Multiple Independent Levels of Security/Safety (MILS) is a high-assurance security architecture based on the concepts of separation and controlled information flow; implemented by separation mechanisms that support both untrusted and trustworthy components; ensuring that the total security solution is non-bypassable, evaluatable, always invoked and tamperproof.
A MILS system employs one or more separation mechanisms (e.g., Separation kernel, Partitioning Communication System, physical separation) to maintain assured data and process separation. A MILS system supports enforcement of one or more application/system specific security policies by authorizing information flow only between components in the same security domain or through trustworthy security monitors (e.g., access control guards, downgraders, crypto devices, etc).
At a high level the MILS architecture allows for the execution of multiple applications at potentially multiple security levels or classifications. Each is protected from others and each may communicate with the others based on the methods and policy enforcements discussed. The architecture supports consolidation of multiple applications and their computer components on to a single system. This allows for the combination of multiple safety and security certified systems on to a single computer based on the underlying MILS architecture certification.
There are multiple real-time operating systems (RTOS) certified or being certified to support the MILS architecture. These provide the framework to support multiple applications running on the same computer at potentially different security levels. There is an absence of tool sets to support the development and certification of these applications at top security levels. GNAT Pro High-Security is a product package containing a language, support tools and libraries specifically designed to allow developers to meet these top security requirements.