Multiple Independent Levels of Security

from Wikipedia, the free encyclopedia

The term multiple independent levels of security ( MILS ) denotes an architecture for highly secure (English: high-assurance ) computer systems.

Technical background

MILS draws on the concepts of data separation and data isolation (English: data isolation ), information flow control (English: control of information flow ), periodic processing (English: periods processing ) and mitigation (English: damage limitation ) back. Based on these four concepts, the core system software can be mathematically verified . Individual components are separated from one another according to their trustworthiness. This allows the use of both untrustworthy and trustworthy components (English: multilevel security (MLS)).

There are three different layers: the MILS separation kernel (also called partitioning kernel ), the middleware and the application . In each of these layers, different, independent security policies can be defined. A generalized specification of the guidelines by the kernel is thus circumvented.

history

In 1981, John Rushby proposed an architecture using a security kernel for the first time in his paper Design and Verification of Secure Systems . The verification of the executing components would be separated from the verification of the security kernel. This task would be fulfilled by a new verifying technique called "proof of separability". This very similar principle was used for the MILS concept.

use

Some commercial real-time operating system (RTOS) vendors such as Green Hills Software, LynuxWorks, SYSGO, and Wind River Systems offer MILS -compatible operating systems. MILS architectures are used, for example, in micro-core-based , cryptographically secured smartphones for governments.

This includes the secure microkernel concept along with Android smartphones from Trust2Core GmbH, a spin-off from Telekom Innovation Laboratories (T-Labs). The concept is based on an L4 (microkernel) system. The system for secure mobile communication (SiMKo) uses the Trust2Core concept.

See also

The Bell-LaPadula security model from 1973, on which the theories of the American Orange Book (TCSEC) are based, represents an older architectural concept of system security . Further concepts can be found under Multi-Level Security Systems (MLS).

Individual evidence

  1. ^ A b c R. William Beckwith, W. Mark Vanfleet, Lee MacLaren: High Assurance Security / Safety for Deeply Embedded, Real-time Systems. In: Embedded Systems Conference, 2004. ESC-247 & ESC-267.
  2. a b Gordon M. Uchenick, W. Mark Vanfleet: Multiple Independent Levels Of Safety And Security: High Assurance Architecture For MSLS / MLS. In: Military Communications Conference, 2005. MILCOM 2005. IEEE. No. 1, 2005, pp. 610-614, ISBN 0-7803-9393-7
  3. ^ John Rushby: Design and Verification of Secure Systems. (PDF; 196 kB) In: Proc. ACM Symposium on Operating System Principles. No. 5, 1981, pp. 12-21.
  4. Trust2Core. Maximum security and maximum fun in one device. (No longer available online.) In: Telekom Innovation Laboratories. 2013, archived from the original on January 26, 2013 ; Retrieved May 22, 2013 . Info: The archive link was inserted automatically and has not yet been checked. Please check the original and archive link according to the instructions and then remove this notice. @1@ 2Template: Webachiv / IABot / www.laboratories.telekom.com