New Solaris Security Presentation for TechDays 2009
By user9159837 on Sep 17, 2008
If you want to learn about (Open)Solaris RBAC, Privileges, the Cryptographic Framework, as well as a number of ongoing OpenSolaris security projects, this presentation is for you!
OpenSolaris contains a number of security features available to developers and system integraters that truly distinguish it from other operating systems. This talk contains two parts. The main part presents important problem areas and teaches how the OpenSolaris security technologies solve these problems. The second, much shorter part, presents current, ongoing opensource OpenSolaris security projects to attract new community members and to capture the imagination of students looking for research and development opportunities in the field of computer and network security. While the contents of this second part are expected to change over time, current projects to highlight would be, e.g, FMAC (Flexible Mandatory Access Control in the context of Solaris Trusted Extensions), FGAP (Fine-Grained Access Policy), Crypto ZFS, Validated Execution, and Data Tethers.
OpenSolaris provides two alternatives to the traditional, all-or-nothing superuser-based UNIX authorization model: privileges and RBAC (Role-based Access Control.) With the former, OpenSolaris separates traditional superuser powers across a number of individual privileges for fine-grained control over the actions of processes. This technology is used to implement software according to the principle of least privilege, enabling applications to be protected from each other and to provide software fault isolation. RBAC is a mechanism designed to selectively grant privileges to users or roles based upon their unique needs and requirements. This talk presents how to write/modify, debug, configure, and deploy privilege-aware and RBAC-aware applications and server software.
Secondly, the Solaris cryptographic and key management frameworks transparently make software and hardware crypto providers available to application programs and kernel software alike. Cryptographic protections and certificate management are integral parts to writing applications that need to communicate securely, a very common use case. This talk will explain the capabilities of these frameworks. It presents just how simple it is to transparently take advantage of hardware-based crypto acceleration (e.g., from the Niagara T2 chip sets) even from Java applications that utilize the Java Cryptographic Extensions.