Survey of Multi-Level Security (MLS) Products


  1. Detombe, J.
  2. Cowan, D.
  3. Smith, M.
  4. O'Brien, J.
Corporate Authors
Defence R&D Canada - Ottawa, Ottawa ONT (CAN);AEPOS Technologies Corp, Gatineau QUE (CAN)
Multi-level secure computer design began in the late 1960s.The work defined principles of multi-level secure computing: the concept of mandatory and discretionary access control, the Security Reference Monitor, audit, development practices, identification and authentication, formal descriptions, and a requirement that a multi-level secure computer had to be evaluated. It is upon this final requirement that the concept of trust in computing systems is built. This document is focused on products that are trustable, and thus have been evaluated. That work led to the development of security standards for evaluation. First, the Trusted Computer System Evaluation Criteria (TCSEC) laid down standards for functionality and assurance for computer system. Later, many countries developed their own standards. This led to the development of a Common Criteria published in 1999. The evolution of the evaluation criteria caused a change in focus. The TCSEP set out requirements for both total system functionality and assurance while new criteria focused on a more granular level of functionality and assurance. The computer industry also changed greatly over this time. With hardware being more affordable, organizations could separate their information domains onto systems and networks operating at a single sensitivity level with the users all having a need-to-know and an appropriate security clearance. This caused a shift in the types of security products available in the marketplace. Where once
Report Number
DRDC-OTTAWA-CR-2004-268 — Contractor Report (Final)
Date of publication
01 Dec 2004
Number of Pages

Permanent link

Document 1 of 1

Date modified: