Securing Cloud-based Services with OpenSolaris Security Features
By user9159837 on Jan 07, 2010
The 25th Annual Computer Security Applications Conference (ACSAC) was held in Honolulu, HI from Dec. 7-11, 2009. As many of you know I have been contributing for many years in various different organizing functions for the conference. As proceedings chair in 2009 I was responsible for producing the paper proceedings jointly with the IEEE CPS.
In addition, I gave a presentation ACSAC's Cloud Security Workshop on Dec. 8, 2009, entitled Securing Cloud-based Services with OpenSolaris Security Features. You can download the presentation in pdf format. The talk basically explored to what extent you can lock down a Solaris-based golden image you may want to host in a cloud environment. The full abstract follows:
This talk presents the leading OpenSolaris operating system security technologies available to its user space in a hands-on fashion. While we use the oracle database server as a running example, these features can be used to secure any inter/intranet facing service. Processes are executed subject to the "Security Principle of Least Privilege" by taking advantage of fine grained process rights management and integrated administrative role-based access control (RBAC). Software services are run in the context of the OpenSolaris Service Management Facility (SMF), offering higher service availability, automatic restart, service dependency management, and service monitoring and audit. OpenSolaris, by default, minimizes its attack surface by limiting its network exposure to the minimal number of services that need to run for the software it is hosting.