A recent Sun BluePrintsTM OnLine article was titled "Server Virtualization with Trusted SolarisTM 8 Operating Environment" by Glenn Faden. Faden has worked as an architect and technical contributor in the Trusted Solaris OE group at Sun for over twelve years. Recently he has been focused on Role-Based Access Control (RBAC) and remote administration. The results of his efforts can be seen in the common RBAC framework between Solaris OE and Trusted Solaris OE, and the new Solaris Management Console tools.

Faden's article builds on concepts presented in a previous Sun BluePrints OnLine article, "Maintaining Network Separation With Trusted Solaris 8 Operating Environment", which provided an introduction to the configuration of labeled networks. In "Server Virtualization with Trusted SolarisTM 8 Operating Environment", Faden expands on those techniques to show how the Trusted Solaris Operating Environment (OE) can be deployed by a network service provider to support multiple customers within a single infrastructure.

Through the use of appropriate Trusted Solaris OE Software functionality, each customer appears to have their own virtual server, or community. Faden describes some of the administrative procedures and configuration files that are required to set up fully contained communities. The configuration depends on some new functionality provided in the 4/01 update.

Using Labels for Containment

Containment is a critical requirement when hosting multiple clients in the same infrastructure. It must not be possible for the clients to interfere with each other or have any access to other's data. The mechanisms employed to implement this containment must provide high assurance and strength of protection. Trusted Solaris OE has been certified to meet the ITSEC F-B1 functionality requirements with an assurance level of E3.

Labels are used to enforce a policy known as Mandatory Access Control (MAC). The policy is called mandatory because it is automatic and cannot be changed by normal users. This is in contrast to the Discretionary Access Control (DAC) provided in standard operating environments, where the owner of data is responsible for access control. Labels are applied pervasively and automatically to all data objects and all information flows, including networking, file systems, windowing and interprocess communication. In fact, in the network security provider environment, only the security administrator needs to know the names of the labels and their relationships.

Trusted Solaris OE provides a unique solution to Service Providers who want to expand their customer services while minimizing the cost of hardware, administration and total cost of ownership. Lightly loaded servers can be consolidated without exposing private customer data. It should not be surprising that the Trusted Solaris OE can provide the necessary containment. The strength of Trusted Solaris OE lies in the consistency of its security policy. The ability to communicate at multiple labels while compartmentalizing communication with external hosts provides both flexibility and containment. Clients on remote hosts are subject to the MAC policy even though they are unaware of its existence.

Since Trusted Solaris OE provides complete binary compatibility with the Solaris OE, it is not necessary to rewrite or recompile applications to take advantage of these features. Although additional configuration files must be maintained, almost the entire configuration can be set up with graphical tools.

Read More ... [...read more...]

		fullsource
Print Email Current Profile Archive Blog Generate newsletter