Why Should You Trust Me?
By Glenn Faden on Jun 15, 2006
This is my first blog entry, so let me introduce myself. I have been working at Sun for 17 years, and have contributed to most of the security features in the Solaris OS today. For most of that time I was working on Trusted Solaris, which has served as a prototype for Solaris security technology.
Much of the Solaris security foundation, including Access Control Lists, Auditing, Device Allocation, Role-Based Access Control, Process Rights Management, and OS Virtualization, had its roots in Trusted Solaris. I was a contributor, manager, or architect for each of these features.
My goal for the past five years has been to integrate the remaining features of Trusted Solaris into the Solaris foundation, effectively merging the two systems. That effort required a new approach to Multilevel Security based on Solaris Containers. In effect, a new kind of zone, called a labeled zone, has been introduced into Solaris to provide controlled information sharing based on Mandatory Access Control policies.
The culmination of these efforts is a new product known as Solaris Trusted Extensions. I will be using this blog to provide insights about Solaris Trusted Extensions, and comparisons to other trusted systems. I will also be maintaining the OpenSolaris web site for Solaris Trusted Extensions.
Although Solaris Trusted Extensions has essentially the same functionality as the older Trusted Solaris product, it will be part of the Solaris OS. Most of the code has already been integrated into Solaris Nevada, and can be viewed in the OpenSolaris source browser. For example, try searching for the function is_system_labeled() to see some relevant code.
Starting with next month's release of Solaris Express, it should be possible for anyone to try out this new technology. A commercial release, based on a future Solaris update, is also in the works.