This thesis adapts the system design concept of Multiple Independent Levels of Security (MILS) as software architecture for a high-assurance use case - an avionic gateway to control data flows. ... weiterlesenAdditionally, the thesis analyzes solutions to perform I/O operations securely. For this, hardware requirements are formulated and applied in a hardware audit on a special I/O accelerator. Last, this thesis focuses on methods to gain assurances for correct implementation. First, the Decentralized Label Model is applied to the C language and connected to MILS properties. Second, this thesis discusses compositional certifications in the Common Criteria and proposes a new certification strategy that matches with MILS.