An Architecture-Centric Process for MILS Development

Safety-critical embedded systems are now software-reliant and evolving at an incredible pace. With the emerging Internet of Things (IoT) ecosystem, these systems are now interconnected to several networks and exposed to potential attackers. This increases the potential surface of attack and, ultimately, the likelihood of a successful attack that would penetrate the system. Until recently, many security efforts were focused on code analysis, but studies have shown that security is also a matter of good software architecture design and practices. For example, MILS requires isolating security domains in partitions using appropriate security components. However, because embedded systems are evolving quickly, new design methods are now required to overcome the challenges of developing them.

In this paper, we introduce a research agenda for a new architecturecentric development approach forMILS systems. This would leverage architecture models and augment them with security information in order to perform the different activities of the development process, including security policy validation, implementation, and testing. Using the same model throughout development improves the consistency of the development process by avoiding any translation between different—and potentially inconsistent—representations. In addition, automating the generation of implementation and tests avoids the traditional mistakes of manual code production, such as bugs and developers’ assumptions about ambiguous requirements.