With the release of Solaris 10 11/06 in December 2006, Sun has introduced a set of features practically designed to run on AMD architecture. Solaris 8 established itself as a trusted OS among government organizations. Since then, government customers began to require security integration as a standard feature of Solaris to address a "rising tide of compliance and auditory requirements of our customers." In response, Sun integrated this feature set as standard part of Solaris 10, which has been in open source world for six months prior to its official release.
The good news for AMD users: these new security features work especially well on the AMD platform, and in some cases explicitly take advantage of built-in architectural features of AMD processors.
Solaris Trusted Extensions
The biggest new feature of Solaris 10, Solaris Trusted Extensions supports multi-level, label-based security and, more specifically, takes advantage of AMD's "no-execute" support. Originating from the criteria set out in the Trusted Computer System Evaluation Criteria, also known as the traditional Military/CIA/NSA "Orange Book," this set of security features helped make Solaris 8 the favored OS for government agencies. Trusted Solaris 8 was certified according to the Common Criteria standards, which replaced TCSEC in 2005, at Evaluation Assurance Level 4+ against the Controlled Access Protection Profile (CAPP), Role Based Access Control (RBACPP), and Labeled Security Protection Profile (LSPP). Solaris 10 has been certified against CAPP and RBACPP, and Solaris 10 11/06 is being tested against LSPP, all at EAL 4+. After evolving as part of the OpenSolaris project, Trusted Solaris-inspired features was incorporated into Solaris 10, with "Solaris Trusted Extensions" added as a new component to Solaris 10 11/06.
Stack Buffer Protection
Though AMD officially calls it "Enhanced Virus Protection" (EVP), its "no-execute" technology plays a key role in Solaris 10 beyond viruses, which don't exist on Unix systems. EVP lets the OS mark parts of the RAM as readable/writeable, but not executable, preventing the system from executing CPU instructions from the wrong areas. Using this technique the system localizes a potential attack and prevents it from growing until it can be flushed from system memory, as depicted in this video.
Basing its buffer protection on AMD's EVP technology, Solaris 10 guards against stack buffer overflow, or "stack smashing." Solaris 10 users need not download any additional software or modules to enable buffer protection. Developers coding for the AMD platform need not add anything to their 64-bit applications to take advantage of it, either.
User and Process Rights Management
A key feature of Solaris is User and Process Rights Management. This feature allows for delegated administration and for running processes with fewer privileges than they used to require. These work together to reduce the risk of developers requiring full access for their applications to work. Solaris 10 runs with privileges (process rights management) turned on all the time and as a result, being 'root' is no longer required just to have a functional application.
On most Unix platforms, you have concept of "root" and "everyone else." Solaris 10 introduces the concept of "least privileges" - 60+ different privileges. This gives each process a different set of rights. For example, any Web server that binds to port 80 must run on "root" because port 80 is a privileged port. On Solaris 10 the Web server can run with the "net_priv_addr" privilege and as any userid and still function as expected. Thus, the Web server cannot be used as point of attack to gain complete control over a system.
User Rights Management allows delegated administration on the system based on a user's role. For example a group of people might belong to a "developers" role, where they have the ability to install software and run kernel debugging, but do not need full superuser access to the system. The exact set of commands they can run and the privileges they are granted is managed in a centralized location for easier administration across multiple systems.
Process rights management and user rights management works hand in hand. Since this feature has a completely exposed API, Sun's developer tools can walk you through the process of using the API to change the privileges of the Web server. You can reduce them down to a normal user with a much more limited set of privileges. Alternatively, system administrators can 'wrap' an application with a privilege set without modifying the apps code—useful for commercial apps or when the customer doesn't have source code.
Label-based Security
Label-based security gives the OS the ability to attach to anything in the system an implied or explicit label based on that object's sensitivity. For example, credit card data can be marked "internal use only." Government agencies use this to control the releasibility of information.
With Solaris 10, developers don't need to make any changes to use this feature. Any app running in Solaris 10 automatically gets a label. Label encoding files can be dynamically changed on the fly and describe a hierarchical relationship of system and data files. For example, someone higher up in the organization can flow information downstream or tighten it up.
Solaris 10 is also the only labeled operating system that sports a label-aware GUI. Two, in fact. One utilizing the Common Desktop Environment (CDE) and another utilizing the Java Desktop System, which is based on the GNOME open source interface. These interfaces allow developers to see data or applications that are classified with different sensitivity labels while enforcing the strict flow of that data.
Cryptographic Framework
The Solaris Cryptographic Framework was written with developers in mind. It's the only cryptographic framework that's integrated with all the popular APIs that developers use. The cryptographic framework in Solaris allows application developers to create apps that utilize cryptographic routines without worrying about details such as how the crypto routines are provided, how to utilize hardware acceleration or even how to store the digital keys securely. Code to your favorite API (OpenSSL, NSS, PKCS#11, Java Crypto Extensions) and the Solaris Cryptographic Framework handles all the details.
Any app that uses these encryption APIs automatically gets access to this framework. By doing this, you can take advantage of any acceleration provided by hardware chip set. For example, drop in a hardware crypto accelerator on Web server, make no changes to software, and everything that uses the framework automatically becomes faster. If the hardware accelerator becomes too busy, or fails, the system automatically switches back over to software.
The framework optimizes crypto algorithms for the platform, for example AMD 64-bit multi-core. With its horizontal scalability, it also sees new cores being added and uses the type of functions that scale well. Thus you get multi-core optimization for n-core platforms with no additional coding, as well. Also floating point encryption takes advantage of AMD's floating point extensions, again without additional coding by the developer.
Secure by Default
With Security By Default Networking, Sun aimed to create a method of installing Solaris 10 that was secure and would bring up a dev-friendly workstation, with full access to the GUI, ability to mount shares, browse the Web, bring in source code, etc, but NOT expose networking services to Internet attacks. On other systems, you would have to run multiple services that listen to the network, and thus are subject to attacks. But government agencies don't put up with that. They must lock-down systems so that nothing is listening to the network.
Sun has learned how to build systems that are hardened and/or minimized in Solaris 10 11/06, making the systems highly secure from attack via the network. Basically, almost all networking services are either disabled or set to listen for local-only connections. For example, after install, if you do a port scan, you'll find only one port open. The install leaves Solaris Secure Shell listening for remote access by administrators. Otherwise, the system is fully functional for local use and users have full X-windows, can browse the Web, send e-mail, etc, without leaving the system open to being compromised. Because of this, the out of box experience is more likely to pass certification or accreditation requirements.
What AMD Developers Should Know
All of Sun's new security features are designed to be scalable and function the same whether implemented on a single development station or deployed across the network. For example, an app developed on an Athlon 64 laptop running a partitioned Solaris 10 can be deployed to a virtualized environment with multiple Opteron racks with no changes. In fact, most Sun developers run on AMD as their primary production platform.
Released as a free download, Solaris 10 has been optimized for AMD in many ways other than security. For more information about running Sun on AMD, check out "Sun and AMD."
Also, AMD has launched the Solaris Zone specifically for developers who are creating high performance, highly scalable Solaris apps for the AMD64 platform.
Justin Whitney is a regular contributor to DevX.com and Jupitermedia. He currently lives in San Francisco, where he consults for leading high-tech firms and writes about emerging technologies.