askvity

What is Multilevel Security in Computer Security?

Published in Access Control 3 mins read

Multilevel Security (MLS) in computer security is a security scheme that enforces controlled access to information based on hierarchical security levels and categories. It aims to prevent unauthorized access and disclosure of sensitive data.

Understanding Multilevel Security

MLS is often associated with the Bell-La Padula (BLP) Mandatory Access Control (MAC) model. This model is designed to ensure confidentiality by restricting information flow from higher security levels to lower security levels.

Key Concepts in MLS

To better understand MLS, it's essential to define these core elements:

  • Subjects: Active entities like users, processes, or programs that request access to objects.
  • Objects: Passive resources such as files, devices, or other data containers that hold information.
  • Security Levels: Hierarchical classifications assigned to both subjects and objects, indicating the sensitivity or trustworthiness. Examples include Top Secret, Secret, Confidential, and Unclassified.
  • Categories (Compartments): Non-hierarchical groupings used to further refine access control. These are often related to specific projects, departments, or types of information.

How MLS Works

MLS operates by assigning both subjects (users, processes) and objects (files, data) security classifications. Access is then governed by a set of rules based on these classifications. The Bell-LaPadula model, a common implementation of MLS, primarily focuses on preventing information from flowing to lower security levels.

Bell-LaPadula Model Rules

The Bell-LaPadula model defines two main rules:

  1. "No Read Up" (Simple Security Property): A subject can only read an object if the subject's security level is greater than or equal to the object's security level. This prevents users with lower clearances from accessing highly classified information.
  2. "No Write Down" (* -Property): A subject can only write to an object if the subject's security level is less than or equal to the object's security level. This prevents users from writing classified information to a lower-level object, which could lead to unauthorized disclosure.

Example of MLS in Action

Imagine a system with security levels of Unclassified, Confidential, Secret, and Top Secret.

  • A user with a Secret clearance can read documents classified as Unclassified, Confidential, or Secret, but not Top Secret.
  • A user with a Secret clearance can write documents classified as Secret or Top Secret, but not Unclassified or Confidential.

Advantages of MLS

  • Enhanced Security: Prevents unauthorized access to sensitive information, even if a user is compromised.
  • Data Segregation: Isolates data based on classification, limiting the impact of security breaches.
  • Compliance: Helps meet regulatory requirements for handling classified or sensitive data.

Disadvantages of MLS

  • Complexity: Implementing and managing MLS can be complex and require specialized expertise.
  • Performance Overhead: Access control checks can introduce performance overhead.
  • Usability Challenges: Restrictive access policies can sometimes hinder productivity.

Related Articles