JavaScript is required to for searching.
Skip Navigation Links
Exit Print View
Trusted Extensions User's Guide     Oracle Solaris 10 8/11 Information Library
search filter icon
search icon

Document Information


1.  Introduction to Trusted Extensions Software

What Is Trusted Extensions Software?

Trusted Extensions Protects Against Intruders

Access to the Trusted Computing Base Is Limited

Mandatory Access Control Protects Information

Peripheral Devices Are Protected

Programs That Spoof Users Are Prevented

Trusted Extensions Provides Discretionary and Mandatory Access Control

Discretionary Access Control

Mandatory Access Control

Sensitivity Labels and Clearances

Containers and Labels

Labels and Transactions

User Responsibilities for Protecting Data

Trusted Extensions Separates Information by Label

Single-Level or Multilevel Sessions

Session Selection Example

Labeled Workspaces

Enforcing MAC for Email Transactions

Erasing Data on Objects Prior to Object Reuse

Trusted Extensions Enables Secure Administration

Accessing Applications in Trusted Extensions

Administration by Role in Trusted Extensions

2.  Logging In to Trusted Extensions (Tasks)

3.  Working in Trusted Extensions (Tasks)

4.  Elements of Trusted Extensions (Reference)



Trusted Extensions Separates Information by Label

Trusted Extensions separates information at different labels by the following means:

Single-Level or Multilevel Sessions

When you first log in to a Trusted Extensions session, you specify whether to operate at a single label or at multiple labels. You then set your session clearance or session label. This setting is the security level at which you intend to operate.

In a single-label session, you can access only those objects that are equal to your session label or are dominated by the label.

In a multilevel session, you can access information at labels that are equal to or lower than your session clearance. You can specify different labels for different workspaces. You can also have different workspaces at the same label.

Session Selection Example

Table 1-2 provides an example that shows the difference between a single-level and a multilevel session. This example contrasts a user who chooses to operate in a single-level session at CONFIDENTIAL: NEED TO KNOW (CNF: NTK) with a user who chooses a multilevel session, also at CNF: NTK.

The three columns on the left show each user's session selections at login. Note that users set session labels for single-level sessions and session clearances for multilevel sessions. The system displays the correct label builder according to your selection. To view a label builder for a multilevel session, see Figure 2-2.

The two columns on the right show the label values that are available in the session. The Initial Workspace label column represents the label when the user first accesses the system. The Available Labels column lists the labels that the user is permitted to switch to during the session.

Table 1-2 Effect of Initial Label Selection on Available Session Labels

User Selections
Session Label Values
Session Type
Session Label
Session Clearance
Initial Workspace Label
Available Labels

CNF: Internal Use Only


As the first row of the table shows, the user has selected a single-level session with a session label of CNF: NTK. The user has an initial workspace label of CNF: NTK, which is also the only label at which the user can operate.

As the second row of the table shows, the user has selected a multilevel session with a session clearance of CNF: NTK. The user's initial workspace label is set to Public, because Public is the lowest possible label in the user's account label range. The user can switch to any label between Public and CNF: NTK. Public is the minimum label, and CNF: NTK is the session clearance.

Labeled Workspaces

In Solaris Trusted Extensions (CDE), or Trusted CDE, the workspaces in Trusted Extensions are accessed through buttons in the center of the Front Panel, as in the Oracle Solaris OS. However, with Trusted Extensions, you can devote a workspace entirely to a single label. This setup is very convenient when you are in a multilevel session, and you do not want to confuse information at different labels. The following illustration shows the workspace switch area with four switches. Each switch opens a workspace at a different label. You can also assign several workspaces to the same label.

Figure 1-7 Workspace Switch Area

image:The illustration shows the Workspace Switch area on the Front Panel with four labeled switches.

In Solaris Trusted Extensions (JDS), or Trusted JDS, the workspaces are accessed through buttons at the right of the bottom panel, as the following illustration shows. Each workspace has a label.

Figure 1-8 Labeled Panels

image:The illustration shows the panels with four labeled workspaces.

You can assign the same label to several workspaces, and you can assign different labels to different workspaces. Windows that are launched in a workspace have the label of that workspace. When the window is moved to a workspace of a different label, the window retains its original label. Thus, you can arrange windows of different labels in one workspace

Enforcing MAC for Email Transactions

Trusted Extensions enforces MAC for email. You can send and read email at your current label. You can receive email at a label within your account range. In a multilevel session, you can switch to a workspace at a different label to read email at that label. You use the same mail reader and the same login. The system permits you to read mail at your current label only.

Erasing Data on Objects Prior to Object Reuse

Trusted Extensions prevents inadvertent exposure of sensitive information by automatically erasing old information from user-accessible objects prior to reuse. For example, memory and disk space are cleared before being used again. Failure to erase sensitive data prior to reuse of the object risks the exposure of data to inappropriate users. Through device deallocation, Trusted Extensions clears all user-accessible objects prior to allocating the drives to processes. Note, however, that you must clear all removable storage media, such as DVDs and JAZ drives, before allowing another user access to the drive.