Chapter 2. Planning Labels (Tasks)

Table of Contents

Planning Labels (Task Map)
Sources for Encodings Files
Labels Files in Solaris Trusted Extensions Packages
Sun Extensions to label_encodings File

Planning Labels (Task Map)

Planning labels requires a general knowledge of site security, and specific knowledge of the syntax of the label_encodings file.

Task

Description

For Instructions

Study and outline your label encodings file

Make a label encodings file that enforces your site security policy.

How to Strategize for Labels

Build an extensible label_encodings file

Create a file that can be modified without affecting existing label definitions.

How to Plan the Encodings File

How to Strategize for Labels

  1. Allow time to build a correct label_encodings file.

    Building the encodings for a site and making the encodings correct can be a time-consuming process. A system cannot be configured until the correct label_encodings file is installed.

  2. Know your site's security policy.

    Many sites already have a security policy that was developed according to government methods. Commercial businesses, even businesses that do not have much experience in planning labeled security, can start by examining their goals for information protection. These goals can be used to make some common-sense decisions about how to use labels. If the company has developed legal requirements for labeling printed information and email, those guidelines are a good place to start.

    • For an example, see Chapter 6, Example: Planning an Organization's Labels.

    • For more about setting up your site's security policy, see Appendix A, Site Security Policy, in Solaris Trusted Extensions Installation and Configuration .

  3. Study the U. S. government label encodings file.

    The government's description of the file is in the Compartmented Mode Workstation Labeling: Encodings Format : Defense Intelligence Agency document [DDS-2600-6216-93].

  4. Customize the LOCAL DEFINITIONS section for your site.

    For suggestions and examples, see Chapter 5, Customizing LOCAL DEFINITIONS .

  5. Finalize your encodings before installing Trusted Extensions.

    Changing the label_encodings file on a running system is risky. For more information, see the label_encodings ( 4 ) man page.

How to Plan the Encodings File

The following practices help create a correct label_encodings file that can be safely extended later.

Note

For CLASSIFICATIONS and, COMPARTMENTS, the security administrator role can later change the textual representation. However, the integer and bit values cannot be changed without potentially serious complications.

  1. Create a label_encodings file.

    For ideas, see Sources for Encodings Files. For the procedure, see Managing Label Encodings (Task Map).

  2. Leave room to add items.

    1. Leave gaps when you number classifications.

      For example, you could number classifications in increments of 10. The increments allow intermediate classifications to be added later.

    2. Leave gaps in compartment bits.

      Space compartment bit numbers for possible later additions.

    3. Reserve some initial compartment bits for later definition.

      If your site uses inverse compartments, see Default and Inverse Words. To learn more about inverse compartments, see the DIA reference, Compartmented Mode Workstation Labeling: Encodings Format .

  3. Determine classifications for the site.

    As described in Figure 1–2, the total number of classification values that you can use is 254. Do not use classification 0.

    The system treats a classification value of 10 as more security-sensitive than a classification value of 2. The textual representations are not used to determine security levels.

    The same classification value cannot be assigned to different names. Each classification must be higher or lower, or disjoint, from any other classification. No two labels can evaluate to the same level.

    A table can be used to plan classifications. For a completed example, see Table 6–2.

  4. Decide on compartments.

    Decide how data and programs are grouped. Decide whether any data or programs can be intermixed. For example, perhaps purchase order data should not be seen by programs that manage personnel files. Perhaps purchase order data should be accessible to programs that deal with shipment tracking problems.

    At this point, do not consider users. Think in terms of what, not who.

  5. Design the names.

    CLASSIFICATIONS and WORDS in the label_encodings file have two forms: a mandatory long name and an optional short name. Short names can be entered interchangeably with long names when labels are being specified.

  6. Arrange the relationships.

    Compartments are not intrinsically hierarchical. However, compartments can be configured to have hierarchical relationships. Before setting up relationships, study the example section of Compartmented Mode Workstation Labeling: Encodings Format .

    One way to make this step easier is to use a large board and pieces of paper that are marked with your classifications and compartments. For an example, see Figure 2–1. With this method, you can visualize the relationships and rearrange the pieces until they all fit together.

    Note

    Unless you are creating a set of encodings that must be compatible with another organization's labels, you can assign any valid number as a compartment bit. Keep track of the numbers that you use and their relations to each other.

    Figure 2.1. Sample Planning Board for Label Relationships

    Sample Planning Board for Label Relationships
  7. Decide which clearances to assign to which users.

    You can use a table to plan clearances. For a completed example, see Table 6–5.

    When you assign a clearance to a user, the classification must dominate all classifications at which the user can work. The clearance can be equal to the user's highest work classification. The compartments in the clearance must include all compartments that the user might need.

  8. Arrange the labels in order of increasing sensitivity.

  9. Associate the definitions for each word with an internal format of integers, bit patterns, and logical relationship statements.

    A table can be used to keep track of compartment bit assignments. For a completed example, see Table 6–4.

  10. Copy the WORDS section under SENSITIVITY LABELS to the INFORMATION LABELS section.

    Although Trusted Extensions does not support information labels, the INFORMATION LABELS: WORDS: section must be identical to the SENSITIVITY LABELS: WORDS: section to be a valid encodings file.

  11. Decide which colors should be associated with which labels.

    For suggestions and examples, see Specifying Colors for Labels.

  12. Analyze the label relationships.

    On a system that is configured with Trusted Extensions, use the chk_encodings -a command to write a detailed report on the label relationships in your file.

    # chk_encodings -a encodings-file