14:30 - 15:05   Paper 5

High Assurance Security using the Multiple Independent Levels of Security/Safety Architecture

Joseph M. Jacob, Senior Vice President of Objective Interface Systems, Inc

The Multiple Independent Levels of Security/Safety (MILS) architecture addresses safety and security requirements in embedded systems. Based on a small separation kernel, MILS greatly reduces the amount of privileged separation enforcement code. By providing extremely robust Data Isolation and Control of Information Flow, MILS layers system protection among a kernel, middleware, and applications. The greatly reduced amount of security-critical code makes it practical to mathematically prove that all policy enforcement is Non-bypassable, Evaluatable, Always-Invoked, and Tamperproof (NEAT). MILS also enables application developers to implement their own security policies and be guaranteed their own protections are also NEAT.

The MILS approach provides a mathematically verified base that allows highly secure embedded systems to be developed and deployed using COTS software. MILS implementations are now becoming available from major embedded system development platform providers.