Safety-critical systems are used in many domains (military, avionics, aerospace, etc.) and handle critical data in hostile environements. These systems must protect data so that only allowed entities can read or write information. However, due to their increased number of functionalities, safety-critical systems design becomes more complex ; this increases difficulties in the design and the verification of security functions. The Multiple Independent Levels of Security (MILS) approach introduces rules and guidelines for the design of secure systems. It isolates data according to their security levels, reducing system complexity to ease development. However, there is no approach addressing the whole development of MILS systems from high- level specification to the final implementation. This paper presents our approach for the design of MILS architectures. We describe security concerns using a modeling language, verify security requirements and automatically implement the system using code generation.