Sun finds Net creates users for secure OS

 

Connecting state and local government leaders

A black hole is how Sun Microsystems Federal officials describe the government's security certification process. And though the company has invested 12 years and $50 million to develop a multilevel-secure (MLS) and compartmented-mode workstation (CMW) version of the Solaris operating system, sales to date have been unimpressive. But the growth of the Internet "has brought people to our door," said Joe Alexander, product manager for Trusted Solaris 2.5, the newest B1-level MLS+ release of Solaris

A black hole is how Sun Microsystems Federal officials describe the government's
security certification process.


And though the company has invested 12 years and $50 million to develop a
multilevel-secure (MLS) and compartmented-mode workstation (CMW) version of the Solaris
operating system, sales to date have been unimpressive.


But the growth of the Internet "has brought people to our door," said Joe
Alexander, product manager for Trusted Solaris 2.5, the newest B1-level MLS+ release of
Solaris 2.5.1.


A security profiles feature, which lets Trusted Solaris 2.5 administrators limit user
access to specific Unix commands and graphical tools, is now part of the standard Solaris
2.6 operating system--some vindication for Sun Federal's years of effort.


Trusted Solaris 2.5 competes with B-1 MLS+ versions of Digital Equipment Corp.'s
Digital Unix and Hewlett-Packard Co.'s HP-UX as a platform for trusted gateways,
firewalls, World Wide Web servers and workstations.


The latest version of the OS runs on the 64-bit UltraSparc processor, which powers most
of Sun's latest hardware, from Ultra 1 and Ultra 2 workstations to the 30-processor
Enterprise Server 6000.


But Trusted Solaris 2.5 is not yet year 2000-ready. Customers will have to purchase and
install a patch, available next January, to prepare the OS for the year 2000 date change,
Alexander said.


The four to five years leading up to the current Trusted Solaris release were rocky, he
said, as funding for development was "turned off, turned back on, turned off"
because customers weren't buying.


Sun Federal officials said the Defense Intelligence Agency originally wrote the
specification for CMW security and asked the National Security Agency to handle the
certification.


"When NSA wasn't moving as fast as DIA wanted, DIA pulled the plug," said
John Leahy, group manager for Sun Microsystems Federal.


In the meantime, Leahy said, the certification process had widened at least a
full-generation gap between the commercial OS and the secure version. Trusted Solaris 1.2,
released in 1995, did not support the multithreading or symmetric multiprocessing
capabilities of Sun servers.


Although NSA has evaluated Digital's and HP's secure Unix operating systems, Trusted
Solaris 2.5 has not been certified and may never be. NSA officials have said they plan to
turn over their security testing responsibilities to private labs certified by the
National Institute of Standards and Technology.


Alexander said Sun never managed to deliver an NSA-certified version of Trusted
Solaris, despite eight years of work with NSA.


"The evaluation body goes in front of peers and has to defend its efforts, which
forces the process to go longer," he said.


Sun did submit Trusted Solaris 2.5 to the United Kingdom's Information Technology
Security Evaluation and Certification process for E3/F-B1 and E3/F-C2 security, which will
be completed in April 1988, Alexander said. ITSEC certification tells potential buyers
that the vendor's product claims have been independently verified.


"With ITSEC, we can win contracts in Europe with Trusted Solaris, but we don't get
final payment until the certification is handed to the government activity that requires
it," Alexander said.


NSA has agreed within the last year to reciprocal recognition of C2-level evaluations,
and "that's a start," he said.


Over the next several years, NSA and NIST plan to recognize the international Common
Criteria Evaluation Methodology as the successor to U.S. Orange Book standards for
security products, an NSA spokeswoman said.


After the two agencies have transferred their evaluation technology to the private
labs, NSA and NIST will act together as a certification body "to assure the quality
and consistency of results," she said.


The new Trusted Solaris, unlike previous versions, can run most existing Solaris
applications, including the Netscape Navigator browser. Customers receive a list of the
applications Sun has tested with Trusted Solaris.


The graphical user interface is a trusted version of the Common Desktop Environment,
the same interface as that of Solaris 2.6 and other Unix 95-branded operating systems.


Customization options adjust it for C2 or B1 requirements, trusted networking,
distributed naming services and interoperability with standard Unix servers, Alexander
said.


He said Sun expects quick certification for baseline compliance with the Defense
Information Infrastructure Common Operating Environment requirements.


A trusted version of the Solstice AdminSuite 2.1 gives administrators a set of
graphical tools to manage users, hosts, interfaces and serial ports. Instead of having to
"fat-finger everything they do, now they can point and click, drop and drag,"
Alexander said.


A trusted-roles feature prevents administrators from logging in as "root" or
"superuser"--potential security holes in other Unix OSes. Instead,
administrators log in as themselves and assume roles so that the system can manage those
roles and control who's doing what, Alexander said.


Root is present in Trusted Solaris 2.5 only as a role, primarily because many
commercial software products require it for loading. "Some commercial packages behave
well in a trusted environment," Alexander said. Others don't, he said, because they
call for a superuser or root function to do certain tasks.


Trusted Solaris also has a privilege checker that lets the administrator assess whether
it's safe to bring a particular commercial product into the environment, he said.


Trusted Solaris 2.5 will sell at promotional prices of $149 for the desktop version and
$1,395 for servers through the end of 1997. Current Solaris users get special upgrade
prices.


Trusted Solaris appears on more than a dozen federal contracts including NASA's
Scientific and Engineering Workstation Procurement II, Sun officials said.


Contact Sun Microsystems' Joe Alexander at 703-204-4202.


