Karl MacMillan (RedHat) wrote this response to Glenn Faden’s comparison between Sun’s new Solaris Trusted Extensions and SELinux.

Excerpt
The biggest misconception of this article that I want to address is that Red Hat Enterprise Linux 5 is a “trusted operating system”. It is not and hopefully never will be. Instead, Red Hat Enterprise Linux is a general purpose operating system that can meet the same requirements that traditionally required a special-purpose trusted operating system. This distinction may seem small, but it has large implications on the relevance and long-term viability of Red Hat Enterprise Linux and SELinux.

Full article

Comments: No Comments

Glenn Faden, Distinguished Engineer at Sun Microsystems has published this very insightful article about the differences between the Trusted Solaris successor - Solaris Trusted Extensions and Red Hat Enterprise Linux which contains SELinux functionality.

Excerpt:
Overview of the Trusted Extensions and RHEL5 LSPP Systems

The Solaris 10 Operating System provides new frameworks for containment (zones), user rights management (roles and authorizations), and process rights management (privileges). The Trusted Extensions software, introduced in the Solaris 10 11/06 OS, extends these frameworks by adding sensitivity labels to provide a mandatory access control (MAC) policy base that implements multilevel security. Since the Trusted Extensions software preserves all the basic Solaris OS functionality, new features added to the Solaris OS are, by definition, compatible with Trusted Extensions.

The Red Hat Enterprise Linux 5 OS includes SELinux, which is a framework for describing a security policy based on security contexts. A security context consists of a user identity, a role, a type, and an optional MLS level or range. The user identity attribute in the security context is independent of the ordinary Linux user identity attributes. The SELinux mandatory access controls remain completely orthogonal to the existing Linux access controls. As a result, a process must pass standard policy controls before anything from the SELinux module applies.

Neither RHEL5 LSPP nor the Solaris 10 11/06 OS enables the use of sensitivity labels by default.

Link to full article

Comments: 1 Comment

Despite what others might be claiming what is supposed to be the most secure operating system, the people who are charged with protecting the most sensitive and critical information, are still largely deploying multi-level secure operating systems such as Trusted Solaris.

Starting today you can download (for free – registration required) Trusted Solaris Extensions as part of the latest Solaris 10 11/06 release.
Full article…

Comments: 1 Comment