In Operating Systems We Trust

Trusted Solaris 8 and SELinux limit the damage hackers can do.

eWEEK Labs tested two trusted operating system products: the National Security Agencys SELinux, which makes Linux into a trusted operating system, and Sun Microsystems Inc.s Trusted Solaris 8. Both have access controls that are much more fine-grained than those in mainstream operating systems, limiting the damage that can be done by an attacker who takes control of a process running with root privileges by minimizing the permissions of that process.

SELinux, Trusted Solaris and other trusted operating system products are particularly good for systems hosting Web-facing services that must be exposed to potential attacks over the Internet to serve their functions.

/zimages/6/28571.gifClick here to read a case study of a company using another trusted operating system, PitBull LX for Solaris 8 from Argus Systems Group.

SELinux, which was developed by NSA to demonstrate how mandatory access controls could be integrated into a mainstream operating system, has been around for a few years now, but its on the cusp of coming into its own as a core operating system component. Administrators can install SELinux on pretty much any Linux distribution, but the details of integration with specific distributions are still being worked out.

Like SELinux, Trusted Solaris is a good fit for server setups, but Trusted Solaris also offers a client-side option, with trusted feature integration that extends directly to the desktop.

SELinux and Trusted Solaris enable administrators to install and run applications that are standard for Linux and Solaris, respectively. However, our tests show that drafting effective application security profiles is a complicated task on either platform: Changing a systems behavior from a scheme that grants broad swaths of permissions to one that requires specific clearance for every action is not a simple process.

Indeed, deploying a trusted operating system in a companys infrastructure will require careful planning, but the security benefits can make this time well spent.

/zimages/6/28571.gifClick here to read the review of SELinux.
/zimages/6/28571.gifClick here to read the review of Trusted Solaris 8.

/zimages/6/28571.gifCheck out eWEEK.coms Linux & Open Source Center at for the latest open-source news, reviews and analysis.


Be sure to add our Linux news feed to your RSS newsreader or My Yahoo page