Table of Contents
The label_encodings file contains a VERSION specification
and seven mandatory sections: CLASSIFICATIONS, INFORMATION
LABELS, SENSITIVITY LABELS, CLEARANCES, CHANNELS, PRINTER BANNERS, and ACCREDITATION
RANGE. The sections must appear in the order given. An optional LOCAL DEFINITIONS section can follow.
In the following table, Mandatory keyword means only that the keyword must be present. Not all keywords must have definitions. The notes for each section indicate what must be defined and what is optional.
Table 3.1. Label Encodings Keywords
|
Section |
Notes |
|---|---|
|
Mandatory keyword. The version specification is the single keyword | |
|
Mandatory keyword. At least one classification must be defined | |
|
Mandatory keywords. Even though information labels are not used in Trusted Extensions software, you must assign one bit to an information label word for each bit that you assign to a sensitivity label word. The sensitivity label words are defined in the following section. | |
|
|
Mandatory keywords. |
|
|
Mandatory keywords. One bit must be assigned to a clearance word for any sensitivity label word that you have defined. Clearance labels can allow combinations of words that have been disallowed in the definitions for sensitivity label words. |
|
Mandatory keyword. | |
|
Mandatory keyword. | |
|
Mandatory keyword. A rule must be defined for each classification name. The minimum clearance, minimum sensitivity label, and minimum protect as classification must be defined. | |
|
Optional keyword. |
For all the required sections, the keywords in the preceding table must
be present, but not all of the sections must have definitions. For example,
a label_encodings file with only CLASSIFICATIONS and ACCREDITATION RANGE definitions is valid.
The order in which words are configured for sensitivity labels and clearances
is not enforced. However, the order is important when setting up relationships
between words. By convention, the WORDS in the SENSITIVITY
LABELS section are arranged in increasing order of importance.
For the effect of word order, see Specifying Channels of Chapter 4, Labeling Printer Output (Tasks). Detailed information is provided in Compartmented Mode Workstation Labeling: Encodings Format .
If a compartment word is defined for one type of label (by assigning
the compartment word to one or more bits) in the label_encodings file,
then the same bits must be assigned to a word in the definition of the other
types of labels. While all types of labels use the same classification names,
the words that are used for each type of label can be different. The words
can be different even when they are encoded with the same bits and literally
refer to the same thing. Clearance labels can allow combinations of words
that have been disallowed in the definitions for sensitivity labels words.
The classification is the hierarchical portion of a label. Each
label has one and only one classification. A site can define up to 255 classifications.
An integer value from 1 to 255 can be assigned to a classification in the label_encodings file. The value 0 is reserved for the ADMIN_LOW administrative label. The value 32,767 is reserved for the ADMIN_HIGH administrative label. For an illustration, see Figure 1–2.
Classifications are defined once for clearances and for sensitivity
labels in the CLASSIFICATIONS section of the label_encodings file.
A classification with a higher value dominates a classification
with a lower value. The following table shows two sets of label names that
are assigned the same values in different encodings files. The left column
shows sample sensitivity labels from the label_encodings.example file.
The middle column shows labels from the label_encodings.gfi.multi file.
A label with the Registered or Top Secret classification,
with a value of 6, dominates the labels that are listed in its column.
|
Commercial Example |
U.S. Government Example |
Value |
|---|---|---|
|
|
|
6 |
|
|
|
5 |
|
|
|
4 |
|
|
|
1 |
The following list describes the keywords that can be defined for classifications. For examples of initial compartment definitions, see Default and Inverse Words.
name=
Cannot contain (/) or (,) or (;). All other alphanumeric characters
and white space are allowed. Users can enter either the name or
the sname or the aname when specifying
labels.
sname=
Required in classifications only. The short name appears in sensitivity labels in brackets.
aname=
Optional. Name that can be entered by users when a classification is needed.
value=
The values that you assign should represent the actual hierarchy
among the classifications. The values should leave room for later expansion. 0 is reserved for ADMIN_LOW. Values can start
at 1 and go to 255.
initial compartments=
Optional. Specify bit numbers for any default compartment words. Default compartment words are words that should initially appear in any label that has the associated classification.
