VIX. MILS and security services

MILS is a high-assurance security architecture characterized by untrusted and trusted components and based on security models. This chapter describes how to model a RTCS based on security architecture and services to perform security analysis.

1. MILS (Multi Independent Levels of security) architecture

MILS uses the divide and conquer approach to reduce the effort for security evaluation of a system. MILS adopts a classification level for subjects and objects that guides information control. MILS introduces many concepts that are represented in Cheddar.
A real-time critical system based on MILS security architecture is defined as follows:

Users should consider the above information in the XML file of a Cheddar-ADL system model.

2. Security services

This section is dedicated to how to perform security analysis based on some security models. A security model describes the security strategy for a system to ensure security objectives. Bell-La Padula, Biba, and chinese wall are examples of security models. They were implemented in Cheddar to verify Cheddar ADL models which are their main point of entry.

All these methods are available on the Cheddar svn repository at this link.


3. Example of security analysis

In this section we present an example of ARINC 653 scheduling with Cheddar. This example is stored in the file security.xmlv3. It contains tasks with different security levels that lead to some security violations. Some of these violations are already solved by the use of downgraders. The security analysis of this model is shown in the screenshot below. In this screenshot, there are 3 communications that violate integrity and 0 violations of confidentiality. The confidentiality issues have been solved by downgraders in the model.











Contact : Frank Singhoff mailto:singhoff@univ-brest.fr
Last update : April, the 4th, 2020