词条 | Multiple Independent Levels of Security |
释义 |
Multiple Independent Levels of Security/Safety (MILS) is a high-assurance security architecture based on the concepts of separation[1] and controlled information flow; implemented by separation mechanisms that support both untrusted and trustworthy components; ensuring that the total security solution is non-bypassable, evaluatable, always invoked and tamperproof. A MILS solution allows for independent evaluation of security components and trusted composition.[2][3] MILS builds on the older Bell and La Padula theories on secure systems that represent the foundational theories of the DoD Orange Book. A MILS system employs one or more separation mechanisms (e.g., Separation kernel, Partitioning Communication System, physical separation) to maintain assured data and process separation. A MILS system supports enforcement of one or more application/system specific security policies by authorizing information flow only between components in the same security domain or through trustworthy security monitors (e.g., access control guards, downgraders, crypto devices, etc.). Properties:
A convenient acronym for these characteristics is NEAT. 'Trustworthy' means that the component have been certified to satisfy well defined security policies to a level of assurance commensurate with the level of risk for that component (e.g., we can have single level access control guards evaluated at CC EAL4; separation mechanisms evaluated at High Robustness; two-level separation guards at EAL 5; and TYPE I crypto all in the same MILS system). 'Untrusted' means that we have no confidence that the system meets its specification with respect to the security policy. The following companies have MILS separation kernel products:
See also
References1. ^{{cite conference| author = John Rushby| title = Design and Verification of Secure Systems| year = 1981| booktitle = Proc. 8th ACM Symposium on Operating System Principles| pages = 12–21| url = http://www.csl.sri.com/papers/sosp81/sosp81.pdf}} 2. ^{{cite journal|author1=W. S. Harrison |author2=N. Hanebutte |author3=P. Oman |author4=J. Alves-Foss | title = The MILS Architecture for a Secure Global Information Grid|date=October 2005| journal = CrossTalk| volume = 18| issue = 10| pages = 20–24| url = http://www.crosstalkonline.org/storage/issue-archives/2005/200510/200510-Harrison.pdf}} 3. ^{{cite journal| author = Alves-Foss, W. S. Harrison, P. Oman and C. Taylor| title = The MILS Architecture for High Assurance Embedded Systems| year = 2007| journal = International Journal of Embedded Systems| url = http://www.csds.uidaho.edu/papers/Alves-Foss06a.pdf}} 4. ^http://wiki.ok-labs.com/DevelopOKLinuxApp?highlight=%28oklinux%29 5. ^http://ssrg.nicta.com.au/projects/seL4/ 3 : Operating system security|Operating system technology|Security |
随便看 |
|
开放百科全书收录14589846条英语、德语、日语等多语种百科知识,基本涵盖了大多数领域的百科知识,是一部内容自由、开放的电子版国际百科全书。