{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2025,8,2]],"date-time":"2025-08-02T18:00:53Z","timestamp":1754157653129,"version":"3.41.2"},"reference-count":22,"publisher":"Emerald","issue":"5","license":[{"start":{"date-parts":[[2008,11,21]],"date-time":"2008-11-21T00:00:00Z","timestamp":1227225600000},"content-version":"tdm","delay-in-days":0,"URL":"https:\/\/www.emerald.com\/insight\/site-policies"}],"content-domain":{"domain":[],"crossmark-restriction":false},"short-container-title":[],"published-print":{"date-parts":[[2008,11,21]]},"abstract":"<jats:sec><jats:title content-type=\"abstract-heading\">Purpose<\/jats:title><jats:p>The purpose of this paper is to propose and describe a concept for multilevel security (MLS) that may be advantageous in information systems with a limited number of security levels. The concept should also adapt to information systems with limited capacities.<\/jats:p><\/jats:sec><jats:sec><jats:title content-type=\"abstract-heading\">Design\/methodology\/approach<\/jats:title><jats:p>Assuming that confidentiality, integrity and availability are mutually independent security attributes of a generic information object, security requirements are modelled as a multidimensional vector space. Each axis represents one dimension of security. An axis is divided into an arbitrary number of levels. The paper shows how rules from the classic MLS models may enforce one\u2010directional information flow simultaneously and independently along each axis. By controlling flow this way, insecure or undefined states cannot be reached.<\/jats:p><\/jats:sec><jats:sec><jats:title content-type=\"abstract-heading\">Findings<\/jats:title><jats:p>Handling different MLS properties independently enables an effective verification algorithm based on simple logical or binary operations. Verification of rights can be executed within a few clock cycles.<\/jats:p><\/jats:sec><jats:sec><jats:title content-type=\"abstract-heading\">Research limitations\/implications<\/jats:title><jats:p>Future research includes formal in\u2010depth studies of potential applications in databases, sensor information, operating systems and communication networks.<\/jats:p><\/jats:sec><jats:sec><jats:title content-type=\"abstract-heading\">Practical implications<\/jats:title><jats:p>Simple logical port circuits may implement the proposed verification method. The method is well suited for tamper proof devices immune to software\u2010based attacks.<\/jats:p><\/jats:sec><jats:sec><jats:title content-type=\"abstract-heading\">Originality\/value<\/jats:title><jats:p>The paper describes a MLS concept that combines dimensions of security, like confidentiality, integrity and availability. The concept intends to be a \u201clight\u2010weight\u201d alternative to classic MLS models.<\/jats:p><\/jats:sec>","DOI":"10.1108\/09685220810920521","type":"journal-article","created":{"date-parts":[[2008,11,15]],"date-time":"2008-11-15T07:03:08Z","timestamp":1226732588000},"page":"436-448","source":"Crossref","is-referenced-by-count":5,"title":["A multidimensional approach to multilevel security"],"prefix":"10.1108","volume":"16","author":[{"given":"Eli","family":"Winjum","sequence":"first","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Bj\u00f8rn","family":"Kjetil M\u00f8lmann","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]}],"member":"140","reference":[{"key":"key2022032120233359300_b1","unstructured":"Bell, D.E. and LaPadula, L.J. (1975), \u201cSecure computer systems, mathematical foundations\u201d, Mitre Corp. Report No. MTR\u20102547, Mitre Corp., Bedford, MA."},{"key":"key2022032120233359300_b2","unstructured":"Biba, K.J. (1977), \u201cIntegrity considerations for secure computer systems\u201d, Mitre Corp. Report No. MTR\u20103153, Mitre Corp., Bedford, MA, Bedford, MA."},{"key":"key2022032120233359300_b3","unstructured":"Bishop, M. (2003), Computer Security: Art and Science, Addison\u2010Wesley, Boston, MA, pp. 95\u20109."},{"key":"key2022032120233359300_b4","doi-asserted-by":"crossref","unstructured":"Denning, D.E. (1976), \u201cA lattice model of secure information flow\u201d, Communications of the ACM, Vol. 19 No. 5, pp. 236\u201043.","DOI":"10.1145\/360051.360056"},{"key":"key2022032120233359300_b5","doi-asserted-by":"crossref","unstructured":"Galik, D. and Tretick, B. (1991), \u201cFielding multilevel security into command and control systems\u201d, Proceedings of the 7th Annual Computer Security Applications Conference, pp. 202\u20108.","DOI":"10.1109\/CSAC.1991.213005"},{"key":"key2022032120233359300_b6","doi-asserted-by":"crossref","unstructured":"Hoffman, P. (Ed.) (1999), \u201cEnhanced security services for S\/MIME\u201d, Internet Engineering Task Force (IETF) rfc 2634.","DOI":"10.17487\/rfc2634"},{"key":"key2022032120233359300_b7","doi-asserted-by":"crossref","unstructured":"Housley, R. (1993), \u201cSecurity label framework for the internet\u201d, Internet Engineering Task Force (IETF) rfc 1457.","DOI":"10.17487\/rfc1457"},{"key":"key2022032120233359300_b8","unstructured":"Huang, Q. and Shen, C. (2004), \u201cA new MLS mandatory policy combining secrecy and integrity implemented in highly classified secure level OS\u201d, Proceedings of the 7th International Conference on Signal Processing (ICSP'04), Vol. 3, pp. 2409\u201012."