Multi-Level Security Research For SharePoint Introduction

Multi-Level Security is an important concept for several flavors of industry, but most importantly those that exist within the federal government. The concept of Multi-Level Security is built upon the model that were firstly built on the Bell-LaPueda model, which in general, simply laid the foundation for read/write access across logical boundaries.

As with any security model, there are two important concepts that are typical involved, the object, or the asset that a requesting party wants access to, and the subject, which is the querying party for that specific asset. Regardless of how the request is routed, these two concepts are a constant within any security model proof.

Microsoft Windows is natively tied to the concept of Discretionary Access Control, since security levels are irrevocable bound to native Windows Identities, which, for federal sectors and certain industries that have to comply with various types of regulations, can be rather restricting and make management of objects an increasingly difficult task. The concept of Multi-Level security, or can be generally called Mandatory Access Control, builds upon the concept that arbitrary personnel are tagged with a classification. Whether it is secret, top-secret, or public. In this sense, the concept of Multi-Level Security, is Multi-Level in general hierarchy. Looking at the initial diagram depicted, we can see that there are two main actions. The first of those are the requestors, those that are querying to access a specific asset that exists on the MOSS server at a high level, which is noted as the Sigma to keep the context of the diagram somewhat bland for applicability purposes. SharePoint has the capability to store user information, as well as access controls to the backend databases, and therefore provides the medium between the actual user requests and the serving of the requested object. The second is the receiver, which are the low level of requestors that can have an arbitrary numeric as well. Hence, we have High systems denoted as S, and low systems that are denoted as R. The communication between the two is all mitigated with SharePoint as the general medium between the two objects.


Leave a Reply

Your email address will not be published. Required fields are marked *