A recent Sun BluePrintsTM OnLine article was titled "Server
Virtualization with Trusted SolarisTM 8 Operating Environment" by
Glenn Faden. Faden has worked as an architect and technical
contributor in the Trusted Solaris OE group at Sun for
over twelve years. Recently he has been focused on Role-Based Access
Control (RBAC) and remote administration. The results of his efforts
can be seen in the common RBAC framework between Solaris OE and Trusted
Solaris OE, and the new Solaris Management Console tools.
Faden's article builds on concepts presented in a previous Sun
BluePrints OnLine article, "Maintaining Network Separation With Trusted
Solaris 8 Operating Environment", which provided an introduction to the
configuration of labeled networks. In "Server Virtualization with
Trusted SolarisTM 8 Operating Environment", Faden expands on those
techniques to show how the Trusted Solaris Operating Environment (OE)
can be deployed by a network service provider to support multiple
customers within a single infrastructure.
Through the use of appropriate Trusted Solaris OE Software
functionality, each customer appears to have their own virtual server, or
community. Faden describes some of the administrative
procedures and configuration files that are required to set up fully
contained communities. The configuration depends on some new
functionality provided in the 4/01 update.
Using Labels for Containment
Containment is a critical requirement when hosting multiple clients in
the same infrastructure. It must not be possible for the clients to
interfere with each other or have any access to other's data. The
mechanisms employed to implement this containment must provide high
assurance and strength of protection. Trusted Solaris OE has been
certified to meet the ITSEC F-B1 functionality requirements with an
assurance level of E3.
Labels are used to enforce a policy known as Mandatory Access Control
(MAC). The policy is called mandatory because it is automatic and
cannot be changed by normal users. This is in contrast to the
Discretionary Access Control (DAC) provided in standard operating
environments, where the owner of data is responsible for access
control. Labels are applied pervasively and automatically to all data
objects and all information flows, including networking, file systems,
windowing and interprocess communication. In fact, in the network
security provider environment, only the security administrator needs to
know the names of the labels and their relationships.
Trusted Solaris OE provides a unique solution to Service Providers who
want to expand their customer services while minimizing the cost of
hardware, administration and total cost of ownership. Lightly loaded
servers can be consolidated without exposing private customer data. It
should not be surprising that the Trusted Solaris OE can provide the
necessary containment. The strength of Trusted Solaris OE lies in the
consistency of its security policy. The ability to communicate at
multiple labels while compartmentalizing communication with external
hosts provides both flexibility and containment. Clients on remote
hosts are subject to the MAC policy even though they are unaware of its
Since Trusted Solaris OE provides complete binary compatibility with
the Solaris OE, it is not necessary to rewrite or recompile
applications to take advantage of these features. Although additional
configuration files must be maintained, almost the entire configuration
can be set up with graphical tools.
Read More ...