Trusted Solaris

Last updated May 02, 2019

Trusted Solaris is a discontinued security-evaluated operating system based on Solaris by Sun Microsystems, featuring a mandatory access control model.

An operating system (OS) is system software that manages computer hardware and software resources and provides common services for computer programs.

Solaris is a Unix operating system originally developed by Sun Microsystems. It superseded their earlier SunOS in 1993. In 2010, after the Sun acquisition by Oracle, it was renamed Oracle Solaris.

Sun Microsystems, Inc. was an American company that sold computers, computer components, software, and information technology services and created the Java programming language, the Solaris operating system, ZFS, the Network File System (NFS), and SPARC. Sun contributed significantly to the evolution of several key computing technologies, among them Unix, RISC processors, thin client computing, and virtualized computing. Sun was founded on February 24, 1982. At its height, the Sun headquarters were in Santa Clara, California, on the former west campus of the Agnews Developmental Center.

Features

Accounting
Role-Based Access Control
Auditing
Device allocation
Mandatory access control (MAC) labeling

Certification

Trusted Solaris 8 is Common Criteria certified at Evaluation Assurance Level EAL4+ against the CAPP, RBACPP, and LSPP protection profiles. It is the basis for the DoDIIS Trusted Workstation program. ^[1]

The Common Criteria for Information Technology Security Evaluation is an international standard for computer security certification. It is currently in version 3.1 revision 5.

The Evaluation Assurance Level of an IT product or system is a numerical grade assigned following the completion of a Common Criteria security evaluation, an international standard in effect since 1999. The increasing assurance levels reflect added assurance requirements that must be met to achieve Common Criteria certification. The intent of the higher levels is to provide higher confidence that the system's principal security features are reliably implemented. The EAL level does not measure the security of the system itself, it simply states at what level the system was tested.

Solaris Trusted Extensions

Features that were previously only available in Trusted Solaris, such as fine-grained privileges, are now part of the standard Solaris release. In the Solaris 10 11/06 update a new component called Solaris Trusted Extensions was introduced, making it no longer necessary to have a different release with a modified kernel for labeled security environments. Solaris Trusted Extensions is an OpenSolaris project.

Solaris Trusted Extensions is a set of security extensions incorporated in the Solaris 10 operating system by Sun Microsystems, featuring a mandatory access control model. It succeeds Trusted Solaris, a family of security-evaluated operating systems based on earlier versions of Solaris.

OpenSolaris Open source operating system from Sun Microsystems based on Solaris

OpenSolaris is a discontinued, open source computer operating system based on Solaris created by Sun Microsystems. It was also the name of the project initiated by Sun to build a developer and user community around the software. After the acquisition of Sun Microsystems in 2010, Oracle decided to discontinue open development of the core software, and replaced the OpenSolaris distribution model with the proprietary Solaris Express.

Solaris Trusted Extensions, when enabled, enforces a mandatory access control policy on all aspects of the operating system, including device access, file, networking, print and window management services. This is achieved by adding sensitivity labels to objects, thereby establishing explicit relationships between these objects. Only appropriate (and explicit) authorization allows applications and users read and/or write access to the objects.

The component also provides labeled security features in a desktop environment. Apart from extending support for the Common Desktop Environment from the Trusted Solaris 8 release, it delivered the first labeled environment based on GNOME.^[2] Solaris Trusted Extensions facilitates the access of data at multiple classification levels through a single desktop environment.

The Common Desktop Environment (CDE) is a desktop environment for Unix and OpenVMS, based on the Motif widget toolkit. It was part of the UNIX 98 Workstation Product Standard, and was for a long time the "classic" Unix desktop associated with commercial Unix workstations.

GNOME is a free and open-source desktop environment for Unix-like operating systems. GNOME was originally an acronym for GNU Network Object Model Environment, but the acronym was dropped because it no longer reflected the vision of the GNOME project.

Solaris Trusted Extensions also implements labeled device access and labeled network communication, through the Commercial Internet Protocol Security Option (CIPSO) standard. CIPSO is used to pass security information within and between labeled zones. Solaris Trusted Extensions complies with the Federal Information Processing Standards (FIPS).

Federal Information Processing Standards (FIPS) are publicly announced standards developed by the United States federal government for use in computer systems by non-military government agencies and government contractors.

Related Research Articles

OpenStep is a defunct object-oriented application programming interface (API) specification for a legacy object-oriented operating system, with the basic goal of offering a NeXTSTEP-like environment on non-NeXTSTEP operating systems. OpenStep was principally developed by NeXT with Sun Microsystems, to allow advanced application development on Sun's operating systems, specifically Solaris. NeXT produced a version of OpenStep for its own Mach-based Unix, stylized as OPENSTEP, as well as a version for Windows NT. The software libraries that shipped with OPENSTEP are a superset of the original OpenStep specification, including many features from the original NeXTSTEP.

A workstation is a special computer designed for technical or scientific applications. Intended primarily to be used by one person at a time, they are commonly connected to a local area network and run multi-user operating systems. The term workstation has also been used loosely to refer to everything from a mainframe computer terminal to a PC connected to a network, but the most common form refers to the group of hardware offered by several current and defunct companies such as Sun Microsystems, Silicon Graphics, Apollo Computer, DEC, HP, NeXT and IBM which opened the door for the 3D graphics animation revolution of the late 1990s.

Trusted Operating System (TOS) generally refers to an operating system that provides sufficient support for multilevel security and evidence of correctness to meet a particular set of government requirements.

