Conference paper Open Access

Security Type Checking for MILS-AADL Specifications

Pol, Kevin; Noll, Thomas

Dublin Core Export

<?xml version='1.0' encoding='utf-8'?>
<oai_dc:dc xmlns:dc="" xmlns:oai_dc="" xmlns:xsi="" xsi:schemaLocation="">
  <dc:creator>Pol, Kevin</dc:creator>
  <dc:creator>Noll, Thomas</dc:creator>
  <dc:description>Information flow policies are widely used for specifying confidentiality and integrity requirements of security-critical systems. In contrast to access control policies and security protocols, they impose global constraints on the information flow and thus provide end-to-end security guarantees. The information flow policy that is usually adopted is non-interference. It postulates that con dential data must not affect the publicly visible behavior of a system. However, this requirement is usually broken in the presence of cryptographic operations. 

In this paper, we provide an extended definition of non-interference for systems that are specified in a MILS variant of the Architecture Analysis and Design Language (AADL). More concretely, we propose a type system for MILS-AADL component definitions that distinguishes between breaking non-interference because of legitimate use of sufficientlynbsp;strong encryption and breaking non-interference due to annbsp;unintended information leak. To this aim, it tracks bothnbsp;intra- and inter-component information flow and considersbr /&gt; both data- and event-flow security./p&gt;</dc:description>
  <dc:subject>MILS components</dc:subject>
  <dc:subject>information  flow</dc:subject>
  <dc:subject>type system</dc:subject>
  <dc:title>Security Type Checking for MILS-AADL Specifications</dc:title>
All versions This version
Views 9292
Downloads 5959
Data volume 23.9 MB23.9 MB
Unique views 7979
Unique downloads 5555


Cite as