Rockwell-Collins has used the Architecture Analysis and Design Language (AADL) and a security analysis plug-in developed by the SEI to enable the high-assurance handling of data from multiple sensors having varying levels of security (such as airborne imagery) using a powerful, fast, integrated circuit called a field programmable gate array (FPGA) (pdf, 513 kb). This security evaluation includes properties of the Multiple Independent Levels of Security/Safety (MILS).
An FPGA is very powerful. It is also easier to develop applications on an FPGA, which reduces cost and time to market. In addition, an FPGA can be reprogrammed at runtime ("field programmable")—to fix bugs, for example, which can lower maintenance-engineering costs.
By verifying security using an architecture model developed with AADL and the Open Source AADL Tool Environment (OSATE) plug-in, it is possible to validate confidentiality and integrity and also determine that sanitization is done in a controlled way. Sanitization is the lowering of security levels; controlled sanitization assures that lowering security occurs only within allowed boundaries.
As Rockwell Collins has found, AADL and architecture-centric, model-based analysis complement the traditional development life cycle, providing early insight into problems and analysis from design to test and integration.
Learn more about AADL.
Read an article on AADL and security.