JavaScript is required to for searching.
Skip Navigation Links
Exit Print View
Compartmented Mode Workstation Labeling: Encodings Format     Oracle Solaris 11 Information Library
search filter icon
search icon

Document Information


1.  Introduction

2.  Structure and Syntax of Encodings File

3.  Classification Encodings

4.  Information Label Encodings

5.  Sensitivity Label, Clearance, Channels, and Printer Banner Encodings

6.  Accreditation Range and Name Information Label Encodings

7.  General Considerations for Specifying Encodings

The Minimum Information Label

The Maximum Sensitivity Label

Consistency of Word Specification among Different Types of Labels

Mandatory Access Control Considerations When Encoding Words

Encoding MAC Words

Encoding MAC-Related Words

Encoding Non-MAC-Related Words

Using Initial Compartments and Markings to Specify Inverse Compartment and Marking Bits

Using Prefixes to Specify Special Inverse Compartment and Marking Bits

Choosing Names

Specifying Aliases

Avoiding "Loops" In Required Combinations

Visibility Restrictions for Required Combinations

Relationships between Required Combinations and Combination Constraints

Restrictions on Specifying Information Label Combination Constraints

Modifying Encodings Already Used by the System

Consistency of Default Word Specification

8.  Enforcing Proper Label Adjudications

A.  Encodings Specifications Error Messages

B.  Annotated Sample Encodings

C.  CMW Labeling Software C1.0 Release Notes, 6/8/93



Visibility Restrictions for Required Combinations

The fact that information labels must be dominated by their associated sensitivity label, and that sensitivity labels specified by a user must be dominated by that user's clearance, places some constraints on what words can be added to certain labels. For example, if adding a word to an information label raises the information label such that it is no longer dominated by the associated sensitivity label, then that word is not visible in the information label. Similarly, if adding a word to a sensitivity label raises the sensitivity of the label such that it is no longer dominated by the associated user's clearance, then that word is not visible in the sensitivity label.

It is important that any word required by another word in a required combination be visible whenever the requiring word is visible. For example, given the required combination:


which means A requires B, word B must be visible whenever word A is visible. If B were not visible at some point when A was visible, a situation could occur whereby A could legally be added to a label, were it not for the fact that doing so would require also adding B, which would violate a dominance relationship. Such a situation must be prevented by careful construction of required combinations. There are no restrictions on required combinations of words with only marking bits (i.e., no compartment bits) associated, because marking bits do not participate in the dominance relationships mentioned above.

One practical ramification of this restriction is that 1) sensitivity label required combinations should not be more restrictive than the equivalent clearance restrictions, and that 2) information label required combinations should not be more restrictive than the equivalent sensitivity label restrictions. A concrete example of this problem can be taken from the sample encodings in Appendix B, Annotated Sample Encodings.

Consider the SA and CC compartments in the CLEARANCES: and SENSITIVITY LABELS: encodings. The REQUIRED COMBINATIONS: in both of these sections are:


Now, consider the same where an additional required combination is added to only the SENSITIVITY LABELS: encodings:


This additional required combination, which makes the sensitivity label required combinations more restrictive than those for clearances, specifies that if SA is present in a sensitivity label, CC must also be present. Now consider the case of a user with the clearance TS A B SA SB. Such a clearance is perfectly valid according to the encodings, but such a user can never put SA in a sensitivity label because SA requires CC, yet the user is not cleared for CC.