\subsubsection{Address space} \label{address_space} An \addressspace is specified by the following definitions \cite{Adr1} \cite{Adr2}:\\ (1) It is the range of virtual addresses that the operating system assigns to a user or separately running program.\\ (2) The range of addresses which a \processor or process can access, or at which a device can be accessed. \\ (3) It refers to either physical address or virtual address.\\ (4) An \addressspace may be associated to an address protection mechanism.\\ (5) An \addressspace defines a range of discrete addresses, each of which may correspond to a network host, peripheral device, disk sector, a memory cell or other logical or physical entity.\\ (6) It allows to model a logical unit of memory.\\ \begin{center} Standard attributes \end{center} $Name$ : it is the unique name of the \addressspace.\\ $Cpu_-name$: It is the name of \processor which contain \addressspace.\\ $Text_{-}Memory_{-}Size$: It is the size of text segment. A text segment contains the executable image of the program. It is used to perform a global memory analysis.\\ $Stack_{-}Memory_{-}Size$: It is the size of stack segment. A stack segment contains the function-call stack. This segment is extended automatically as needed.\\ $Data_{-}Memory_{-}Size$: It is the size of data segment. A data segment contains the \textit{heap} of dynamically allocated data space.\\ $Heap_{-}Memory_{-}Size$: It is the size of logical memory reserved for the heap.\\ $Scheduling$: It defines all parameters of scheduling. It is the type of $Scheduling_{-}Parameters$ (see Annexes for definitions of $Scheduling_{-}Parameters$). \\ $mils_{-}confidentiality_{-}level$ : It defines the level of confidentiality of an address space. $mils_{-}confidentiality_{-}level$ can be UnClassified, or $Classified$, or $Secret$, or $Top_{-}Secret$ \\ $mils_{-}integrity_{-}level$ : It defines the level of integrity of an address space. $mils_{-}integrity_level$ can be $Low$, or $Medium$, or $High$ \\ $mils_{-}component$ : It defines the type of an address space according to the classification of components in MILS architecture. It can have the $SLS$ value for Single Level Secure component, or $MLS$ for Multi-Level Secure component, or $MSLS$ for Multi Single-Level Secure component.\\ $mils_{-}partition$ : It defines the kind of MILS component modeled by the address space. It can have either the $Device$ value or the $Application$ value.\\ $mils_{-}compliant$ : It is a boolean that specifies if an address space models a component of MILS or not.\\ \begin{center} Legality rules \end{center} (L1) The \addressspace name must not be empty.\\ (L2) The \addressspace name must be valid identifier.\\ (L3) An \addressspace must be linked to a \processor.\\ (L4) The $Text_{-}Memory_{-}Size$ must be greater than or equal to 0.\\ (L5) The $Stack_{-}Memory_{-}Size$ must be greater than or equal to 0.\\ (L6) The $Data_{-}Memory_{-}Size$ must be greater than or equal to 0.\\ (L7) The $Heap_{-}Memory_{-}Size$ must be greater than or equal to 0.\\ \begin{center} Annexes \end{center} (A1) See Annexes of $Dynamic_-Deployment$ for attributes of $Scheduling_{-}Parameters$.\\ \begin{center} Implementation \end{center} The figure \ref{dtd_addr} gives the DTD of entity \addressspace. \begin{figure}{} \begin{lstlisting}{} \end{lstlisting} \caption{The DTD of entity $Address$\_$Space$} \label{dtd_addr} \end{figure} \begin{center} Example \end{center} The figure \ref{example_adr} gives an example of \addressspace. This \addressspace, named $addr1$ is based on \processor $processor1$. The others parameters are fixed on $0$, and the scheduling parameters have a $quantum$ equal to $0$, and is the type $PREEMPTIVE$. \begin{figure}[H]{} \begin{lstlisting}{} ADDRESS_SPACE_OBJECT_TYPE addr1 processor1 0 0 0 0 NO_SCHEDULING_PROTOCOL 0 PREEMPTIVE 0 0 0 0 TOP_SECRET HIGH SLS DEVICE TRUE \end{lstlisting} \caption{An Example of entity \addressspace described using Cheddar ADL} \label{example_adr} \end{figure}