HOME

TheInfoList



Click Here for Items Related To - Multiple Independent Levels Of Security
OR:
Multiple Independent Levels Of Security on:   [Wikipedia]   [Google]   [Amazon]

Multiple Independent Levels of Security/Safety (MILS) is a high-assurance
security" \n\n\nsecurity.txt is a proposed standard for websites' security information that is meant to allow security researchers to easily report security vulnerabilities. The standard prescribes a text file called \"security.txt\" in the well known locat ...
architecture based on the concepts of separation and controlled information flow. It is implemented by separation mechanisms that support both untrusted and trustworthy components; ensuring that the total security solution is non-bypassable, evaluatable, always invoked, and tamperproof.


Overview

A MILS solution allows for independent evaluation of security components and trusted composition. MILS builds on the older Bell and La Padula theories on secure systems that represent the foundational theories of the DoD Orange Book. A MILS system employs one or more separation mechanisms (e.g.,
Separation kernel A separation kernel is a type of security kernel used to simulate a distributed environment. The concept was introduced by John Rushby in a 1981 paper.John Rushby, "The Design and Verification of Secure Systems," Eighth ACM Symposium on Operatin ...
, Partitioning Communication System, physical separation) to maintain assured data and process separation. A MILS system supports enforcement of one or more application/system specific security policies by authorizing information flow only between components in the same security domain or through trustworthy security monitors (e.g., access control guards, downgraders, crypto devices, etc.).


NEAT

Properties: * ''Non-bypassable'': a component can not use another communication path, including lower level mechanisms to bypass the security monitor. * ''Evaluatable'': any trusted component can be evaluated to the level of assurance required of that component. This means the components are modular, well designed, well specified, well implemented, small, low complexity, etc. * ''Always-invoked'': each and every access/message is checked by the appropriate security monitors (i.e., a security monitor will not just check on a first access and then pass all subsequent accesses/messages through). * '' Tamperproof'': the system controls "modify" rights to the security monitor code, configuration and data; preventing unauthorized changes. A convenient acronym for these characteristics is NEAT.


Trustworthiness

'Trustworthy' means that the component have been certified to satisfy well defined security policies to a level of assurance commensurate with the level of risk for that component (e.g., we can have single level access control guards evaluated at CC
EAL4 The Evaluation Assurance Level (EAL1 through EAL7) of an IT product or system is a numerical grade assigned following the completion of a Common Criteria security evaluation, an international standard in effect since 1999. The increasing assurance ...
; separation mechanisms evaluated at ''High Robustness''; two-level separation guards at EAL 5; and TYPE I crypto all in the same MILS system). 'Untrusted' means that we have no confidence that the system meets its specification with respect to the security policy.


Companies

The following companies have MILS separation kernel products: * Green Hills Software * LynuxWorks * SYSGO *
Wind River Systems Wind River Systems, also known as Wind River (trademarked as Wndrvr), is an Alameda, California–based company, subsidiary of Aptiv PLC. The company develops embedded system and cloud software consisting of real-time operating systems software ...
* Bertin Technologies * OK Labs Companies with other separation methods creating MILS products: *
Thales Thales of Miletus ( ; grc-gre, Θαλῆς; ) was a Greek mathematician, astronomer, statesman, and pre-Socratic philosopher from Miletus in Ionia, Asia Minor. He was one of the Seven Sages of Greece. Many, most notably Aristotle, regard ...


MILS Research and Technology

;The MILS Community * The MILS Communit

is a global international, open membership, not-for-profit competence network on MILS architecture and technologies. ;Research Projects * EURO-MILS: Secure European Virtualisation for Trustworthy Applications in Critical Domain

* D-MILS: Distributed MILS for dependable information and communication infrastructure

* certMILS: Compositional security certification for medium- to high-assurance COTS-based systems in environments with emerging threat


See also

* Multiple Levels of Security *
Secure by design Secure by design, in software engineering, means that software products and capabilities have been designed to be foundationally secure. Alternate security strategies, tactics and patterns are considered at the beginning of a software design, ...


References

{{reflist *Rushby, J., 2008
''Separation and integration in MILS (The MILS constitution)''
Technical Report SRI-CSL-08-XX, SRI International. Operating system security Operating system technology