In military and other high-security computer systems, a policy of mandatory access controls is used. The goal in these systems is to restrict the dissemination of information. Objects in these systems (such as files) are assigned security labels that restrict who is allowed to access them. A label contains the required clearance level, which often ranges from unclassified to classified, secret, top secret, and so forth.^[1] Users of the system are assigned clearance levels. A user with a clearance level of classified may read documents that are classified or unclassified, but may not read documents more restricted, such as secret or top secret. This same user may actually create documents that are ...