VxWorks MILS Platform 2.x Essentials

The VxWorks® MILS Platform 2.x Essentials training workshop provides engineers with a fast, cost-effective way to acquire the skills necessary to deliver the security foundation that meets real-time operating system (RTOS) requirements for High Robustness (EAL6+) multilevel secure (MLS) systems.

After this course, participants will be able to perform the following:

• Describe the Common Criteria, Multiple Independent Levels of Security (MILS) architecture, and high assurance security principles
• Explain how Wind River® VxWorks MILS Platform 2.x and high assurance security standards form the basis of a security-certified partitioned system, including networking support, XML configuration, and debugging
• Accelerate the configuration, development, and deployment of MILS systems using the built-in XML development tools and Wind River Workbench
• Configure, debug, build, and test secure MILS applications with VxWorks MILS Platform 2.x.

• Wind River VxWorks MILS Platform 2.1

• Application developers utilizing the MILS architecture to create secure applications
• Those who will develop applications using the VxWorks MILS kernel

Day 1

Introduction to MILS

• Security overview
• Common criteria overview
• Protection profiles
• Separation Kernel Protection Profile (SKPP)
• MILS and evaluation process overview
• Validation oversight review
• Role-based development

Getting Started

• Wind River VxWorks MILS Platform overview
• Mapping of VxWorks MILS to SKPP
• Guest operating systems
• Debug tools
• On-chip debugging
• VxWorks MILS debug agent
• Directory structure
• Documentation and support
• LAB: Getting started

Day 2

System Architecture

• MILS kernel
• Scheduling and initialization function
• Configuration data, vector sets
• VxWorks MILS “separation kernel”
• Secure inter-partition communication
• Shared memory
• Virtual Boards
• Guest operating systems
• VxWorks MILS VxWorks Guest OS
• General Network Stack
• High Assurance Environment
• Linux Guest OS
• Device drivers
• Two-level scheduling
• Trusted delivery and certification evidence
• LAB: System concepts

Payloads and Booting Virtual Boards

• Payloads overview
• milsKernel.elf
• Boot process
• VB booter

Configuring and Building MILS Applications

• Configuration and build partitioning overview
• Configuration and build features and process
• XML introduction and tools
• XML configuration files
• Schemas
• MILS system parameters
• Application parameters
• Build process
• LAB: Configuration and build

Day 3

Wind River Workbench and Application Debugging

• Wind River Workbench
• Workbench source analysis
• Workbench Editor features
• Debugging
• VxWorks MILS debug agent
• On-chip debugging
• Target connections
• Kernel objects viewer
• Source-level debugger
• Other debug aids
• AMIO: Application multiplexed I/O
• LAB: Debugging
• LAB: On-chip debugging

Day 4

System API

• API overview
• VxWorks Guest OS API
• High Assurance Environment API

Wind River MILS Network Stacks

• Overview
• VxWorks MILS General Network Stack
• VxWorks MILS High Assurance Network Stack
• LAB: Configuring and building a High Assurance Network Stack

Debugging Linux Guest OS Applications

• Overview
• Integrating Linux Guest OS into a VxWorks MILS system
• Application debugging with usermode-agent
• LAB: Integrating a Linux Guest OS
• LAB: Debugging Linux VB with usermode-agent

Use Case

• Networking through a guard
• Information flow control—SIPC
• Security policy definition
• Data and fault isolation
• Time partitioning
• Understanding of layered assurance principles
• LAB: Use case