Alternative Forms

• Security Class

• Security Classification Specialization

• Security Clearance Specialization

Definitions

Warning

The terms security category, security class, and security label are sometimes used loosely without distinction.

Definition 1

.

Related Terms

Quotes

Information flow is usually controlled by assigning every object a security class, also called a security label. Whenever information flows from object x to object y, there is an accompanying information flow from the security class of x to the security class of y. Henceforth, when I talk about information flowing from security class A to security class B, visualize information flowing from an object labeled A to an object labeled B.

An information flow model FM is defined by

Fm = ⟨ N, P, SC, ⊕, ⭢ ⟩.

(…)

SC = { A, B, ... } is a set of security classes corresponding to disjoint classes of information. They are intended to encompass, but are not limited to, the familiar concepts of "security classifications," "security categories," and "need to know" [9, 23]. Each object a is bound to a security class, denoted by a, which specifies the security class associated with the information stored in a. There are two methods of binding objects to security classes: static binding, where the security class of an object is constant, and dynamic binding, where the security class of an object varies with its contents. Users may be bound, usually statically, to security classes referred to as "security clearances" [2, 22, 23]. Each process p may also be bound to a security class, which we denote by p. In this case, p may be determined by the security clearance of the user owning p or by the history of security classes to which p has had access.

Bibliography

• Denning, 1976

• Sandhu, 1993

See Also