|Skip Navigation Links|
|Exit Print View|
|Compartmented Mode Workstation Labeling: Encodings Format Oracle Solaris 11 Express 11/10|
As mentioned above, the encodings control the translation between the human-readable and internal formats of information labels, sensitivity labels, and clearance labels (hereafter called clearance). Human-readable labels consist of a classification followed by a set of words. The words can represent compartments (in information labels, sensitivity label, and clearances), and markings (in information labels only). (The word “compartments” is the intelligence community word most analogous to the word “categories” as used in the National Computer Security Center's Trusted Computer System Evaluation Criteria [DOD 5200.28-STD]. The word “compartments” will be used throughout this paper for consistency with other intelligence community documentation, but conceptually means the same as “categories.”)
Table 1-1 Label Summary
Thus, information labels have three components: classification, compartments, and markings, whereas sensitivity labels and clearance have only the first two components.
Given any two labels (information, sensitivity, or clearance), there is a relationship called dominance between them, defined as follows:
Given any two information labels L1 and L2, L2 is said to dominate L1 if and only if the classification in L2 is greater than the classification in L1, and all compartment and marking bits that are 1 in L1 are also 1 in L2.
Given any two labels without markings (sensitivity or clearance) L1 and L2, L2 is said to dominate L1 if and only if the classification in L2 is greater than the classification in L1, and all compartment bits that are 1 in L1 are also 1 in L2.
Given an information label L1 and a label without markings (sensitivity or clearance) L2, L2 is said to dominate L1 if and only if the classification in L2 is greater than the classification in L1, and all compartment bits that are 1 in L1 are also 1 in L2.
In addition to the dominance relationship, there are two other relationships between labels with the same components. Two labels are equal if their classifications are equal and their sets of bits are equal. Two labels are incomparable if each label contains a 1 bit that is 0 in the other label. Stated in terms of dominance, two labels with the same components are equal if each label dominates the other, and two labels are incomparable if neither label dominates the other.
Figure 1-1 shows three labels and their associated compartment or marking bits. As indicated above, L2 dominates L1. L3 is incomparable to either L1 or L2. Finally, all three labels (in fact all possible labels) both dominate and equal themselves.
Figure 1-1 Label Relationships
The words that follow the classification in the human-readable representation of labels are said to be either normal or inverse. (A third type of word, special inverse, is not covered here. See Defining Prefixes And Suffixes in Chapter 4, Information Label Encodings, and Using Prefixes to Specify Special Inverse Compartment and Marking Bits in Chapter 7, General Considerations for Specifying Encodings.) Adding a normal word to the human-readable representation of a label increases the sensitivity of the label (i.e., increases the number of compartment or marking bits that are 1). Adding an inverse word to a human-readable label does not increase the sensitivity of the label, but instead either decreases or otherwise changes the sensitivity of the label, (i.e., changes at least one bit in the internal form of the label from 1 to 0). Stated in terms of dominance, adding a normal word to a label changes the label into a new label that dominates (is hierarchically above) the original one. Finally, adding an inverse word to a label changes the label into one that is either 1) dominated by the original label, or 2) is incomparable to the original label.