Message Checking and Session Type Selection
After you successfully enter your username and password, the Workstation Information dialog box is displayed. It provides status information and, if your account is configured for user-specified sessions, lets you a select a single- or multilevel session. If your account is set up for a single-label configuration, then there will be no option for selecting a session level.
Single-level Versus Multilevel Sessions
In a multilevel session, you can operate at different sensitivity labels. The range in which you operate is bounded at the upper end by the session clearance you specify and at the lower end by the minimum sensitivity label assigned to you by your administrator.
In a single-level session, you specify a session sensitivity label at which you operate for the entire session. In a single-level session, you can access and write to files at that sensitivity label only. You cannot change the sensitivity label of workspaces in the session. Note that you can assume a role within a single-level session and then operate at any sensitivity label available to that role.
Session Selection Example
Table 2-1 provides an example of the difference between a single- and multilevel session. It contrasts a user choosing to operate in a single-level session at SECRET A against the user selecting a multilevel session, also at SECRET A. Note that sensitivity labels are shown in their long form inside square brackets ([]).
The three columns on the left show the user's session selections at login. Note that users set session sensitivity labels for single-level sessions and session clearances for multilevel sessions. (This is a minor distinction that is taken care of by the system; the correct label builder dialog box is always displayed with the choices permitted.)
The two columns on the right show the label values available in the session. The Initial Workspace SL column represents the sensitivity label when the user first enters the Trusted Solaris environment. The Available Sensitivity Labels column lists the sensitivity labels that the user is permitted to switch to in the session.
Table 2-1 How Session Selections Affect Session Values|
User Selections |
Session Label Values |
|||
|---|---|---|---|---|
|
Session Type |
Session Sensitivity Label |
Session Clearance |
Initial Workspace SL |
Available Sensitivity Labels |
|
single-level |
[S A] |
-- |
[S A] |
[S A] |
|
multilevel |
-- |
[S A] |
[C] |
[C], [C A], [S], [S A] |
In the first row of the table, the user has selected a single-level session with a session sensitivity label of [S A]. In the Trusted Solaris environment, the user has an initial workspace sensitivity label of [S A] which is also the only sensitivity label at which the user can operate.
In the second row of the table, the user has selected a multilevel session with a session clearance of [S A]. The user's initial workspace sensitivity label is set to [U], that is, a sensitivity label of [UNCLASSIFIED], because that is the lowest possible sensitivity label in the user's account sensitivity label range. The user can switch to any sensitivity label between [U], the minimum, and [S A], the session clearance.
To Check Messages and Select Session Type
If your account is set up with a single-label configuration, the Workstation Information dialog box in the upper portion of Figure 2-4is displayed and you can ignore step 4. If you are permitted to specify single- or multilevel sessions, the session level toggle shown at the bottom of the figure is displayed.
-
Check the date and time of the last login.
This field indicates when your system was last used. You should always check that there is nothing suspicious about the last login, such as an unusual time of day, and report such occurrences to your security administrator.
-
Read any messages in the Message of the Day field.
This field contains messages from your administrator. Since this message may contain warnings about scheduled maintenance or security problems, you should always read it.
-
Read any console messages since last logout.
Typically, these system messages contain messages concerning cron (batch) jobs, but you should check that there are no messages indicating suspicious activity or other problems.
-
Click the session level toggle if you intend to work at only one sensitivity label in your session (user-specified session operation only).
In a single-level session, you operate at a single discrete sensitivity label. You can only access and write to files at the same sensitivity label. If you do not click the toggle, you are implicitly selecting a multilevel session and can view data at different sensitivity labels. The range in which you can operate is bounded at the upper end by the session clearance that you select in the session clearance dialog box and at the lower end by the minimum sensitivity label assigned to you by your administrator.
Figure 2-4 Workstation Information Dialog Box
-
Click OK (or press the Enter or Return key) to close the Workstation Information dialog box.
If your account is configured for single-label operation, the Trusted Solaris environment is displayed after the Workstation Information dialog box is closed; otherwise you will set the session level next.
- © 2010, Oracle Corporation and/or its affiliates