eWEEK Labs tested two trusted operating system products: the National Security Agencys SELinux, which makes Linux into a trusted operating system, and Sun Microsystems Inc.s Trusted Solaris 8. Both have access controls that are much more fine-grained than those in mainstream operating systems, limiting the damage that can be done by an attacker who takes control of a process running with root privileges by minimizing the permissions of that process.
SELinux, Trusted Solaris and other trusted operating system products are particularly good for systems hosting Web-facing services that must be exposed to potential attacks over the Internet to serve their functions.
SELinux, which was developed by NSA to demonstrate how mandatory access controls could be integrated into a mainstream operating system, has been around for a few years now, but its on the cusp of coming into its own as a core operating system component. Administrators can install SELinux on pretty much any Linux distribution, but the details of integration with specific distributions are still being worked out.
Like SELinux, Trusted Solaris is a good fit for server setups, but Trusted Solaris also offers a client-side option, with trusted feature integration that extends directly to the desktop.
SELinux and Trusted Solaris enable administrators to install and run applications that are standard for Linux and Solaris, respectively. However, our tests show that drafting effective application security profiles is a complicated task on either platform: Changing a systems behavior from a scheme that grants broad swaths of permissions to one that requires specific clearance for every action is not a simple process.
Indeed, deploying a trusted operating system in a companys infrastructure will require careful planning, but the security benefits can make this time well spent.