Specifying and enforcing a multi-policy paradigm for high assurance multi-enclave systems

One fundamental key to successful implementation of secure high assurance computer systems is the design and implementation of security policies. For systems enforcing multiple concurrent policies, the design and implementation is a challenging and difficult task. To simplify this task, we present an Inter-Enclave Multi-Policy (IEMP) paradigm for information access of the Multiple Independent Levels of Security and Safety (MILS) approach to high assurance system design for security- and safety-critical multi-enclave systems. The IEMP paradigm manages multiple security policies (i.e., controls the conflicts and cooperation of policies of different enclaves) within heterogeneous systems. IEMPs are “policies about policies” that ensure the enforcement of end-to-end mandatory information flow security policies, where the management and evolution of policies can be separated from applications. Although the approach was initially designed for use in the MILS architecture, based on the concept of a separation kernel, it is applicable to a much broader range of architectures.