Volume 3, Number 35 -- September 21, 2006

Solaris 10 with Trusted Extensions Readied for 11/06 Update

Published: September 21, 2006

by Timothy Prickett Morgan

As part of its server and storage announcements last week, Sun Microsystems said that it finally would be delivering the Trusted Solaris Extensions to its Solaris 10 Unix platform. Trusted Extensions is an add-on to Solaris 10 that gives it beefed up security and makes the platform more attractive to defense contractors, financial services firms, and any other organization that is fervent about security.

The Trusted Solaris Extensions were originally supposed to be delivered in mid-to-late 2005 with a different update to Solaris 10, but for some reason, that didn't happen.

Since Solaris 8, Sun has offered a more ruggedized version of its Solaris platform for those who need extra security. With Solaris 8, which ran on both Sparc and X86 platforms, Sun called this variant the Trusted Solaris 8 Operating Environment. Trusted Solaris 8 was a fork off the Solaris 8 tree, where Sun stopped adding features to Solaris 8 and then set about to provide hardened features in the kernel and access methods in the Unix platform. Trusted Solaris 8 offered mandatory access control for end users, role-based access control for system administrators, fine-grained rights profiles that allow administrators to give end users specific access to operating system and application features without inadvertently giving them access to any other features. The software also had features to allocate and de-allocate real devices (peripherals) and virtual devices (drivers that simulate devices) attached to any Sparc or X86 system. It also could disable the copying or printing of information retrieved from application databases and posted on their screens. The reason why some organizations loved Trusted Solaris 8 is that it was binary compatible with the real Solaris 8, but added a lot of features that, six years on now, seem perfectly normal. But such tight security was exotic back then.

With Solaris 9, which was launched in May 2002, Sun's server business was tanking and it yanked support for X86 boxes; the company also did not make a Trusted Solaris 9 variant. Sun kept updating trusted Solaris 8, adding support for new processors and peripherals, but the lag in feature support compared to Solaris 9 was quite large. Despite that lag, during the Solaris 8 and 9 generations, Trusted Solaris made up approximately 10 to 15 percent of shipments. Some companies really want security.

With Solaris 10, Sun figured out that it would be far easier to move a lot of this security functionality into the actual Solaris and stop forking the platform and then hardening it. This is precisely what Sun did. However, some of the features that were in Trusted Solaris need to be added to Solaris 10, and that is what the Trusted Solaris Extensions do.

Sun has not explained the delays in bringing the Trusted Solaris Extensions to market, but it has been in beta for quite a bit of time, and, despite Sun's efforts to the contrary, still has come to market with a big lag between the real Solaris 10 and the more secure version. Whatever Sun tried to do to speed the process either didn't work, or something about taking Solaris 10 open source slowed it down.

Sun is pretty confident that it will make Trusted Solaris Extensions available in the 11/06 Update, presumably due in November, and that it will have the highest security ratings available through the Common Criteria, which has become the de facto standard for assessing the security of hardware and software. Sun announced last week that it would be chasing the EAL4+ security rating on Solaris 10 11/06 with the Trusted Solaris Extensions. The company said that it would be providing certifications on Sparc and Opteron servers. The testing on this software actually began in June, and Sun expects that CGI Information Systems and Management Consultants, based in Ottawa, Ontario, would be performing the testing. Sun said further that it could take 12 to 18 months to complete the testing.

The reason Sun announced that it was doing the testing is because vendors rarely announce they are going to do a test unless they are sure that they can pass a test. This practice is a bit of a wink and a nod to the server market, which allows Sun to sell gear and organizations to buy gear that is not yet certified and feel safe about it.

Sun is going for the Common Criteria trifecta in its testing. The plain vanilla Solaris 10 platform is being evaluated at the EAL4+ level for three different profiles: Labeled Security Protection Profile (LSPP), Controlled Access Protection Profile (CAPP), and Role-Based Access Control Protection Profile (RBACPP). Solaris 10 11/06 with Trusted Solaris Extensions is being evaluated for the LSPP; Sun did not say which level, but presumably it will be higher than EAL4+.


Sun Begins Common Criteria Testing for Solaris 10 and Trusted Extensions

Sun Modifies Its Packaging of Trusted Solaris

Sponsored By

Knowledge is Power.

