"Using the (Open) Solaris Service Management Facility as a Building Block for System Security," a paper by Christoph Schuba, examines how the Solaris Service Management Facility (SMF) can be used as a fundamental building block to improve system security. The Service Management Facility is a backwards-compatible extension to the traditional way UNIX services are managed with the rc (run command) utility command scripts. Schuba's paper was presented at the Eleventh International Conference on Information and Communications Security (ICICS) 2009, held December 14-17, 2009, Beijing, China.

Schuba characterizes SMF as as an integrated framework for managing services and service instances that improves service availability through automatic correction of failed services in dependency order. SMF also serves as a launch pad for unmodified, often third party services to be transparently started under the Solaris privilege process rights management without the need to modify source code.

Different system profiles can be defined that allow a system to come up with or change at runtime into a predefined set of services, Schuba explains, adding that, finally, the SMF and service administration are tightly integrated into the Solaris administrative Role-Based Access Control (RBAC) model, subject to the principle of least privilege with strong audit and full administrator accountability.

According to Schuba, SMF ties together a number of security technologies to accomplish security goals, such as improving system and service availability, integrity assurance, resilience against attacks, administrative authorizations, and audit.

Furthermore, the SMF improves service availability through automatic correction of failed services in dependency order. As a launch pad for third party software it transparently starts system services under the Solaris least privilege process rights management without the need to modify source code.

The Solaris ”Secure by Default” stance is implemented by defining a profile that configures new system installations to have only a single network-facing port open for ssh-based system administration, Schuba writes, adding that strong audit and full administrator accountability are achieved through the tight integration of SMF into the Solaris administration role-based access control model.

In the course of his paper, Schuba discusses the following aspects of the subject:

• Solaris Privilege Process Rights Management
• The Service Management Facility
• Security Advantages Using the Solaris Service Management Facility
• Improved Availability
• Process Rights Management Integration
• SMF Profiles
• RBAC Integration

More Information

Using the (Open) Solaris Service Management Facility as a Building Block for System Security - Schuba's paper

Presentation Slides

Sun QFS and Sun Storage Archive Manager (SAM) 5.0 - offers SMF support

Service Management Facility for the Solaris OS: A Quickstart Guide

More from Schuba:

Hardening the Oracle Database with Solaris Security Features [...read more...]

		fullsource
Print Email Current Profile Archive Blog Generate newsletter