Multiple Independent Levels of Security
The term multiple independent levels of security ( MILS ) denotes an architecture for highly secure (English: high-assurance ) computer systems.
Technical background
MILS draws on the concepts of data separation and data isolation (English: data isolation ), information flow control (English: control of information flow ), periodic processing (English: periods processing ) and mitigation (English: damage limitation ) back. Based on these four concepts, the core system software can be mathematically verified . Individual components are separated from one another according to their trustworthiness. This allows the use of both untrustworthy and trustworthy components (English: multilevel security (MLS)).
There are three different layers: the MILS separation kernel (also called partitioning kernel ), the middleware and the application . In each of these layers, different, independent security policies can be defined. A generalized specification of the guidelines by the kernel is thus circumvented.
history
In 1981, John Rushby proposed an architecture using a security kernel for the first time in his paper Design and Verification of Secure Systems . The verification of the executing components would be separated from the verification of the security kernel. This task would be fulfilled by a new verifying technique called "proof of separability". This very similar principle was used for the MILS concept.
use
Some commercial real-time operating system (RTOS) vendors such as Green Hills Software, LynuxWorks, SYSGO, and Wind River Systems offer MILS -compatible operating systems. MILS architectures are used, for example, in micro-core-based , cryptographically secured smartphones for governments.
This includes the secure microkernel concept along with Android smartphones from Trust2Core GmbH, a spin-off from Telekom Innovation Laboratories (T-Labs). The concept is based on an L4 (microkernel) system. The system for secure mobile communication (SiMKo) uses the Trust2Core concept.
See also
The Bell-LaPadula security model from 1973, on which the theories of the American Orange Book (TCSEC) are based, represents an older architectural concept of system security . Further concepts can be found under Multi-Level Security Systems (MLS).
Individual evidence
- ^ A b c R. William Beckwith, W. Mark Vanfleet, Lee MacLaren: High Assurance Security / Safety for Deeply Embedded, Real-time Systems. In: Embedded Systems Conference, 2004. ESC-247 & ESC-267.
- ↑ a b Gordon M. Uchenick, W. Mark Vanfleet: Multiple Independent Levels Of Safety And Security: High Assurance Architecture For MSLS / MLS. In: Military Communications Conference, 2005. MILCOM 2005. IEEE. No. 1, 2005, pp. 610-614, ISBN 0-7803-9393-7
- ^ John Rushby: Design and Verification of Secure Systems. (PDF; 196 kB) In: Proc. ACM Symposium on Operating System Principles. No. 5, 1981, pp. 12-21.
- ↑ Trust2Core. Maximum security and maximum fun in one device. (No longer available online.) In: Telekom Innovation Laboratories. 2013, archived from the original on January 26, 2013 ; Retrieved May 22, 2013 . Info: The archive link was inserted automatically and has not yet been checked. Please check the original and archive link according to the instructions and then remove this notice.