Security Level Checking

The Security Level Checking plug-in performs two functions: (1) it  ensures that a component has a security level that is the maximum of the security levels of its subcomponents and (2) it checks for all connections whether the source component of a connection declaration has a security level that is the same or lower than that of the destination component. 

If a component does not have a SecurityLevel property declared, its value is assumed to be zero (i.e., the lowest security level). At this time, the security level is checked for every connection declaration; in the future this check should also be performed on semantic connections.

The security level is specified on components (i.e., on component type, component implementation, or subcomponent declarations).

The analysis plug-in performs this check for all connections if either or both ports have a value for this property. The check can be invoked on the aaxl resource or on the declarative AADL model (i.e., the collection of component classifier declarations in an AadlSpec) or an AADL model instance.

The analysis propagates the security level value up the system hierarchy in one of two ways. 

Note: This plug-in is intended to demonstrate how to build analysis plug-ins. It operates on both AadlSpecs and AADL model instances.