AHP-GRAP Based Security Evaluation Method for MILS System within CC Framework

MILS (Multiple Independent Levels of Security and Safety) is a high-assurance architecture for secure sharing of different security-level information. But the MILS security evaluation is facing a great challenge. Traditional Common Criteria (CC) method is not suitable for MILS system evaluation for its complexity, time consuming and qualitative description. To achieve quantitative security assessment, we proposes an AHP-GRAP based security evaluation model for MILS system within CC framework. AHP (Analytic Hierarchy Process) is used to obtain the weight of each component with respect to the final goal of the security evaluation. GRAP (Grey Relational Analytic Process) is adapted to analyze evaluation data to implement a quantitative integration evaluation. The new method overcomes the disadvantage of CC and realizes the quantitative description for MILS system security evaluation. The proposed method is used to evaluate the MILS system and the result shows that its security is Level 4.