Rance DeLong, Santa Clara University
A Common Criteria Authoring Environment for MILS
Download Slides PDF

December 7, 2006 from 3:00 to 4:00 p.m.

Abstract:
There has been a recent surge of interest in a new paradigm for safety-critical and security-critical systems: Multiple Independent Levels of Security/Safety (MILS), based on high-assurance separation kernels and middleware, is being pursued by a coalition of vendors, government agencies, system integrators and academics. The paradigm promises to produce dependable systems for critical applications from components developed to conform to an emerging set of Common Criteria-based protection profiles (PPs).

Our experience developing and using Common Criteria (CC) protection profiles has convinced us that the approach currently used to develop CC protection profiles for MILS is tedious, inefficient, and most likely inadequate. Due to a scarcity of guidance and examples, the pioneering protection profile authors have been confronted with the challenge of producing composable and interoperable protection profiles, but have had insufficient coordination to assure that the resulting protection profiles will be of high quality and will lead to composable subsystems. We seek to provide authors of MILS protection profiles and security targets (STs) with ready-to-apply guidance, knowledge, tools, and methodology for writing MILS PPs and STs.

At a meeting of the Real Time Embedded Systems Forum of The Open Group in July we presented suggestions for an environment to support the authoring of protection profiles and other CC mandated documents in the MILS context. The MILS CC Authoring Environment (CCAE) will help authors to achieve both uniformity and sufficiency of MILS PPs and STs, while relieving tedium, eliminating errors and inconsistencies, reducing PP and ST development time and raising quality. It will also provide a vehicle for disseminating and applying evolving community standards to PPs under development and under maintenance, as well as for the propagation of component constraints derived from the MILS Integration PP under development.

Bio:
Mr. Rance J. DeLong is President of Trusted Systems Laboratories, Staff Scientist for Security and Assurance at LynuxWorks, Adjunct Lecturer for Information Assurance at Santa Clara University, and an expert witness for computer security related intellectual property litigation. Mr. DeLong has twenty-eight years of research, engineering and management experience with security-related technologies, software engineering, and product development. Nineteen of those years have been devoted to security and methodologies for high-assurance. He has had key roles in five advanced secure system development efforts. Mr. DeLong has a BS in Physics/Math and a BA in Philosophy from Moravian College, and has done extensive postgraduate course work at Lehigh and Stanford Universities.