Lines Matching +full:three +full:- +full:level

1 .\" Copyright (c) 2002-2004 Networks Associates Technology, Inc.
7 .\" DARPA/SPAWAR contract N66001-01-C-8035 ("CBOSS"), as part of the
36 .Nd "Multi-Level Security confidentiality policy"
40 .Bd -ragged -offset indent
47 .Bd -ragged -offset indent
53 .Bd -literal -offset indent
59 policy module implements the Multi-Level Security, or MLS model,
63 each subject's MLS label contains information on its clearance level,
67 made up of a sensitivity level and zero or more compartments.
71 The sensitivity level is expressed as a value between 0 and
79 or equal active sensitivity level, and having at least
92 Three special label values exist:
93 .Bl -column -offset indent ".Li mls/equal" "dominated by all other labels"
106 .Bl -bullet
109 clearance level is lower than the clearance level of the object it is
116 Subjects may not write to objects with a lower classification level than
117 its own clearance level.
119 A subject may read and write to an object if its clearance level is equal
120 to the object's classification level as though MLS protections were not in
125 information classified beyond its clearance level in order to protect the
145 .Bd -literal -offset indent
150 Subject labels consist of three label elements: an effective (active) label,
159 .D1 Li mls / Ar effectivegrade : effectivecompartments ( lograde : locompartments No -
164 .Bd -literal -offset indent
165 mls/10:2+3+6(5:2+3-20:2+3+4+5+6)
166 mls/high(low-high)
182 MIBs are available for fine-tuning the enforcement of this MAC policy.
183 .Bl -tag -width ".Va security.mac.mls.ptys_equal"
196 level than the subject.
234 Inc.\& under DARPA/SPAWAR contract N66001-01-C-8035