Documentation Home
> Trusted Solaris Label Administration
Trusted Solaris Label Administration
Book Information
Preface
Chapter 1 Introduction to Trusted Solaris Label Encodings
Labels Tasks: Who Does What
Types of Labels, Their Components and Uses
What Labels Ranges Do
How Labels Are Used in Access Control Decisions
Simple Mandatory Access Control Example
Labels' Components
Label Dominance
Accreditation Ranges, Label Ranges, and Valid Labels
System Accreditation Range
User Accreditation Range
Account Label Range
Account Label Range Examples
Session Range
Labeled Workspaces
Label Availability in Trusted Solaris Sessions
Authorizations and Label Translation
Authorizations for Upgrading and Downgrading Labels
Options for Restricting Users to a Single Label
Label Translation
Administering Administrative Labels
Issues About the Names of Administrative Labels
Specifying Whether Users See Administrative Labels' Names
Specifying Whether Users See Any Labels
Configuring How Labels are Printed on Banner/Trailer and Body Pages
Overview of Planning
Planning the Encodings File
Creating Large Numbers of Labels
Chapter 2 Creating or Modifying the Encodings File
Preparing the Label Encodings File
For a Site Using a Government-furnished Labels File
For a Site Without a Previously-existing Labels File
Before Installation
After Installation
Central Administration
Tools for Editing and Checking the label_encodings File
Suggested Working Policies
Changing the label_encodings File After System Start Up
Running Without Labels
Setting Up Single-label Operation
Sections for Defining Labels
Word Order Requirements
Adding or Renaming a Classification
Number of Classifications
Keywords Defined for Classifications
Setting Default and Inverse Words
Defining Compartment Words
Hierarchical Words
Using Bit Combinations to Establish Hierarchies
Using REQUIRED COMBINATIONS to Establish Hierarchies
Cautions About Mapping Labels to CIPSO Labels
Label Encodings Procedures
To Modify the label_encodings File
To Copy the label_encodings File to a Floppy Disk
To Copy the label_encodings File from a Floppy Disk
To Add Sun Extensions to a Pre-Existing Label Encodings File
To Set Up No Labels Operation
To Add or Rename a Classification in the Default label_encodings File
To Specify Default and Inverse Words
To Replace the Single Label in the Default Single-Label Encodings File
To Make Your Own Single-label Encodings File
To Configure Labels Not Visible to Users
To Ensure Labels Map to CIPSO Labels
Chapter 3 Specifying Labels and Handling Guidelines for Printer Output
Labels on Body Pages
Labels, Text, and Handling Caveats on Banner and Trailer Pages
Specifying the Protect As Classification
Specifying Printer Banners
Specifying CHANNELS
Printing Procedures
To Configure PRINTER BANNERS
To Configure CHANNELS
Chapter 4 Modifying Sun's Extensions in the Local Definitions Section
LOCAL DEFINITIONS Section
Values Specified in the LOCAL DEFINITIONS Section
Specifying Whether Other Labels are Substituted for Administrative Labels
Changing Label Component Names on Label Builders
Specifying Colors for Labels
Order of Color Specification
Color Values
Planning Color Names
Procedures for Modifying Sun Extensions
To Specify the System Default for Administrative Label Names
To Change Label Component Names Used in Label Builders
To Specify a Default User Clearance and Minimum Label
To Assign a Color to a Label or Word
Chapter 5 Example: Planning an Organization's Labels
Identifying the Site's Label Requirements
Problems Encountered in Trying to Meet Information Protection Goals
How Trusted Solaris Features Address Information Labeling and Access Control Requirements
Climbing the Security Learning Curve
Analyzing the Requirements for Each Label
PROPRIETARY/CONFIDENTIAL: INTERNAL_USE_ONLY
PROPRIETARY/CONFIDENTIAL: NEED_TO_KNOW
PROPRIETARY/CONFIDENTIAL: REGISTERED
Names of Group Associated with the Need to Know
Understanding the Set of Labels
Defining the Set of Labels
Planning the Classifications
Planning the Compartments
Planning the Use of Words in MAC
Planning the Use of Words in Labeling System Output
Planning How to Label Printer Output Pages as Desired
Planning for Supporting Procedures
Rules for Protecting a File or Directory Labeled with the REGISTERED Sensitivity Label
Rules for Configuring Printers
Rules for Handling Printer Output
Planning Classification Values in a Worksheet
Planning Compartment Values and Classification/Compartment Constraints in a Worksheet
Planning Clearances in a Worksheet
Planning the PRINTER BANNERS Wording in a Worksheet
Planning CHANNELS in a Worksheet
Planning the Minimums in an ACCREDITATION RANGE Worksheet
Planning the Colors in the COLOR NAMES Worksheet
Specifying the Labels During Post-Install Configuration
Encoding the VERSION
Encoding the CLASSIFICATIONS
Encoding the SENSITIVITY LABELS
Encoding the INFORMATION LABELS
Encoding the CLEARANCES
Encoding the CHANNELS
Encoding the PRINTER BANNERS
Encoding the ACCREDITATION RANGE
Encoding the Wording for Label Builders, Colors, and Other LOCAL DEFINITIONS Values
Encoding the Heading Names for Label Builders
Encoding the COLOR NAMES
Configuring Users to Enforce Labeling Decisions
Configuring Printing To Enforce Labeling Decisions
Appendix A Example: Label Encodings File
Classifications and Compartments
label_encodings.simple File
Appendix B Differences Between Default Label Encodings Files
Differences Between Single-label and Installed Label Encodings Files
Multiple Sensitivity Labels Version
Single Sensitivity Label Version
Index
Numbers and Symbols
A
B
C
D
E
F
G
H
I
K
L
M
N
P
R
S
T
U
V
W
© 2010, Oracle Corporation and/or its affiliates