High-water mark (computer security)
||This article provides insufficient context for those unfamiliar with the subject. (October 2009)|
Under high-water mark, any object less than the user's security level can be opened, but the object is relabeled to reflect the highest security level currently open. Hence the name.
The practical effect of the high-water mark was a gradual movement of all objects towards the highest security level in the system. If user A is writing a CONFIDENTIAL document, and checks the unclassified dictionary, the dictionary becomes CONFIDENTIAL. Then, when user B is writing a SECRET report and checks the spelling of a word, the dictionary becomes SECRET. Finally, if user C is assigned to assemble the daily intelligence briefing at the TOP SECRET level, reference to the dictionary makes the dictionary TOP SECRET, too.
Low-water mark is an extension to Biba Model. In Biba model, no write up and no read down rules are enforced. In this model the rules are exactly opposite of the rules in Bell-La Padula model. In the low-water mark model, write down is permitted, but the subject label, after writing will be degraded to object label. It can be classified in floating label security models.
- Clark Weissmann (1969). "Security controls in the ADEPT-50 timesharing system". AFIPS Conference Proceedings FJCC 35. pp. 119–133.
- "The LOMAC project". Retrieved 16 February 2011.
- NAI Labs Advanced Research. "LOMAC: Low Water-Mark Integrity Protection for Linux" (PDF). Retrieved 16 February 2011.
|This computer security article is a stub. You can help Wikipedia by expanding it.|