Security Information Flow Control Model and Method in MILS

Multiple Independent Levels of Security (MILS) is a high-assurance architecture which protects information sharing at different security levels. MILS ensures mutual independence and prevents the spread of the error effectively between partitions. However, in some specific applications, there exists enormous amount of information interaction and sharing between partitions, the process of which has the problem of potential sensitive information leakage and tamper. From the point of view of information flow control, the article puts forward a model and method of security information flow control strictly between MILS partitions based on trusted computing. At first, we designed a lattice-based multi-level policy and a downgrading policy. The two policies not only automatically make the indirect information flow secure, but also break the traditional BLP model curt rules "not read up, not write down", which meet the needs of the security level of subjects and objects with the changes of task requirements in MILS. On this basis, a complete information flow control mechanism is established. By detailed analysis and verification, our information security flow security control method can effectively ensure that the information flow between partitions are all legitimate news after authorized by Separation Kernel and filtered by credible components, which can efficaciously protect the confidentiality and integrity of sensitive information.