A multi-layered approach to security in high assurance systems

Author

Alves-Foss, Jim ; Taylor, Carol ; Oman, Paul

Author_Institution

Center for Secure & Dependable Syst., Idaho Univ., USA

fYear

2004

fDate

5-8 Jan. 2004

Abstract

Past efforts at designing and implementing ultra high assurance systems for government security and safety have centered on the concept of a monolithic security kernel responsible for a system-wide security policy. This approach leads to inflexible, overly complex operating systems that are too large to evaluate at the highest assurance levels (e.g., Common Criteria EAL 5 and above). We describe a new multi-layered approach to the design and verification of embedded trustworthy systems that is currently being used in the implementation of real time, embedded applications. The framework supports multiple levels of safety and multiple levels of security, based on the principle of creating separate layers of responsibility and control, with each layer responsible for enforcing its own security policy.

Keywords

formal verification; government data processing; security of data; embedded applications; embedded trustworthy system design; embedded trustworthy system verification; government safety; government security; monolithic security kernel; multilayered approach; overly complex operating systems; real time applications; system-wide security policy; ultra high assurance systems; Aerospace electronics; Communication system security; Computer security; Decision making; Government; Kernel; Operating systems; Real time systems; Safety; US Department of Defense;

fLanguage

English

Publisher

ieee

Conference_Titel

System Sciences, 2004. Proceedings of the 37th Annual Hawaii International Conference on

Print_ISBN

0-7695-2056-1

Type

conf

DOI

10.1109/HICSS.2004.1265709

Filename

1265709