Li Yahui

AHP-GRAP Based Security Evaluation Method for MILS System within CC Framework

MILS (Multiple Independent Levels of Security and Safety) is a high-assurance architecture for secure sharing of different security-level information. But the MILS security evaluation is facing a great challenge. Traditional Common Criteria (CC) method is not suitable for MILS system evaluation for its complexity, time consuming and qualitative description. To achieve quantitative security assessment, we proposes an AHP-GRAP based security evaluation model for MILS system within CC framework. AHP (Analytic Hierarchy Process) is used to obtain the weight of each component with respect to the final goal of the security evaluation. GRAP (Grey Relational Analytic Process) is adapted to analyze evaluation data to implement a quantitative integration evaluation. The new method overcomes the disadvantage of CC and realizes the quantitative description for MILS system security evaluation. The proposed method is used to evaluate the MILS system and the result shows that its security is Level 4.

Security Information Flow Control Model and Method in MILS

Multiple Independent Levels of Security (MILS) is a high-assurance architecture which protects information sharing at different security levels. MILS ensures mutual independence and prevents the spread of the error effectively between partitions. However, in some specific applications, there exists enormous amount of information interaction and sharing between partitions, the process of which has the problem of potential sensitive information leakage and tamper. From the point of view of information flow control, the article puts forward a model and method of security information flow control strictly between MILS partitions based on trusted computing. At first, we designed a lattice-based multi-level policy and a downgrading policy. The two policies not only automatically make the indirect information flow secure, but also break the traditional BLP model curt rules not read up, not write down, which meet the needs of the security level of subjects and objects with the changes of task requirements in MILS. On this basis, a complete information flow control mechanism is established. By detailed analysis and verification, our information security flow security control method can effectively ensure that the information flow between partitions are all legitimate news after authorized by Separation Kernel and filtered by credible components, which can efficaciously protect the confidentiality and integrity of sensitive information.