- Showcases reliability against Request and Response Packet Loss
- Showcases reliability against Delays
- SHowcases reliability against out of order packets
- plain: contains original unannotated application
- annotated: contains annotations applied to plain to reflect security intent below
- refactored: contains annotated code refactored for making security-compliant partitioning feasible
- divvied: contains code divvied up into separate directories for each level/enclave as input for GEDL generation, followed by code autogeneration
- partitioned: contains fully paritioned sources with cross-domain RPCs, marshalling, serialization, tags, HAL API, etc.
- Enclaves: 2 (Orange, Purple)
- Variable
ainget_a()is in ORANGE and can be shared with PURPLE - Variable
binget_b()is in PURPLE and cannot be shared - Calculated EWMA must be available on PURPLE side (for printing there)
For convenience, the following CLE label definitions are provided for use in example 1. Place after include directives in annotated/example1.c
#pragma cle def PURPLE {"level":"purple"}
#pragma cle def ORANGE {"level":"orange",\
"cdf": [\
{"remotelevel":"purple", \
"direction": "egress", \
"guarddirective": { "operation": "allow"}}\
] }
#pragma cle def XDLINKAGE_GET_A {"level":"orange",\
"cdf": [\
{"remotelevel":"purple", \
"direction": "bidirectional", \
"guarddirective": { "operation": "allow"}, \
"argtaints": [], \
"codtaints": ["ORANGE"], \
"rettaints": ["TAG_RESPONSE_GET_A"] \
} \
] }
For reference during the independent exercise only, see .solution subdirectory for complete working copy of example1 code.
- CLE Version:
- Refactoring Methodology:
- HAL API:
- DFDL/DAGR:
None