| High assurance MILS (multiple independent levels of security) and MLS (multilevel security) systems require strict limitation of the interactions between different security compartments based on a security policy. Virtualization can be used to provide a high degree of separation in such systems. This work provides a study of commercial-off-the-shelf (COTS) products to support high assurance MLS systems and designs a candidate architecture based on virtualization and trusted execution to provide strong compartmentalization. We then identify three major security problems in the candidate architecture: the lack of trust in the network, the problem of patch management, and untrusted graphics. We study and solve each of the security gaps in detail. More specifically, we design and evaluate a trusted network architecture for high assurance applications, evaluate an optimal pre-deployment testing time for effective patch management, and finally design, implement, and formally evaluate a trusted graphics subsystem. |
