Solaris Trusted Extensions (TM)
The Solaris Trusted Extensions project is a reimplementation of Trusted Solaris 8 based on new security features in Solaris 10. It has been renamed because it will be delivered as an optional set of extensions to Solaris. The layered functionality consists of a set of label-aware services that are derived from Trusted Solaris 8.
A partial list of such services includes:
- Labeled Networing
- Label-aware Filesystem Mounting and Sharing
- Labeled Printing
- Labeled Desktops
- Java Desktop System
- Common Desktop Environment
- Label Configuration and Translation
- Label-aware System Management Tools
- Label-aware Device Allocation
Solaris Trusted Extensions extends Solaris security by enforcing a mandatory access control policy. Sensitivity labels are automatically applied to all sources of data (networks, fileystems, windows) and consumers of data (user and processes). Access to all data is restricted based on the relationship between the label of the data (object) and the consumer (subject).
Documentation
A whitepaper, An Architectural Overview of Solaris Trusted Extensions, is a good place to start.
The official Solaris Trusted Extensions Collection is now available on Sun's document website. This includes a developer guide for those that need to know how to write label aware services.
Getting Started
The Trusted Extensions software was first integrated into OpenSolaris build 37 and was first delivered via Solaris Express 7/06. It was first integrated into the commercial release Solaris 10 11/06, also known as update 3.
Since Solaris 10 update 5, all the required packages for Trusted Extensions are automatically installed as part of standard Solaris .The current release is Solaris 10 update 8.
Required Patches
The current Solaris 10 Trusted Extensions patch list is available here.
Laptop Configurations
Several people have asked about configuring Trusted Extensions for laptops. The steps are described in Laptop Instructions.
Ongoing Development
Trusted Extensions is supported in OpenSolaris 2009.06 release. The steps for installing and configuring the 2009.06 release are described in Running Trusted Extensions in OpenSolaris 2009.06. These instructions are updated frequently as new releases are made available in the dev repository. For the latest release use these instructions.
The latest release of the Sun Ray Software for Trusted Extensions is version 4.1. This includes support for both x86/x64 and SPARC platforms. Among the new features are device allocation of hot-plugged USB devices, and streaming video optimizations. For more details see Sun Ray Tech Specs.