MILS workshop 2019



Location: Congress Center Sindelfingen, Stuttgart

Workshop: 6th December 2019

Co-Located with ESE Kongress (, 02nd-06th December 2019

Conference website:

Workshop objectives

The complexity, mission-criticality, and connectivity of the modern systems bring system trustworthiness to the front page. The required trustworthiness shall provide a sufficient assurance for the safety and security of the deployed systems. Examples of systems benefiting of, emerging, or badly needing it, are aircrafts, cars and autonomous vehicles, C2X/C2C, trains, subways, industrial IoT, traffic management systems, ships, satellites, medical devices, handheld devices.

The "MILS Workshop" focuses on bringing industry and research stakeholders together to advance methods, tools, approaches, and use-case on creating compositional assurance and trustworthiness for safety, security, and mixed-critical connected systems.

The assurance can be provided for example by architectural approaches, design properties, technologies, results of analysis, testing, formal verification, artifacts from model-based engineering, standard-based certification approaches, as well as assurance maintenance during the system life-time.


More about MILS

MILS* is a high-assurance security architecture concept based on the principles of separation and controlled information flow. The MILS approach is all about decomposition of a system design into well-understood components and their interactions with the goal to achieve composable architecture and composable assurance. The composability of architecture and assurance as well as assurance maintenance for safe and secure systems is a grand challenge. The MILS workshop targets exactly this challenge. MILS defines a secure system from trustworthy components and system architecture. The MILS framework for composable architecture is based on a separation kernel (it can have overlapping functionality with a hypervisor or a distributed hypervisor) that creates partitions to separate different security domains. Such a separation kernel often needs to support real-time because there are many use-cases in embedded systems. Assurance composition targets creating an assurance argument. the overall system from arguments of its components and the system's security architecture.


* Historically MILS stands for "Multiple Independent Levels of Security" and today is considered as a proper noun.


List of topics

The workshop explicitly welcomes contributions on the industrial application of compositional assurance, assurance and certification frameworks, attack methods, and templates for MILS systems. The workshop topics are, but not limited to

  • Compositional approaches for safety and security architectures
  • Compositional approaches for safety and security assurance and certification
  • Designing and modelling of assurance cases
  • Application of novel and existing information flow models/policies
  • Methods and tools for assurance generation, model-based approaches
  • Formal methods as a basis for high assurance
  • Gap-less path from implementation to assurance
  • Maintenance of compositional assurance
  • MILS components and eco-system
  • MLS systems and their relation to MILS systems
  • Use-cases for compositional design/assurance , e.g. from avionics, IMA, automotive, Adaptive Autosar, communications, industrial automation, Industry 4.0, medical, railway, consumer and similar domains
  • Real-time separation kernels
  • MILS evaluation and certification
  • MILS testing and vulnerability analysis of MILS systems
  • Cross-European/world-wide high-assurance security
  • Comparison of MILS approach to other software engineering approaches and concepts


Workshop: 06th December 2019

Organizing Committee

  • Sergey Tverdyshev, SYSGO AG, Germany


MILS-19 proceedings will be published as online workshop proceedings at the Zenodo repository (DOI) and


The workshop will be held in Sindelfingen near Stuttgart in Germany. The workshop is co-located with the ESE Kongress 02-06 December 2019


  • Sergey Tverdyshev, firstname.lastname AT


Previous Events