Trusted Extensions Label Administration

Exit Print View

Updated: July 2014

Types of Labels, Their Components and Uses

    Trusted Extensions defines two types of labels:

  • Sensitivity labels, often referred to as labels

  • Clearance labels, referred to as clearances

Sensitivity labels, label ranges, and a label limit or clearance determine who can access which objects on the system. Clearance labels are assigned to users. Sensitivity labels are assigned to processes, including user processes, and to files and directories.

    Some objects have a label range. These objects can be accessed at a particular label within the defined label range. A label range from ADMIN_LOW to ADMIN_HIGH allows access at all labels. The security administrator can narrow that label range. Objects with label ranges include the following:

  • All hosts and networks with which communications are allowed

  • Zones

  • User accounts and role accounts

  • Allocatable devices, such as tape drives, CD-ROM and DVD devices, and audio devices

  • Other devices that are not allocatable, for example, printers, workstations (which are controlled through the label range of the frame buffer), and serial lines when they are used as a login device

The various procedures for setting labels on these objects is described in Trusted Extensions Configuration and Administration . Device Manager GUI in Trusted Extensions Configuration and Administration describes how to set label ranges on devices.