|Skip Navigation Links|
|Exit Print View|
|Compartmented Mode Workstation Labeling: Encodings Format Oracle Solaris 11 Express 11/10|
Many words must be specified as being components of all three types of labels: information labels, sensitivity labels, and clearances. In fact, in most cases, words that appear in sensitivity labels also appear in clearances and information labels.
(Sometimes the word may have a different name or prefix in a clearance, but has the same meaning as the sensitivity label word because it is associated with the same compartment bits. See Chapter 5, Sensitivity Label, Clearance, Channels, and Printer Banner Encodings for a discussion of why a clearance word might have a different prefix than an otherwise equivalent sensitivity label word. Also, sometimes the word may have a different name in an information label, but has the same meaning as the sensitivity label word because it is associated with the same compartment bits. In other cases, the word may not appear in an information label, but one or more other words that specify the same compartment bit pattern do appear.)
When the same word appears in multiple types of labels, extreme care must be taken to ensure that the words are specified as consistently as possible in each label. In particular, the words should have the same minclass, maxclass, and the same required combinations and combination constraints with respect to combinations with words that also appear in multiple labels. Any inconsistencies may have undesired results.
For example, consider a system that facilitates downgrading the sensitivity label of an object by setting it equal to the classification and compartments of the object's information label. Consider also the encodings in Example 7-1. With these encodings, CONFIDENTIAL A would be a valid information label, and SECRET A B would be a valid sensitivity label, both for the same object. However, if the system's “downgrade sensitivity label to information label classification and compartments” function is performed, the sensitivity label would become CONFIDENTIAL A. Such a sensitivity label is invalid for two reasons: 1) the word A in a sensitivity label has a minimum classification of SECRET, and 2) the word A requires the word B in a sensitivity label. Consistently encoding the word A for both information and sensitivity labels would have avoided this problem.
Example 7-1 Inconsistent encodings example
CLASSIFICATIONS: NAME= CONFIDENTIAL; SNAME= C; VALUE= 4; NAME= SECRET; SNAME= C; VALUE= 5; INFORMATION LABELS: WORDS: NAME= A; COMPARTMENTS= 2; MINCLASS= C; NAME= B; COMPARTMENTS= 3; MINCLASS= C; REQUIRED COMBINATIONS: COMBINATION CONSTRAINTS SENSITIVITY LABELS: WORDS: NAME= A; COMPARTMENTS= 2; MINCLASS= S; NAME= B; COMPARTMENTS= 3; MINCLASS= C; REQUIRED COMBINATIONS: A B COMBINATION CONSTRAINTS