way2slo's Journal: Information Security and Linux

(In response to a debate about Solaris vs. Linux security)

There were two seperate kernels in development at Sun. One was the regular solaris most of us are use to and the other was something they called Trusted Solaris [sun.com]. I have had the....joy of working with it. According to their "master plan" they merged the two kernels in Solaris 10. So, you would have the features of Trusted Solaris (TSol) available, if you so desired.

TSol is one of the most secure OS's I've administered. I had the opportunity to speak with one of the kernel developers and the one quote I'd like to convey about what we talked about is "That which is not explicitly permitted is implicitly denied."

However, Linux can have this level of security also. If you go here [nsa.gov] you will see the webpage for Security-Enhanced Linux (SELinux). Although, it is only a technology demonstration and may not be suitable for a real world environment.

These OS's are based on mandatory access control policies using roles. This is where the quote comes in to play. If you do not specifically give permission for an executable or a user to perform a specific action, that action will fail. There is no root user. Regular users have no rights themselves but are granted roles they can assume. These roles are given the rights and permissions to perform the tasks they have been asigned. You can create a "backup-admin" role so that it will have access to the tape drive and be able to read all files on the system, but not write anywhere but the tape drive and not be able to do anything else.

Now, I have not read if this part of the code will be "Open Sourced" and it was not discussed in the article. However, it has to be deeply embedded into the OS kernel for it to work so I must assume that it will be a part of it.

Mark my words: Mandatory Access Control, Labeled Security, and Role Based Access Control are the future of secure operating systems. If an operating system does not do these things it will not be considered for use in environments that have a high priority for information security (infosec). IMO, anything that connects to the Internet or a WAN or hosts sensitive data should have infosec as a high priority. If SELinux is not further developed, or a suitable replacement is created, then Linux will fall off the infosec curve.