Sensitivity Labels

The Trusted Extensions software uses zones to contain classified information at various levels. Each level is associated with its own zone that has a sensitivity label. The sensitivity label specifies the sensitivity of the information in that zone and is applied to all of the subjects and objects in that zone. A label might be something like CONFIDENTIAL, SECRET, or TOP SECRET. A subject is an active entity, such as a process, that causes information to flow among objects or changes a system's state. An object is a passive entity that contains or receives data, such as a file or device. All processes that run in a zone, all files that are contained in a zone, and so on, have the same sensitivity label as their zone. All processes and objects have a sensitivity label that is used in mandatory access control (MAC) decisions. By default, sensitivity labels are visible in the windowing system.