You are here: The Open Group > The Open Group Conference, San Francisco 2012 > Proceedings

Real-Time & Embedded Systems Forum

Objective of Meeting

The Wednesday morning session was based around a set of presentations:

  • TOGAF Going Forward (Dave Hornford, Chair of the Architecture Forum)
  • RTES Mils™ (Steve Keuhl, Raytheon, Development Practices Working Group)
  • Update from Wind River (Paul Chen, Wind River Systems)
  • Deter Project – Potential for Mils™ Development Practice Skills Tuning Environment (John Sebes, USC)

The Wednesday afternoon session of the RTES Forum was a MILS™ Current and Future session, and was planned to proceed in four phases:

  1. Short reports of the state of MILS/Mils™ from several participants
  2. A discussion on moving the state of MILS/Mils™ forward
  3. A discussion of prospective new Mils™ activities
  4. Mils™ API Working Group status and next steps


Wednesday AM

TOGAF Going Forward
Dave Hornford, Chair of the Architecture Forum

Dave gave an excellent talk on where TOGAF is today and where he sees it moving in the future, including how the RTES Forum with their high assurance focus could take advantage of that current direction.

RTES Mils™
Steve Keuhl, Raytheon, Development Practices Working Group

Steve gave a good description of the need and the value of this new RTES Forum Working Group devoted to documenting best practices for architecting and developing high assurance Mils™ components and systems.

Update from Wind River
Paul Chen, Wind River Systems

Paul Chen presented his update, and also gave a web presentation on Intel/Wind River/McAfee Joint Security COTS System Focus, with a 15-minute Q&A session.

Deter Project – Potential for Mils™ Development Practice Skills Tuning Environment
John Sebes (for Terry Benzel), USC

Wednesday PM

The individual Short Reports generated so much discussion and so many questions that the segment expanded to two hours, with one still to go. The last was given after the break as part of the New Mils™ Activities Discussion.

Rance DeLong, LynuxWorks, presented his MILS Current State Report. It covered three distinct activities:

  1. LynuxWorks' MILS offerings and activities
  2. The Open Group MILS/Mils™ activities
  3. MILS research project at SRI International

Rance gave a brief high-level description of LynxSecure, a separation kernel and hypervisor, now in its fifth generation on Intel processors, characterizing the features provided by LynxSecure. He also mentioned a consolidated subject for device virtualization support that had been experimentally separated into subjects for individual device types, in a MILS architecture-like fashion. Rance characterized the customer applications of the separation kernel as being "classic MILS" applications; that is, a small number of subjects some of which hosted processing at different security levels. Also, some applications are oriented to virtualization for commercial hosting. Concerning The Open Group MILS/Mils™ activity, Rance summarized the status of the Mils™ API Standard Working Group and the description of a Open Group Mils™ evaluation and certification scheme presented at the Layered Assurance Workshop in 2010 and submitted to ICCC in 2011. He also mentioned a MILS research and demonstration proposal presented by The Open Group and a European team to the EC. Finally, Rance presented a montage of the Research Enabling MILS Development and Deployment (REMDaD) project at SRI International, sponsored by AFRL and AF CMPO. The topics mentioned were the MILS protection profiles, compositional reasoning about MILS systems, the MILS Network Subsystem Protection Profile, polymorphic protection profiles, MILS delivery, configuration, initialization, and dynamic reconfiguration.

The discussion of new Mils™ activities followed. In his presentation, Proposed Mils™ Evaluation and Certification Scheme Working Group, Rance DeLong explained "classic MILS" (historical), "modern MILS" (Rushby's term for the new and improved MILS), and Mils™, The Open Group brand of MILS. The discussion centered on the formation of a strictly controlled body of documents that would be assembled, often using notions from the public domain and the result of MILS research, to provide the definition of Mils™ and the basis for the Mils™ Evaluation and Certification Scheme.

In the discussion of the Mils™ API Standard, a few members of the Working Group discussed the issue of resources to document the APIs and related security considerations that have been identified by the Working Group.


Outputs are reflected in Presentations and Next Steps – please refer to the sessions above and below.

Next Steps

The Real-Time and Embedded Systems Forum will look further at where they can continue the good work started by SONY, the University of Tokyo, and Elparazim in the use of DEOS and D-Cases.

Assurance Cases in general is an ongoing topic in the Forum and one next step is to decide what type of assurance case the Forum will develop for MILS – this effort is being spear-headed by Dylan McNamee.


See above.

   |   Legal Notices & Terms of Use   |   Privacy Statement   |   Top of Page   Return to Top of Page