Oracle Solaris Trusted Extensions User's Guide


A

	access control
		access control lists (ACLs) ( )
		discretionary access control (DAC) ( )
		mandatory access control (MAC) ( )
		permission bits ( )

	access control lists (ACLs) ( )

	accessibility, provided by Trusted JDS ( )

	accessing
		for read only ( )
		for reading and writing ( )
		for writing ( )
		initialization files at every label ( )
		lower-level home directories ( )
		man pages in Trusted Extensions ( )
		remote multilevel desktop ( )

	adding
		labeled workspace ( )
		workspaces ( )

	admin role, See System Administrator role

	Allocate Device menu item ( )

	allocating, removable media ( )

	allocating a device ( )
		troubleshooting ( )

	Application Manager security in Trusted Extensions ( )

	Assume `rolename` role menu item ( )

	assuming a role ( )

	authorizations
		changing labels ( )
		for allocating devices ( )
		required to change label of data ( )


C

	calendar security in Trusted Extensions ( )

	CDE, trusted applications on Front Panel ( )

	Change Password menu item ( )

	Change Workspace Label menu item ( )

	changing
		labels by authorized users ( )
		security level of data ( ) ( )
		workspace label ( )
		your password ( )

	changing labels, troubleshooting ( )

	choosing
		a desktop ( ) ( )
		label or clearance during login ( )

	classification component of label, defined ( )

	clearances
		label type ( )
		setting at login ( ) ( )
		setting session ( )

	clock security in Trusted Extensions ( )

	compartment component of label, defined ( )

	containers, See zones

	copy-and-paste, effect on labels ( )

	`.copy_files` file
		creating ( )
		described ( )
		troubleshooting ( )

	creating
		`$HOME/.copy_files` file ( )
		`$HOME/.link_files` file ( )

	customizing
		desktop ( )
		Workspace Menu ( )


D

	data
		changing label of ( )
		determining label of ( )
		protecting with MAC ( )

	deallocating devices, basic procedure ( )

	desktops
		common tasks ( )
		in Trusted Extensions ( )
		keyboard focus ( )
		logging in remotely ( )

	determining
		label of a file ( )
		label of a window ( )

	Device Allocation Manager, deallocating devices ( )

	devices
		allocating ( )
		clearing prior to reuse ( )
		protecting ( )
		secured by allocation requirement ( )
		troubleshooting ( )
		using ( )
		using removable media ( )

	directories
		changing labels ( )
		visibility of home directories ( )

	discretionary access control (DAC), defined ( )

	dominance between labels ( )

	downgrading information ( )

	drag-and-drop, effect on labels ( )


E

	email, label enforcement ( )

	email instructions, user responsibilities ( )


F

	failsafe login ( )

	File Browser
		displaying label of file ( )
		troubleshooting when it does not appear ( )
		viewing contents ( ) ( )

	File Manager
		changing file labels ( )
		changing labels ( )
		security in Trusted Extensions ( )
		troubleshooting when it does not appear ( )
		viewing contents ( )

	files
		`$HOME/.copy_files` ( ) ( )
		`$HOME/.link_files` ( ) ( )
		accessing initialization files at every label ( )
		changing labels ( )
		linking between File Managers at different labels ( )
		moving between File Managers ( )
		viewing in a workspace ( )

	finding
		calendar events at every label ( )
		online help for Trusted Extensions ( )
		Trusted Path menu ( ) ( )

	Front Panel
		description of trusted applications on ( )
		restoring when minimized ( )


H

	help in Trusted Extensions
		man pages ( )
		online help ( )

	home directories, visible from higher-level zone ( )

	hot key, regaining control of desktop focus ( )


I

	information, See data

	initialization files
		accessing at every label ( )
		troubleshooting when customized ( )


K

	key combinations, testing if grab is trusted ( )


L

	label ranges
		described ( )
		troubleshooting a workstation with a restricted range ( )

	labels
		See also clearances
		changing label of data ( )
		changing label of files ( )
		changing label on information ( )
		components ( )
		determining by window query ( )
		displayed in Trusted Extensions ( )
		displayed on desktop ( ) ( )
		dominance ( )
		labeled zones ( )
		means of protecting data ( )
		ranges ( )
		relationships ( )
		sample government labels ( )
		sample industry labels ( )
		sample label relationships ( )
		setting at login ( )
		setting clearance at login ( )
		setting session labels ( ) ( )
		types ( )
		visible on desktop ( )

	`.link_files` file
		creating ( )
		described ( )
		troubleshooting ( )

	linking files at different labels ( )
		by using `.link_files` ( )

	logging in
		at a different label ( )
		choosing a desktop ( ) ( )
		choosing a label or clearance ( )
		failsafe ( )
		five steps of ( )
		remotely to multilevel desktop ( )
		reviewing security settings ( )
		troubleshooting ( ) ( )

	logging out
		procedure ( )
		user responsibilities ( )

	login process, See logging in


M

	mail security in Trusted Extensions ( )

	Main Menu, Shut Down ( )

	man pages in Trusted Extensions ( )

	mandatory access control (MAC)
		defined ( )
		enforced for email ( )

	mounting, removable media ( )

	moving
		a window to a workspace at a different label ( )
		data to different label ( )
		file to different label ( )

	multiheaded system, trusted stripe ( )

	multilevel login
		remote ( )
		Trusted CDE or Trusted JDS ( )

	multilevel sessions, defined ( )


N

	no trusted indicator, troubleshooting ( )

	no trusted stripe, troubleshooting ( )

	`Not Found` error message ( )

	`Not in Profile` error message ( )


O

	object
		defined ( )
		reuse ( )

	oper role, See Operator role

	Operator role, responsibilities ( )


