What is multilevel security?

A fundamental requirement of a secure system is that there is a set of guidelines that specify the authorization of subjects to access specific objects. “Access” is a key concept; it implies a flow of information from a subject to an object or from an object to a subject. For example, when a user (a subject) updates a data set (an object), the information flows from the subject to the object. When a user reads a record from a data set, the information flows from the object to the subject.

The subject in these interactions is active; the subject is attempting to access an object (or the information that the object contains). The object, on the other hand, is passive; it contains the information that the subject wants to access, or it is the receiver of information from the subject. Each time a subject attempts to access an object, the system must decide whether to allow the access.

Two central concepts of security are security policy and accountability. A security policy is a set of laws, rules and practices that regulate how an organization manages, protects and distributes its sensitive data. It is the set of rules that the system uses to decide whether a particular subject can access a particular object. Accountability requires that each security- relevant event must be able to be associated with a subject. Accountability ensures that every action can be traced to the user who caused the action.

multilevel security is a security policy that allows the classification of data and users based on a system of hierarchical security levels combined with a system of non-hierarchical security categories. A multilevel-secure security policy has two primary goals. First, the controls must prevent unauthorized individuals from accessing information at a higher classification than their authorization. Second, the controls must prevent individuals from declassifying information.