controls and operation rights are assigned to groups of objects rather
               than on a per-object basis. This approach allows security

               administrators to define and name groups easily (the names are often
               related to job roles or responsibilities) and helps make the
               administration of rights and privileges easier (when you add an object
               to a class, you confer rights and privileges rather than having to
               manage rights and privileges for each object separately).


               Data Hiding

               Data hiding is an important characteristic in multilevel secure

               systems. It ensures that data existing at one level of security is not
               visible to processes running at different security levels. The key
               concept behind data hiding is a desire to make sure those who have no
               need to know the details involved in accessing and processing data at
               one level have no way to learn or observe those details covertly or
               illicitly. From a security perspective, data hiding relies on placing
               objects in security containers that are different from those that

               subjects occupy to hide object details from those with no need to know
               about them.


               Process Isolation

               Process isolation requires that the operating system provide separate
               memory spaces for each process’s instructions and data. It also
               requires that the operating system enforce those boundaries,
               preventing one process from reading or writing data that belongs to
               another process. There are two major advantages to using this

               technique:

                    It prevents unauthorized data access. Process isolation is one of the
                    fundamental requirements in a multilevel security mode system.

                    It protects the integrity of processes. Without such controls, a
                    poorly designed process could go haywire and write data to
                    memory spaces allocated to other processes, causing the entire

                    system to become unstable rather than affecting only the execution
                    of the errant process. In a more malicious vein, processes could
                    attempt (and perhaps even succeed at) reading or writing to
                    memory spaces outside their scope, intruding on or attacking other