EURO-MILS 4Clogo-hipeac


Date: 20.01.2015

Location: Amsterdam, The Netherlands
Co-located with the HiPEAC Conference 2015

Workshop description

MILS* is a high-assurance security architecture based on the concepts of separation and controlled information flow. The MILS architectural approach is all about decomposition of system design into well-understood components and their interactions with the target to achieve composable security and composable assurance for the designed system.

The security and assurance composability is a grand challenge which we approach with MILS architectural approach.

Security composition targets defining a secure system from secure components and system architecture. The core of the composable security is a separation kernel (that has overlapping functionality with a hypervisor) that creates partitions to separate different security domains. Such a separation kernel often need to support real-time because there are many use-cases are in embedded systems.

Assurance composition targets creating assurance argument for the overall system from arguments of its components and system's security architecture. We selected Common Criteria to define such a composable assurance framework for MILS system. Amongst others, at the workshop a Protection Profile draft for a MILS separation kernel will be presented and discussed.

Workshop topics

The workshop topics are but not limited to:

  • MILS architectural approach for security and safety
  • MILS components and eco-system
  • MILS use-cases, e.g. from avionics, automotive, communications, industrial automation, medical, railway, consumer and similar domains.
  • Real-time separation kernels
  • MILS certification
  • MILS testing and vulnerability analysis of MILS systems
  • Cross-European/world-wide high-assurance security
  • Formal methods for MILS system as base for high assurance

Paper/Presentation submission

Submissions do not need to be full papers: this is workshop and we are looking for interesting experience, work, and ideas (possibly preliminary and exploratory) that will stimulate discussion and thought.
Submissions should be in PDF format between 3-12 pages.
We recommend the guidelines for ACM SIG Proceedings.

Electronic Submissions

The submissions page at Easychair is open:

Workshop Programme and Literature

10:00 Welcome pdf  
10:15 EURO-MILS: Building and certifying modular secure systems, Sergey Tverdyshev, SYSGO pdf  
11:00 Coffee break    
11:30 Two Architecture Approaches for MILS Systems in Mobility Domains (Automobile, Railway and Avionik). Daniel Adam, Sergey Tverdyshev, Carsten Rolfes, Timo Sandmann pdf pdf
12:00 ProvenCore: Towards a Verified Isolation Micro-Kernel. Stéphane Lescuyer pdf pdf
12:30 Security Type Checking for MILS-AADL Specifications. Kevin van der Pol and Thomas Noll. pdf pdf
13:00 Lunch    
14:00 MILS Initiatives within The Open Group. Rance DeLong, TOG pdf  
14:45 Security-Informed Safety Case Approach to Analysing MILS Systems. Kateryna Netkachova, Kevin Müller, Michael Paulitsch and Robin Bloomfield. pdf pdf
15:15 Evaluation paradigm selection according to Common Criteria for an incremental product development. Sinnhofer Andreas Daniel, Raschke Wolfgang, Steger Christian, Kreiner Christian pdf pdf
15:30 Coffee break    
16:00 D-MILS: Specification, Analysis, Deployment, and Assurance of Distributed Critical Systems. Harald Ruess, fortiss, and Stefano Tonetta, Fondazione Bruno Kessler pdf  
16:45 Partitioning in Safety and Security: Mapping to Separation Kernel Partitioning Mechanisms, Holger Blasum.   pdf
17:00 Developing Assurance Cases for D-MILS Systems. Richard Hawkins, Tim Kelly and Ibrahim Habli pdf pdf
17:15 Formal Methods for MILS: Formalisations of the GWV Firewall, Ruud Koolen and Julien Schmaltz pdf pdf
17:45 Summary    


Important Dates

Position papers due: 27 November, 2014
Reviews/decisions: 19 December, 2014
Camera ready versions due: 11 January, 2015
MILS Workshop: 20 January, 2015


Sergey Tverdyshev, SYSGO AG, Germany

FP7 EURO-MILS project

Workshop committee

  • Romain Berge, ITSEF Thales, France
  • Igor Furgel, ITSEF T-Systems, Germany
  • Kevin Mueller, Airbus Innovations Work, Germany
  • Michael Paulitsch, Thales, Austria
  • Joseph Bergmann, The Open Group, UK
  • Rance Delong, The Open Group, UK
  • Harald Rueß, Fortiss, Germany
  • Andreas Lindinger, Continental Corporation, Germany
  • Cristina Simache, Altran Sud Ouest, France
  • Sergey Tverdyshev, SYSGO, Germany
  • Holger Blasum, SYSGO, Germany
  • Bertrand Leconte, Airbus SAS, France


* Historically MILS stands for "Multiple Independent Levels of Security" and today is considered as a proper noun.