Title :
Multiple independent levels of safety and security: high assurance architecture for MSLS/MLS
Author :
Uchenick, Gordon M. ; Vanfleet, W. Mark
Author_Institution :
Objective Interface Syst. Inc., Herndon, VA
Abstract :
With the advent of the global information grid and the move towards service oriented architectures, the need for systems to process and share information at a wide range of classification levels has become paramount. The multiple independent levels of security/safety (MILS) architecture greatly reduce the amount of privileged security enforcing code while simultaneously making that code more effective. By providing extremely robust data isolation and control of information flow, MILS enables security functions to be layered among a kernel, middleware, and applications. The reduced amount of security critical code makes it more practical to mathematically prove that security policy enforcement is NEAT, an acronym for non-bypassable, evaluatable, always invoked, and tamper-proof. A key additional benefit of MLS is that, for the first time, application developers can implement their own security policy enforcement and be guaranteed their own protections are also NEAT without invalidating the kernel ´s or middleware´s prior certifications
Keywords :
middleware; security of data; data isolation; global information grid; information flow control; middleware; multiple independent levels of security-safety; nonbypassable evaluatable always invoked and tamper-proof; service oriented architectures; Certification; Data security; Information security; Kernel; Middleware; Multilevel systems; Protection; Robust control; Safety; Service oriented architecture;
Conference_Titel :
Military Communications Conference, 2005. MILCOM 2005. IEEE
Conference_Location :
Atlantic City, NJ
Print_ISBN :
0-7803-9393-7
DOI :
10.1109/MILCOM.2005.1605749
