tug
Volume 8, Number 12 -- March 27, 2008

The NSA Works with Sun to Boost Solaris Security

Published: March 27, 2008

by Timothy Prickett Morgan

Any time the U.S. National Security Agency is involved, you can bet the situation is pretty serious. With government computer systems the world over being primary targets for hackers, crackers, malware, and other forms of attack because of the value and sensitivity of the information that governments store, the NSA and similar security agencies are in an arms race with hackers--who might just be coming from other governments, if you are a cynic.

The Solaris Unix platform from Sun Microsystems is well-regarded in governments because of the sophisticated security that has been embedded in its Unix platform, particularly with the mandatory access controls and other features that were part of Trusted Solaris 8 and the Trusted Extensions for Solaris 10. But there is always more work to do in operating system security.

The NSA and Sun recently said that they would be working together through the OpenSolaris development community to integrate a new form of mandatory access control, called Flux Advanced Security Kernel, or Flask for short, into the Solaris platform. The NSA has been working with Red Hat and other commercial Linux distributors to put the features from the initial Flask projects from the early 1990s (which were created into a project called OSkit at the University of Utah) into something called Security Enhanced Linux, or SE-Linux. Red Hat has been a champion of SE-Linux, ironically, while Novell has championed a different kind of security controls embodied in its AppArmor security extensions for SUSE Linux. The Flask architecture is also used in the TrustedBSD variant of FreeBSD Unix, which is also sponsored by the NSA, the Defense Advanced Research Projects Agency, Apple Computer (Mac OS X is a variant of BSD), Yahoo (a big user of BSD Unix), and others. Flask security has also been woven into the open source Xen hypervisor, the PostgreSQL database, and X server code.

The key advantage of Flask--and one that must have been missing from Trusted Solaris 8 and Trusted Extensions for Solaris 10--is a modular approach to kernel security. Flask allows different security servers (sometimes called policy engines) to be plugged into the operating system without necessitating a modification of all the rest of the operating system. The kernel's security is managed by the security server and higher-level operating system code and even higher applications are thankfully abstracted from this, which means the security server can be changed when new functions or approaches become available without impacting the operating system or applications.

Sun now has to figure out how Flask, Trusted Extensions, and Xen can all weave together. You can also bet that Flask features will be added to MySQL and other Sun middleware, which will allow Sun to pitch secure systems to the governments of the world.


RELATED STORIES

Sun Finally Gets Solaris 10 11/06 Update Out the Door

Solaris 10 with Trusted Extensions Readied for 11/06 Update

Sun Begins Common Criteria Testing for Solaris 10 and Trusted Extensions

Sun Previews Next Rev of Solaris 10

Sun Modifies Its Packaging of Trusted Solaris



                     Post this story to del.icio.us
               Post this story to Digg
    Post this story to Slashdot


Sponsored By
CENTRIFY

Secure Your UNIX, Linux & Mac
Systems with Active Directory

Now you can leverage Active Directory for account administration, authentication and access control with a cost-effective solution that centrally secures your non-Microsoft systems and apps without disruptive changes. Out-of-the-box reports and unique, detailed auditing help you prove that the controls are working.

Our guide details the requirements for successful Active Directory integration and explains how Centrify uniquely fulfills them.

Get Your Active Directory Integration Guide


Editor: Timothy Prickett Morgan
Contributing Editors: Dan Burger, Joe Hertvik,
Shannon O'Donnell, Timothy Prickett Morgan
Publisher and Advertising Director: Jenny Thomas
Advertising Sales Representative: Kim Reed
Contact the Editors: To contact anyone on the IT Jungle Team
Go to our contacts page and send us a message.

