In Operating Systems We Trust

 
 
By Jason Brooks  |  Posted 2004-09-03 Email Print this article Print
 
 
 
 
 
 
 

Trusted Solaris 8 and SELinux limit the damage hackers can do.

eWEEK Labs tested two trusted operating system products: the National Security Agencys SELinux, which makes Linux into a trusted operating system, and Sun Microsystems Inc.s Trusted Solaris 8. Both have access controls that are much more fine-grained than those in mainstream operating systems, limiting the damage that can be done by an attacker who takes control of a process running with root privileges by minimizing the permissions of that process.

SELinux, Trusted Solaris and other trusted operating system products are particularly good for systems hosting Web-facing services that must be exposed to potential attacks over the Internet to serve their functions.
Click here to read a case study of a company using another trusted operating system, PitBull LX for Solaris 8 from Argus Systems Group.
SELinux, which was developed by NSA to demonstrate how mandatory access controls could be integrated into a mainstream operating system, has been around for a few years now, but its on the cusp of coming into its own as a core operating system component. Administrators can install SELinux on pretty much any Linux distribution, but the details of integration with specific distributions are still being worked out.

Like SELinux, Trusted Solaris is a good fit for server setups, but Trusted Solaris also offers a client-side option, with trusted feature integration that extends directly to the desktop.

SELinux and Trusted Solaris enable administrators to install and run applications that are standard for Linux and Solaris, respectively. However, our tests show that drafting effective application security profiles is a complicated task on either platform: Changing a systems behavior from a scheme that grants broad swaths of permissions to one that requires specific clearance for every action is not a simple process.

Indeed, deploying a trusted operating system in a companys infrastructure will require careful planning, but the security benefits can make this time well spent.

Click here to read the review of SELinux.
Click here to read the review of Trusted Solaris 8. Check out eWEEK.coms Linux & Open Source Center at http://linux.eweek.com for the latest open-source news, reviews and analysis.

Be sure to add our eWEEK.com Linux news feed to your RSS newsreader or My Yahoo page

 
 
 
 
As Editor in Chief of eWEEK Labs, Jason Brooks manages the Labs team and is responsible for eWEEK's print edition. Brooks joined eWEEK in 1999, and has covered wireless networking, office productivity suites, mobile devices, Windows, virtualization, and desktops and notebooks. Jason's coverage is currently focused on Linux and Unix operating systems, open-source software and licensing, cloud computing and Software as a Service. Follow Jason on Twitter at jasonbrooks, or reach him by email at jbrooks@eweek.com.
 
 
 
 
 
 
 

Submit a Comment

Loading Comments...
 
Manage your Newsletters: Login   Register My Newsletters























 
 
 
 
 
 
 
 
 
 
 
Thanks for your registration, follow us on our social networks to keep up-to-date
Rocket Fuel