Customizing a Label Policy

Your label policy protects data during use, just as encryption protects data at rest. The overall process is:

1. Separate sensitive data.

2. Limit access to the data to specific individuals or groups.

3. Monitor the data during use.

4. Archive the data such that machine operators, IT personnel, and users who can assume the root role cannot view the information in the files through normal operations.

To configure labeling, you install the labeling package, then configure the labels to satisfy the security requirements of your organization. When configuring a label policy, you supply a minimum label, a maximum label (or clearance) for users, and a hierarchy of labels. You can also define disjoint label relationships. At login, the processes of users to whom you assigned a higher clearance start at that clearance. Then, sensitive data that is labeled at a high label can be accessed only by those users whose processes are running at the higher clearance.

You can either use one of the supplied policies, which are sufficient for testing and demonstrations or create your own label policy specific to your organization's requirements regarding its sensitive information.

When creating a label policy, cover the following issues:

• Identify the sensitivity of the data

  For example, credit cards and health records might be considered highly sensitive information, vendor discounts might be sensitive information, vendor visits might be internal information, and marketing announcements would be public information.

• Identify the departments of your organization that handle sensitive data

  For example, regulatory bodies require companies that handle credit cards to protect the credit card details and transaction details. Departments of the company that handle credit cards would need labeled file systems, and individual users and roles who are permitted to view the credit card details or handle disputes about credit card use would need sufficient clearance.

• Identify users or roles in each department of your organization whom you trust to handle sensitive material

  For example, you might allow some people in receivables to view credit card information but not others. Those individuals or groups who can modify information would need clearance to do so, as would those who need to view the information.

• Identify departments that should not see information from other departments

  For example, perhaps the executive board should not be able to see credit card information. For highly sensitive information, each department of the company would need its own compartment, for example, Confidential - Highly Restricted(Exec) and Confidential - Highly Restricted(Payments), where Payments handlers do not have access to Executive discussions and Executive users do not have access to payment details. In each group, the information being protected is of high value.

• Identify services that should be protected by a label

  For example, you might protect applications that contain information of high value, such as internal browser interface applications or FTP services.

  See Example - Protecting the FTP Service With a Label in Securing Users and Processes in Oracle Solaris 11.4.

Oracle Solaris simplifies the creation of a label policy. As you enter your labels, the software provides the numbers that create the hierarchy of labels as well as the numbers for the compartments that separate departments of your organization. You provide the names that you want, starting at the lowest label. Public or Internal are possible lowest labels. See Configuring Labels on an Oracle Solaris System for a detailed description of the tasks involved in creating and maintaining a custom label policy.