|Skip Navigation Links|
|Exit Print View|
|Compartmented Mode Workstation Labeling: Encodings Format Oracle Solaris 11 Information Library|
The new functional capability is supported for SPECIAL_INVERSE words. SPECIAL_INVERSE words are distinctly different from the inverse words supported by Release 2.1.1 (herein called regular inverse words). Regular inverse words use inverse bits specified in the initial compartments or initial markings associated with one or more classifications. These regular inverse words, typically specified with an ominclass specification, do not appear in human-readable labels below the specified ominclass. In contrast, SPECIAL_INVERSE words use inverse bits specified by a prefix word, and do not appear in human-readable labels unless one or more of the SPECIAL_INVERSE words associated with the same prefix are present in the label.
SPECIAL_INVERSE words can be used to implement the ORiginator CONtrolled (ORCON) handling caveat with organizations to which the ORCON data can be released specified in the label. For example, given that three organizations use a particular system (ORG1, ORG2, and ORG3), the encodings to handle ORCON for these three organizations might look as follows. Only the SENSITIVITY LABELS words are shown in this example.
SENSITIVITY LABELS: WORDS: name=ORCON RELEASABLE TO; sname=OR; compartments=1-4; prefix; name=ORCON; minclass=C; compartments=1-4; name=ORG1; minclass=C; compartments=~1 4; prefix=OR; name=ORG2; minclass=C; compartments=~2 4; prefix=OR; name=ORG3; minclass=C; compartments=~3 4; prefix=OR;
In this example, ORG1, ORG2, and ORG3 are SPECIAL_INVERSE words, each of which requires the prefix ORCON RELEASABLE TO. This prefix specifies compartments bits 1-4. Bit one is for ORG1, bit 2 for ORG2, bit 3 for ORG3, and bit 4, has a meaning of ORCON. If only ORCON RELEASABLE TO ORG1 is present in a label, then bit 1 would be off, and bits 2-4 would be on. If only ORCON RELEASABLE TO ORG2 is present in a label, then bit 2 would be off, and bits 1, 3, and 4 would be on. If only ORCON RELEASABLE TO ORG3 is present in a label, then bit 3 would be off, and bits 1, 2, and 4 would be on. If ORCON RELEASABLE TO ORG1/ORG2 is present in a label, then bits 1 and 2 would be off and bits 3 and 4 would be on, etc. The word ORCON, which dominates the three other words, is not an inverse word. If it appears in a label, the data so labeled is not releasable to any of the three organizations. Note that a label that does not contain any of the above words has bits 1-3 off, and is therefore releasable to all organizations, and has bit 3 off, and is therefore not ORCON data. Thus, with the same words as above for information labels, data with an information label of SECRET ORCON RELEASABLE TO ORG1, when combined with data with an information label of TOP SECRET, would become TOP SECRET ORCON RELEASABLE TO ORG1. SPECIAL_INVERSE words can be specified using markings bits also.
In addition to the changes mentioned above, minor improvements to comments in the code were made. The comment changes are not described below.