Chapter 8. Multilevel Security
Most high assurance work has been done in the area of kinetic devices and infernal machines that are controlled by stupid robots. As information processing technology becomes more important to society, these concerns spread to areas previously thought inherently harmless, like operating systems.
I brief; you leak; he/she commits a criminal offence by divulging classified information.
They constantly try to escape From the darkness outside and within By dreaming of systems so perfect that no one will need to be good
I mentioned in the introduction that military database systems, which can hold information at a number of different levels of classification (Confidential, Secret, Top Secret, ...), have to ensure that data can only be read by a principal whose level is at least as high as the data's classification. The policies they implement are known as multilevel secure or alternatively as mandatory access control or MAC.
Multilevel secure systems are important because:
a huge amount of research has been done on them, thanks to military funding for computer science in the USA. So the military model of protection has been worked out in much more detail than any other, and it gives us a lot of examples of the second-order and even third-order effects of implementing a security policy rigorously;
although multilevel concepts were originally developed to support confidentiality in military systems, ...