Solaris Trusted Extensions Label Administration

The contents of this Documentation are subject to the Public Documentation License Version 1.01 (the "License"); you may only use this Documentation if you comply with the terms of this License. A copy of the License is available at http://www.opensolaris.org/os/community/documentation/license.

Sun Microsystems, Inc. has intellectual property rights relating to technology embodied in the product that is described in this document. In particular, and without limitation, these intellectual property rights may include one or more U.S. patents or pending patent applications in the U.S. and in other countries.

U.S. Government Rights – Commercial software. Government users are subject to the Sun Microsystems, Inc. standard license agreement and applicable provisions of the FAR and its supplements.

This distribution may include materials developed by third parties.

Parts of the product may be derived from Berkeley BSD systems, licensed from the University of California. UNIX is a registered trademark in the U.S. and other countries, exclusively licensed through X/Open Company, Ltd.

Sun, Sun Microsystems, the Sun logo, the Solaris logo, the Java Coffee Cup logo, docs.sun.com, Java, and Solaris are trademarks or registered trademarks of Sun Microsystems, Inc. in the U.S. and other countries. All SPARC trademarks are used under license and are trademarks or registered trademarks of SPARC International, Inc. in the U.S. and other countries. Products bearing SPARC trademarks are based upon an architecture developed by Sun Microsystems, Inc. PostScript(TM) is a trademark or registered trademark of Adobe Systems, Incorporated, which may be registered in certain jurisdictions.

The OPEN LOOK and Sun™ Graphical User Interface was developed by Sun Microsystems, Inc. for its users and licensees. Sun acknowledges the pioneering efforts of Xerox in researching and developing the concept of visual or graphical user interfaces for the computer industry. Sun holds a non-exclusive license from Xerox to the Xerox Graphical User Interface, which license also covers Sun's licensees who implement OPEN LOOK GUIs and otherwise comply with Sun's written license agreements.

Products covered by and information contained in this publication are controlled by U.S. Export Control laws and may be subject to the export or import laws in other countries. Nuclear, missile, chemical or biological weapons or nuclear maritime end uses or end users, whether direct or indirect, are strictly prohibited. Export or reexport to countries subject to U.S. embargo or to entities identified on U.S. export exclusion lists, including, but not limited to, the denied persons and specially designated nationals lists is strictly prohibited.

DOCUMENTATION IS PROVIDED “AS IS” AND ALL EXPRESS OR IMPLIED CONDITIONS, REPRESENTATIONS AND WARRANTIES, INCLUDING ANY IMPLIED WARRANTY OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE OR NON-INFRINGEMENT, ARE DISCLAIMED, EXCEPT TO THE EXTENT THAT SUCH DISCLAIMERS ARE HELD TO BE LEGALLY INVALID.

Sun Microsystems, Inc. détient les droits de propriété intellectuelle relatifs à la technologie incorporée dans le produit qui est décrit dans ce document. En particulier, et ce sans limitation, ces droits de propriété intellectuelle peuvent inclure un ou plusieurs brevets américains ou des applications de brevet en attente aux Etats-Unis et dans d'autres pays.

Cette distribution peut comprendre des composants développés par des tierces personnes.

Certaines composants de ce produit peuvent être dérivées du logiciel Berkeley BSD, licenciés par l'Université de Californie. UNIX est une marque déposée aux Etats-Unis et dans d'autres pays; elle est licenciée exclusivement par X/Open Company, Ltd.

Sun, Sun Microsystems, le logo Sun, le logo Solaris, le logo Java Coffee Cup, docs.sun.com, Java et Solaris sont des marques de fabrique ou des marques déposées de Sun Microsystems, Inc. aux Etats-Unis et dans d'autres pays. Toutes les marques SPARC sont utilisées sous licence et sont des marques de fabrique ou des marques déposées de SPARC International, Inc. aux Etats-Unis et dans d'autres pays. Les produits portant les marques SPARC sont basés sur une architecture développée par Sun Microsystems, Inc. PostScript est une marque de fabrique d'Adobe Systems, Incorporated, laquelle pourrait é`tre déposée dans certaines juridictions.

L'interface d'utilisation graphique OPEN LOOK et Sun a été développée par Sun Microsystems, Inc. pour ses utilisateurs et licenciés. Sun reconnaît les efforts de pionniers de Xerox pour la recherche et le développement du concept des interfaces d'utilisation visuelle ou graphique pour l'industrie de l'informatique. Sun détient une licence non exclusive de Xerox sur l'interface d'utilisation graphique Xerox, cette licence couvrant également les licenciés de Sun qui mettent en place l'interface d'utilisation graphique OPEN LOOK et qui, en outre, se conforment aux licences écrites de Sun.