Sponsored Links

COMMON:  Join us at the annual 2008 conference, March 30 - April 3, in Nashville, Tennessee
Vision Solutions:  A Rewind Button for AIX Data? Read the Whitepaper
NowWhatJobs.net:  NowWhatJobs.net is the resource for job transitions after age 40


 

IT Jungle Store Top Book Picks

Getting Started with PHP for i5/OS: List Price, $59.95
The System i RPG & RPG IV Tutorial and Lab Exercises: List Price, $59.95
The System i Pocket RPG & RPG IV Guide: List Price, $69.95
The iSeries Pocket Database Guide: List Price, $59.00
The iSeries Pocket Developers' Guide: List Price, $59.00
The iSeries Pocket SQL Guide: List Price, $59.00
The iSeries Pocket Query Guide: List Price, $49.00
The iSeries Pocket WebFacing Primer: List Price, $39.00
Migrating to WebSphere Express for iSeries: List Price, $49.00
iSeries Express Web Implementer's Guide: List Price, $59.00
Getting Started with WebSphere Development Studio for iSeries: List Price, $79.95
Getting Started With WebSphere Development Studio Client for iSeries: List Price, $89.00
Getting Started with WebSphere Express for iSeries: List Price, $49.00
WebFacing Application Design and Development Guide: List Price, $55.00
Can the AS/400 Survive IBM?: List Price, $49.00
The All-Everything Machine: List Price, $29.95
Chip Wars: List Price, $29.95


 
The Four Hundred
Recession Alert: IBM Gooses System i Maintenance Prices

i5/OS V6R1 Ships, And Shops Begin to Move

Global Services Offers i5/OS V6R1 Migration Help

Disk Array Capacity and Sales Still Growing at Historical Rates

Sun Backs Into the SMB Customer Space

The Linux Beacon
Novell Previews Features in SUSE Linux Enterprise 11

Making the Case for System z10 Server Consolidation

Sun Backs Into the SMB Customer Space

CMDB: A Journey, Not a Destination

Disk Array Capacity and Sales Still Growing at Historical Rates

Four Hundred Stuff
Lawson Debuts New Offerings at User Conference

Open Source Systems Management Works with i5/OS

IBM Places Mobile Computing, Composite Apps on UC Pedestal

ProData Updates Database Utility

Pat Townsend Turns to Managed Services

Big Iron
System z10 Sales: Banking on IBM

Top Mainframe Stories From Around the Web

Chats, Webinars, Seminars, Shows, and Other Happenings

Four Hundred Guru
One Save File from More than One Library

Performance Advice from a Mysterious Friend, Part 2

Admin Alert: How System i Boxes Impersonate Each Other, Part 1

System i PTF Guide
March 22, 2008: Volume 10, Number 12

March 15, 2008: Volume 10, Number 11

March 8, 2008: Volume 10, Number 10

March 1, 2008: Volume 10, Number 9

February 23, 2008: Volume 10, Number 8

February 16, 2008: Volume 10, Number 7

The Windows Observer
Microsoft Gets 'Feature Complete' Hyper-V Out the Door

Xangati Launches End-User Network Troubleshooter

Marathon Launches Fault Tolerance for Xen on Windows

Dell Inks OEM Deal with Egenera for Server Management Software

IBM Places Mobile Computing, Composite Apps on UC Pedestal

Four Hundred Monitor
Four Hundred Monitor's
Full iSeries Events Calendar

THIS ISSUE SPONSORED BY:

Centrify
Vision Solutions
Roaring Penguin
Guild Companies
Vibrant Technologies


Printer Friendly Version


TABLE OF CONTENTS
Yen Steps Down as Microelectronics Head, Exits Sun

Sun Bags $44.3 Million DARPA Contract for Funky Chip Interconnect

Disk Array Capacity and Sales Still Growing at Historical Rates

CMDB: A Journey, Not a Destination

Dell Inks OEM Deal with Egenera for Server Management Software

But Wait, There's More:

The NSA Works with Sun to Boost Solaris Security . . . IBM and VCs Invest in EnterpriseDB . . . Dell Broadens Single-Socket Entry X64 Server Lineup . . . BMC Software Shells Out 800 Million Bucks for BladeLogic . . . IBM Acquires Encentuate, Sets Up Security Software Lab . . .

The Unix Guardian

BACK ISSUES





 
Subscription Information:
You can unsubscribe, change your email address, or sign up for any of IT Jungle's free e-newsletters through our Web site at http://www.itjungle.com/sub/subscribe.html.

Copyright © 1996-2008 Guild Companies, Inc. All Rights Reserved.
Guild Companies, Inc., 50 Park Terrace East, Suite 8F, New York, NY 10034

Privacy Statement