certMILSEURO-MILS 4Clogo-hipeac


Date: TBD, one day between 25th-28th June 2018

Location: Luxembourg

Co-Located with DSN2018 (https://dsn2018.uni.lu/), 25th-28th June 2018

Workshop description

Motivations, goals, relevance to the dependability community Dependability and its assurance can be based on architecture. MILS* is a high-assurance security architecture based on the concepts of separation and controlled information flow. The MILS architectural approach is all about decomposition of a system design into well-understood components and their interactions with the goal to achieve composable architecture and composable assurance for the designed system. The composability of architecture and assurance for secure systems is a grand challenge, which we undertake to meet using the MILS architectural approach. Architecture composition defines a secure system from trustworthy components and system architecture. The MILS framework for composable architecture is based on a separation kernel (which has overlapping functionality with a hypervisor) or distributed system that creates partitions to separate different security domains. Such a separation kernel or distributed system often needs to support real-time because there are many use-cases in embedded systems. Assurance composition targets creating an assurance argument for the overall system from arguments of its components and the system’s security architecture. The workshop also welcomes contributions on the industrial application of the MILS architecture, assurance and certification frameworks, attack methods and templates for MILS systems, as well as presenting the MILS community.


* Historically MILS stands for "Multiple Independent Levels of Security" and today is considered as a proper noun.


Workshop topics

  • MILS architectural approach for security and safety
  • MILS components and eco-system
  • MILS systems and their relation to MILS systems
  • MILS use-cases, e.g. from avionics, automotive, communications, industrial automation, medical, railway, consumer and similar domains
  • Real-time separation kernels
  • MILS evaluation and certification
  • MILS testing and vulnerability analysis of MILS systems
  • Application of novel and existing information flow models/policies
  • Cross-European/world-wide high-assurance security
  • Formal methods for MILS system as base for high assurance Given this years’ colocation at DSN, we also specifically welcome “heretical” contributions of the kind, “your MILS ideas are just a special case of XXX”, because this can give us and other workshop participants new perspectives on the field.



Previous Events