You are hereMultilevel Security / MLS Dominance Relationship

MLS Dominance Relationship


 

The Multilevel Security policy uses an ordering relationship between labels known as the dominance relationship. Intuitively, we think of a label that dominates another as being "higher" than the other. Similarly, we think of a label that is dominated by another as being "lower" than the other.  The dominance relationship is used to determine permitted operations and information flows.

 

The dominance relationship is determined by the ordering of the Sensitivity/Clearance component of the label and the intersection of the set of Compartments.

 

Sample Sensitivity/Clearance ordering are:

  • Top Secret > Secret > Confidential > Unclassified
  • s3 > s2 > s1 > s0

Sample Compartment intersections are:

  • The intersection of {AB} and {A} is {A}.
  • The intersection of {c1,c2} and {c1} is {c1}.
  • The intersection of {AB} and {C} is {}.

Formally, for label1 to dominate label2 both of the following must be true:

  • The sensitivity/clearance of label1 must be greater than or equal to the sensitivity/clearance of label2.
  • The intersection of the compartments of label1 and label2 must equal the compartments of label2.

Additionally:

  • Two labels are said to be equal if their sensitivity/clearance and set of compartments are exactly equal. Note that dominance includes equality.
  • One label is said to strictly dominate the other if it dominates the other but is not equal to the other.
  • Two labels are said to be incomparable if each label has at least one compartment that is not included in the other's set of compartments.

The dominance relationship will produce a partial ordering over all possible MLS labels, resulting in what is known as the MLS Security Lattice