Recent Developments in Approaches to Building High-Assurance Secure Systems

Abstract

Current commercial products and approaches to security do not meet the requirements for high-threat / high-value-asset environments. An emerging design paradigm for safety-critical and security-critical systems: Multiple Independent Levels of Security/Safety (MILS), based on high-assurance separation kernels and middleware currently under development by several vendors, will provide a modular, dependable, and certifiable basis for future high-assurance national security and critical infrastructure systems.

We are developing a separation kernel to be certified at the highest levels of security and safety, designing high-assurance subsystems, and investigating an integrated formal development approach for MILS systems. The practical construction of MILS systems calls upon the collective advancements of recent years in the fields of hardware, computer security, avionics safety, software engineering, and formal methods, as well as highlighting the need for additional research.