Risk assessment is only valuable if it leads to effective enforcement. Once risks are identified and prioritised, systems must be able to translate these insights into concrete security actions. The REWIRE Project achieves this through the Multi-level Security Policy Language (MSPL), a flexible and expressive framework for defining, instantiating, and enforcing policies across multiple system layers.
What is MSPL?
The MSPL enables administrators to define security requirements across different levels of abstraction. At the highest level, policies can express broad goals such as “ensure all communications are encrypted.” These high-level objectives are then mapped to mid-level specifications like “use TLS 1.3 for domain-to-domain traffic.” At the lowest level, policies are translated into enforcement rules such as “reject packets that do not include a valid TLS handshake.” In this way, MSPL ensures that high-level goals are consistently translated into enforceable technical rules.
Instantiating MSPL Policies in REWIRE
The instantiation of MSPL in REWIRE begins with policy derivation from risk assessment. For example, if the risk engine identifies a high-risk vulnerability in ECU firmware, the system may automatically trigger stricter access-control policies. Policies are represented in a modular format, making it possible to compose and adapt them flexibly. This modularity also ensures that the same framework can be tailored for sector-specific needs, whether in automotive, healthcare, or aerospace.
Once policies are defined, they are deployed across system layers, from enclaves and operating systems to networks. Automated deployment reduces the risk of human error. Runtime monitoring provides feedback on the effectiveness of these policies. If risks evolve, the policies can be adapted accordingly, creating a continuous feedback loop.
Conclusion
The instantiation of MSPL-based security policies is the final piece of REWIRE’s risk management framework. By ensuring that risk assessments are translated into actionable, enforceable security policies, REWIRE strengthens operational assurance and provides a comprehensive end-to-end approach to cybersecurity in critical systems.
The instantiation of MSPL-based policies brings significant benefits. It ensures consistency across abstraction layers, from high-level goals to low-level enforcement. Automation reduces manual workload and eliminates configuration errors. Adaptability ensures that policies can evolve as new risks emerge. Finally, cross-domain applicability allows the same policy framework to be applied across different critical sectors.