News from the trenches

A lot has happened in the year since my last posting. The former Sun Solaris team has been integrated into Oracle, and released it's first product based on OpenSolaris, called Oracle Solaris 11 Express. The Express release is an interim step on the path to the next major release, Oracle Solaris 11.  Some of the new features in the area of security are described here , along with some more extensive documentation.

I was one of the speakers who gave an overview of Oracle Solaris 11 Express last November, at the LISA conference. Slides and a video of my presentation are posted on the Oracle Media website. One of the new features of interest to users of Trusted Extensions, is the automatic labeling of ZFS datasets, when they are first mounted by labeled zones. I previously wrote about this in a posting entitled An Update on Sensitivity Labels as ZFS Attributes. This ensures that labeled datasets are not accidentally mounted into zones with unequal labels. It also provides a mechanism to determine the label of a dataset that is not currently mounted. This is a natural extension to the original design of labeled filesystems that was introduced in Solaris 10, back in 2006. I recently was awarded two US patents for this technology, with the formal titles Mechanism for implementing file access control using labeled containers and  Mechanism for implementing file access control across a network using labeled containers.There are further enhancements in this area that are planned for a future release.

Comments:

Post a Comment:
  • HTML Syntax: NOT allowed
About

This blog explores some of the security features of Oracle Solaris. In particular, topics such as Role-Based Access Control and Labeled Security are my special interests.

Search

Categories
Archives
« April 2014
SunMonTueWedThuFriSat
  
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
   
       
Today
Bookmarks