Multilevel Security

April 20th 2008

I have moved some material about multilevel security (MLS) and ‘cross domain systems’ (CDS) onto this web site from my old Cryptosmith site. I’ve also included some brief comments on CDS. There is also a link to my MLS Introduction, which I will be updating and migrating to this site over the next few months.

I’m not collecting comments on static pages if I can help it, so if you have the need to comment on my MLS or CDS materials, post the comment here.

Posted under Information Security | No Comments »

MLS: Multilevel Networking

July 7th 2007

(back to MLS Introduction)

(previous: The Assurance Problem)

(next: Conclusion)

As computer costs fell and performance soared during the 1980s and 1990s, computer networks became essential for sharing work and resources. Long before computers were routinely wired to the Internet, sites were building local area networks to share printers and files. In the defense community, multilevel data sharing had to be addressed in a networking environment. Initially, the community embraced networks of cheap computers as a way to temporarily sidestep the MLS problem. Instead of tackling the problem of data sharing, many organizations simply deployed separate networks to operate at different security levels, each running in system high mode.

Continue Reading »

Posted under Information Security | Comments Off

The MLS Assurance Problem

July 7th 2007

(back to MLS Introduction)

(previous: The MLS Problem)

(next: Multilevel Networking)

Members of the defense community identified the need for MLS-capable systems in the 1960s, and a few vendors implemented the basic features (Weissman 1969, Hoffman 1973, Karger and Schell 1974). However, government studies of the MLS problem emphasized the danger of relying on large, opaque operating systems to protect really valuable secrets (Ware 1970, Anderson 1972). Operating systems were already notorious for unreliability, and these reports highlighted the threat of a software bug allowing leaks of highly sensitive information. The recommended solution was to achieve high assurance through extensive analysis, review, and testing.

Continue Reading »

Posted under Information Security | Comments Off

The MLS Problem

July 7th 2007

(back to MLS Introduction)

(next: The Assurance Problem)

Many businesses and organizations need to protect secret information, and most can tolerate some leakage. Organizations who use MLS systems tolerate no leakage at all. Businesses may face legal or financial risks if they fail to protect business secrets, but they can generally recover afterwards by paying to repair the damage. At worst, the business goes bankrupt. Managers who take risks with business secrets might lose their jobs if secrets are leaked, but they are more likely to lose their jobs to failed projects or overrun budgets. This places a limit on the amount of money a business will invest in data secrecy. Continue Reading »

Posted under Information Security | Comments Off