Multilevel Security: Reprise

today? If there is still a need, how might we address it? To define multilevel security, we must first define security, which is “the combination of confidentiality (the prevention of the unauthorized disclosure of information), integrity (the prevention of the unauthorized amendment or deletion of information), and availability (the prevention of the unauthorized withholding of information).” More generally, security is freedom from risk. An information system’s intrinsic value is dwarfed by that which it supports: an organization’s mission. Security, then, is the freedom from risk to a mission. “Multilevel” refers to data classes that are treated differently depending on which users access them. The word “level” implies a class hierarchy, such as top secret, secret, confidential, and unclassified. More commonly, however, it refers to the general concept of access-class differences, which don’t require a strict hierarchy. Multilevel security is the prevention of unauthorized disclosure among multiple information classes. The threat source for the disclosures includes unauthorized users and subverted software operating on behalf of authorized users. The terminology might be more explicit if we could call this concept multidomain confidentiality, but it is worth resisting multiplying terminology. Nonetheless, we should understand that multilevel security means multidomain confidentiality. It’s important to understand what multilevel security is not. It is not complete because it doesn’t address integrity and availability. What’s more, it does not imply anything about the assurance level—referring only to a system’s functional ability to distinguish among data classes, user classes, and access rules between the user and data classes.