Follow Techotopia on Twitter

On-line Guides
All Guides
eBook Store
iOS / Android
Linux for Beginners
Office Productivity
Linux Installation
Linux Security
Linux Utilities
Linux Virtualization
Linux Kernel
System/Network Admin
Programming
Scripting Languages
Development Tools
Web Development
GUI Toolkits/Desktop
Databases
Mail Systems
openSolaris
Eclipse Documentation
Techotopia.com
Virtuatopia.com
Answertopia.com

How To Guides
Virtualization
General System Admin
Linux Security
Linux Filesystems
Web Servers
Graphics & Desktop
PC Hardware
Windows
Problem Solutions
Privacy Policy

  




 

 

Solaris Trusted Extensions User's Guide
Previous Next

Visible Features of Trusted Extensions

After you have successfully completed the login process, as explained in Chapter 2, Logging In to Trusted Extensions (Tasks), you can work within Trusted Extensions. Your work is subject to security restrictions. Restrictions that are specific to Trusted Extensions include the label range of the system, your clearance, and your choice of a single-level or multilevel session. As the following figure illustrates, four features distinguish a system that is configured with Trusted Extensions from a Solaris system.

Figure 4-1 Multilevel Trusted CDE Desktop
Screen shows labels on windows and icons, the trusted stripe with the trusted symbol and workspace label.

  • Label displays – All windows, workspaces, files, and applications have a label. The desktop provides stripes and other indicators for viewing an entity's label.

  • Trusted stripe – This stripe is a special graphical security mechanism. In Solaris Trusted Extensions (CDE), the trusted stripe is always displayed at the bottom of the screen. In Solaris Trusted Extensions (GNOME), the stripe is displayed at the top of the screen.

  • Limited access to applications from the workspace – The workspace provides access only to those applications that are permitted in your user account.

  • Trusted Path menu – In Trusted CDE, the switch area in the Front Panel provides access to the Trusted Path menu, which is used to perform security-related tasks. In Trusted GNOME, the trusted symbol provides access to the menu.

Labels on Trusted Extensions Desktops

As discussed in Mandatory Access Control, all applications and files in Trusted Extensions have labels. Trusted Extensions displays labels in the following locations:

  • Window label stripes above the window title bar

  • Window icon label stripes under the minimized window

  • Window label indicator in the trusted stripe

  • Query window label indicator from the Trusted Path menu that displays the label of the window or icon that is specified by the pointer location

Figure 4-1 shows how labels display on a system that is configured to display labels. The system is using Trusted CDE as its desktop. A site can also be configured to hide labels. Even if your administrator has configured the system to hide labels, labeling is still in effect. The Query Window Label menu item can be used to display the label of a window. For an illustration, see Figure 3-4.

Trusted Stripe

In Trusted CDE, the trusted stripe appears in a reserved area at the bottom of the screen in all Trusted Extensions sessions. In Trusted GNOME, the trusted stripe appears at the top of the screen.

The purpose of the trusted stripe is to give you a visual confirmation that you are in a legitimate Trusted Extensions session. The stripe indicates when you are interacting with the trusted computing base (TCB). The stripe also displays the labels of your current workspace and current window. The trusted stripe cannot be moved or obscured by other windows or dialog boxes.

In Trusted CDE, the trusted stripe has two elements:

  • The trusted symbol – Displays when the screen focus is security-related.

  • The window label – Optional. Displays the label of the active window.

In Trusted GNOME, the trusted stripe has two additional elements:

  • The current user name or role name – At the right of the trusted symbol, displays the name of the owner of new processes in the workspace.

  • Labeled windows – Displays the labels of all windows in the workspace.

Figure 4-2 PUBLIC Window Label in the Trusted Stripe
Screen shows the trusted stripe without the trusted symbol and with a workspace label of PUBLIC.
Trusted Symbol

Whenever you access any portion of the TCB, the trusted symbol appears at the left of the trusted stripe area. If your configuration suppresses labels, then the trusted symbol appears with the trusted stripe. In Trusted CDE, the symbol appears to the left of the Front Panel. In Trusted GNOME, the symbol appears at the left of the trusted stripe.

Illustration shows the trusted symbol.

The trusted symbol is not displayed when the pointer is focused in a window or area of the screen that does not affect security. The trusted symbol cannot be forged. If you see the symbol, you can be sure that you are safely interacting with the TCB.

Caution - If the trusted stripe is missing from your workspace, contact the security administrator. The problem with your system could be serious.

The trusted stripe should not appear during login, or when you lock your screen. If the trusted stripe shows, contact the administrator immediately.

Window Label Indicator

The Window Label indicator displays the label of the active window. In a multilevel session, the indicator can help identify windows with different labels in the same workspace. The indicator can also show that you are interacting with the TCB. For example, when you change your password, the Trusted Path indicator displays in the trusted stripe.

Figure 4-3 Trusted Path Indicator in the Trusted Stripe
Screen shows the trusted stripe without the trusted symbol and with a label of Trusted Path.
Previous Next

 
 
  Published under the terms fo the Public Documentation License Version 1.01. Design by Interspire