Security Levels, Objects And Subjects - Red Hat ENTERPRISE LINUX 5 - DEPLOYMENT Deployment Manual

Chapter 44. Security and SELinux
Figure 44.3. Available data flows using an MLS system
Under such a system, users, computers, and networks use labels to indicate security levels. Data can
flow between like levels, for example between "Secret" and "Secret", or from a lower level to a higher
level. This means that users at level "Secret" can share data with one another, and can also retrieve
information from Confidential-level (i.e., lower-level), users. However, data cannot flow from a higher
level to a lower level. This prevents processes at the "Secret" level from viewing information classified
as "Top Secret". It also prevents processes at a higher level from accidentally writing information to a
lower level. This is referred to as the "no read up, no write down" model.
44.6.1.2. MLS and System Privileges
MLS access rules are always combined with conventional access permissions (file permissions). For
example, if a user with a security level of "Secret" uses Discretionary Access Control (DAC) to block
access to a file by other users, this also blocks access by users with a security level of "Top Secret". A
higher security clearance does not automatically give permission to arbitrarily browse a file system.
Users with top-level clearances do not automatically acquire administrative rights on multi-level
systems. While they may have access to all information on the computer, this is different from having
administrative rights.

44.6.2. Security Levels, Objects and Subjects

As discussed above, subjects and objects are labeled with Security Levels (SLs), which are composed
of two types of entities:
1. Sensitivity: — A hierarchical attribute such as "Secret" or "Top Secret".
2. Categories: — A set of non-hierarchical attributes such as "US Only" or "UFO".
740