MILS Security Architecture Templates

The certMILS project (http://www.certmils.eu/) aims at easing building and certification of complex critical systems by using a certain architecture for structuring these systems into partitions that run on a separation kernel, called MILS (Multiple Independent Levels of Security / Safety). Once a critical system is structured by use of a separation kernel, then this technical structuring should lend itself also to a similarly logically structured security and safety argument in certification.

Analogous to the separation kernel that is to be used for building a MILS system, this white paper provides a security architecture template that is to be used for the certification of that MILS system.

The target audience of this document is:

• Developers of systems, based on a MILS architecture, providing them a template about how to describe their MILS system.
• Security evaluators of a MILS-based system, giving hints about how the developer description can be used to argue for compliance to Common Criteria (CC) and IEC 62443.

The assurance case made by the security architecture template in this document identifies as building blocks the security mechanisms implemented by a MILS separation kernel and a typical application payload in partitions and derives typical security architecture arguments for MILS-based systems.