• Browse
  • Pages
  • News
  • Labels
  • Attachments
  • Bookmarks
  • Advanced
• Log In
• Sign Up
• Help
  • Help Wiki
  • Contact Wiki Admin
• Report an Issue
  • Report a Wiki Space Issue
  • Report a Site Wide Issue

1. Wikis Home
2. Solaris Security Guide
3. 4. Configuration
4. Solaris Trusted Extensions

• Log In

Solaris Trusted Extensions

• Added by gbrunette, last edited by gbrunette on Sep 24, 2007

Comment:

Implemented Starting In	Solaris 10 11/06
Supports Hardware Platforms	All
Solaris OS Default Setting	No
Supports Solaris Zones	Yes
Requires a Reboot	Yes

Solaris Trusted Extensions is an optionally-enabled layer of secure labeling technology that allows data security policies to be separated from data ownership. While it has its roots in the multilevel Trusted Solaris 8 OS, it has been integrated into the standard Solaris 10 Operating System. This new approach allows the Solaris operating system to support both traditional Discretionary Access Control (DAC) policies based on ownership, as well as label-based Mandatory Access Control (MAC) policies. The label-based policies for file systems and networks are light-weight and have been implemented within the standard Solaris 10 kernel, services and utilities. Unless the Trusted Extensions layer is enabled, all labels are equal so the kernel is not configured to enforce the MAC policies. For efficiency, a boolean value is maintained in the kernel to indicate whether labeling comparisons should be used in policy enforcement.

When the label-based MAC policies are enabled, all data flows are restricted based on a comparison of the labels associated with the subjects requesting access and the objects containing the data. Like other multilevel operating systems, Trusted Extensions meets the requirements of the Common Criteria Labeled Security Protection Profile (LSPP), Role-Based Access Control Protection Profile (RBACPP) and Controlled Access Protection Profile (CAPP). However, the Trusted Extensions implementation is unique in its ability to provide high assurance, while maximizing compatibility and minimizing overhead.

Additional References	URL
OpenSolaris Community Project: Trusted Extensions	http://www.opensolaris.org/os/community/security/projects/tx/
Architectural Overview of Solaris Trusted Extensions	http://www.opensolaris.org/os/community/security/projects/tx/TrustedExtensionsArch.pdf
Solaris Trusted Extensions Developer's Guide	http://docs.sun.com/app/docs/doc/819-7312
Sun Blog: Remote Multilevel Desktop Sessions	http://blogs.sun.com/gfaden/entry/remote_multilevel_desktop_sessions
Sun Blog: Label Aware Web Services	http://blogs.sun.com/gfaden/entry/label_aware_web_services

Labels parameters

Labels

Enter labels to add to this page:

 

Looking for a label? Just start typing.

Sign up or Log in to add a comment or watch this page.