considered, which includes the allocation of components to shared physical resources. MILS provides an implementation technology that enables virtual components of various types, and their intercommunication channels, to share physical resources without compromising the integrity of the policy level. Security is seldom identified with a single, simple policy; the two-level approach of MILS was introduced as a rational way to organize the multiple cooperating components and sub-policies that realize a complete secure system. A MILS system needs to provide assurance that this design and implementation strategy and, in particular, the separate sub-policies of its components and the resource-sharing properties of its physical subsystems, compose to guarantee the security policy required of the overall system. This paper will describe the progress made so far in our research and some of the remaining challenges.

[1]  Paul Prisaznuk,et al.  ARINC Specification 653, Avionics Application Software Standard Interface , 2006, Avionics.

[2]  John Rushby,et al.  Noninterference, Transitivity, and Channel-Control Security Policies 1 , 2005 .

[3]  James P Anderson,et al.  Computer Security Technology Planning Study , 1972 .

[4]  Lawrence Robinson,et al.  Proving multilevel security of a system design , 1977, SOSP '77.

[5]  T. A. Berson,et al.  KSOS - Development methodology for a secure operating system , 1899 .

[6]  J. Meseguer,et al.  Security Policies and Security Models , 1982, 1982 IEEE Symposium on Security and Privacy.

[7]  John M. Rushby,et al.  Design and verification of secure systems , 1981, SOSP.

[8]  Jim Alves-Foss,et al.  The MILS architecture for high-assurance embedded systems , 2006, Int. J. Embed. Syst..

[9]  Richard J. Feiertag A Technique for Proving Specifications are Multilevel Secure , 1980 .

[10]  John Rushby,et al.  A Formal Model for MILS Integration , 2008 .

[11]  J K Millen,et al.  Computer Security Models , 1984 .

[12]  A. Goldberg,et al.  Formal construction of the Mathematically Analyzed Separation Kernel , 2000, Proceedings ASE 2000. Fifteenth IEEE International Conference on Automated Software Engineering.

[13]  Anahí Gallardo Velázquez,et al.  Conference , 1969, Journal of Neuroscience Methods.

[14]  D. Elliott Bell,et al.  Secure Computer System: Unified Exposition and Multics Interpretation , 1976 .

[15]  Derek Barnes The Provision of Security for User Data on Packet Switched Networks. , 1983, S&P 1983.

[16]  Brian Randell,et al.  Distributed Secure Systems: Then and Now , 2007, Twenty-Third Annual Computer Security Applications Conference (ACSAC 2007).

[17]  Anthony S. Wojcik,et al.  Afips Conference Proceedings , 1985 .

[18]  Rushby John,et al.  Partitioning in Avionics Architectures: Requirements, Mechanisms, and Assurance , 1999 .

[19]  W. Vanfleet,et al.  I Where We Have Been Where We Are Going Mils:architecture for High-assurance Embedded Computing , 2022 .