Wednesday AM
TOGAF Going Forward
Dave Hornford, Chair of the Architecture Forum
Dave gave an excellent talk on where TOGAF is today and where he sees it moving in the future, including how the RTES Forum with their high assurance focus could take advantage of that current direction.
RTES Mils™
Steve Keuhl, Raytheon, Development Practices Working Group
Steve gave a good description of the need and the value of this new RTES Forum Working Group devoted to documenting best practices for architecting and developing high assurance Mils™ components and systems.
Update from Wind River
Paul Chen, Wind River Systems
Paul Chen presented his update, and also gave a web presentation on Intel/Wind River/McAfee Joint Security COTS System Focus, with a 15-minute Q&A session.
Deter Project – Potential for Mils™ Development Practice Skills Tuning Environment
John Sebes (for Terry Benzel), USC
Wednesday PM
The individual Short Reports generated so much discussion and so many questions that the segment expanded to two hours, with one still to go. The last was given after the break as part of the New Mils™ Activities Discussion.
Rance DeLong, LynuxWorks, presented his MILS Current State Report. It covered three distinct activities:
- LynuxWorks' MILS offerings and activities
- The Open Group MILS/Mils™ activities
- MILS research project at SRI International
Rance gave a brief high-level description of LynxSecure, a separation kernel and hypervisor, now in its fifth generation on Intel processors, characterizing the features provided by LynxSecure. He also mentioned a consolidated subject for device virtualization support that had been experimentally separated into subjects for individual device types, in a MILS architecture-like fashion. Rance characterized the customer applications of the separation kernel as being "classic MILS" applications; that is, a small number of subjects some of which hosted processing at different security levels. Also, some applications are oriented to virtualization for commercial hosting. Concerning The Open Group MILS/Mils™ activity, Rance summarized the status of the Mils™ API Standard Working Group and the description of a Open Group Mils™ evaluation and certification scheme presented at the Layered Assurance Workshop in 2010 and submitted to ICCC in 2011. He also mentioned a MILS research and demonstration proposal presented by The Open Group and a European team to the EC. Finally, Rance presented a montage of the Research Enabling MILS Development and Deployment (REMDaD) project at SRI International, sponsored by AFRL and AF CMPO. The topics mentioned were the MILS protection profiles, compositional reasoning about MILS systems, the MILS Network Subsystem Protection Profile, polymorphic protection profiles, MILS delivery, configuration, initialization, and dynamic reconfiguration.
The discussion of new Mils™ activities followed. In his presentation, Proposed Mils™ Evaluation and Certification Scheme Working Group, Rance DeLong explained "classic MILS" (historical), "modern MILS" (Rushby's term for the new and improved MILS), and Mils™, The Open Group brand of MILS. The discussion centered on the formation of a strictly controlled body of documents that would be assembled, often using notions from the public domain and the result of MILS research, to provide the definition of Mils™ and the basis for the Mils™ Evaluation and Certification Scheme.
In the discussion of the Mils™ API Standard, a few members of the Working Group discussed the issue of resources to document the APIs and related security considerations that have been identified by the Working Group.