Trusted Solaris has been around for a few years longer than SELinux. And, as a complete product rather than a do-it-yourself add-on, it boasts a greater integration level of trusted features than SELinux does. Also, unlike SELinux, which is currently best-suited for server deployments, the access controls in Trusted Solaris extend to the desktop environment.
Trusted Solaris is a separate version of the Solaris operating system that ships with an additional layer of access controls to extend the default Unix permissions scheme. As with SELinux, developing effective security policies for Trusted Solaris is among the primary challenges of deploying the system.
eWEEK Labs tested Trusted Solaris 8, which has been shipping for a few years. With the release of Solaris 10, expected early next year, Trusted Solaris will cease to be a completely separate operating system product, becoming instead an add-on for Solaris. Solaris 10 also will gain a portion of the access control functionality thats now in Trusted Solaris. Another new feature of Solaris 10 is the Dynamic File Systema 128-bit system that will automate many common tasks for system administrators. Click here to read more. We tested Trusted Solaris 8 on a SPARC-based workstation provided by Sun with the operating system preinstalled. Sun also sells a version of Trusted Solaris 8 that runs on x86 hardware. Trusted Solaris costs from $995 per seat for the Standard Edition Desktop System to $79,495 for the Certified Edition Data Center Server. The Certified Edition of Trusted Solaris is nearly identical to the Standard Edition but carries security certifications that the Standard Edition does not. Also, the Certified Edition is patched on a different schedule than the Standard Edition is. With Trusted Solaris, the concept of the superuser is replaced by roles that limit the permissions for particular actions to the minimum levels required. In addition, all files and directories in the operating system have labels that determine which users or applications may access them. The version of the CDE (Common Desktop Environment) that ships with Trusted Solaris has been modified to track and identify the security levels of applications and data. For example, applications running at classified and unprivileged levels appear in windows that have different-colored borders, and the window manager will not allow text that appears in a classified window to be copied to an application running at an unprivileged level. Its possible to run other desktop environments on Trusted Solaris, but only CDE includes support for access-level controls in the window manager. We find CDE crude and rather unpleasant to use, and wed like to see Sun enable trusted features in the GNOME environment, which is the default for its standard Solaris releases. During tests, we could manage the roles and privileges on our test system through the Solaris Management Console, which does a pretty good job of presenting these controls in the same graphical interface where most other Solaris management tools reside. Upon launching one of the configuration tools specific to Trusted Solaris, the console prompted us to select an administration role and provide a password for that role. Separating the identity of a user administering a system from the role that enables administration activities makes it possible to keep track of who made what changes on a system. We could also use a command, called runpd (similar to the audit2allow tool in SELinux), which enables the security administrator to determine which privileges an application requires to operate properly. Senior Analyst Jason Brooks can be reached at email@example.com. Check out eWEEK.coms Linux & Open Source Center at http://linux.eweek.com for the latest open-source news, reviews and analysis.
Click here to read Labs review of SELinux.