2

Lets say Paul, is cleared for (TOP SECRET, {A,C}) where top secret is his clearance and A & C privledges. He wants to access a Document classified (Secret,{B,C})..

Top secret trumps Secret but in order for paul to "dominate" the documents permissions must be a subset of pauls. Which B,C is not a subset of A,C.

So my question is does paul HAVE to dominate the document in order to access it period? Ive read that dominate only provides a heirarchy of sorts. The BLP model sys read downs is allowed so im a little confused about this situation.

Daisetsu
  • 5,110
  • 1
  • 14
  • 24
Ryan
  • 35
  • 1
  • 4

1 Answers1

1

I think you may be confused about the terminology, if I'm understanding your question correctly.

Security levels can dominate each other.

Security level X dominates Y if and only if X is a higher classification than Y, and X is granted at least the full set of privileges Y has. In your example X = {TOP SECRET, {A,C}} does NOT dominate Y = {SECRET, {B,C}} because while X > Y in classification, X does not contain the full set of privileges in Y.

Pauls security level doesn't have to dominate the security level of the document. He only has to match the security level of the document and have the privileges of the document.

Daisetsu
  • 5,110
  • 1
  • 14
  • 24