Skip Navigation Links | |
Exit Print View | |
Compartmented Mode Workstation Labeling: Encodings Format Oracle Solaris 11.1 Information Library |
2. Structure and Syntax of Encodings File
4. Information Label Encodings
5. Sensitivity Label, Clearance, Channels, and Printer Banner Encodings
6. Accreditation Range and Name Information Label Encodings
7. General Considerations for Specifying Encodings
Consistency of Word Specification among Different Types of Labels
Mandatory Access Control Considerations When Encoding Words
Encoding Non-MAC-Related Words
Using Initial Compartments and Markings to Specify Inverse Compartment and Marking Bits
Using Prefixes to Specify Special Inverse Compartment and Marking Bits
Avoiding "Loops" In Required Combinations
Relationships between Required Combinations and Combination Constraints
Restrictions on Specifying Information Label Combination Constraints
Modifying Encodings Already Used by the System
Consistency of Default Word Specification
8. Enforcing Proper Label Adjudications
A. Encodings Specifications Error Messages
The fact that information labels must be dominated by their associated sensitivity label, and that sensitivity labels specified by a user must be dominated by that user's clearance, places some constraints on what words can be added to certain labels. For example, if adding a word to an information label raises the information label such that it is no longer dominated by the associated sensitivity label, then that word is not visible in the information label. Similarly, if adding a word to a sensitivity label raises the sensitivity of the label such that it is no longer dominated by the associated user's clearance, then that word is not visible in the sensitivity label.
It is important that any word required by another word in a required combination be visible whenever the requiring word is visible. For example, given the required combination:
A B
which means A requires B, word B must be visible whenever word A is visible. If B were not visible at some point when A was visible, a situation could occur whereby A could legally be added to a label, were it not for the fact that doing so would require also adding B, which would violate a dominance relationship. Such a situation must be prevented by careful construction of required combinations. There are no restrictions on required combinations of words with only marking bits (i.e., no compartment bits) associated, because marking bits do not participate in the dominance relationships mentioned above.
One practical ramification of this restriction is that 1) sensitivity label required combinations should not be more restrictive than the equivalent clearance restrictions, and that 2) information label required combinations should not be more restrictive than the equivalent sensitivity label restrictions. A concrete example of this problem can be taken from the sample encodings in Appendix B, Annotated Sample Encodings.
Consider the SA and CC compartments in the CLEARANCES: and SENSITIVITY LABELS: encodings. The REQUIRED COMBINATIONS: in both of these sections are:
SB B SA A
Now, consider the same where an additional required combination is added to only the SENSITIVITY LABELS: encodings:
SA CC
This additional required combination, which makes the sensitivity label required combinations more restrictive than those for clearances, specifies that if SA is present in a sensitivity label, CC must also be present. Now consider the case of a user with the clearance TS A B SA SB. Such a clearance is perfectly valid according to the encodings, but such a user can never put SA in a sensitivity label because SA requires CC, yet the user is not cleared for CC.