| Autor: |
Schotanus, H.A., Hartog, T., Verkoelen, C.A.A. |
| Jazyk: |
angličtina |
| Rok vydání: |
2012 |
| Předmět: |
|
| Zdroj: |
11th European Conference on Information Warfare and Security ECIW-2012, 5-6 July 2012, Laval, France |
| Popis: |
Multi-Level Security (MLS) is often viewed as the holy grail of information security, especially in those environments where information of different classifications is being processed. In this paper we argue that MLS cannot facilitate the right balance between need-to-protect and duty-to-share as required for a Network Enabled Capability (NEC) based military operations. This is due to the fact that MLS is deemed rigid in its restrictions; it obstructs the flow of information towards lower classifications by definition and thus influences duty-to-share; furthermore MLS results in a set of rigid preconditions for the physical environment to guarantee the required need-to-protect. The focus of a security solution instead should be on flexibility towards information sharing and reducing risks to be useful in a NEC environment. This can be achieved by firstly reducing the size (and complexity) of the systems that contain the classified information systems, using Multiple Independent Levels of Security (MILS) to create these smaller, separated compartments; and secondly controlling the information flow between the (different) classified compartments by dynamic policies. Moreover, the realignment of classification provisions can make management of information much more flexible and efficient. Hence, we can finally forget MLS. |
| Databáze: |
OpenAIRE |
| Externí odkaz: |
|