},{"key":"key2022032120233359300_b9","unstructured":"Irvine, C.E., Levin, T.E., Nguyen, T.D., Shifflett, D., Khosalim, J., Clark, P.C., Wong, A., Afinidad, F., Bibighaus, D. and Sears, J. (2004), \u201cOverview of a high assurance architecture for distributed multilevel security\u201d, Proceedings of the 2004 IEEE Workshop on Information Assurance and Security, pp. 38\u201045."},{"key":"key2022032120233359300_b10","unstructured":"Kang, J\u2010M., Shin, W., Park, C\u2010G. and Lee, D\u2010I. (2001), \u201cExtended BLP security model based on process reliability for secure Linux kernel\u201d, Proceedings of the 2001 Pacific Rim International Symposium on Dependable Computing, IEEE Computer Society, pp. 299\u2010303."},{"key":"key2022032120233359300_b11","doi-asserted-by":"crossref","unstructured":"Kuhn, D.R. (1998), \u201cRole based access control on MLS systems without kernel changes\u201d, paper presented at 3rd ACM Workshop on Role\u2010Based Access Control.","DOI":"10.1145\/286884.286890"},{"key":"key2022032120233359300_b12","doi-asserted-by":"crossref","unstructured":"Landwehr, C.E., Heitmeyer, C.L. and McLean, J.D. (1984), \u201cA security model for military message systems\u201d, ACM Transactions on Computer Systems, Vol. 2 No. 3, pp. 198\u2010222.","DOI":"10.1145\/989.991"},{"key":"key2022032120233359300_b13","doi-asserted-by":"crossref","unstructured":"Lipner, S. (1982), \u201cNon\u2010discretionary controls for commercial applications\u201d, Proceedings of the 1982 IEEE Symposium on Security and Privacy, pp. 2\u201010.","DOI":"10.1109\/SP.1982.10022"},{"key":"key2022032120233359300_b14","unstructured":"Liu, Y. and Li, X. (2005), \u201cLattice model based on a new information security function\u201d, Proceedings of the 8th International Symposium on Autonomous Decentralized Systems (ISADS 2005), pp. 566\u20109."},{"key":"key2022032120233359300_b15","unstructured":"Microsoft (2008), \u201cMicrosoft\u201d, available at: www.microsoft.com\/."},{"key":"key2022032120233359300_b16","doi-asserted-by":"crossref","unstructured":"Neugent, B. (1994), \u201cWhere we stand in multilevel security (MLS): requirements, approaches, issues, and lessons learned\u201d, Proceedings of the 10th Annual Computer Security Applications Conference, pp. 304\u20105.","DOI":"10.1109\/CSAC.1994.367297"},{"key":"key2022032120233359300_b17","unstructured":"NIST (2006), \u201cGlossary of key information security terms\u201d, NIST IR 7298, National Institute of Standards and Technology, Gaithersburg, MD."},{"key":"key2022032120233359300_b18","doi-asserted-by":"crossref","unstructured":"Osborne, S., Sandhu, R. and Munawer, Q. (2000), \u201cConfiguring role\u2010based access control to enforce mandatory and discretionary access control policies\u201d, ACM Transactions on Information and System Security, Vol. 3 No. 2, pp. 85\u2010106.","DOI":"10.1145\/354876.354878"},{"key":"key2022032120233359300_b19","doi-asserted-by":"crossref","unstructured":"Sandhu, R.S. (1993), \u201cLattice\u2010based access control models\u201d, IEEE Computer, Vol. 26 No. 11, pp. 9\u201019.","DOI":"10.1109\/2.241422"},{"key":"key2022032120233359300_b20","doi-asserted-by":"crossref","unstructured":"Sandhu, R.S., Ferraiolo, D., Gavrila, S., Hu, V. and Kuhn, R. (2000), \u201cThe NIST model for role\u2010based access control: towards a unified standard\u201d, Proceedings of the 5th ACM Workshop on Role Based Access Control.","DOI":"10.1145\/344287.344301"},{"key":"key2022032120233359300_b21","doi-asserted-by":"crossref","unstructured":"Shirey, R.W. (2000), \u201cInternet security glossary\u201d, Internet Engineering Task Force (IETF) rfc 2828.","DOI":"10.17487\/rfc2828"},{"key":"key2022032120233359300_b22","unstructured":"Sun Microsystems (2008), \u201cSun Microsystems\u201d, available at: www.sun.com\/."}],"container-title":["Information Management &amp; Computer Security"],"original-title":[],"language":"en","link":[{"URL":"http:\/\/www.emeraldinsight.com\/doi\/full-xml\/10.1108\/09685220810920521","content-type":"unspecified","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/www.emerald.com\/insight\/content\/doi\/10.1108\/09685220810920521\/full\/xml","content-type":"application\/xml","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/www.emerald.com\/insight\/content\/doi\/10.1108\/09685220810920521\/full\/html","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,7,25]],"date-time":"2025-07-25T00:09:07Z","timestamp":1753402147000},"score":1,"resource":{"primary":{"URL":"http:\/\/www.emerald.com\/ics\/article\/16\/5\/436-448\/185677"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2008,11,21]]},"references-count":22,"journal-issue":{"issue":"5","published-print":{"date-parts":[[2008,11,21]]}},"alternative-id":["10.1108\/09685220810920521"],"URL":"https:\/\/doi.org\/10.1108\/09685220810920521","relation":{},"ISSN":["0968-5227"],"issn-type":[{"type":"print","value":"0968-5227"}],"subject":[],"published":{"date-parts":[[2008,11,21]]}}}