Trusted Solaris Operating System - Technical FAQs
QuestionI need to provide MAC protection for hundreds of users. How many compartments can Trusted Solaris handle? AnswerThe number of compartments available depends on whether you are using 1-bit or large (multiple-bit) compartment words. (A compartment word is a character string that represents one or more compartment bits in a clearance or label, or information label.) With 1-bit compartment words, there are 256 compartments available. If you use multiple-bit compartment words, the number of compartments is limitless for all practical purposes, but there are potential issues with disjointedness and hierarchical compartments. These issues can be avoided and/or used to advantage depending on the usage model. For example, setting up a pool of disjoint labels for a class of users ensures that no users will be able to access data at any labels other than their own labels. WARNING: Since other parts of the Trusted Solaris environment may not scale well to huge numbers, we recommend you seek assistance from Sun when planning large-scale MAC protection. If you are considering large numbers of compartments, please send us your requirements. Two general methods for providing disjoint labelss to large (more than 256) numbers of users/groups are:
For both methods, you set the number of compartment bits in the labels at a fixed length. These compartment bits must be selected from mutually exclusive sets of compartment bits. In the large compartment word approach, each labels contains one multiple-bit compartment word and is disjoint from all other labelss with the same classification. In the 1-bit compartment word method, each labels contains the same number of compartments, which are combined to form a unique, disjoint labels. Compartments may be used in other labelss as well to form other unique combinations. Example 1Creating Disjoint labelss Using Multiple-Bit Compartment Words This example uses a person's Social Security number to define a unique compartment. (For any non-U.S. readers, the Social Security number is a 9-digit number assigned to every citizen by the U.S. government for old-age and survivors insurance.) Each compartment word contains 9 bits selected from nine 10-bit sets. The example uses the set of bits 1-10 to define the user's first Social Security number digit, bits 11-20 to define the second, and so on. The total number of possible compartment combinations is one billion. The bit pattern for a user with the Social Security number 111-22-3333 is shown below.
The corresponding entry in the label_encodings file would be:
Example 2Creating Disjoint labelss Using 1-Bit Compartment Word Combinations This example creates a disjoint labels for each department in a large corporation. Each labels has at least four 1-bit compartments, representing operating company, group, division, and department. This scheme allows for 10 operating companies (selected from bits 1-10), 20 groups (from bits 11-30), 20 divisions (from bits 31-50), and 30 departments (from bits 51-80). In total, 10 x 20 x 20 x 30 or 120,000 disjoint labelss can be formed for each classification. The compartments for the labels internal-use-only xyzco abcgroup sales orderentry are shown in the following figure. (Note that internal-use-only is the classification.)
The corresponding compartment definitions in the label encodings
file are:
|
| |||||||||||||||||||||||||||||||||
 | | |||||||||||||||||||||||||||||||||
