The Cascading Problem
MITRE CORP BEDFORD MA
Pagination or Media Count:
When a trusted computer system is connected to a network, there are new risks to consider, risks to the network as well as to the computer system. Each party to the connection wishes to ensure that the sensitive data it protects will continue to be adequately protected when it is exported across the connection. Obviously, the system receiving the exported information should be capable of protecting it this is a local risk factor. It is less obvious that there are also global risks, which depend on the topology of the network. The cascading problem is one of those global risks. This paper characterizes the problem and summarizes what is known about detecting it analytically. It includes a matrix algorithm reported previously only in less accessible references, and discusses the assumptions and rationale behind cascading analysis. Cascading is a concern in networks where dissemination of information is limited on the basis of a sensitivity label and some less standardized need- to-know controls. The cascading problem is concerned with access control based on the sensitivity label. Respecting need-to-know restrictions is an important consideration in network security policy, but it has an impact on the cascading problem only on the extent that it influences the topology of the network. Sensitivity label restrictions in a multilevel network are handled by assigning each subsystem an accreditation range, defining the set of sensitivity levels that a subsystem is trusted to segregate and label accurately for export over network links.
- Computer Systems Management and Standards