New Security Features in OpenSolaris and Beyond
By janp on Jun 28, 2008
Me, Christoph Schuba and Mark Phalan put a paper together entitled "New Security Features in OpenSolaris and Beyond" that was accepted for publication at the OpenSolaris Developer Conference in Prague this week. Me and Mark then gave the talk in Prague.
This paper examines several new security features and enhancements to existing security features that were introduced into the OpenSolaris Operating Environment in the time period of approximately mid 2006 through mid 2008. We focus on the following contributions, rather than present an exhaustive list: Solaris Trusted Extensions (the multi-level security features that is now an integral part of the Solaris architecture), the Key Management Framework (KMF - a unified set of interfaces for managing PKI objects), the OpenSSL PKCS#11 engine, and a number of functional enhancements to our Kerberos system.
Furthermore, we present work in progress on filesystem encryption (most notably ZFS encryption and the loopback file system encryption), PKCS#11 engine, SunSSH, and Kerberos, new security features that, as of mid 2008, are being actively developed and are scheduled to become part of future OpenSolaris versions and distributions