Les produits qui font l'objet de cette publication et les informations qu'il contient sont régis par la legislation américaine en matière de contrôle des exportations et peuvent être soumis au droit d'autres pays dans le domaine des exportations et importations. Les utilisations finales, ou utilisateurs finaux, pour des armes nucléaires, des missiles, des armes chimiques ou biologiques ou pour le nucléaire maritime, directement ou indirectement, sont strictement interdites. Les exportations ou réexportations vers des pays sous embargo des Etats-Unis, ou vers des entités figurant sur les listes d'exclusion d'exportation américaines, y compris, mais de manière non exclusive, la liste de personnes qui font objet d'un ordre de ne pas participer, d'une façon directe ou indirecte, aux exportations des produits ou des services qui sont régis par la legislation américaine en matière de contrôle des exportations et la liste de ressortissants spécifiquement designés, sont rigoureusement interdites.

LA DOCUMENTATION EST FOURNIE "EN L'ETAT" ET TOUTES AUTRES CONDITIONS, DECLARATIONS ET GARANTIES EXPRESSES OU TACITES SONT FORMELLEMENT EXCLUES, DANS LA MESURE AUTORISEE PAR LA LOI APPLICABLE, Y COMPRIS NOTAMMENT TOUTE GARANTIE IMPLICITE RELATIVE A LA QUALITE MARCHANDE, A L'APTITUDE A UNE UTILISATION PARTICULIERE OU A L'ABSENCE DE CONTREFACON.

August 2006

Abstract

In a system that is configured with the Solaris™ Trusted Extensions software, labels are used to control access to information. This book is for security administrators, whose responsibilities include planning their organizations' labels and implementing the organizations' label_encodings file. This book is used with the Compartmented Mode Workstation Labeling: Encodings Format guide. The Encodings book has advanced instructions on labels. This book describes which parts of the Encodings book do not apply to the Trusted Extensions implementation.


Table of Contents

Preface
Who Should Use This Book
How the Solaris Trusted Extensions Books Are Organized
How This Book Is Organized
Documentation, Support, and Training
Typographic Conventions
Shell Prompts in Command Examples
1. Labels in Trusted Extensions Software
Labels and Security Policy
Types of Labels, Their Components and Uses
Label Ranges Restrict Access
Labels Are Used in Access Control Decisions
Label Components
Label Dominance
Accreditation Ranges, Label Ranges, and Valid Labels
System Accreditation Range
User Accreditation Range
Account Label Range
Account Label Range Examples
Session Range
Label Availability in Trusted Extensions Sessions
Labeled Workspaces
Administering Labels
Label Visibility
Labels on Printed Output
Authorizations for Relabeling Information
Privileges for Translating Labels
2. Planning Labels (Tasks)
Planning Labels (Task Map)
Sources for Encodings Files
Labels Files in Solaris Trusted Extensions Packages
Sun Extensions to label_encodings File
3. Making a Label Encodings File (Tasks)
Encodings File Syntax
Word Order Requirements
Classification Name Syntax
Managing Label Encodings (Task Map)
4. Labeling Printer Output (Tasks)
Labels on Body Pages
Security Text on Banner and Trailer Pages
Specifying the Protect As Classification
Specifying Printer Banners
Specifying Channels
Configuring Security Text on Print Jobs (Task Map)
5. Customizing LOCAL DEFINITIONS
LOCAL DEFINITIONS Section
Contents of LOCAL DEFINITIONS Section
Changing Column Headers on Label Builders
Specifying Colors for Labels
Modifying Sun Extensions (Task Map)
6. Example: Planning an Organization's Labels
Identifying the Site's Label Requirements
Satisfying Information Protection Goals
Trusted Extensions Features That Address Labeling and Access
Climbing the Security Learning Curve
Analyzing the Requirements for Each Label
Requirements for CONFIDENTIAL: INTERNAL_USE_ONLY
Requirements for CONFIDENTIAL: NEED_TO_KNOW
Requirements for CONFIDENTIAL: REGISTERED
Names of Groups With NEED_TO_KNOW Label
Understanding the Set of Labels
Defining the Set of Labels
Planning the Classifications
Planning the Compartments
Planning the Use of Words in MAC
Planning the Use of Words in Labeling System Output
Planning Unlabeled Printer Output
Planning for Supporting Procedures
Planning the Classification Values in a Worksheet
Planning the Compartment Values and Combination Constraints in a Worksheet
Planning the Clearances in a Worksheet
Planning the Printer Banners in a Worksheet
Planning the Channels in a Worksheet
Planning the Minimums in an Accreditation Range
Planning the Colors in a Worksheet
Editing and Installing the label_encodings File
Encoding the Version
Encoding the Classifications
Encoding the Sensitivity Labels
Encoding the Information Labels
Encoding the Clearances
Encoding the Channels
Encoding the Printer Banners
Encoding the Accreditation Range
Encoding the Local Definitions
Encoding the Column Headers in Label Builders
Encoding the Color Names
Configuring Users and Printers for Labels
A. Sample Label Encodings File
Classifications and Compartments
label_encodings.example File
Index

