MULTILEVEL SECURITY

CYNTHIA E. IRVINE

Naval Postgraduate School, Monterey, California

1 INTRODUCTION

Multilevel security (MLS) refers to policies and techniques where the sensitivity of the information is immutably bound to an equivalence class. (One can think of equivalence classes as subsets of a set where there is no overlap or intersection among the subsets. For example, pens could be subdivided into red pens, blue pens, black pens, green pens, and so on. Information might be subdivided into CRITICAL and NONCRITICAL information or PUBLIC or PROPRIETARY information.) The active entities that access the information are also statically associated with equivalence classes. On the basis of the relationships between the equivalence classes, rules determine whether and with what rights an active entity can access the information. The mandatory policies associated with MLS can apply to integrity as well as confidentiality. Specific models and mechanisms have been developed to support MLS in computer systems. Requirements for multilevel secure systems span the private sector, the government, and the military.

2 BACKGROUND

Most organizations maintain information that is either protected or openly available. In government, information often is categorized as either classified or unclassified. Within the context of classified information, various levels of information sensitivity may be established based upon the damage caused should that information become accessible to adversaries. The ...