Mandatory security and object‐oriented systems: A multilevel entity model and its mapping onto a single‐level object model

Abstract

The application of mandatory security policies in object-oriented systems require objects to be single-level, i.e., all information in an object must have the same security classification. However, real-world entities are often multilevel. Moreover, different coexistence options for property values at different levels are needed. In this paper we present a model for specifying multilevel entities. The proposed entity model supports different options by which users can specify whether low level values of entity properties are to be considered valid at higher levels or whether they represent cover stories not valid at higher levels. We then illustrate how entities expressed in this model can be mapped onto single-level objects. We also present a methodology and algorithms to automatically perform such a mapping. © 1998 John Wiley & Sons, Inc.