System High Mode
Encyclopedia
System High Mode is a mode of using an automated information system
(AIS) that pertains to an environment that contains restricted data that is classified in a hierarchical scheme, such as Top Secret
, Secret and Unclassified. System high pertains to the IA features of information processed, and specifically not to the strength or trustworthiness of the system.
System High Mode is distinguished from other modes (such as multilevel security
) by its lack of need for the system to contribute to the protection or separation unequal security classifications. In particular, this precludes use of the features of objects (e.g. content or format) produced by or exposed to an IAS operating in system high mode as criteria to securely downgrade those objects. As a result, all information in a System High AIS is treated as if it were classified at the highest security level of any data in the AIS. For example, Unclassified information can exist in a Secret System High computer but it must be treated as Secret, therefore it can never be shared with unclassified destinations (unless downgraded by reliable human review, which itself is risky because of lack of omniscient humans.) There is no known technology to securely declassify system high information by automated means because no reliable features of the data can be trusted after having been potentially corrupted by the system high host. When unreliable means are used (including Cross-Domain Solutions
and Bypass Guards) a serious risk of system exploitation via the bypass is introduced. Nevertheless, it has been done where the resulting risk is overlooked or accepted.
Automated information system
The term automated information system means an assembly of computer hardware, software, firmware, or any combination of these, configured to accomplish specific information-handling operations, such as communication, computation, dissemination, processing, and storage of information...
(AIS) that pertains to an environment that contains restricted data that is classified in a hierarchical scheme, such as Top Secret
Top Secret
Top Secret generally refers to the highest acknowledged level of classified information.Top Secret may also refer to:- Film and television :* Top Secret , a British comedy directed by Mario Zampi...
, Secret and Unclassified. System high pertains to the IA features of information processed, and specifically not to the strength or trustworthiness of the system.
System High Mode is distinguished from other modes (such as multilevel security
Multilevel security
Multilevel security or Multiple Levels of Security is the application of a computer system to process information with different sensitivities , permit simultaneous access by users with different security clearances and needs-to-know, and prevent users from obtaining access to information for...
) by its lack of need for the system to contribute to the protection or separation unequal security classifications. In particular, this precludes use of the features of objects (e.g. content or format) produced by or exposed to an IAS operating in system high mode as criteria to securely downgrade those objects. As a result, all information in a System High AIS is treated as if it were classified at the highest security level of any data in the AIS. For example, Unclassified information can exist in a Secret System High computer but it must be treated as Secret, therefore it can never be shared with unclassified destinations (unless downgraded by reliable human review, which itself is risky because of lack of omniscient humans.) There is no known technology to securely declassify system high information by automated means because no reliable features of the data can be trusted after having been potentially corrupted by the system high host. When unreliable means are used (including Cross-Domain Solutions
Cross Domain Solutions
Cross-Domain Solutions are solutions for information assurance that provides the ability to manually or automatically access or transfer between two or more differing security domains. They are integrated systems of hardware and software that enable transfer of information among incompatible...
and Bypass Guards) a serious risk of system exploitation via the bypass is introduced. Nevertheless, it has been done where the resulting risk is overlooked or accepted.
Sources
- NCSC (1985). "Trusted Computer System Evaluation Criteria". National Computer Security Center. (a.k.a. the TCSEC or "Orange Book" or DOD 5200.28 STD).