![]() At first login, the desktop workspaces are at the label Public. A user could be assigned Public as the minimum sensitivity label and Confidential: Need to Know as the clearance. After login, the user can choose to work at other labels within this range. This label is used by default during login to a multilevel desktop session. In addition, each user has a minimum sensitivity A special label, known as the user clearance, determines the highest label at which a user is permitted to work. Trusted Extensions maintains two types of labels: sensitivity labels and clearances.Ī user can be cleared to work at one or more sensitivity labels. As the figure shows, five labels are defined by this organization. Public and Max Label have no compartments. In Figure 1–2, the Confidential classification has three exclusive compartments. A classification does not have to have a compartment. The terms on the right are compartments.Ĭompartments, also referred to as categoriesĪ compartment represents a grouping, such as a work group,ĭepartment, project, or topic. The terms on the left are classifications. Unique classificationsĬan be established by a company. Industry classifications are not as standardized. Government, the classifications are TOP SECRET, SECRET, CONFIDENTIAL, and UNCLASSIFIED. When applied to data, aĬlassification is the degree of protection that is required. When applied to people, the classification represents a measure of trust. This component indicates a hierarchical level of security. Ĭlassification, also referred to as a level.Sensitivity Labels and ClearancesĪ label has the following two components: In all cases, users cannot take any action that is contrary to MAC policy. Regular users cannot see objects unless they have MAC access to those objects. However, the administrator can create a labeled environment in which few lower-level objects or no lower-level objects are available.īy default, MAC policy is invisible to you. ![]() ![]() MAC policy permits processes to read data from objects at the same In general, processes cannot store information or communicate with other processes, unless the label of the destination is equal to the label of the process. MAC policy uses this label inĪccess control decisions. The system associates a sensitivity label with all processes that are created to execute programs. Mandatory access control (MAC) is a system-enforced access control mechanism that is based on label relationships. Workspace Security in Trusted Extensions.Password Security in the Oracle Solaris OS.Files and Applications in Trusted Extensions.Chapter 4 Elements of Trusted Extensions.How to Downgrade Data in a Multilevel Dataset.How to Upgrade Data in a Multilevel Dataset.How to Switch to a Workspace at a Different.How to Assume a Role in Trusted Extensions.How to Deallocate a Device in Trusted Extensions.How to Allocate a Device in Trusted Extensions.How to Change Your Password in Trusted Extensions.How to Perform Some Common Desktop Tasks in Trusted Extensions.How to Interactively Display a Window Label.How to Access Initialization Files at Every Label.How to Access the Trusted Extensions Man.How to View Your Files in a Labeled Workspace.Visible Desktop Security in Trusted Extensions.Chapter 3 Working in Trusted Extensions.How to Log In to a Remote Trusted Extensions Desktop.Logging In Remotely to Trusted Extensions.Identify and Authenticate Yourself to the System.Review Security Attributes During Login.Identification and Authentication During Login.Chapter 2 Logging In to Trusted Extensions.Administration by Role in Trusted Extensions.Accessing Applications in Trusted Extensions.Trusted Extensions Enables Secure Administration.Erasing Data on Objects Prior to Object Reuse.Trusted Extensions Separates Information by Label.User Responsibilities for Protecting Data.Trusted Extensions Provides Discretionary and Mandatory Access Control.Programs That Spoof Users Are Prevented.Mandatory Access Control Protects Information.Access to the Trusted Computing Base Is Limited.Trusted Extensions Protects Against Intruders.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |