MLS Dominance Relationship

The Multilevel Security policy uses an ordering relationship between labels known as the dominance relationship. Intuitively, we think of a label that dominates another as being "higher" than the other. Similarly, we think of a label that is dominated by another as being "lower" than the other. The dominance relationship is used to determine permitted operations and information flows.

The dominance relationship is determined by the ordering of the Sensitivity/Clearance component of the label and the intersection of the set of Compartments.

Sample Sensitivity/Clearance ordering are:

Top Secret > Secret > Confidential > Unclassified
s3 > s2 > s1 > s0

Sample Compartment intersections are:

The intersection of {AB} and {A} is {A}.
The intersection of {c1,c2} and {c1} is {c1}.
The intersection of {AB} and {C} is {}.

Formally, for label₁ to dominate label₂ both of the following must be true:

The sensitivity/clearance of label₁ must be greater than or equal to the sensitivity/clearance of label₂.
The intersection of the compartments of label₁ and label₂ must equal the compartments of label₂.

Additionally:

Two labels are said to be equal if their sensitivity/clearance and set of compartments are exactly equal. Note that dominance includes equality.
One label is said to strictly dominate the other if it dominates the other but is not equal to the other.
Two labels are said to be incomparable if each label has at least one compartment that is not included in the other's set of compartments.

The dominance relationship will produce a partial ordering over all possible MLS labels, resulting in what is known as the MLS Security Lattice.