Multilevel Security Models

Mark Stamp and Ali Hushyar, San Jose State University


Multilevel Security in the DoD

Confidentiality and Integrity Policy Models

Bell–La Padula Model

Biba's Integrity Policies

Lipner's Model

Clark–Wilson Integrity Model

Multilateral Security

Covert Channels

Application-Specific MLS Concepts

MLS in Communication Protocols

MLS in Computer Networks

MLS in Database Management Systems

MLS in Object-Oriented Systems

Other Models Related to MLS

Harrison–Ruzzo–Ullman Model

Type Enforcement Model

Role-Based Access Control Model

Enforcing Least Privilege on Processes

Steganographic File System



Cross References



The United States Department of Defense (DoD) offers the following definition of multilevel security (Multilevel Security, 1995):

Multilevel security, or MLS, is a capability that allows information with different sensitivities (i.e., classification and compartments) to be simultaneously stored and processed in an information system with users having different security clearances, authorizations, and needs to know, while preventing users from accessing information for which they are not cleared, do not have authorization, or do not have the need to know.

In other words, multilevel security (MLS) deals with issues related to access control. This chapter discusses many of the fundamental MLS models designed to address the issues surrounding MLS.

In its most basic form, an MLS model's access control ...

Get Handbook of Information Security: Threats, Vulnerabilities, Prevention, Detection, and Management, Volume 3 now with O’Reilly online learning.

O’Reilly members experience live online training, plus books, videos, and digital content from 200+ publishers.