Label Dominance

Language:

When any type of label has a security level that is equal to or greater than the security level of a second label, the first label is said to dominate the second label. This comparison of security levels is based on classifications and compartments in the labels. The classification of the dominant label must be equal to or higher than the classification of the second label. Additionally, the dominant label must include all the compartments in the second label. Two equal labels are said to dominate each other.

By these criteria, TS A dominates TS, and TS dominates TS. The classification and compartment bits of the Top Secret (TS) label are shown in the following figure.

Figure 1-3 Representation of the TS, TS A, TS B, and TS AB Labels

image:Graphic shows the classification and compartment sections of the Top Secret labels.

Another kind of dominance, strict dominance, is sometimes required for access. One label strictly dominates another label when the first label has a security level that is greater than the security level of the other label. Strict dominance is dominance without equality. The classification of the first label is higher than the classification of the second label. The first label contains all the compartments in the second label. Or, if the classifications of both labels are the same, the first label contains all the compartments in the second label, in addition to one or more additional compartments.

Labels that are not in a dominance relationship are said to be disjoint. Disjoint labels are appropriate for separating departments at a company. For example, the label TS HR (Human Resources) would be disjoint from TS Sales.