NEXT STORY: USPS moves to a TCP/IP net

X
This website uses cookies to enhance user experience and to analyze performance and traffic on our website. We also share information about your use of our site with our social media, advertising and analytics partners. Learn More / Do Not Sell My Personal Information
Accept Cookies
X
Cookie Preferences Cookie List

Do Not Sell My Personal Information

When you visit our website, we store cookies on your browser to collect information. The information collected might relate to you, your preferences or your device, and is mostly used to make the site work as you expect it to and to provide a more personalized web experience. However, you can choose not to allow certain types of cookies, which may impact your experience of the site and the services we are able to offer. Click on the different category headings to find out more and change our default settings according to your preference. You cannot opt-out of our First Party Strictly Necessary Cookies as they are deployed in order to ensure the proper functioning of our website (such as prompting the cookie banner and remembering your settings, to log into your account, to redirect you when you log out, etc.). For more information about the First and Third Party Cookies used please follow this link.

Allow All Cookies

Manage Consent Preferences

Strictly Necessary Cookies - Always Active

We do not allow you to opt-out of our certain cookies, as they are necessary to ensure the proper functioning of our website (such as prompting our cookie banner and remembering your privacy choices) and/or to monitor site performance. These cookies are not used in a way that constitutes a “sale” of your data under the CCPA. You can set your browser to block or alert you about these cookies, but some parts of the site will not work as intended if you do so. You can usually find these settings in the Options or Preferences menu of your browser. Visit www.allaboutcookies.org to learn more.

Sale of Personal Data, Targeting & Social Media Cookies

Under the California Consumer Privacy Act, you have the right to opt-out of the sale of your personal information to third parties. These cookies collect information for analytics and to personalize your experience with targeted ads. You may exercise your right to opt out of the sale of personal information by using this toggle switch. If you opt out we will not be able to offer you personalised ads and will not hand over your personal information to any third parties. Additionally, you may contact our legal department for further clarification about your rights as a California consumer by using this Exercise My Rights link

If you have enabled privacy controls on your browser (such as a plugin), we have to take that as a valid request to opt-out. Therefore we would not be able to track your activity through the web. This may affect our ability to personalize ads according to your preferences.

Targeting cookies may be set through our site by our advertising partners. They may be used by those companies to build a profile of your interests and show you relevant adverts on other sites. They do not store directly personal information, but are based on uniquely identifying your browser and internet device. If you do not allow these cookies, you will experience less targeted advertising.

Social media cookies are set by a range of social media services that we have added to the site to enable you to share our content with your friends and networks. They are capable of tracking your browser across other sites and building up a profile of your interests. This may impact the content and messages you see on other websites you visit. If you do not allow these cookies you may not be able to use or see these sharing tools.

If you want to opt out of all of our lead reports and lists, please submit a privacy request at our Do Not Sell page.

Save Settings
Cookie Preferences Cookie List

Cookie List

A cookie is a small piece of data (text file) that a website – when visited by a user – asks your browser to store on your device in order to remember information about you, such as your language preference or login information. Those cookies are set by us and called first-party cookies. We also use third-party cookies – which are cookies from a domain different than the domain of the website you are visiting – for our advertising and marketing efforts. More specifically, we use cookies and other tracking technologies for the following purposes:

Strictly Necessary Cookies

We do not allow you to opt-out of our certain cookies, as they are necessary to ensure the proper functioning of our website (such as prompting our cookie banner and remembering your privacy choices) and/or to monitor site performance. These cookies are not used in a way that constitutes a “sale” of your data under the CCPA. You can set your browser to block or alert you about these cookies, but some parts of the site will not work as intended if you do so. You can usually find these settings in the Options or Preferences menu of your browser. Visit www.allaboutcookies.org to learn more.

Functional Cookies

We do not allow you to opt-out of our certain cookies, as they are necessary to ensure the proper functioning of our website (such as prompting our cookie banner and remembering your privacy choices) and/or to monitor site performance. These cookies are not used in a way that constitutes a “sale” of your data under the CCPA. You can set your browser to block or alert you about these cookies, but some parts of the site will not work as intended if you do so. You can usually find these settings in the Options or Preferences menu of your browser. Visit www.allaboutcookies.org to learn more.

Performance Cookies

We do not allow you to opt-out of our certain cookies, as they are necessary to ensure the proper functioning of our website (such as prompting our cookie banner and remembering your privacy choices) and/or to monitor site performance. These cookies are not used in a way that constitutes a “sale” of your data under the CCPA. You can set your browser to block or alert you about these cookies, but some parts of the site will not work as intended if you do so. You can usually find these settings in the Options or Preferences menu of your browser. Visit www.allaboutcookies.org to learn more.

Sale of Personal Data

We also use cookies to personalize your experience on our websites, including by determining the most relevant content and advertisements to show you, and to monitor site traffic and performance, so that we may improve our websites and your experience. You may opt out of our use of such cookies (and the associated “sale” of your Personal Information) by using this toggle switch. You will still see some advertising, regardless of your selection. Because we do not track you across different devices, browsers and GEMG properties, your selection will take effect only on this browser, this device and this website.

Social Media Cookies

We also use cookies to personalize your experience on our websites, including by determining the most relevant content and advertisements to show you, and to monitor site traffic and performance, so that we may improve our websites and your experience. You may opt out of our use of such cookies (and the associated “sale” of your Personal Information) by using this toggle switch. You will still see some advertising, regardless of your selection. Because we do not track you across different devices, browsers and GEMG properties, your selection will take effect only on this browser, this device and this website.

Targeting Cookies

We also use cookies to personalize your experience on our websites, including by determining the most relevant content and advertisements to show you, and to monitor site traffic and performance, so that we may improve our websites and your experience. You may opt out of our use of such cookies (and the associated “sale” of your Personal Information) by using this toggle switch. You will still see some advertising, regardless of your selection. Because we do not track you across different devices, browsers and GEMG properties, your selection will take effect only on this browser, this device and this website.