z/OS Version 2 Release 3 Planning for Multilevel Security and the Common Criteria IBM GA32-0891-30 Note Before using this information and the product it supports, read the information in “Notices” on page 163. This edition applies to Version 2 Release 3 of z/OS (5650-ZOS) and to all subsequent releases and modifications until otherwise indicated in new editions. Last updated: 2019-06-25 © Copyright International Business Machines Corporation 1994, 2019. US Government Users Restricted Rights – Use, duplication or disclosure restricted by GSA ADP Schedule Contract with IBM Corp. Contents Figures................................................................................................................ vii Tables.................................................................................................................. ix About this document.............................................................................................xi Who should read this document................................................................................................................. xi How this document is organized.................................................................................................................xi How to use this document..........................................................................................................................xii Prerequisite and related information.........................................................................................................xii How to send your comments to IBM.....................................................................xiii If you have a technical problem................................................................................................................xiii Summary of changes............................................................................................xv Changes made in z/OS Version 2 Release 3.............................................................................................. xv Changes made in z/OS Version 2 Release 2 as updated in March 2016..................................................xvi Changes made in z/OS Version 2 Release 1............................................................................................. xvi Changes made in z/OS Version 1 Release 13.......................................................................................... xvii Chapter 1. What is multilevel security?.................................................................. 1 History.......................................................................................................................................................... 1 Characteristics of a multilevel-secure system............................................................................................ 3 Access controls.......................................................................................................................................3 Object reuse............................................................................................................................................4 Accountability.........................................................................................................................................5 Labeling hardcopy with security information........................................................................................ 5 The name-hiding function...................................................................................................................... 5 Write-down............................................................................................................................................. 6 Performance........................................................................................................................................... 6 The trusted computing base........................................................................................................................6 Hardware................................................................................................................................................ 7 Software..................................................................................................................................................7 Chapter 2. Security labels......................................................................................9 Defining security labels................................................................................................................................9 Security labels that the system creates.................................................................................................... 10 Assigning a security label to a subject or resource...................................................................................11 Using security labels..................................................................................................................................12 Mandatory access control (MAC)......................................................................................................... 12 Discretionary access control (DAC) checking......................................................................................16 Security labels for data transferred to tape or DASD................................................................................16 Security labels and data set allocation..................................................................................................... 16 Printing security information on hardcopy output.................................................................................... 17 Changing a security label...........................................................................................................................17 Using security labels with z/OS UNIX System Services............................................................................18 Associating security labels with remote users....................................................................................18 Assigning a home directory and initial program depending on security label....................................19 Security labels and the su command...................................................................................................20 Security labels for z/OS UNIX files and directories.............................................................................20 iii Security label processing for communications between z/OS UNIX processes................................ 22 Using system-specific security labels in a sysplex................................................................................... 24 Defining and activating system-specific security labels..................................................................... 24 Shared file system environment and system-specific security labels................................................25 SETROPTS options that control the use of security labels....................................................................... 26 The COMPATMODE and NOCOMPATMODE options............................................................................ 27 The MLACTIVE and NOMLACTIVE options.......................................................................................... 27 The MLFSOBJ option............................................................................................................................28 The MLIPCOBJ option.......................................................................................................................... 29 The MLNAMES and NOMLNAMES options...........................................................................................29 The MLQUIET and NOMLQUIET options..............................................................................................30 The MLS and NOMLS options............................................................................................................... 30 The MLSTABLE and NOMLSTABLE options..........................................................................................31 The SECLABELAUDIT and NOSECLABELAUDIT options.....................................................................31 The SECLABELCONTROL and NOSECLABELCONTROL options.......................................................... 32 The SECLBYSYSTEM and NOSECLBYSYSTEM options........................................................................ 32 Chapter 3. Establishing multilevel security...........................................................33 In this topic................................................................................................................................................ 33 The physical environment......................................................................................................................... 33 The hardware configuration.......................................................................................................................33 The software configuration........................................................................................................................34 Required software................................................................................................................................ 34 z/OS elements and features that do not support multilevel security.................................................35 z/OS elements and features that partially support