Security modes
Encyclopedia
Generally, Security modes refer to information systems security modes of operations used in mandatory access control
(MAC) systems. Often, these systems contain information at various levels of security classification. The mode of operation is determined by:
All users can access ALL data.
All users can access SOME data, based on their need to know
.
All users can access SOME data, based on their need to know
and formal access approval.
All users can access SOME data, based on their need to know
, clearance and formal access approval
Mandatory access control
In computer security, mandatory access control refers to a type of access control by which the operating system constrains the ability of a subject or initiator to access or generally perform some sort of operation on an object or target...
(MAC) systems. Often, these systems contain information at various levels of security classification. The mode of operation is determined by:
- The type of users who will be directly or indirectly accessing the system.
- The type of data, including classification levels, compartments, and categories, that are processed on the system.
- The type of levels of users, their need to know, and formal access approvals that the users will have.
Dedicated security mode
In this mode of operation, all users must have:- Signed NDANon-disclosure agreementA non-disclosure agreement , also known as a confidentiality agreement , confidential disclosure agreement , proprietary information agreement , or secrecy agreement, is a legal contract between at least two parties that outlines confidential material, knowledge, or information that the parties...
for ALL information on the system. - Proper clearance for ALL information on the system.
- Formal access approval for ALL information on the system.
- A valid need to knowNeed to knowThe term "need to know", when used by government and other organizations , describes the restriction of data which is considered very sensitive...
for ALL information on the system.
All users can access ALL data.
System high security mode
In this mode of operation, all users must have:- Signed NDANon-disclosure agreementA non-disclosure agreement , also known as a confidentiality agreement , confidential disclosure agreement , proprietary information agreement , or secrecy agreement, is a legal contract between at least two parties that outlines confidential material, knowledge, or information that the parties...
for ALL information on the system. - Proper clearance for ALL information on the system.
- Formal access approval for ALL information on the system.
- A valid need to knowNeed to knowThe term "need to know", when used by government and other organizations , describes the restriction of data which is considered very sensitive...
for SOME information on the system.
All users can access SOME data, based on their need to know
Need to know
The term "need to know", when used by government and other organizations , describes the restriction of data which is considered very sensitive...
.
Compartmented security mode
In this mode of operation, all users must have:- Signed NDANon-disclosure agreementA non-disclosure agreement , also known as a confidentiality agreement , confidential disclosure agreement , proprietary information agreement , or secrecy agreement, is a legal contract between at least two parties that outlines confidential material, knowledge, or information that the parties...
for ALL information on the system. - Proper clearance for ALL information on the system.
- Formal access approval for SOME information they will access on the system.
- A valid need to knowNeed to knowThe term "need to know", when used by government and other organizations , describes the restriction of data which is considered very sensitive...
for SOME information on the system.
All users can access SOME data, based on their need to know
Need to know
The term "need to know", when used by government and other organizations , describes the restriction of data which is considered very sensitive...
and formal access approval.
Multilevel security mode
In this mode of operation, all users must have:- Signed NDANon-disclosure agreementA non-disclosure agreement , also known as a confidentiality agreement , confidential disclosure agreement , proprietary information agreement , or secrecy agreement, is a legal contract between at least two parties that outlines confidential material, knowledge, or information that the parties...
for ALL information on the system. - Proper clearance for SOME information on the system.
- Formal access approval for SOME information on the system.
- A valid need to knowNeed to knowThe term "need to know", when used by government and other organizations , describes the restriction of data which is considered very sensitive...
for SOME information on the system.
All users can access SOME data, based on their need to know
Need to know
The term "need to know", when used by government and other organizations , describes the restriction of data which is considered very sensitive...
, clearance and formal access approval
Summary
Signed NDA for | Proper clearance for | Formal access approval for | A valid need to know for | |
---|---|---|---|---|
Dedicated security mode | ALL information on the system. | ALL information on the system. | ALL information on the system. | ALL information on the system. |
System high security mode | ALL information on the system | ALL information on the system | ALL information on the system | SOME information on the system |
Compartmented security mode | ALL information on the system | ALL information on the system | SOME information on the system | SOME information on the system |
Multilevel security mode | ALL information on the system | SOME information on the system | SOME information on the system | SOME information on the system |
See also
- Access controlAccess controlAccess control refers to exerting control over who can interact with a resource. Often but not always, this involves an authority, who does the controlling. The resource can be a given building, group of buildings, or computer-based information system...
- Multifactor authentication
- Bell–LaPadula model
- Biba modelBiba modelThe Biba Model or Biba Integrity Model developed by Kenneth J. Biba in 1977, is a formal state transition system of computer security policy that describes a set of access control rules designed to ensure data integrity. Data and subjects are grouped into ordered levels of integrity...
- Clark-Wilson modelClark-Wilson modelThe Clark-Wilson integrity model provides a foundation for specifying and analyzing an integrity policy for a computing system.The model is primarily concerned with formalizing the notion of information integrity. Information integrity is maintained by preventing corruption of data items in a...
- Discretionary access controlDiscretionary access controlIn computer security, discretionary access control is a kind of access control defined by the Trusted Computer System Evaluation Criteria "as a means of restricting access to objects based on the identity of subjects and/or groups to which they belong...
(DAC) - Graham-Denning modelGraham-Denning modelThe Graham-Denning Model is a computer security model that shows how subjects and objects should be securely created and deleted.It also addresses how to assign specific access rights...
- Multilevel securityMultilevel securityMultilevel security or Multiple Levels of Security is the application of a computer system to process information with different sensitivities , permit simultaneous access by users with different security clearances and needs-to-know, and prevent users from obtaining access to information for...
(MLS) - Mandatory access controlMandatory access controlIn computer security, mandatory access control refers to a type of access control by which the operating system constrains the ability of a subject or initiator to access or generally perform some sort of operation on an object or target...
(MAC) - SecuritySecuritySecurity is the degree of protection against danger, damage, loss, and crime. Security as a form of protection are structures and processes that provide or improve security as a condition. The Institute for Security and Open Methodologies in the OSSTMM 3 defines security as "a form of protection...
- Security engineeringSecurity engineeringSecurity engineering is a specialized field of engineering that focuses on the security aspects in the design of systems that need to be able to deal robustly with possible sources of disruption, ranging from natural disasters to malicious acts...
- Take-grant model
External links
- DoD 5200.28 defines the security terms