Research On Security Communication Mechanism For Multiple Independent Levels Of Security And Safety Architecture

Future defense system will be net-centric to a great degree. Secure communicationmechanism will be more critical. rapid expansion of the Integrated Modular AvionicsSystem software results in lower software reliability. sharing of resources largely isvulnerable to illegal access. So, it becomes an urgent problem to solve that transferingcentralized security management into the modular management reduces the size ofsoftware, and separating the data based on security level ensures that applications ofdifferent security levels can be run in the same system. Therefore, this study hasimportant practical significance. Therefore, the research has important researchingsignificance and good practical value in the area.This paper researches layered MILS architecture, and analyzes the typical securitymodels.Based and generalized access control framework, MILS access model isdeveloped. At the same time multi-level security mandatory access control(MAC)policy between partitions is proposed. Partition abstract and least privilege abstract isintroduced as discretionary access control(DAC) policy. Based on these two strategiesMMR is designed and implemented. Safety labeling comparison algorithm betweenprocess is designed and the Guard is implemented. PCS is designed in order to mediatecommunication between processors which may have multiple security policiesaccording to Inter-Enclave Multi-policy(IEMP). Based on the MMR, Guard andPCS,the concept of MILS security policy system(SPS) is proposed which canimplement strict control access and prevent information leakage from High securitylevel communication entity to the low security level.It can be seen from the experiments that MAC and DAC are enforced effectivelyfor fine-grained access control depending on system configuration. SPS can not only beverified formally, but also has good separation and flexibility. It achieves both theseparation of policy enforcement and decision and of security policy between processand inter-partition. So a high security computer systems is achieved.The access control model and the integration of guard and downgrader will beresearched in the future.