Trusted Solaris is a discontinued security-evaluated

operating system An operating system (OS) is system software that manages computer hardware and software resources, and provides common daemon (computing), services for computer programs. Time-sharing operating systems scheduler (computing), schedule tasks for ...

based on

Solaris Solaris is the Latin word for sun. It may refer to: Arts and entertainment Literature, television and film * ''Solaris'' (novel), a 1961 science fiction novel by Stanisław Lem ** ''Solaris'' (1968 film), directed by Boris Nirenburg ** ''Sol ...

Sun Microsystems Sun Microsystems, Inc., often known as Sun for short, was an American technology company that existed from 1982 to 2010 which developed and sold computers, computer components, software, and information technology services. Sun contributed sig ...

, featuring a

mandatory access control In computer security, mandatory access control (MAC) refers to a type of access control by which a secured environment (e.g., an operating system or a database) constrains the ability of a ''subject'' or ''initiator'' to access or modify on an ' ...

model. The features were migrated into the base

system.

Features

* Accounting *

Role-Based Access Control In computer systems security, role-based access control (RBAC) or role-based security is an approach to restricting system access to authorized users, and to implementing mandatory access control (MAC) or discretionary access control, discretion ...

* Auditing * Device allocation * Mandatory access control (MAC) labeling * Copy & Paste restriction in the labeled desktop environment

Certification

Trusted Solaris 8 is

Common Criteria The Common Criteria for Information Technology Security Evaluation (referred to as Common Criteria or CC) is an international standard (International Organization for Standardization, ISO/International Electrotechnical Commission, IEC 15408) for co ...

certified at

Evaluation Assurance Level The Evaluation Assurance Level (EAL1 through EAL7) of an IT product or system is a numerical grade assigned following the completion of a Common Criteria security evaluation, an international standard in effect since 1999. The increasing assurance ...

EAL4+ against the CAPP, RBACPP, and LSPP protection profiles. It is the basis for the DoDIIS Trusted Workstation program.

Solaris Trusted Extensions

Features that were previously only available in Trusted Solaris, such as fine-grained privileges, are now part of the standard Solaris release. In the Solaris 10 11/06 update a new component called Solaris Trusted Extensions was introduced, making it no longer necessary to have a different release with a modified kernel for labeled security environments. Solaris Trusted Extensions was included in the

OpenSolaris OpenSolaris () is a discontinued open-source computer operating system for SPARC and x86 based systems, created by Sun Microsystems and based on Solaris. Its development began in the mid 2000s and ended in 2010. OpenSolaris was developed as ...

project. Solaris Trusted Extensions, when enabled, enforces a mandatory access control policy on all aspects of the operating system, including device access, file, networking, print and window management services. This is achieved by adding sensitivity labels to objects, thereby establishing explicit relationships between these objects. Only appropriate (and explicit) authorization allows applications and users read and/or write access to the objects. The component also provides labeled security features in a desktop environment. In addition to extending support for the

Common Desktop Environment The Common Desktop Environment (CDE) is a desktop environment for Unix and OpenVMS, based on the Motif (software), Motif widget toolkit. It was part of the UNIX 98, UNIX 98 Workstation Product Standard, and was for a long time the Unix desktop a ...

from the Trusted Solaris 8 release, it delivered the first labeled environment based on

GNOME A gnome () is a mythological creature and diminutive spirit in Renaissance magic and alchemy, introduced by Paracelsus in the 16th century and widely adopted by authors, including those of modern fantasy literature. They are typically depict ...

. Solaris Trusted Extensions facilitates the access of data at multiple classification levels through a single desktop environment. The labeled desktop support was removed in Oracle Solaris 11.4, support for labeled zones and file and process labels remains. Solaris Trusted Extensions also implements labeled device access and labeled network communication, through the Commercial Internet Protocol Security Option (CIPSO) standard. CIPSO is used to pass security information within and between labeled zones. Oracle Solaris 11.4 introduced a new "File and Process Labeling" feature that instead of using zones to represent all of the processes at a given label the label is stored in the process cred, this is similar to how labeling had been implemented in Trusted Solaris 8 and earlier. While this is still a

Mandatory access control In computer security, mandatory access control (MAC) refers to a type of access control by which a secured environment (e.g., an operating system or a database) constrains the ability of a ''subject'' or ''initiator'' to access or modify on an ' ...

policy it is intended to be used as part of a data loss prevention strategy rather than the traditional

Multilevel_security Multilevel security or multiple levels of security (MLS) is the application of a computer system to process information with incompatible classifications (i.e., at different security levels), permit access by users with different security clearan ...

environment. The ZFS filesystem also supports per file labels via the multilevel dataset option.

evaluations that include the labeled security protection profile were performed for: Oracle Solaris 10 11/06 at EAL4+, Oracle Solaris 11.1.

References

External links

* * {{Solaris Operating system security Sun Microsystems software Proprietary operating systems