Trusted Solaris Label Administration

Identifying the Site's Label Requirements

Solar Systems, Inc. is a fictional name for the company whose label requirements are modeled in this example. To protect the corporation's intellectual property, the company's legal department mandates that employees use three labels on all sensitive email and printed materials. The three labels, from most-sensitive to least-sensitive are:

Solar Proprietary/Confidential: Registered

Solar Proprietary/Confidential: Need To Know

Solar Proprietary/Confidential: Internal Use Only

The legal department also approves the use of an optional fourth label for information that can be distributed to anyone without restrictions:

Public

Problems Encountered in Trying to Meet Information Protection Goals

At Solar Systems, Inc., the manager in charge of Information Protection makes use of all possible channels to get the word out about labeling requirements. Some employees either do not understand, forget about, or ignore the requirements. Even when labels are properly applied, the information is not always properly handled, stored, and distributed. For example, reports trickle back that even Registered information (which only a limited list of people should see and nobody but the originator should copy) is sometimes found unattended next to copy machines and printers, in break rooms, and lobbies.

How Trusted Solaris Features Address Information Labeling and Access Control Requirements

The Trusted Solaris operating system does not leave labeling up to computer users. All printer output from hosts running Trusted Solaris software is automatically labeled according to the site's requirements. The Solar Systems' executives decided to use the Trusted Solaris operating system when they realized that the product could both meet the requirements of the legal department and support the goals of the system administrators.

Even though security was not yet fully understood at the company, executives knew they could put the following features to use right away:

Figure 5-1 Automatic Labeling of Print Jobs

Graphic

Figure 5-2 Label Automatically Printed on Body Pages

Graphic

Figure 5-3 Handling Guidelines on Banner and Trailer Pages


NEED_TO_KNOW HR

DISTRIBUTE ONLY TO HUMAN RESOURCES (NON-DISCLOSURE AGREEMENT REQUIRED)

Below the sensitivity label in the previous example, a handling caveat provides instructions about how the printed material should be distributed. The instructions are understood to mean that the information should be distributed only to human resources personnel with a need to know about it and that the reader must have signed a nondisclosure agreement.

Figure 5-4 How a Printer With a Restricted Label Range Handles Jobs at Various Labels

Graphic

Printers in other locations that are accessible to all employees can be configured to print jobs only at the two labels that allow the output to be viewed by all employees:

A label is automatically assigned to each email message based on the sensitivity level at which the sender is working.

Figure 5-5 shows email being labeled at the sensitivity label of the user's mail application and sent to the mail application at that label.

Figure 5-5 Automatic Labeling of Email

Graphic

Similar to how the printer label range controls which jobs can be printed on a particular printer, a user's personal sensitivity label range limits which email the person can receive and send (see Figure 5-6).

Figure 5-6 A User Receiving Email within His Account Label Range

Graphic