This is a list of operating systems specifically focused on security. General-purpose operating systems may be secure in practice, without being specifically "security-focused".

In computer security, mandatory access control (MAC) refers to a type of access control by which the operating system constrains the ability of a subject or initiator to access or generally perform some sort of operation on an object or target. In practice, a subject is usually a process or thread; objects are constructs such as files, directories, TCP/UDP ports, shared memory segments, IO devices, etc. Subjects and objects each have a set of security attributes. Whenever a subject attempts to access an object, an authorization rule enforced by the operating system kernel examines these security attributes and decides whether the access can take place. Any operation by any subject on any object is tested against the set of authorization rules to determine if the operation is allowed. A database management system, in its access control mechanism, can also apply mandatory access control; in this case, the objects are tables, views, procedures, etc.

Multilevel security or multiple levels of security (MLS) is the application of a computer system to process information with incompatible classifications, permit access by users with different security clearances and needs-to-know, and prevent users from obtaining access to information for which they lack authorization. There are two contexts for the use of multilevel security. One is to refer to a system that is adequate to protect itself from subversion and has robust mechanisms to separate information domains, that is, trustworthy. Another context is to refer to an application of a computer that will require the computer to be strong enough to protect itself from subversion and possess adequate mechanisms to separate information domains, that is, a system we must trust. This distinction is important because systems that need to be trusted are not necessarily trustworthy.

Distributed Objects Everywhere (DOE) was a long-running Sun Microsystems project to build a distributed computing environment based on the CORBA system in the 'back end' and OpenStep as the user interface. First started in 1990 and announced soon thereafter, it remained vaporware for many years before it was finally released as NEO in 1995. It was sold for only a short period before being dropped in 1996. In its place is what is today known as Enterprise JavaBeans.

OpenWindows was a desktop environment for Sun Microsystems workstations which combined SunView, NeWS, and X Window System protocols. OpenWindows was included in later releases of the SunOS 4 and Solaris operating systems, until its removal in Solaris 9 in favor of Common Desktop Environment (CDE) and GNOME 2.0.

The XTS-400 is a multilevel secure computer operating system. It is multiuser and multitasking that uses multilevel scheduling in processing data and information. It works in networked environments and supports Gigabit Ethernet and both IPv4 and IPv6.

Oracle Secure Global Desktop (SGD) software provides secure access to both published applications and published desktops running on Microsoft Windows, Unix, mainframe and System i systems via a variety of clients ranging from fat PCs to thin clients such as Sun Rays.

In computing, the term remote desktop refers to a software or operating system feature that allows a personal computer's desktop environment to be run remotely on one system, while being displayed on a separate client device. Remote desktop applications have varying features. Some allow attaching to an existing user's session and "remote controlling", either displaying the remote control session or blanking the screen. Taking over a desktop remotely is a form of remote administration.

An automounter is any program or software facility which automatically mounts filesystems in response to access operations by user programs. An automounter system utility, when notified of file and directory access attempts under selectively monitored subdirectory trees, dynamically and transparently makes local or remote devices accessible.

Trusted Computer System Evaluation Criteria DoD standard for computer security

Trusted Computer System Evaluation Criteria (TCSEC) is a United States Government Department of Defense (DoD) standard that sets basic requirements for assessing the effectiveness of computer security controls built into a computer system. The TCSEC was used to evaluate, classify, and select computer systems being considered for the processing, storage, and retrieval of sensitive or classified information.

CimTrak is computer software for file integrity monitoring and regulatory compliance auditing. It assists in ensuring the availability and integrity of critical IT assets by detecting the root-cause and responding immediately to any unexpected changes to the host operating system, applications, and network devices located on the IT infrastructure. CimTrak works cross-platform and is supported on multiple Windows, Linux, Unix, and Macintosh operating systems. It is licensed as commercial software.

In information security, a guard is a device or system for allowing computers on otherwise separate networks to communicate, subject to configured constraints. In many respects a guard is like a firewall and guards may have similar functionality to a gateway.

Genode is a free and open-source operating system framework consisting of a microkernel abstraction layer and a collection of userspace components. The framework is notable as one of the few open-source operating systems not derived from a proprietary OS, such as Unix. The characteristic design philosophy is that a small trusted computing base is of primary concern in a security oriented OS.

References

↑ Michael Elgo (2004-11-11). "DTW - DODIIS Trusted Workstation" (PDF). Sun Microsystems. Archived from the original (PDF) on 2012-03-03. Retrieved 2019-04-17.
↑ "Solaris Trusted Extensions Data Sheet". Sun Microsystems. Archived from the original on 2010-07-26. Retrieved 2019-04-17.

External links

Official website
Solaris Trusted Extensions (Opensolaris) at the Wayback Machine (archived 2012-12-09)

This page is based on this Wikipedia article
Text is available under the CC BY-SA 4.0 license; additional terms may apply.
Images, videos and audio are available under their respective licenses.

[1] Michael Elgo (2004-11-11). "DTW - DODIIS Trusted Workstation" (PDF). Sun Microsystems. Archived from the original (PDF) on 2012-03-03. Retrieved 2019-04-17.

[gnometrusted-2] "Solaris Trusted Extensions Data Sheet". Sun Microsystems. Archived from the original on 2010-07-26. Retrieved 2019-04-17.

v t e Solaris
Technologies	Direct binding Doors DTrace IPMP Jumpstart mdb MPxIO SMF snoop Containers Crossbow Cluster Trusted Extensions ZFS
OpenSolaris, illumos	BeleniX Nexenta OS OpenIndiana OpenSolaris for System z SmartOS