Security discontent and software in airplanes

By Ellen Messmer, NetworkWorld.com, 07/25/05

The corporate security managers in the Jericho Forum ["Are firewalls expendable?"] aren't the only ones expressing discontent about perceived limitations in the long-used security architectures reflected in today's applications and equipment.

Ben Calloni, research program manager at Lockheed Martin, is another discontented soul who's trying to help develop what you might call a security dream-machine to remake Windows and Linux into something that could really fly.

The idea, Calloni recently told me, centers around a cooperative effort called "Multiple Independent Levels of Security (MILS)," which got off the ground more than four years ago as a way to validate software used on airplanes.

"Operating system software is deeply embedded on airplanes, such as the F-22, where we really can't have the 'blue screen of death,' " said Calloni. Nobody wants that to happen on take-off or landing!

Under MILS software-development guidelines, operating system software is partitioned in such a way that failure or corruption of any single partition cannot affect any other part of the system or network. Each partition is also evaluated and certified separately, so that no partition needs to be evaluated at a higher level than is required for its particular function.

Funded by the Air Force Research Lab., the MILS effort has been supported for use in aircraft by the National Security Agency, the Federal Aviation Authority, SRI International, University of Idaho, Boeing, Rockwell Collins, Mitre, Objective Interface Systems, Green Hills Software, LynuxWorks, Wind River, and others.

The Object Management Group and the Open Group (which happens to be the "virtual office" for the Jericho Forum members) are organizations where MILS advocates have been going to share their ideas.

Calloni said there's interest in sharing the MILS idea with industries such as healthcare, nuclear power generation and banking (the Financial Services Technology Consortium heard a presentation on MILS recently).

The MILS Architecture is said to be based on having the MILS separation kernel divide the computer into separate address spaces and carefully control communications, resulting in source code that's relatively small, making it fast and practical to do the exhaustive testing and documentation required for certification. MILS advocates also make strong claims for the improved security of code developed in this way.

They also say Windows and Linux can be used with some MILS-based code now being developed.

Calloni says two core projects that might make MILS more widely adopted include what's called the "Console Protection Profile" as a user interface that would works on top of Windows to allow the user to have top-secret data in one window and non-classified in another. A second MILS interface is called "Partition Communications Systems," described as a way to maintain communications secrecy between multiple computers. Although MILS is mainly military today, proponents say the time is right for others to hop on board, too.

Back to Security Notes

Comments

Post a comment

Name:


E-mail address:


URL:


Comments:


Remember info?