Solaris Trusted Extensions
Encyclopedia
Solaris Trusted Extensions is a set of security extensions incorporated in the Solaris 10 operating system
by Sun Microsystems
, featuring a mandatory access control
model. It succeeds Trusted Solaris, a family of security-evaluated operating systems based on earlier versions of Solaris
.
Solaris 10 5/09 is Common Criteria
certified at Evaluation Assurance Level
EAL4+ against the CAPP, RBACPP, and LSPP protection profiles.
project.
Trusted Extensions additions and enhancements include:
Solaris Trusted Extensions enforce a mandatory access control policy on all aspects of the operating system, including device access, file, networking, print and window management services. This is achieved by adding sensitivity labels to objects, thereby establishing explicit relationships between these objects. Only appropriate (and explicit) authorization allows applications and users read and/or write access to the objects.
The component also provides labeled security features in a desktop environment. Apart from extending support for the Common Desktop Environment
from the Trusted Solaris 8 release, it delivers the first labeled environment based on GNOME
. Solaris Trusted Extensions facilitate the access of data at multiple classification levels through a single desktop environment.
Solaris Trusted Extensions also delivers labeled device access and labeled network communication (through the CIPSO standard).
CIPSO is used to pass security information within and between labeled zones.
Solaris Trusted Extensions complies with the Federal Information Processing Standard
(FIPS).
Trusted Solaris 8 was the basis for the DoDIIS Trusted Workstation program.
Operating system
An operating system is a set of programs that manage computer hardware resources and provide common services for application software. The operating system is the most important type of system software in a computer system...
by Sun Microsystems
Sun Microsystems
Sun Microsystems, Inc. was a company that sold :computers, computer components, :computer software, and :information technology services. Sun was founded on February 24, 1982...
, featuring a mandatory access control
Mandatory access control
In computer security, mandatory access control refers to a type of access control by which the operating system constrains the ability of a subject or initiator to access or generally perform some sort of operation on an object or target...
model. It succeeds Trusted Solaris, a family of security-evaluated operating systems based on earlier versions of Solaris
Solaris Operating System
Solaris is a Unix operating system originally developed by Sun Microsystems. It superseded their earlier SunOS in 1993. Oracle Solaris, as it is now known, has been owned by Oracle Corporation since Oracle's acquisition of Sun in January 2010....
.
Solaris 10 5/09 is Common Criteria
Common Criteria
The Common Criteria for Information Technology Security Evaluation is an international standard for computer security certification...
certified at Evaluation Assurance Level
Evaluation Assurance Level
The Evaluation Assurance Level of an IT product or system is a numerical grade assigned following the completion of a Common Criteria security evaluation, an international standard in effect since 1999. The increasing assurance levels reflect added assurance requirements that must be met to...
EAL4+ against the CAPP, RBACPP, and LSPP protection profiles.
Overview
Certain Trusted Solaris features, such as fine-grained privileges, are now part of the standard Solaris 10 release. Beginning with Solaris 10 11/06, Solaris now includes a component called Solaris Trusted Extensions which gives it the additional features necessary to position it as the successor to Trusted Solaris. Inclusion of these features in the mainstream Solaris release marks a significant change from Trusted Solaris, as it is no longer necessary to use a different Solaris release with a modified kernel for labeled security environments. Solaris Trusted Extensions is an OpenSolarisOpenSolaris
OpenSolaris was an open source computer operating system based on Solaris created by Sun Microsystems. It was also the name of the project initiated by Sun to build a developer and user community around the software...
project.
Trusted Extensions additions and enhancements include:
- Accounting
- Role-Based Access ControlRole-Based Access ControlIn computer systems security, role-based access control is an approach to restricting system access to authorized users. It is used by the majority of enterprises with more than 500 employees, and can be implemented via mandatory access control or discretionary access control...
- Auditing
- Device Allocation
- Mandatory Access Control Labeling
Solaris Trusted Extensions enforce a mandatory access control policy on all aspects of the operating system, including device access, file, networking, print and window management services. This is achieved by adding sensitivity labels to objects, thereby establishing explicit relationships between these objects. Only appropriate (and explicit) authorization allows applications and users read and/or write access to the objects.
The component also provides labeled security features in a desktop environment. Apart from extending support for the Common Desktop Environment
Common Desktop Environment
The Common Desktop Environment is a desktop environment for Unix and OpenVMS, based on the Motif widget toolkit.- Corporate history :...
from the Trusted Solaris 8 release, it delivers the first labeled environment based on GNOME
GNOME
GNOME is a desktop environment and graphical user interface that runs on top of a computer operating system. It is composed entirely of free and open source software...
. Solaris Trusted Extensions facilitate the access of data at multiple classification levels through a single desktop environment.
Solaris Trusted Extensions also delivers labeled device access and labeled network communication (through the CIPSO standard).
CIPSO is used to pass security information within and between labeled zones.
Solaris Trusted Extensions complies with the Federal Information Processing Standard
Federal Information Processing Standard
A Federal Information Processing Standard is a publicly announced standardization developed by the United States federal government for use in computer systems by all non-military government agencies and by government contractors, when properly invoked and tailored on a contract...
(FIPS).
Trusted Solaris history
- 2000 Trusted Solaris 8 - Common Criteria Evaluated: CAPP, RBACPP, LSPP at EAL4+
- 1999 Trusted Solaris 7
- 1996 Trusted Solaris 2.5.1 - ITSEC Certified for E3 / F-B1
- 1995 Trusted Solaris 1.2 - ITSEC Certified for E3 / F-B1
- 1992 SunOS Compartmented Mode Workstation 1.0 - ITSEC Certified for E3 / F-B1
- 1990 SunOS Multilevel Security 1.0 - TCSEC Conformance (1985 Orange Book)
Trusted Solaris 8 was the basis for the DoDIIS Trusted Workstation program.