Path: utzoo!utgpu!news-server.csri.toronto.edu!mailrus!tut.cis.ohio-state.edu!cs.utexas.edu!longway!std-unix
From: gwyn@smoke.brl.mil (Doug Gwyn)
Newsgroups: comp.std.unix
Subject: Re: Mandatory Access Controls in the commercial world
Message-ID: <800@longway.TIC.COM>
Date: 8 Jul 90 04:23:28 GMT
References: <793@longway.TIC.COM>
Sender: std-unix@longway.TIC.COM
Reply-To: std-unix@uunet.uu.net
Organization: U.S. Army Ballistic Research Laboratory, APG, MD.
Lines: 28
Approved: jsq@longway.tic.com (Moderator, John S. Quarterman)

From:  Doug Gwyn <gwyn@smoke.brl.mil>

In article <793@longway.TIC.COM> From:  kingdon@ai.mit.edu (Jim Kingdon)
>Thanks for providing some technical details.  But can't the level be
>made a special case of the set of categories?  That is, define
>categories CLASSIFIED, SECRET, TOP_SECRET, etc, and give people either
>{TOP_SECRET, SECRET, CLASSIFIED} or {SECRET, CLASSIFIED} or
>{CLASSIFIED}.  Unless I'm missing something, this provides the same
>functionality and is simpler.

The problem is, that approach could be misadministered to give users
{TOP SECRET, CONFIDENTIAL} or other such erroneous category sets (we
call them "compartments" rather than "categories").  The intent of
the strict CONFIDENTIAL, SECRET, TOP SECRET hierarchy is to rate the
relative probable level of damage to the organizational (national)
interests if the classified information were disclosed to the wrong
parties.  The intent of compartments is to enforce the additional
requirement, beyond one's rated level of trustworthiness, of having
a genuine "need to know" the information.  For example, even though
I might have a TOP SECRET security clearance, if I have not been
specially indoctrinated for access to "special intelligence" then
I am not allowed to access even CONFIDENTIAL SI material.

You might try to redesign such classification schemes, but these
have evolved through many decades of practical experience and seem
to be the best we've been able to devise so far.

Volume-Number: Volume 20, Number 114