A Design of an Access Control Model for Multilevel-Security Documents

In this paper, the authors describe an access control model for multilevel-security documents, those structured into multiple sections based on certain security classifications. Their access control system uses XACML policies to allow documents, whose contents have varying sensitivity levels, to be created, viewed, and edited by groups that have members with varying clearance levels, while enforcing the required security constraints. In modern distributed environments the demand for applications that provide collaboration tools is expanding. Highly valuable documents, created every day, need to be securely shared between and updated by the authorized users. This paper describes techniques and solutions to establish an access control model that protects the access to multilevel-security documents.