How Trusted Solaris Features Address Information Labeling and Access Control Requirements
The Trusted Solaris operating system does not leave labeling up to computer users. All printer output from hosts running Trusted Solaris software is automatically labeled according to the site's requirements. The Solar Systems' executives decided to use the Trusted Solaris operating system when they realized that the product could both meet the requirements of the legal department and support the goals of the system administrators.
Even though security was not yet fully understood at the company, executives knew they could put the following features to use right away:
-
Each print job is automatically assigned a label, which is the label that corresponds either to the level at which the user is working or to the user's level of responsibility.
Figure 5-1 shows an employee working at a level of INTERNAL_USE_ONLY, which means that the work he is doing should only be accessible by Solar Systems employees and others who have signed nondisclosure agreements. When he sends email to the printer, the print job is automatically assigned the label INTERNAL_USE_ONLY.
Figure 5-1 Automatic Labeling of Print Jobs
-
The printer automatically prints a company-specified label at the top and bottom of each page of printed output.
In Figure 5-2, the letter that was sent to the printer in Figure 5-1 is printed with the user's working label, INTERNAL_USE_ONLY, at the top and bottom of every page.
Figure 5-2 Label Automatically Printed on Body Pages
-
Banner and trailer pages are automatically created for each print job and are printed with company-specific handling guidelines.
Figure 5-3 shows the wording for a print job whose sensitivity level has a classification of NEED_TO_KNOW and a department of HUMAN_RESOURCES.
Figure 5-3 Handling Guidelines on Banner and Trailer Pages
NEED_TO_KNOW HR DISTRIBUTE ONLY TO HUMAN RESOURCES (NON-DISCLOSURE AGREEMENT REQUIRED) |
Below the sensitivity label in the previous example, a handling caveat provides instructions about how the printed material should be distributed. The instructions are understood to mean that the information should be distributed only to human resources personnel with a need to know about it and that the reader must have signed a nondisclosure agreement.
-
Printers can be configured to print only jobs with labels within a restricted label range.
For example, the legal department's printer can be set up (as illustrated in Figure 5-4) to print only jobs sent at the following three labels:
-
NEED_TO_KNOW LEGAL (to be viewed only by those with a need to know within the legal department)
-
INTERNAL_USE_ONLY (to be viewed only by permanent employees of the Solar Systems company and other who have signed nondisclosure agreements), and
-
PUBLIC (to be viewed by anybody)
A printer set up as specified above would exclude jobs sent at any other label. For example, the legal department printer set up as described above would reject jobs at:
-
NEED_TO_KNOW MARKETING, and
-
REGISTERED
-
Figure 5-4 How a Printer With a Restricted Label Range Handles Jobs
Printers in other locations that are accessible to all employees can be configured to print jobs only at the two labels that allow the output to be viewed by all employees:
-
INTERNAL_USE_ONLY
-
PUBLIC
A label is automatically assigned to each email message based on the sensitivity level at which the sender is working.
Figure 5-5 shows email being labeled at the sensitivity label of the user's mail application and sent to the mail application at that label.
Figure 5-5 Automatic Labeling of Email
Similar to how the printer label range controls which jobs can be printed on a particular printer, a user's personal sensitivity label range limits which email the person can receive and send (see Figure 5-6).
Figure 5-6 A User Receiving Email within the Account Label Range
- © 2010, Oracle Corporation and/or its affiliates