Conference paper Open Access

Security Type Checking for MILS-AADL Specifications

Pol, Kevin; Noll, Thomas

Citation Style Language JSON Export

  "publisher": "Zenodo", 
  "DOI": "10.5281/zenodo.47989", 
  "title": "Security Type Checking for MILS-AADL Specifications", 
  "issued": {
    "date-parts": [
  "abstract": "<p>Information flow policies are widely used for specifying confidentiality and integrity requirements of security-critical\u00a0systems. In contrast to access control policies and security\u00a0protocols, they impose global\u00a0constraints on the information flow and thus provide end-to-end security guarantees.\u00a0The information flow policy that is usually adopted is non-interference. It postulates that con dential data must not\u00a0affect the publicly visible behavior of a system. However,\u00a0this requirement is usually broken in the presence of cryptographic operations.\u00a0</p>\n\n<p>In this paper, we provide an extended definition of non-interference for systems that are specified in a MILS variant\u00a0of the Architecture Analysis and Design Language (AADL).\u00a0More concretely, we propose a type system for MILS-AADL\u00a0component definitions that distinguishes between breaking\u00a0non-interference because of legitimate use of sufficientlynbsp;strong encryption and breaking non-interference due to annbsp;unintended information leak. To this aim, it tracks bothnbsp;intra- and inter-component information flow and considersbr /&gt; both data- and event-flow security./p&gt;</p>", 
  "author": [
      "family": "Pol, Kevin"
      "family": "Noll, Thomas"
  "id": "47989", 
  "event-place": "Amsterdam", 
  "type": "paper-conference", 
  "event": "International Workshop on MILS: Architecture and Assurance for Secure Systems"
All versions This version
Views 9292
Downloads 5959
Data volume 23.9 MB23.9 MB
Unique views 7979
Unique downloads 5555


Cite as