As the use of computer systems becomes more commonly employed, managing security becomes more complex. One fundamental key to effective enforcement of security standards is the support of security policies. We present a novel graph-based approach to the specification of security policies and verification of designs that enforce the policies. This methodology provides system security managers with a procedural engineering approach that will ensure that security policy enforcement is addressed during the process of refining of the high-level system design down to a low-level implementation. We present an inter-enclave multi-policy paradigm using Policy Enforcement Graphs for information access of the Multiple Independent Levels of Security and Safety (MILS) approach to high assurance system design for security-and safety-critical multi-enclave systems. Our methodology is structured and allows for policy evolution development.
展开▼