Throughout my tenure at the security post, I never quite figured out why is Trusted Solaris so esoteric.
This lesser known operating system can give your enterprise a competitive edge and it is absolutely available to everyone in the world. And, as part of Solaris, it is free too.
It will protect your business. It is compatible to Solaris and run as fast. It is decades ahead of Windows or Linux in terms of security. Joanne Masters once said, “if you are getting a dog to protect your home, would you buy a Doberman or a Chihuahua?”
About 15 years ago, to capture US government business, Sun developed an operating system that met their stringent security requirements. At that time, it was known as Compartmented Mode Workstation (CMW), at B1¹ level. Today, Sun's Trusted Solaris is the only commercially available multi-level operating system that runs on standardized, readily available computers. It has long been certified with more profiles in Common Criteria, at EAL4² level, than Linux, Windows, AIX, HPUX, and many more commercial operating systems.
Over the past decade, Solaris engineers merged two code bases step by step. The hugely popular Solaris 10 represent the pinnacle of this merger. There is no more two distinct operating systems. Solaris 10 and Trusted Solaris is now one. Few features that only very security sensitive customers want are collected into what will be marketed as the Trusted Extensions to Solaris (we call it TX for short).
What exactly make this operating system extension the most secure one? A simple concept and meticulous polishing the details over the long years. The concept is Mandatory Access Control.
For other operating systems, access control is discretionary. The individual that owns a document may grant others accessing privileges, such as reading, erasing, modification, or backing up. When the document changes ownership, all bets are off. Some software implements Digital Right Management (DRAM) control over documents with encryption technology (e.g. only the one with the password may open this file), but those controls can be easier circumvented.
In a system with Mandatory Access Control, all documents are labeled and all individuals too. An individual may access the document only when her label matches the document's. For example, an individual with the manager label may read documents that were labeled for manager only. Labels are hierarchical. A “senior” label can assume all privileges of a “junior” one and more. This matching follows a set of policies that are separately and independently established. This concept is also called “multi-level security” in the circle.
This concept is easier described than implemented. In addition to file system modifications, Solaris engineer must also enhance desktop, networking, printing, even devices such as USB and microphone (think about it). In addition, a comprehensive and secure auditing mechanism was put in place to capture all attempts to circumvent security. To simplify the policies, they also designed Role-Based Access Control so that complicated matching rules can be simplified. Sun is the only commercial company that knows how to do these right — securely with high performance. Their knowlege is decades ahead.
¹In the old days, security levels are classified as A1, B3, B2, B1, C2, and lastly, C1. These classifications are nicely written up in the famous “Orange Book” that is no longer used. Most people use the term “B1” as a short-hand to the equivalent of a set of Common Criteria profiles.
²These days, the security levels are determined by the protection profiles and the evaluation level. The profile determines what the product is good for. Solaris 10 Trusted Extension will have CAPP, RBACPP, and LSPP profiles. The evaluation level tell you how vigorous the evaluation process was. Any level less than 3 is not worth even mentioning. TX will be at least level 4.