Host Types in Networking

The Trusted Solaris environment classifies host types according to the networking protocols as follows:

• Trusted Solaris - Workstations running Trusted Solaris software. It uses binary representation for security attributes in the protocol.

• unlabeled - Hosts that do not send or recognize security attributes.

• TSIX - Hosts supporting the TSIX (RE) 1.1 (Trusted Systems Information eXchange for Restricted Environments standard). It uses the same format as Trusted Solaris hosts (see Figure 3-3) except that it uses tokens (arbitrary 32-bit numbers) rather than binary data to represent security attributes. The tokens use the security attribute token mapping protocol (SATMP).

• CIPSO - Hosts conforming to CIPSO, TSIX (RE) 1.1. The only security attributes supported under CIPSO are the DOI (domain of interpretation) and CIPSO label.

• RIPSO - Hosts conforming to RIPSO, as described in the IETF RFC 1108. The Trusted Solaris environment supports an administratively-set fixed RIPSO label to be applied to incoming and outgoing network packets. Although this functionality does not fully meet the RFC specifications, it supplies sufficient functionality where RIPSO labels are needed.

The TSIX, CIPSO, and RIPSO host types lie in the category of hosts running other trusted operating environments. The unlabeled host type is intended for those hosts that use the standard networking protocol and do not support security attributes.