P

	passwords, user responsibilities ( )

	peripheral devices, See devices

	permissions
		at discretion of file owner ( )
		user responsibilities ( )

	`pfsh` command, See profile shell

	policy, See security policy

	Printer tool security in Trusted Extensions ( )

	printing, typical labeled banner page ( )

	procedures, See users

	profile shell, defined ( )

	profiles, See rights profiles

	protecting files
		by label ( )
		DAC ( )
		MAC ( )
		user responsibilities ( )


Q

	Query Window Label menu item ( )


R

	read access, in labeled environment ( )

	remote login, to multilevel desktop ( )

	responsibilities
		of administrators ( )
		users for password security ( )
		users to clear media ( )
		users to protect data ( )
		users when logging out ( )

	reviewing security settings
		Last Login dialog box ( )
		procedure during login ( )

	rights profiles, defined ( )

	roles
		adding a labeled workspace ( )
		changing workspace label ( )
		common roles ( )
		responsibilities of ( )
		special user account ( )

	root role, responsibilities ( )


S

	secadmin role, See Security Administrator role

	Security Administrator role
		contacting about missing trusted indicator ( )
		contacting about missing trusted stripe ( )
		responsibilities ( )

	security policy
		defined ( ) ( )

	security practices, defined ( )

	selection, changing label ( )

	Selection Manager ( )

	sensitivity labels
		See labels
		label type ( )

	session clearances, defined ( )

	sessions
		choosing clearance ( )
		effect of selecting level ( )
		setting level ( )
		single-level or multilevel ( )

	Shut Down menu item ( )

	shutting down a workstation ( )

	single-level login, Trusted CDE or Trusted JDS ( )

	single-level sessions, defined ( )

	Solaris Trusted Extensions (CDE), See CDE

	spoofing
		defined ( ) ( )

	`Stop-A` (`L1-A`) keyboard combination ( )

	Style Manager
		changing session characteristics ( )
		limitations in Solaris Trusted Extensions (CDE) ( )
		requires the trusted path ( )

	subject, defined ( )

	Suspend System menu item ( )

	switching to a workspace at a different label ( )

	system administration, on Trusted Extensions ( )

	System Administrator role, responsibilities ( )


T

	tasks, See users

	Text Editor security in Trusted Extensions ( )

	Trash Can security in Trusted Extensions ( )

	troubleshooting
		`$HOME/.copy_files` file ( )
		`$HOME/.link_files` file ( )
		command line error messages ( )
		device allocation ( )
		File Manager not appearing ( )
		login ( )
		minimized Front Panel ( )
		missing trusted indicator ( )
		missing trusted stripe ( )
		password failure ( )
		relabeling files ( )

	trusted applications
		by using rights profiles ( )
		on Front Panel ( )

	Trusted CDE
		choosing as desktop ( )
		customizing the desktop ( )
		customizing the Workspace Menu ( )
		finding online help for Trusted Extensions ( )
		Trusted Extensions desktop ( )
		using the Style Manager ( )

	trusted computing base (TCB)
		defined ( )
		procedures that interact with the TCB ( )
		symbol of interacting with ( ) ( )

	Trusted Extensions
		overview ( )
		visible features ( )

	trusted grab, key combination ( )

	trusted indicator, missing ( )

	Trusted JDS
		choosing as desktop ( )
		customizing the desktop ( )
		online help ( )
		Trusted Extensions desktop ( )
		workspace security ( )

	Trusted Path menu
		Allocate Device ( )
		Assume `rolename` role ( )
		Change Password ( )
		Change Workspace Label ( )
		described ( )
		location ( )
		Query Window Label ( )
		using ( )

	trusted stripe
		described ( )
		location in CDE ( )
		location in Trusted JDS ( )
		location on screen ( ) ( )
		not on lockscreen ( )
		on multiheaded system ( )
		what to do if missing ( )

	trusted symbol
		described ( )
		on workspace ( )
		tamper-proof icon ( )

	types of labels ( )


U

	unlabeled screens
		lockscreen ( )
		login screen ( )

	upgrading information ( )

	user clearances, defined ( )

	user responsibilities
		password security ( )
		protecting data ( )
		when leaving workstation ( )

	users
		accessing initialization files at every label ( )
		adding a labeled workspace ( )
		allocating a device ( )
		assuming a role ( )
		authorized to change label of file ( )
		authorized to change security level of data ( )
		changing workspace label ( )
		changing your password ( )
		customizing the Workspace Menu ( )
		determining the label of a file ( )
		finding online help for Trusted Extensions ( )
		getting online help ( )
		linking files at different labels ( )
		locking your screen ( )
		logging in at a different label ( )
		logging out ( )
		moving a window to a workspace at a different label ( )
		moving data between labels ( )
		moving files between labels ( )
		responsibilities
			clearing devices ( )
			password security ( )
			protecting data ( )
			when leaving workstation ( )
		shutting down a workstation ( )
		switching to a workspace at a different label ( )
		unlocking your screen ( )
		viewing files in a workspace ( )

	using a device, See allocating a device

	using trusted desktop, single-level or multilevel ( )


V

	visibility
		desktop security ( )
		labels after login ( )
		reading lower-level home directories ( )
		trusted stripe ( ) ( ) ( ) ( )


W

	Window Label indicator ( )

	Workspace Menu
		customizing ( )
		Suspend System ( )

	workspace switch area
		illustration ( )
		in Trusted Extensions CDE ( )

	workspaces
		labeled ( )
		setting default label ( )

	write access, in labeled environment ( )


Z

	zones
		home directory visibility ( )
		labeled ( )