(return back to recipe list)









  1. System to model and assumptions
  2. Typical solution
  3. Possible analysis
  4. Case study



System to model and assumptions

MILS is a high-assurance security architecture characterized by untrusted and trusted components and based on security models. This chapter describes how to model a RTCS based on security architecture and services to perform security analysis.

1. MILS (Multi Independent Levels of security) architecture

MILS uses the divide and conquer approach to reduce the effort for security evaluation of a system. MILS adopts a classification level for subjects and objects that guides information control. MILS introduces many concepts that are represented in Cheddar.
A real-time critical system based on MILS security architecture is defined as follows:

Users should consider the above information in the XML file of a Cheddar-ADL system model.

2. Security services

This section is dedicated to how to perform security analysis based on some security models. A security model describes the security strategy for a system to ensure security objectives. Bell-La Padula, Biba, and chinese wall are examples of security models. They were implemented in Cheddar to verify Cheddar ADL models which are their main point of entry.