[Search for users] [Overall Top Noters] [List of all Conferences] [Download this site]

Conference smurf::dec_mls_plus

Title:dec_mls_plus
Moderator:SMURF::BAT
Created:Mon Nov 29 1993
Last Modified:Fri Jun 06 1997
Last Successful Update:Fri Jun 06 1997
Number of topics:534
Total number of notes:2544

472.0. "List of Sensitivity Levels?" by ADISSW::FERRARA () Thu Apr 10 1997 20:39

    
    I just installed MLS+ 4.0A, doing a default installation.
    
    I selected the default Encoding File.
    
    What are the possible Sensitivity Levels?
    
    How do I get a list of SL's?
    
    Thanks,
    BobF
T.RTitleUserPersonal
Name
DateLines
472.1Go to the horse's mouth...SMURF::SCHOFIELDRick Schofield, DTN 381-0116Fri Apr 11 1997 12:066
    You can read them directly from the Encodings file in
    (/etc/policy/macilb/Encodings).  Look for the header "SENSITIVITY
    LABELS" and you'll find them listed below.
    
    	Rick
    
472.2i shouldn't have had that second cup of teaSMURF::BATSegui la tua beatitudineFri Apr 11 1997 18:5459
    The NCSC used to use the terms "Sensitivity Levels" and "Sensitivity
    Labels" to mean two different things.  Our documentation may still make
    that distinction.  The term Level referred only to the hierarchical
    classification, and the term Label referred to the thing that is the
    combination of classification and zero or more non-hierarchical
    categories.  (Now, the Label is just the Lewis Carroll Name of a Level.
    :-).
    
    Classifications are defined in the first section of the Encodings file.  
    
    Categories are known in the Encodings file syntax as "compartments" 
    (although to be strictly in line with the newer NCSC terminology, it's
    my understanding that a compartment is really a [collection of things
    that are protected by the same] sensitivity label).
    
    The categories you can use in a sensitivity label are defined in the
    WORDS subsection of the SENSITIVITY LABEL section of the Encodings
    file.
    
    To see what labels (combinations of classification+categories) are
    valid at a glance,  you can also play with the dxchlevel tool,
    accessible from the Trusted Path menu as "Get/Set File Label", and it's
    "Change File Label: Change" menu.  Clicking OK with an attempts to make
    an illegal SL will get the "not in accreditation range" pop-up.
    
    The default Encodings file does not have many (or any? I cannot
    remember) implicit combination restrictions (e.g., the minimum
    classification for category A is CONFIDENTIAL) or explicit combination
    contraints (defined in the REQUIRED COMBINATIONS or COMBINATION
    CONTRAINTS subsections), so the list of valid labels is extensive.  For
    a more interesting Encodings file, try using the Encodings.MITRE
    version. To make it more useful, as well as more interesting:
    
    1.	Change the minimum clearance, minimum sensitivity label, and
    	minimum protect as classification to U.
    
    2.	Add this line:
    
    	name= SYSHI;	minclass= TS;	compartments= 0-6;
    
    	to the WORDS section of the SENSITIVITY LABELS and the CLEARANCES 
    	sections, before the first category (A) definition and after the 
    	prefix definitions.
    
    3.	In the INFORMATION LABELS WORDS section, move the line:
    
    	name= SYSHI;	minclass= TS; 	compartments= 0-6;    markings= 0-16;
    
    	so that it is between the first category name ("CC") and the
    	suffix "eyes only".
    
    When you are shifting from one flavor of these shipped Encodings files
    to another flavor which uses all the same definitions, you only need to
    copy your choice in place, e.g.,
    
    	cd /etc/policy/macilb
    	cp Encodings.MITRE.mod Encodings
    
    And restart dxchevel to see the effects of the new restrictions.