Two nearly equivalent models of multilevel security are presented.The use of multiple models permits the utilization of each model for purposes where that model is particularly advantageous.In this case, the more general model is simple and easily comprehensible, being more abstract, and is useful for exposition of the meaning of multilevel security. The less general model relates well to design specifications and permits straightforward proof of the security of a system design. The correspondence between the two models is easily demonstrated.The two models when applied appropriately are more useful for defining and proving the multilevel security of systems than existing models.The utility of the two models and their relationship to existing models is discussed and the proof of the security of one particular system design is illustrated.The technique for accomplishing the security proof is straightforward and can be extensively automated.
scite is a Brooklyn-based organization that helps researchers better discover and understand research articles through Smart Citations–citations that display the context of the citation and describe whether the article provides supporting or contrasting evidence. scite is used by students and researchers from around the world and is funded in part by the National Science Foundation and the National Institute on Drug Abuse of the National Institutes of Health.