Concept of Trusted Systems

Multilevel security – subject at a high level may not convey information to a subject at a lower or non-comparable level unless that flow accurately reflects the will of an authorized user
No read up: Subject can only read an object of less or equal security level
No write down: Subject can only write into an object of greater or equal security level

Multilevel security – subject at a high level may not convey information to a subject at a lower or non-comparable level unless that flow accurately reflects the will of an authorized user