49.6.2. Security Levels, Objects and Subjects

As discussed above, subjects and objects are labeled with Security Levels (SLs), which are composed of two types of entities:
  1. Sensitivity: — A hierarchical attribute such as "Secret" or "Top Secret".
  2. Categories: — A set of non-hierarchical attributes such as "US Only" or "UFO".
An SL must have one sensitivity, and may have zero or more categories.
Examples of SLs are: { Secret / UFO, Crypto }, { Top Secret / UFO, Crypto, Stargate } and { Unclassified }
Note the hierarchical sensitivity followed by zero or more categories. The reason for having categories as well as sensitivities is so that sensitivities can be further compartmentalized on a need-to-know basis. For example, while a process may be cleared to the "Secret" sensitivity level, it may not need any type of access to the project "Warp Drive" (which could be the name of a category).


  1. Security Levels on objects are called Classifications.
  2. Security Levels on subjects are called Clearances.
Thus, objects are labeled with a Classification, while subjects operate with a specific Clearance. Security Levels can have also Ranges, but these are beyond the scope of this introduction.