Current projects aimed at providing MLS computing services rarely seem to exploit advances in related fields. Specifically, the concepts of data distribution, replication, and interoperation are currently receiving much attention in the commercial database system sector but have yet to be applied to the delivery of MLS computing services. This paper explains how these concepts might help delive...

A multilevel database is intended to provide the security needed for database systems that contain data at a variety of classifications and serve a set of users having different clearances. This paper describes a formal security model for a such a system. The model is formulated in two layers, one corresponding to a reference monitor that enforces mandatory security, and the second an extension...

Cover story has been a controversial concept for the last twenty years. This concept was first introduced in 1991 in the SEAVIEW project [2] as an explanation for the polyinstantiation technique used in multilevel databases, i.e. databases which support a multilevel security policy. To illustrate the concept of polyinstantiation, consider the example of multilevel relational database that conta...

Though the areas of secure multicast group architecture, key distribution, and sender authentication are under scrutiny, one topic that has not been explored is how to integrate these with multilevel security. Multilevel security is the ability to distinguish subjects according to classification levels, which determines to what degree they can access confidential objects. In the case of groups,...

Inter-Organizational Workflows (IOWF) become important as they provide solution for data sharing, heterogeneity in resources and work coordination at global level. However, a secured computing infrastructure like Multilevel Security (MLS) is needed to support today’s vast

In this paper, the author describes a security property for trusted multilevel systems, restrictiveness, which restricts the inferences a user can make about sensitive information. This property is a hookup property, or composable, meaning that a collection of secure restrictive systems when hooked together form a secure restrictive composite system. The author argues that the inference control...

Although one senior security professional has emphasized that “it is unconscionable to use overly weak components” in a multilevel security (MLS) context, the majority of current transfer guards do exactly that. Basic guard technology is well-developed and has a long history, but most guards are built on low-assurance systems vulnerable to software subversion, and the lack of assurance limits t...

The original UNIX system was designed to be small and intelligible, achieving power by generality rather than by a profusion of features. In this spirit we have designed and implemented IX, a multilevel-secure variant of the Bell Labs research system. IX aims at sound, practical security, suitable for privateand public-sector uses other than critical national-security applications. The major s...

Although most research on cynicism toward change (CTC) has been conceptualized at the individual level, we propose that CTC is better conceptualized as a multilevel phenomenon, acting as both an employee attitude and an organizational climate. We conducted a multilevel investigation of CTC in a field sample of 687 correctional officers in the 14 prisons in a state penal system. Consistent with ...

For multilevel data, levels are not the result of a hierarchical aggregation, but contain independently produced data. While first visualization techniques for this kind of data exist, suitable interactive exploration techniques have rarely been investigated so far. In this paper, we introduce means for the analysis, representation, and exploration of spatiotemporal multilevel data as first sol...