Compositional Assurance for MILS

Presented as part of the 2007 HCSS conference.

Abstract

Assurance and certification for safety and security have traditionally been performed only on complete systems. But modern engineering and business practices argue for a compositional approach based on pre-certified components.

How can we structure the system and its components so that assurance about component-level properties composes to provide assurance for system-level properties? I will describe the approach we are developing for an "Integration Protection Profile" for the MILS security architecture.