Multilevel security is a security policy that allows you to classify objects and users based on a system of hierarchical security levels and a system of non-hierarchical security categories.
Multilevel security provides the capability to prevent unauthorized users from accessing information at a higher classification than their authorization, and prevents users from declassifying information.
Multilevel security offers the following advantages:
- Multilevel security enforcement is mandatory and automatic.
- Multilevel security can use methods that are difficult to express through traditional SQL views or queries.
- Multilevel security does not rely on special views or database variables to provide row-level security control.
- Multilevel security controls are consistent and integrated across the system, so that you can avoid defining users and authorizations more than once.
- Multilevel security does not allow users to declassify information.
What is a multilevel database?
Here is a link to pages that describe multilevel databases from Security in Computing By Shari Lawrence Pfleeger at Google Books.
Briefly, a multilevel database provides granular security for data depending on the sensitivity of the data field and clearance of the user for both writing and reading data.
Multi-level security in database management systems
Multi-level secure database management system (MLS-DBMS) security requirements are defined in terms of the view of the database presented to users with different authorizations.
These security requirements are intended to be consistent with DoD secure computing system requirements. An informal security policy for a multi-level secure database management system is outlined, and mechanisms are introduced that support the policy.
Security constraints are the mechanism for defining classification rules, and query modification is the mechanism for implementing the classification policy. These mechanisms ensure that responses to users’ queries can be assigned classifications which will make them observable to the querying users.
The first formulation of multilevel mandatory policies and the Bell LaPadulamodel, simply assumed the existence of objects (information containers) to which a classification is assigned. This assumption works well in the operating system context, where objects to be protected are essentially files containing the data. Later studies investigated the extension of mandatory policies to database systems. While in operating systems security classes are assigned to files, database systems can afford a finer-grained classification. Classification can in fact be considered at the level of relations (equivalent to file-level classification in OS), at the level of columns (different properties can have a different classification), at the level of rows (properties referred to…
Source: Springer Link