The MILS architecture for high-assurance embedded systems

International Journal of Embedded Systems

Volumn 2, Issue 3-4, 2006, Pages 239-247

  Alves Foss, Jim ^a   Oman, Paul W ^a   Taylor, Carol ^a   Harrison, W Scott ^b  

^a UNIVERSITY OF IDAHO   (United States)

^b ST JOHN FISHER COLLEGE   (United States)

Author keywords

high assurance; MILS; MLS; multi level secure

Indexed keywords

EID: 84949686528     PISSN: 17411068     EISSN: 17411076     Source Type: Journal    
DOI: 10.1504/ijes.2006.014859     Document Type: Article

References (27)

1. Alves-Foss, J. (1991) Mechanical Verification of Secure Distributed System Specifications, PhD Dissertation, Department of Computer Science, University of California, Davis.
2. Alves-Foss, J. (1998) ‘The architecture of secure systems’, Hawa ’ii International Conference on System Sciences, January, pp.307–316.
3. Alves-Foss, J. and Levitt, K. (1991) ‘Verification of secure distributed systems in higher order logic: a modular approach using generic components’, Proc. IEEE Symposium on Research in Security and Privacy, Oakland, CA, pp.122–135.
4. Alves-Foss, J. and Taylor, C. (2004) ‘An analysis of the GW V security policy’, ACL2 Workshop 2004.
5. Ames, B. (2003) ‘Real-time software goes modular’, Military and Aerospace Electronics, September, Vol. 14, No. 9.
6. Anderson, J. (1972) ‘Computer security technology planning study’, USAF Electronic Systems Div., Tech. Rep. ESD-TR-73–51, October, Bedford, Mass.
7. Bell, D.E. and LaPadula, L.J. (1975) Secure Computer Systems: Unified Exposition and Multics Interpretation’, Tech. Rep. MTR-2997, The MITRE Corporation, July, Bedford, MA.
8. Greve, D., Wilding, M. and Vanfleet, M. (2003) ‘A separation kernel frmal security policy’, ACL2 Workshop 2003.
9. Heimdahl, M.P. and Heitmeyer, C.L. (1998) ‘Formal methods for developing high assurance computer systems: working group report’, Proceedings, Second IEEE Workshop on Industrial-Strength Formal Techniques (WIFT’98), October.
10. Martin, W., White, P., Taylor, F. and Goldberg, A. (2001) ‘Formal construction of the mathematicaly analyzed separation kernel’, Proc. of the 15th International Conference on Automated Software Engineering, pp.133–141.
11. McCullough, D. (1988a) ‘Noninterference and the composability of security properties’, Proc. IEEE Symposium on Security and Privacy, Oakland, CA, pp.177–187.
12. McCullough, D. (1988b) Foundations of Ulysses: The Theory of Security, Odyssey Research Associates, Inc., Tech. Rep. RADC-TR-87–222, July.
13. O’Connell, P. (2003) The Idaho Partitioning Machine: A Mils Partitioning Kernel Model in ACL2, Master’s Thesis, Dept. Computer Science, University of Idaho, Moscow, ID, December.
14. Rogers, H. (1987) ‘An overview of the CANEWARE program’, Proc. 10th NIST-NCSC National Computer Security Conference, pp.172–174.
15. Rushby, J. (1981) ‘Design and verification of secure systems’, Proc. ACM Symposium on Operating System Principles, Pacific Grove, CA, pp.12–21.
16. Rushby, J. (1982) ‘Proof of separability: a verification technique for a class of security kernels’, Proc. International Symposium on Programming, Lecture Notes in Computer Science, Torino, Italy, Vol. 137, pp.352–367.
17. Rushby, J. and Randell, B. (1983) ‘A distributed secure system’, IEEE Computer, Vol. 16, No. 7, pp.55–67.
18. Saltzer, J. and Schroeder, M. (1975) ‘The protection of information in computer systems’, Proceedings of the IEEE, September, Vol. 63, No. 9, pp.1278–1308.
19. Weissman, C. (1992) ‘BLACKER: Security for the DDN examples of A1 security engineering trades’, Proc. IEEE Symposium on Research in Security and PrivacyOakland, CA, pp.286–292.
20. White, P., van Fleet, W. and Dailey, C. (2000) High Assurance Architecture Via Separation Kernel, October, Draft.
21. Software considerations in airborne systems and equipment certification (RTCA DO-178b), RTCA Std., December 1992.
22. Requirements specification for Avionics Computer Resource (ACR) (RTCA DO-255), RTCA Std., June 2000.
23. Common criteria for information technology security evaluation, Version 2.1, common criteria project sponsoring organisation std., August 1999.
24. Avionic application software standard interface (Draft 3 of Supplement 1) (Specification ARINC 653), ARINC Std., 2003.
25. Department of defense trusted computer system evaluation criteria, department of defense computer security center std. DoD 5200.28-STD, December 1985.
26. The partitioning kernel protection profile, the open group, June 2003, draft under review.
27. In general, MILS inter-partition communication may occur through any verified communication channel offered through the kernel.