Project deliverable Open Access

Formal Framework for MILS Integration

Schmaltz, Julien; Blasum, Holger; Langenstein, Bruno; Leconte, Betrand; Müller, Kevin; Verbeek, Freek; Koolen, Ruud

Contact person(s)
Blasum, Holger; Langenstein, Bruno; Leconte, Bertrand; Müller, Kevin; Verbeek, Freek; Koolen, R.

To achieve security certification according to the highest levels of assurance, formal models and proofs of security properties are required. In the MILS context, this includes formalisation of key components – such as separation kernels – and the formalisation of applications built on top of these verified components. In the second chapter of this document, we use the Isabelle/HOL proof assistant to formalise the Firewall application built on top of a verified separation kernel according to the model of Greve, Wilding, and Vanfleet (GWV). This Firewall application has been formalised twice after the original effort by GWV. These different efforts have been compared and discussed on paper. Our main contribution is to provide a formal comparison between these formalisations in the formal logic of a proof assistant.

In the third chapter of this document, we extend Rushby’s model of noninterference with explicit between-domain information transfer, as well as programs that determine domain behaviour. These extensions enable the reasoning at an abstract level built on top of noninterference, at a much finer level than allowed by base noninterference. As an illustration of our approach, we formally model and analyse an example system inspired by the GWV Firewall.

This deliverable presents EURO-MILS research results about the development of a formal environment to analyse MILS architectures. Its second chapter presents and discusses three existing approaches. This chapter shows their shortcomings. The third chapter proposes possible extensions of Rushby's model to address them.
Files (743.4 kB)
Name Size
EURO-MILS-D21.4-PU-M40-V1.0.pdf md5:1eff453c83fd862577055677adf84295 743.4 kB Download


Cite as