Solaris 10 11/06 with Trusted Extensions now available

It's been a long wait.  Internally within Sun we have been talking about integrating multi-level OS features in to the base Solaris operating system for many, many years.  This is the kind of technology that US intelligence agencies use to ensure that "red bits and green bits don't mix to make purple bits."  In the old days it was called B1 level security.  Now it is referred to as Common Criteria EAL4+ with CAPP, RBACPP and LSPP. We are currently in common criteria evaluation. See my earlier blog for more details.

Many intelligence agencies have a wide variety of "classified" network.  Because of the many security rules involved each of these networks are supposed to be kept separate and in some cases, analysts literally have 5-6 workstations sitting on their desk in order to have access to data on different networks.  This is very wasteful of power, floor space, management time and money.

Since the late 1980s Sun has been a pioneer in providing muli-level computing solutions for the US Government.  Customers include the various 3-letter agencies as well as homeland security and law enforcement agencies.  We did this on a high volume, commerical OS (Solaris) with a large ISV catalog of solutions.

In December, we quietly posted "Solaris 10 11/06."  In doing this, we provided a high level of security in a minor update to Solaris without breaking binary compatibility.  The "Trusted Extensions" component that we included is actually a relatively small amount of code that primary enables and configures the system to handle different levels of data classifications in separate Solaris zones.  Most of the heavy lifting is done by code already in Solaris 10 including Zones and privilege model.  As Glenn Faden (product architect) puts it, "The trick was to make the nearly impossible look easy."  You can find an architectual overview to Solaris 10 Trusted Extensions at the opensolaris.org site.

This solution has several benefits over the previous model used in Trusted Solaris 8:

 

 Feature Solaris 10 11/06 with Trusted Extensions
Trusted Solaris 8
Runs on all the latest Sun and X64 hardware
Yes
NO
Uses the same patches as Solaris
Yes
NO
Is supported by ISVs
Yes
NO
Has a small training delta
Yes
NO
FREE
Yes
NO
Is part of the main Solaris development team
Yes
NO
Open Sourced
Yes
NO
Standard Solaris life cycle model
Yes
NO
100% binary compatible
Yes
NO
Integrated into standard Solaris distribution
Yes
NO
Has the full support of other Sun products
Yes
NO


Solaris 10 11/06 is currently available for download at the Sun download center.  If you would like to participate in the development and future features related to Solaris security, join the security community at the OpenSolaris portal.

By the way, did I mention that it is free and runs on over 700 Sparc, Intel and AMD based platforms?

Why should you care?

The Trusted Extensions now available in Solaris 10 11/06 can help make your data and users more security by adding mandatory access control features.  It can help you to comply with mandates such as HSPD12, HIPAA and Sarbanes-Oxley.  It can reduce the risk of break-ins, "data spills" and spoofing attacks.

 It does all this while provding a widely accepted platform with a huge libary of commercial and open source software applications.  In addition, there is a large pool of skilled operators familiar with the Solaris environment.  Unlike other operating systems that run on commodity hardware (Windows, Red Hat, Suse), Solaris can take you from a laptop environment to a 144 processor "super-server" using the same administration tools processes and commands.



Comments:

Post a Comment:
  • HTML Syntax: NOT allowed
About

Jim Laurent is an Oracle Sales consultant based in Reston, Virginia. He supports US DoD customers as part of the North American Public Sector hardware organization. With over 17 years experience at Sun and Oracle, he specializes in Solaris and server technologies. Prior to Oracle, Jim worked 11 years for Gould Computer Systems (later known as Encore).

Search

Archives
« April 2014
SunMonTueWedThuFriSat
  
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
   
       
Today