CHAPTER 9Multilevel Security
Most high assurance work has been done in the area of kinetic devices and infernal machines that are controlled by stupid robots. As information processing technology becomes more important to society, these concerns spread to areas previously thought inherently harmless, like operating systems.
– EARL BOEBERT
The password on the government phone always seemed to drop, and I couldn't get into it.
– US diplomat and former CIA officer KURT VOLKER, explaining why he texted from his personal phone
I brief; you leak; he/she commits a criminal offence by divulging classified information.
– BRITISH CIVIL SERVICE VERB
9.1 Introduction
In the next few chapters I'm going to explore the concept of a security policy using case studies. A security policy is a succinct description of what we're trying to achieve; it's driven by an understanding of the bad outcomes we wish to avoid and in turn drives the engineering. After I've fleshed out these ideas a little, I'll spend the rest of this chapter exploring the multilevel security (MLS) policy model used in many military and intelligence systems, which hold information at different levels of classification (Confidential, Secret, Top Secret, …), and have to ensure that data can be read only by a principal whose clearance level is at least as high. Such policies are increasingly also known as information flow control (IFC).
They are important for a number of reasons, even if you're never planning to work ...
Get Security Engineering, 3rd Edition now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.