MKS brings you real-time visibility and traceability across platforms,
teams and the entire application lifecycle from requirements through deployment.

More than 60% of software projects in the U.S. fail, and poor requirements is
one of the top 5 reasons. Are your projects at risk?

With poor requirements being cited as one of the top 5 reasons for software project failures in the U.S. it is clear that requirements management must be an integral part of the development process, and is vital to mitigating risk on large projects. MKS offers you a truly unique solution - the first requirements management tool built into a complete application lifecycle management solution. The result is greater visibility and traceability for requirements throughout the lifecycle and better communication between development, QA and business users.

For more information, download the white paper: An Innovative Approach to Managing Software Requirements

Components of MKS Integrity for application lifecycle management include:
· MKS Requirements for integrated requirements management
· MKS Integrity Manager for process and workflow management and defect tracking
· MKS Source Integrity Enterprise for software configuration management,
   version control and globally distributed team development
· Implementer for software configuration management and deployment on the iSeries
· OpenMake for enterprise build management
· MKS Build and Deploy for deployment management to production environments

MKS integrates with leading modernization tools such as IBM WebSphere and Microsoft Visual Studio .NET.

For more information, visit http://www.mks.com/solutions/index.jsp

Contact MKS Sales at 1-800-613-7535 or sales@mks.com

Editor: Timothy Prickett Morgan
Contributing Editors: Dan Burger, Joe Hertvik,
Shannon O'Donnell, Timothy Prickett Morgan
Publisher and Advertising Director: Jenny Thomas
Advertising Sales Representative: Kim Reed
Contact the Editors: To contact anyone on the IT Jungle Team
Go to our contacts page and send us a message.

Sponsored Links

World Data Products:  FREE 84-page Unix/Midrange Server Spec Book
FreeBSD:  Advanced OS for X86 and X64, Alpha/AXP, IA-64, PC-98, and Sparc architectures
Arkeia:  Unix backup solutions that support AIX, HP-UX, Solaris and Linux


Canvas Systems
Roaring Penguin
Micro Focus

SGI Kills Off Irix Unix and MIPS Machines, At Long Last

Solaris 10 with Trusted Extensions Readied for 11/06 Update

IBM, Sun Add Encryption to High-End Tape Drives

As I See It: The Incredible Shrinking Vacation

But Wait, There's More:

AIX Partitioning Enhancements Pushed Out to Power6 Launch . . . Verizon Business Adds Hosting Support for AIX and HP-UX . . . Infor Tells Channel Partners to Focus on Infor Products . . . Manufacturers Don't Use Most of Their ERP Software's Features, Says Aberdeen . . . IDC Says Storage Software Sales Driven by Replication . . . Dutkowsky Steps Down as Egenera CEO, Moves to Tech Data . . .

The Unix Guardian


The Four Hundred
Project Prometheus Unchained as iSociety

IBM Offers Incentives on i5 iSCSI Links to BladeCenter Blade Boxes

The Disk Drive at 50: Still Spinning

As I See It: The Incredible Shrinking Vacation

The Linux Beacon
Red Hat Launches Integrated Linux-JBoss Software Stack

IBM Delivers Promised Linux-Based Cell Blade Server

The Disk Drive at 50: Still Spinning

As I See It: The Incredible Shrinking Vacation

Big Iron
IBM, Sun Add Encryption to High-End Tape Drives

Top Mainframe Stories and Vendor Announcements

Chats, Webinars, Seminars, Shows, and Other Happenings

The Windows Observer
Bang for the Buck: Windows Fights Two Front War with Unix and Linux

Dell and Symantec Team for 'Secure Exchange' Solution

Microsoft Ramping Up the Vista Propaganda Engine

HP Completes Montecito Itanium Rollout into Integrity Servers

Subscription Information:
You can unsubscribe, change your email address, or sign up for any of IT Jungle's free e-newsletters through our Web site at http://www.itjungle.com/sub/subscribe.html.

Copyright © 1996-2008 Guild Companies, Inc. All Rights Reserved.
Guild Companies, Inc., 50 Park Terrace East, Suite 8F, New York, NY 10034

Privacy Statement