List of Figures

1.1. Comparing the Label of a Text Editor with the Label of a File
1.2. CIPSO Label Definition
1.3. Representation of the TS, TS A, TS B, and TS AB Labels
1.4. How System Accreditation Range Is Constrained By Rules
1.5. ACCREDITATION RANGE Portion of label_encodings File
1.6. Constraints on Account Label Ranges
1.7. Comparison of Session Ranges
1.8. Cumulative Effect of Constraints on a Session Range
1.9. Workspace Switch Area
2.1. Sample Planning Board for Label Relationships
2.2. Classifications in Default label_encodings File
2.3. Compartments in Default label_encodings File
4.1. Label Automatically Printed on Body Pages
4.2. Typical Print Job Banner Page
4.3. Differences on Trailer Pages
4.4. Protect As Statement
4.5. Commercial Use of PRINTER BANNERS on Banner Page
4.6. Government Use of PRINTER BANNERS on Banner Page
4.7. Commercial Use of CHANNELS on Banner Page
4.8. U.S. Government Use of CHANNELS Specification on Banner Page
5.1. Column Headers on Label Builder
5.2. Window Labels With Colors from COLOR NAMES
6.1. Automatic Labeling of Print Jobs
6.2. Label Automatically Printed on Body Pages
6.3. How a Printer With a Restricted Label Range Handles Jobs
6.4. A User Receiving Email Within the Account Label Range
6.5. Sample Planning Board for Label Relationships

List of Tables

1. Typographic Conventions
2. Shell Prompts
1.1. Accreditation Range and Account Label Range Examples
1.2. Labels in Trusted Extensions Sessions
3.1. Label Encodings Keywords
4.1. Effect of Minimum Protect As Classification on Printer Output
6.1. Printer Label Range Example Settings in Various Locations
6.2. Classifications Planner
6.3. Compartments and User Accreditation Range Combinations Planner
6.4. Compartment Bit Tracking Table
6.5. Clearance Planner
6.6. SecCompany Printer Banners Planner
6.7. SecCompany Channels Planner
6.8. SecCompany Color Names Planner

List of Examples

1.1. Defining a Valid Clearance That Is Not a Valid Label
3.1. Classifications With Initial Compartments in label_encodings.multi
3.2. Classifications With No Initial Compartments in label_encodings.example
3.3. Assigning Initial Compartments
3.4. Defining Default and Inverse SENSITIVITY LABELS Words
3.5. Sample Compartment Definition for a Sensitivity Label
3.6. Using Bit Combinations to Establish Hierarchies
3.7. Using REQUIRED COMBINATIONS to Establish Hierarchies
3.8. Defining the Accreditation Range in a Single-Label Encodings File
3.9. Changing the Single Label Name
4.1. Defining Words in the PRINTER BANNERS Section
4.2. Sensitivity Labels WORDS Associated With PRINTER BANNERS Definitions
4.3. Suffixes and Prefixes in the CHANNELS Section in a Government label_encodings File
4.4. CHANNELS ONLY Suffix That Appears Alone with Individual Channels
4.5. Encodings for More Than One Channel in CHANNELS Section in Government Encodings File
4.6. Label WORDS Associated With Compartment Bit 6
4.7. Label WORDS Associated With Compartment Bit 1
4.8. Label WORDS Associated With Compartment Bit 0
4.9. Minimum Protect As Classification From a label_encodings File
5.1. Colors Assigned According to Ordering Rules
5.2. Color Assigned to a Label With No Assigned Color
6.1. Handling Guidelines on Banner and Trailer Pages
6.2. Using DAC to Protect Registered Information
6.3. SecCompany VERSION Entry
6.4. SecCompany CLASSIFICATIONS Section
6.5. SecCompany WORDS in the SENSITIVITY LABELS Section
6.6. SecCompany WORDS in the INFORMATION LABELS Section
6.7. SecCompany WORDS in the CLEARANCES Section
6.8. SecCompany WORDS in the CHANNELS Section
6.9. SecCompany WORDS in the PRINTER BANNERS Section
6.10. SecCompany ACCREDITATION RANGE Section
6.11. SecCompany Headers in label_encodings File
6.12. SecCompany COLOR NAMES Section