Advanced: Specify bit numbers for any inverse words. The minimum classification should not have initial compartments.
initial markings=
Obsolete. Do not define.
The following example shows the top of the label_encodings.multi file.
Example 3.1. Classifications With Initial Compartments
in label_encodings.multi
VERSION= Trusted Solaris Multi-Label Sample Version - 5.6 05/07/27 * * WARNING: If CIPSO Tag Type 1 network labels are to be used: * * a) All CLASSIFICATIONS values must be less than or equal to 255. * b) All COMPARTMENTS bits must be less than or equal to 239. * CLASSIFICATIONS: * name= UNCLASSIFIED; sname= U; value= 1; name= CONFIDENTIAL; sname= C; value= 4; initial compartments= 4-5 190-239; name= SECRET; sname= S; value= 5; initial compartments= 4-5 190-239; name= TOP SECRET; sname= TS; value= 6; initial compartments= 4-5 190-239;
Each classification has the mandatory name, sname, and value fields. The CONFIDENTIAL, SECRET, and TOP SECRET classifications have initial compartments. The lowest classification, UNCLASSIFIED,
has no initial compartments.
The initial compartment bit assignments of 4-5 and 190-239 signify that bits 4, 5, and 190 through 239 are turned on.
These bits are set to 1 in a label with this classification.
Some of the initial compartments are later used to define default and inverse words. Some initial compartments are reserved for possible later definitions of inverse words.
The following example shows a set of classifications that have no initial compartments.
Example 3.2. Classifications With No Initial Compartments
in label_encodings.example
CLASSIFICATIONS: name= PUBLIC; sname= PUBLIC; value= 1; name= INTERNAL_USE_ONLY; sname= INTERNAL; aname= INTERNAL; value= 4; name= NEED_TO_KNOW; sname= NEED_TO_KNOW; aname= NEED_TO_KNOW; value= 5; name= REGISTERED; sname= REGISTERED; aname= REGISTERED; value= 6;
When a bit is defined as an initial compartment, the bit is set to 1 in every label that contains the classification. Any bit that
is specified for an initial compartment can be defined later in the label_encodings file as a default word or an inverse
word.
A default compartment word is a word that appears in any label that contains the classification.
An inverse compartment word is a word that appears in a label that has the associated classification when another word that you define with the inverse compartment's bit is not present.
Example 3.3. Assigning Initial Compartments
In this example, the PUBLIC classification is assigned
no initial compartments, while the WEB COMPANY classification
is assigned initial compartments 4 and 5. A label that includes the PUBLIC classification has no default compartments. A label that includes
the WEB COMPANY classification always has compartment bits
4 and 5 turned on.
name= PUBLIC; sname= P; value= 1; name= WEB COMPANY; sname= WEBCO; value= 4; initial compartments= 4-5
The following section shows how these initial compartment bits can be assigned to words.
Example 3.4. Defining Default and Inverse SENSITIVITY
LABELS Words
In this example, compartment bits 4 and 5 are assigned to the word DIVISION ONLY. Each compartment bit is also associated with an inverse
word. WEBC AMERICA is assigned to the inverse compartment
bit ~4. WEBC WORLD is assigned to the inverse compartment
bit ~5. These assignments have the following results:
A sensitivity label with the WEB COMPANY classification
initially includes the word DIVISION ONLY. The label's
binary representation has the compartment bits 4 and 5 turned on.
A sensitivity label with the PUBLIC classification
always has compartment bits 4 and 5 turned off. The words WEBC AMERICA and WEBC WORLD are included in the label.
Because a minclass of IUO is specified for the inverse words, WEBC AMERICA and WEBC WORLD are not displayed
in the PUBLIC sensitivity label. The presence of these
two inverse words is understood.
