The MILS Architecture for a Secure Global Information Grid

H igh-assurance systems are used in environments where failure can cause security breaches or even a loss of life [1]. Examples include avionics, weapon controls, intelligence gathering, and life-support systems. Before such a system can be deployed, there must exist convincing evidence that it can support critical safety as well as security properties. The avionics community has addressed the need for safety-critical systems by developing the DO-178B and DO-255 standards, which provide a set of guidelines for the design, analysis, and evaluation of system safety [2, 3]. Though adequate for the safety evaluation of airborne systems, neither is sufficient to address the security concerns of critical security systems such as those that protect national security. Such high-assurance systems require the rigorous specification and implementation requirements outlined in the Common Criteria (CC) [4].

[1]  Jim Alves-Foss,et al.  A multi-layered approach to security in high assurance systems , 2004, 37th Annual Hawaii International Conference on System Sciences, 2004. Proceedings of the.

[2]  Jim Alves-Foss,et al.  The MILS architecture for high-assurance embedded systems , 2006, Int. J. Embed. Syst..

[3]  P. Oman,et al.  Software mediators for transparent channel control in unbounded environments , 2005, Proceedings from the Sixth Annual IEEE SMC Information Assurance Workshop.