One context is to refer to a system that is adequate to protect itself from subversion and has robust mechanisms to separate information domains, that is, trustworthy.
Customers that deploy trusted operating systems typically require that the product complete a formal computer security evaluation.
The evaluation is stricter for a broader security range, which are the lowest and highest classification levels the system can process.
Historically few implementations have been certified capable of MLS processing with a security range of Unclassified through Top Secret.
Among them were Honeywell's SCOMP, USAF SACDIN, NSA's Blacker, and Boeing's MLS LAN, all under TCSEC, 1980s vintage and Intel 80386-based.
Because the Common Criteria decoupled TCSEC's pairing of assurance (EAL) and functionality (Protection Profile), the clear uniform mapping between security requirements and MLS security range capability documented in CSC-STD-004-85 has largely been lost when the Common Criteria superseded the Rainbow Series.
[3] Security evaluation was once thought to be a problem for these free MLS implementations for three reasons: Notwithstanding such suppositions, Red Hat Enterprise Linux 5 was certified against LSPP, RBACPP, and CAPP at EAL4+ in June 2007.
PitBull has the security base for General Dynamics' Trusted Network Environment (TNE) product since 2009.
TNE enables Multilevel information sharing and access for users in the Department of Defense and Intelligence communities operating a varying classification levels.
It's also the foundation for the Multilevel coalition sharing environment, the Battlefield Information Collection and Exploitation Systems Extended[6] (BICES-X).
LSPP mandates that users are not authorized to override the labeling policies enforced by the kernel and X Window System (X11 server).
Most commercially available MLS systems do not attempt to close all covert channels, even though this makes it impractical to use them in high security applications.
Bypass is problematic when introduced as a means to treat a system high object as if it were MLS trusted.
Bypass often arises out of failure to use trusted operating environments to maintain continuous separation of security domains all the way back to their origin.
Multiple Independent Levels of Security (MILS) is an architecture that addresses the domain separation component of MLS.
Note that UCDMO (the US government lead for cross domain and multilevel systems) created a term Cross Domain Access as a category in its baseline of DoD and Intelligence Community accredited systems, and this category can be seen as essentially analogous to MILS.
Trusted security-compliant channels mentioned above can link MILS domains to support more MLS functionality.
The rigid process communication and isolation offered by MILS may be more useful to ultra high reliability software applications than MLS.
By declining to address out of the box interaction among levels consistent with the hierarchical relations of Bell-La Padula, MILS is (almost deceptively) simple to implement initially but needs non-trivial supplementary import/export applications to achieve the richness and flexibility expected by practical MLS applications.
OLS is being deployed at the US Army INSCOM as the foundation of an "all-source" intelligence database spanning the JWICS and SIPRNet networks.
There is a project to create a labeled version of PostgreSQL, and there are also older labeled-database implementations such as Trusted Rubix.
The other MLS capability currently on the UCDMO baseline is called MLChat Archived 2013-03-17 at the Wayback Machine, and it is a chat server that runs on the XTS-400 operating system - it was created by the US Naval Research Laboratory.
[12] Joint Cross Domain eXchange (JCDX) is another example of an MLS capability currently on the UCDMO[permanent dead link] baseline.
The JCDX architecture is comprehensively integrated with a high assurance Protection Level Four (PL4) secure operating system, utilizing data labeling to disseminate near real-time data information on force activities and potential terrorist threats on and around the world's oceans.
It is installed at locations in United States and Allied partner countries where it is capable of providing data from Top Secret/SCI down to Secret-Releasable levels, all on a single platform.
BlueSpace uses a middleware strategy to enable its applications to be platform neutral, orchestrating one user interface across multiple Windows OS instances (virtualized or remote terminal sessions).
Examples include zones in Solaris 10 TX, and the padded cell hypervisor in systems such as Green Hill's Integrity platform, and XenClient XT from Citrix.
The High Assurance Platform from NSA as implemented in General Dynamics' Trusted Virtualization Environment (TVE) is another example - it uses SELinux at its core, and can support MLS applications that span multiple domains.