Partitioning Communication System

From Wikipedia, the free encyclopedia

Partitioning Communication System is an high-assurance computer security architecture based on an information flow separation policy. The PCS extends the four foundational security policies of a MILS (Multiple Independent Levels of Security) separation kernel to the network:

• End-to-end Information Flow
• End-to-end Data Isolation
• End-to-end Periods Processing
• End-to-end Damage Limitation

The PCS leverages the separation kernel to enable application layer entities to enforce, manage, and control application layer security policies in such a manner that the application layer security policies are:

• Non-bypassable,
• Evaluatable,
• Always-invoked, and
• Tamper-proof.

The result is a communications architecture that allows the separation kernel and the PCS to share responsibility of security with the application.

The PCS was invented by OIS. OIS collaborated extensively on the requirements for the PCS with:

• National Security Agency
• Air Force Research Laboratory
• University of Idaho
• Lockheed Martin
• Boeing
• Rockwell Collins

The following companies are producing MILS separation kernels:

• Green Hills Software
• LynuxWorks
• Wind River Systems

[edit] References

• Vanfleet, W. Mark (2005-08). "MILS - Architecture for High-Assurance Embedded Computing". Crosstalk (Aug 2005). 
• Presentation at OMG Software Based Communications Workshop
• Beckwith, R. William. MILS Partitioning Communication System. Objective Interface Systems, Inc..