Multiple independent levels of safety and security: high assurance architecture for MSLS/MLS

摘要

With the advent of the global information grid and the move towards service oriented architectures, the need for systems to process and share information at a wide range of classification levels has become paramount. The multiple independent levels of security/safety (MILS) architecture greatly reduce the amount of privileged security enforcing code while simultaneously making that code more effective. By providing extremely robust data isolation and control of information flow, MILS enables security functions to be layered among a kernel, middleware, and applications. The reduced amount of security critical code makes it more practical to mathematically prove that security policy enforcement is NEAT, an acronym for non-bypassable, evaluatable, always invoked, and tamper-proof. A key additional benefit of MLS is that, for the first time, application developers can implement their own security policy enforcement and be guaranteed their own protections are also NEAT without invalidating the kernel 's or middleware's prior certifications.