JavaScript is required to for searching.
Skip Navigation Links
Exit Print View
Trusted Extensions Label Administration     Oracle Solaris 10 8/11 Information Library
search filter icon
search icon

Document Information


1.  Labels in Trusted Extensions Software

Labels and Security Policy

Types of Labels, Their Components and Uses

Label Ranges Restrict Access

Labels Are Used in Access Control Decisions

Label Components

Label Dominance

Accreditation Ranges, Label Ranges, and Valid Labels

System Accreditation Range

User Accreditation Range

Account Label Range

Account Label Range Examples

Session Range

Label Availability in Trusted Extensions Sessions

Labeled Workspaces

Administering Labels

Label Visibility

Labels on Printed Output

Authorizations for Relabeling Information

Privileges for Translating Labels

2.  Planning Labels (Tasks)

3.  Making a Label Encodings File (Tasks)

4.  Labeling Printer Output (Tasks)


6.  Example: Planning an Organization's Labels

A.  Sample Label Encodings File


Labels and Security Policy

Site security policy is the security policy that an organization sets up to protect its proprietary information. With Trusted Extensions software, labels and mandatory access control (MAC) can be part of this policy. Labels implement a set of rules that is a part of system security policy. System security policy is the set of rules that is enforced by system software to protect information that is being processed on the system. The term security policy can refer to policy or to implementation of the policy.

All systems that are configured with Trusted Extensions have labels. Labels are specified in a label_encodings file. For a description of the file, see the label_encodings(4) man page. For descriptions of the encodings files that are delivered with Trusted Extensions packages, see Sources for Encodings Files.

Trusted Extensions installs a default version of the label_encodings file. The default version supplies several commercial labels. This version can sometimes be used in non-production environments for learning purposes. A site can also customize one of the label encodings files that are delivered with the Trusted Extensions packages. For an example of a site-specific file, see Appendix A, Sample Label Encodings File.

Every computer in the Trusted Extensions network needs its own copy of the site's label_encodings file. For interoperability, the label_encodings file on every computer in the network should be compatible. At the very least, each computer should recognize the labels on every other computer in the network.

Certain types of labels must be defined. The security administrator specifies the numeric values and the bits that make up the internal representation of labels. Users and roles see the textual representation of labels. The labeling software translates between the internal form and the textual form of labels. The label_encodings file provides the rules for translating the internal representation of labels to their textual strings. The textual strings can be visible on the desktop. The internal representation is recorded in the audit trail and is interpreted by the praudit command.

The security administrator is the person who defines and plans the implementation of an organization's security policy. The security administrator establishes information-protection procedures, makes sure computer users and administrators are properly trained, and monitors compliance.

The Security Administrator role is created in the software. The role is assigned to one or more administrators who fully understand Trusted Extensions administration. These administrators are cleared to view and to protect the highest level of information that is processed by Trusted Extensions. One of the responsibilities of the security administrator is to create the site's label_encodings file to replace the version that Trusted Extensions installs. The administrator can also decide whether labels are visible on the desktop. Even when labels are not visible, objects and processes on the system are labeled, and MAC is enforced.

Trusted Extensions provides the Security Administrator role with the tools and capabilities to put the organization's security policy into effect. To assume the role, you first log in as an ordinary user, then assume the role. At your site, the security administrator who defines the site's security policy might or might not be the same person who implements the policy.