Glenn Faden's Blog

Oracle Cross Domain Security Express

Guest Author

On January 27 Oracle announced that it had finalized its acquisition of Sun. This week I accepted an offer of employment from Oracle so I will be continuing in my role as one of the leaders of the Solaris security development team. Trusted Extensions remains a key part of that strategy, and is specifically highlighted in John Fowler's  Webcast. There is about a minute devoted to Solaris security, starting a 4:38 and a slide at 5:30 showing Trusted Extensions and RBAC (two of my favorites) as key Solaris features.

Oracle and Sun have a long history of cooperation in the area of multilevel security, and I have been personally involved in some interesting projects. My earliest involvement dates back to 1991 when Oracle and Sun demonstrated Trusted Oracle running on SunOS CMW at 14th annual National Computer Security Conference in Baltimore. I presented a white paper at the conference entitled Reconciling CMW Requirements with those of X11 Applications.

I had another opportunity to work with Oracle, starting in 2006, prototyping a cross-domain architecture using labeled zones to proxy SQL requests from separate application enclaves. Oracle was our first partner to use Trusted Extensions, even before it was integrated into Solaris 10 update 3.

The prototype was successful, and after significant  refinement has been released under the name Oracle Cross-Domain Security Express. It has been authorized to operate on US government networks and has been certified and accredited according to DCID 6/3 PL4 requirements. A brochure describing the solution is available on the Oracle Website. As you can see, it relies on labeled zones and trusted networking to provide isolation and to associate labels with client requests.

For an interactive description, I recommend the YouTube video that one of my new Oracle colleagues, Jonathan Bakke, has posted.  Jon is the Senior Director of the Cross-Domain Systems group. We first met back in 2006, about the time I started this blog.

Join the discussion

Comments ( 4 )
  • ed hardy clothing Tuesday, March 9, 2010

    Nice post and useful information here.Many thanks.

    Hope to see more fresh thing here.

  • Randy Wynn Thursday, August 12, 2010

    It looks like the Oracle Cross-Domain Security Express link is no longer valid. I would also like to know if this is on track for Unified Cross Domain Management Office (UCDMO) Baseline approval.

  • Dave Walker Tuesday, August 30, 2011

    This fits in with a number of things I'm looking to do, in terms of producing solutions to address requirements in CONTEST; SNAP and other MLS front-ends only go so far.

    Who do I need to talk to, about acquiring copy of CDSX for evaluation and development? Is it exportable to the UK, or subject to ITAR?

  • Dan Teijido Tuesday, February 26, 2013


    Was wondering if there are any performance limitations when you are dealing with over 1000 compartments

Please enter your name.Please provide a valid email address.Please enter a comment.CAPTCHA challenge response provided was incorrect. Please try again.