Security Level Checking
The Security Level Checking plug-in performs two functions: (1) it ensures that a component has a security level that is the maximum of the security levels of its subcomponents and (2) it checks for all connections whether the source component of a connection declaration has a security level that is the same or lower than that of the destination component.
If a component does not have a SecurityLevel property declared, its value is assumed to be zero (i.e., the lowest security level). At this time, the security level is checked for every connection declaration; in the future this check should also be performed on semantic connections.
The security level is specified on components (i.e., on component type, component implementation, or subcomponent declarations).
The analysis plug-in performs this check for all connections if either or both ports have a value for this property. The check can be invoked on the aaxl resource or on the declarative AADL model (i.e., the collection of component classifier declarations in an AadlSpec) or an AADL model instance.
The analysis propagates the security level value up the system hierarchy in one of two ways.
- If the analysis is invoked on an AADL model instance (the corresponding aaxl resource or any model object of the model instance), the component hierarchy of the system instance is traversed in postfix order (bottom up) to evaluate each component implementation that is a classifier for the subcomponent that is represented by a component instance object in the instance model.
- If the analysis is invoked on an AadlSpec (the corresponding aaxl resource or any model object of an AadlSpec), the analysis works bottom up through the component classifier library, starting with component implementations without subcomponents and recursively processing component implementations whose subcomponents have the already processed component implementations as classifiers.
Note: This plug-in is intended to demonstrate how to build analysis plug-ins. It operates on both AadlSpecs and AADL model instances.