SENSITIVITY LABELS: WORDS: name= DIVISION ONLY; sname= DO; minclass= WEB COMPANY; compartments= 4-5; name= WEBC AMERICA; sname= WEBCA; minclass= WEB COMPANY; compartments= ~4; name= WEBC WORLD; sname= WEBCW; minclass= WEB COMPANY; compartments= ~5;
Compartments are optional words that can be defined to appear in labels. Compartments are called categories in some other trusted systems. Compartments are used to indicate the special handling procedures to be used for the information whose label contains the compartment and the general class of people who might have access to the information.
Compartment words are assigned to non-hierarchical bits. However, hierarchies can be established between compartment words. These hierarchies are based on rules for including bits from one compartment word in the bits that are defined for another compartment word.
Compartment words are optionally defined in the WORDS subsection
for each label type. Each compartment word is assigned to one or more bits.
While all types of labels use the same classifications, the words that are used for each type of label can be different. The words can be different even when they are encoded with the same bits and literally refer to the same thing.
The following example shows the WEB COMPANY compartment
word. The word is specified with a short name (sname) of WEBCO and compartment bits 40-50.
Example 3.5. Sample Compartment Definition for a Sensitivity Label
WORDS: name= WEB COMPANY; sname= WEBCO; compartments= 40-50;
Along with its classification field, each label has a 256-bit compartment field, of which 239 are available for CIPSO labels. Each bit is assignable in zero or more compartment words. Each word can have one or more compartment bits assigned. Out of the 239 available bits, many compartment words can be created. For an example, see the compartments planner in Table 6–3.
The classification, compartments, and combination requirements affect
the accreditation range. The ACCREDITATION RANGE for each
classification setting should be one of the following strings:
only valid compartment combinations;
all compartment combinations valid;
all compartment combinations valid except;
Hierarchical compartments can be used to differentiate between documents that are available to everyone in a larger group, and documents that are available to subgroups only.
Example 3.6. Using Bit Combinations to Establish Hierarchies
By defining a word that uses one bit and a second word that uses that same bit along with a second bit, you define a hierarchical relationship between the two words. The compartment word that is more general must be defined below the word that is more specific. For example, by defining a word that uses bit number 1 and another word that uses bits number 1 and 2, you give the two words a hierarchical relationship.
In this example, a Sales compartment is defined with two subcompartments, Direct Sales, and Indirect Sales. A single classification that is named WebCo is previously defined.
name= Direct_Sales; compartments= 1, 2 name= Indirect_Sales; compartments= 1, 3 name= Sales; compartments= 1
This definition allows the WebCo company to differentiate between documents that can be accessed by anyone in the entire sales force, documents that can be accessed only by members of the indirect sales force, and documents that can be accessed only by members of the direct sales force.
The security administrator gives the WebCo Direct_Sales clearance to employees in the direct sales organization. The WebCo Indirect_Sales clearance is given to employees in the indirect sales organization.
Documents created by anyone working at the WebCo Direct_Sales label get the same label, so the documents are only accessible to employees in the direct sales department.
Anyone in the indirect or direct sales forces can work at the WebCo Sales label because the compartment word Sales is below both the Direct_Sales and Indirect_Sales words. Creating documents at the WebCo Sales label makes the documents available to everyone in the Sales department.
Example 3.7. Using REQUIRED COMBINATIONS to
Establish Hierarchies
If two words are specified together in the REQUIRED COMBINATIONS section,
the second label is added to the label whenever the first word is used.
In this example, the definition of the Direct Sales, Indirect_Sales, and Sales serves essentially the same effect as the example in Example 3–6. The difference is that the Direct_Sales word will always have the Sales word with it
name= Direct_Sales; compartments= 2 name= Indirect_Sales; compartments= 3 name= Sales; compartments= 1 REQUIRED COMBINATIONS: Direct_Sales Sales Indirect_Sales Sales