From DSS to MILS

(Extended Abstract)
  • John Rushby
Part of the Lecture Notes in Computer Science book series (LNCS, volume 6875)


I outline the principal ideas of the Distributed Secure System (DSS) on which Brian Randell and I collaborated in the early 1980s, its modern manifestation as MILS, and continuing research challenges posed by these architectures.


Release Agent Separation Kernel Distribute Secure System Computer Science Laboratory Annual Computer Security Application 
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.


Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.


  1. 1.
    Randell, B., Rushby, J.: Distributed secure systems: Then and now. In: Proceedings of the Twenty-Third Annual Computer Security Applications Conference, Miami Beach, FL, pp. 177–198. IEEE Computer Society, Los Alamitos (2007) Invited “Classic Paper” presentationCrossRefGoogle Scholar
  2. 2.
    Brownbridge, D.R., Marshall, L.F., Randell, B.: The Newcastle Connection, or UNIXes of the world unite! Software—Practice and Experience 12, 1147–1162 (1982)CrossRefGoogle Scholar
  3. 3.
    Boettcher, C., DeLong, R., Rushby, J., Sifre, W.: The MILS component integration approach to secure information sharing. In: 27th AIAA/IEEE Digital Avionics Systems Conference, St. Paul, MN, The Institute of Electrical and Electronics Engineers (2008)Google Scholar
  4. 4.
    Rushby, J.: The design and verification of secure systems. In: Eighth ACM Symposium on Operating System Principles, Asilomar, CA, pp. 12–21 (1981); ACM Operating Systems Review 15(5)Google Scholar
  5. 5.
    Rushby, J.: Noninterference, transitivity, and channel-control security policies. Technical Report SRI-CSL-92-2, Computer Science Laboratory, SRI International, Menlo Park, CA (1992)Google Scholar
  6. 6.
    Haigh, J.T., Young, W.D.: Extending the noninterference version of MLS for SAT. IEEE Transactions on Software Engineering SE-13, 141–150 (1987)CrossRefGoogle Scholar
  7. 7.
    van der Meyden, R.: What, Indeed, is Intransitive Noninterference (Extended Abstract). In: Biskup, J., López, J. (eds.) ESORICS 2007. LNCS, vol. 4734, pp. 235–250. Springer, Heidelberg (2007)CrossRefGoogle Scholar
  8. 8.
    Chong, S., van der Meyden, R.: Using architecture to reason about information security. Technical report, University of New South Wales (2009)Google Scholar
  9. 9.
    Dobson, J., Randell, B.: Building reliable secure computing systems out of unreliable insecure components. In: Proceedings of the Seventeenth Annual Computer Security Applications Conference, New Orleans, LA, pp. 162–173. IEEE Computer Society, Los Alamitos (2001) Invited “Classic Paper” presentationCrossRefGoogle Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2011

Authors and Affiliations

  • John Rushby
    • 1
  1. 1.Computer Science LaboratorySRI InternationalMenlo ParkUSA

Personalised recommendations