System High Mode

From Wikipedia, the free encyclopedia

You have new messages (last change).

System High Mode (also referred to simply as System High) is a mode of using an automated information system (AIS) that pertains to an environment that contains restricted data that is classified in a hierarchical scheme, such as Top Secret, Secret and Unclassified. System High Mode is distinguished from other modes (such as multilevel security) by its lack of trust of the host AIS system to separate classifications. As a result, all information in a System High AIS is treated as if it were classified at the highest security level of any data in the AIS. For example, Unclassified information can exist in a Secret System High computer but it must be treated as Secret, therefore it cannot be declassified (unless by reliable human review, which itself is risky because of lack of omniscient humans.) There is no known technology to securely declassify system high information by automated means because no reliable features of the data can be trusted after having been potentially corrupted by the untrusted host. When unreliable means are used (including Cross Domain Solutions and Bypass Guards) a serious risk of system exploitation via the bypass is introduced. Nevertheless, it is has been done where the resulting risk is overlooked or accepted.

[edit] Sources

  • NCSC (1985). "Trusted Computer System Evaluation Criteria". National Computer Security Center. (a.k.a. the TCSEC or "Orange Book" or DOD 5200.28 STD).
Retrieved from "http://en.wikipedia.org../../../s/y/s/System_High_Mode_32a9.html"