New paper on recent (Open)Solaris security features
By user9159837 on Jul 10, 2008
Jan Pechanec, Mark Phalan and I published a paper together entitled "New Security Features in OpenSolaris and Beyond" (pdf) at the OpenSolaris Developer Conference in Prague. Jan even interrupted his vacation to give the talk!
Jan Pechanec and Christoph Schuba and Mark Phalan. New Security Features in OpenSolaris and Beyond. In Proceedings of the Second OpenSolaris Developer Conference. Prague, Czech Republic, June 2008.
This paper examines several new security features and enhancements to existing security features that were introduced into the OpenSolaris Operating Environment in the time period of approximately mid 2006 through mid 2008. We focus on the following contributions, rather than present an exhaustive list: Solaris Trusted Extensions (the multi-level security features that is now an integral part of the Solaris architecture), the Key Management Framework (KMF - a unified set of interfaces for managing PKI objects), the OpenSSL PKCS#11 engine, and a number of functional enhancements to our Kerberos system.
Furthermore, we present work in progress on filesystem encryption (most notably ZFS encryption and the loopback file system encryption), PKCS#11 engine, SunSSH, and Kerberos, new security features that, as of mid 2008, are being actively developed and are scheduled to become part of future OpenSolaris versions and distributions.