System Architecture: Modes of Operation

Previous page
Table of content
Next page

Controlling access to information systems is a standard security function. But when the system contains sensitive classified information there are special modes of operation used to control access. This section reviews three different modes:

  • System High Mode

  • Compartment Mode

  • Multilevel Secure Mode (MLS)

These operating modes are normally used in military or government information systems, but they could also be used in commercial environments. Each operating mode concerns authorization to access the information system. The authorization is given through a specific security clearance level. Any information system running the secure modes of operation listed above are stored in physically controlled environments so that only authorized individuals can be in the same room as the system itself.

"Need to know" can be defined as the necessity of each user on the system to have access to the information on that system to perform their job duties. Users who do not need the information to perform their job duties are said to lack the "need to know." "Need to know" is governed by the owner of the information on the system. Each system below addresses the concerns of:

  • Access control to the system

  • Security labels on each type of information shown to users

  • Accountability and auditing of user actions on the system

  • Documentation of user access rights and acceptable use of the system

  • Environmental protection and physical access control to the system

Regardless of the mode of operation being used on a system, the configuration of the system should be documented. Documentation should always be up-to-date and maintained. Details such as operating system, level of classification, specific configuration characteristics, network protocols, firmware, software, version information, and security components (such as firewalls, router ACLs, or intrusion detection) should be listed. Within this documentation, network diagrams should be provided to show both physical and logical layout. This documentation provides a baseline for comparison against current operations and a means to troubleshoot problems that may occur within the system.

System High Mode

System high mode is used on information systems that contain classified and sensitive information. These systems are mostly used in military environments. All users that have access to the system have a security clearance that authorizes their access to the system itself, any information stored and process there, attached printers or storage devices, or other hosts within the information system. The accounts on these systems are documented and have undergone a rigorous approval process.

Although the users have access to the system, they may not necessarily have a "need to know" all the information on the system because there are various levels of information stored on the system. Each level of information is called a compartment. The security clearance granted to each user on the system also contains compartments that define the various information levels within the system that the user can access. The information levels within the system are labeled to make it clear what the access requirements are.

Compartment Mode

Compartment mode systems require a predetermined clearance level to access the system. Each user on the system is authorized to access the information, but only when a "need to know" can be justified. Access is governed on a case-by-case basis by the owner of the information. Processes and files are all labeled within the system using two separate type labels: Mandatory and Information.

Mandatory labels do not change for the object they are assigned to, whereas information labels change depending on the data that is inserted into the object. User access to these objects may be granted or revoked based on the labels of the information within the system. A strict documentation process tracks the access given to each user and the individual who granted the right of access.

Multilevel Secure Mode

In a multilevel secure (MLS) mode system users cannot access all information on the system. Only those information types within the system that correspond to the clearance level of the user are given to the user. User access is controlled within the system similarly to the previous two modes.

The processes and data that reside on the system are also controlled. Processes from lower security levels are not allowed to interact directly with processes at higher levels. Information is controlled and compartmentalized within the system to avoid contamination or information leakage.

Multilevel systems have the ability to process the various data at their respective security levels. This is done by appropriately determining the security level of the data in question, isolating that data and its associated processes, and carrying out processing completely isolated from any other processes in the system. These processes and the data input and output from the system are only distributed to system users who are appropriately authorized and cleared.


Previous page
Table of content
Next page
SSCP Systems Security Certified Practitioner Study Guide
SSCP Study Guide and DVD Training System
ISBN: 1931836809
EAN: 2147483647
Year: 2003
Pages: 135
Authors: Jeffrey Posulns, Robert J. Shimonski, Jeremy Faircloth
BUY ON AMAZON
Metrics and Models in Software Quality Engineering (2nd Edition)
Professional Java Native Interfaces with SWT/JFace (Programmer to Programmer)
Network Security Architectures
C++ GUI Programming with Qt 3
HTI+ Home Technology Integrator & CEDIA Installer I All-In-One Exam Guide
Programming .Net Windows Applications
flylib.com © 2008-2017.
If you may any questions please contact us: flylib@qtcs.net
Privacy policy