Loading…

Security Information Flow Control Model and Method in MILS

Multiple Independent Levels of Security (MILS) is a high-assurance architecture which protects information sharing at different security levels. MILS ensures mutual independence and prevents the spread of the error effectively between partitions. However, in some specific applications, there exists...

Full description

Saved in:
Bibliographic Details
Main Authors: Zhou Yinping, Shen Yulong, Pei Qingqi, Cui Xining, Li Yahui
Format: Conference Proceeding
Language:English
Subjects:
Online Access:Request full text
Tags: Add Tag
No Tags, Be the first to tag this record!
Description
Summary:Multiple Independent Levels of Security (MILS) is a high-assurance architecture which protects information sharing at different security levels. MILS ensures mutual independence and prevents the spread of the error effectively between partitions. However, in some specific applications, there exists enormous amount of information interaction and sharing between partitions, the process of which has the problem of potential sensitive information leakage and tamper. From the point of view of information flow control, the article puts forward a model and method of security information flow control strictly between MILS partitions based on trusted computing. At first, we designed a lattice-based multi-level policy and a downgrading policy. The two policies not only automatically make the indirect information flow secure, but also break the traditional BLP model curt rules "not read up, not write down", which meet the needs of the security level of subjects and objects with the changes of task requirements in MILS. On this basis, a complete information flow control mechanism is established. By detailed analysis and verification, our information security flow security control method can effectively ensure that the information flow between partitions are all legitimate news after authorized by Separation Kernel and filtered by credible components, which can efficaciously protect the confidentiality and integrity of sensitive information.
DOI:10.1109/CIS.2012.138