Chapter 3. DB2 synergy with zSeries and z/OS 53
3.4.3 DB2 and multilevel security
A multilevel security (MLS) system is a security environment. It allows the
protection of data based on both traditional discretionary access controls, and
controls that check the sensitivity of the data itself through mandatory access
controls.
These mandatory access controls are at the heart of an MLS environment. They
prevent unauthorized users from accessing information at a classification to
which they are not authorized. They also prevent users from changing the
classification of information to which they do have access. These mandatory
access controls provide a way to segregate users and their data from other users
and their data regardless of the discretionary access they are given though
access lists.
To create an MLS environment, you must have a combination of software and
hardware components that enforce the security requirements needed for such a
system. The security relevant portion of software and hardware components that
make up this system is also known as the
Trusted Computing Base.
Why multilevel security
The primary arena where MLS is valuable is government agencies that need a
security environment that keeps information classified and compartmentalized
between users. In addition to the fundamental identification and authentication of
users, auditing and accountability of the actions by authenticated users on these
systems is provided by the security environment.
In such highly secure environments, to manage the compartmentalization of
information between users, each compartment is on its own system. This makes
it difficult for classified information to spill from one system to another, since the
connections between systems can be highly controlled. With MLS, these
systems can be consolidated onto a single system, with each compartment
independent of the other, so that no transfer of data can occur between
compartments within that system. This takes advantage of the cost savings of
not having to manage multiple systems, but only a few, or one system.
Commercial clients may also find some features of MLS useful, such as to
separate sensitive customer information from the general populace or from other
users. New government regulations, such as HIPAA (see the following list), or
corporate mergers are examples where security of information based on the
information itself is important in the commercial world.
MLS is implemented at the operating system level. DB2 Version 8 participates in
this scheme and provides MLS security to the row level.

Get The Business Value of DB2 UDB for z/OS now with O’Reilly online learning.

O’Reilly members experience live online training, plus books, videos, and digital content from 200+ publishers.