Multiple Independent Levels of Security
The term Multiple Independent Levels of Security ( MILS ) denotes an architecture for highly secure (English: high - assurance) computer systems.
Technical Background
MILS draws on the concepts of data separation and data isolation (English: data isolation), Information Flow Control (English: control of information flow), periodic processing (English: periods processing) and Mitigation (English: damage limitation ) back. Based on these four concepts, the core system software can be mathematically verified. According to their trustworthiness is a separation of individual components instead of each other. This allows the use of both non- trusted and untrusted components (English: multi- level security ( MLS) ). 610
There are three different layers: the MILS separation kernel (also called partitioning kernel ), the middleware and the application. In each of these layers have different, independent security policies (English: security policies ) can be defined. A generalized specification of the guidelines by the kernel is bypassed. 610
History
John Rushby suggested in 1981 in his paper, Design and Verification of Secure Systems for the first time an architecture with use of a security kernel (english: "security kernel" ) before. The verification of exporting components would be separated from the verification of the security kernel. This objective would be met by a new verified technique called 'proof of separability '. 17 This very similar principle was used for the MILS concept.
Use
Some commercial real-time operating system (RTOS ) vendors such as Green Hills Software, LynuxWorks, and Wind River Systems SYSGO offer MILS -compliant operating systems. MILS architectures found for example in microkernel- based, cryptographically secured smartphones for governments use. This includes the secure microkernel concept along with Android - smartphone in the Trust2Core GmbH, a spin -off of the Telekom Innovation Laboratories (T- Labs). The system for secure mobile communication ( SiMKo ) uses the Trust2Core concept.