Oracle Solaris Trusted Extensions User's Guide

Visible Features of Trusted Extensions

After you have successfully completed the login process, as explained in Chapter 2, Logging In to Trusted Extensions (Tasks), you can work within Trusted Extensions. Your work is subject to security restrictions. Restrictions that are specific to Trusted Extensions include the label range of the system, your clearance, and your choice of a single-level or multilevel session. As the following figure illustrates, four features distinguish a system that is configured with Trusted Extensions from a Solaris system. To view the features on a Trusted JDS desktop, see Figure 1–5.

Figure 4–1 Multilevel Trusted CDE Desktop

Screen shows labels on windows and icons, the trusted
stripe with the trusted symbol and workspace label.

Label displays – All windows, workspaces, files, and applications have a label. The desktop provides label stripes and other indicators for viewing an entity's label.
Trusted stripe – This stripe is a special graphical security mechanism. In Solaris Trusted Extensions (CDE), the trusted stripe is always displayed at the bottom of the screen. In Solaris Trusted Extensions (JDS), the stripe is displayed at the top of the screen.
Limited access to applications from the workspace – The workspace provides access only to those applications that are permitted in your account.
Trusted Path menu – In Trusted CDE, the switch area in the Front Panel provides access to the Trusted Path menu, which is used to perform security-related tasks. In Trusted JDS, the trusted symbol provides access to the menu.

Labels on Trusted Extensions Desktops

As discussed in Mandatory Access Control, all applications and files in Trusted Extensions have labels. Trusted Extensions displays labels in the following locations:

Window label stripes above the window title bar
Window icon label stripes under the minimized window
Window label indicator in the trusted stripe
Query window label indicator from the Trusted Path menu that displays the label of the window or icon that is specified by the pointer location
In Trusted JDS, the color of the panels indicate the label of the workspace.

Figure 4–2 Panels Indicating Workspaces at Different Labels in Trusted JDS

Graphic shows four panels with different labels and different
windows in each labeled workspace.

Figure 4–1 shows how labels display on a Trusted CDE desktop. Figure 1–5 shows how labels display on a Trusted JDS desktop. The Query Window Label menu item can be used to display the label of a window. For an illustration, see Figure 3–5.

Trusted Stripe

In Trusted CDE, the trusted stripe appears in a reserved area at the bottom of the screen in all Trusted Extensions sessions. In Trusted JDS, the trusted stripe appears at the top of the screen.

The purpose of the trusted stripe is to give you a visual confirmation that you are in a legitimate Trusted Extensions session. The stripe indicates when you are interacting with the trusted computing base (TCB). The stripe also displays the labels of your current workspace and current window. The trusted stripe cannot be moved or obscured by other windows or dialog boxes.

In Trusted CDE, the trusted stripe has two elements:

The trusted symbol – Displays when the screen focus is security-related.
The window label – Optional. Displays the label of the active window.

Figure 4–3 `PUBLIC` Window Label in the Trusted Stripe

Screen shows the trusted stripe without the trusted symbol
and with a workspace label of PUBLIC.

In Trusted JDS, the trusted stripe has two additional elements:

The current account name – At the right of the trusted symbol, displays the name of the owner of new processes in the workspace. If the account is a role account, a hat icon precedes the role name.
Labeled windows – Displays the labels of all windows in the workspace.

Figure 4–4 Trusted Stripe on the Trusted JDS Desktop

Trusted Symbol

Whenever you access any portion of the TCB, the trusted symbol appears at the left of the trusted stripe area. If your configuration suppresses labels, then the trusted symbol appears with the trusted stripe. In Trusted CDE, the symbol appears to the left of the Front Panel. In Trusted JDS, the symbol appears at the left of the trusted stripe.

The trusted symbol is not displayed when the pointer is focused in a window or area of the screen that does not affect security. The trusted symbol cannot be forged. If you see the symbol, you can be sure that you are safely interacting with the TCB.

Caution –

If the trusted stripe is missing from your workspace, contact the security administrator. The problem with your system could be serious.

The trusted stripe should not appear during login, or when you lock your screen. If the trusted stripe shows, contact the administrator immediately.

Window Label Indicator

The Window Label indicator displays the label of the active window. In a multilevel session, the indicator can help identify windows with different labels in the same workspace. The indicator can also show that you are interacting with the TCB. For example, when you change your password, the Trusted Path indicator displays in the trusted stripe.

Figure 4–5 `Trusted Path` Indicator in the Trusted Stripe

Screen shows the trusted stripe without the trusted symbol
and with a label of Trusted Path.