Reports of Trusted Solaris’ convergence with Solaris are greatly exaggerated, according to Sun Microsystems Inc. Trusted Solaris will continue as a product although “key technologies” such as processor rights management to counter buffer overrun attacks, will move into Solaris.
Future editions of Trusted Solaris will also be released in closer proximity to the launch of regular Solaris. The next Trusted Solaris is due between three and six months after Solaris 10, due in June, instead of the usual 10-month lag.
So said Sun, which today is expected to play-up its credentials as supply of trusted, secure systems at this week’s RSA Conference in San Francisco, California.
Sun is today expected to outline security features in Solaris 10, both new and cribbed from Trusted Solaris, at the annual event, noted among members of the security community.
Speaking ahead of RSA, Sun outlined goals for the next Trusted Solaris while insisting the operating system, targeted at governments and financial institutions, would continue.
We want to correct the perception Trusted Solaris is merging with Solaris. We have strengthened Solaris with Trusted Solaris, said group manager systems software security Ravi Iyer.
Trusted Solaris’ processor rights management removes the concept of root from Solaris 10, or the concept of a single user. Buffer overruns in a system with root mean a hacker can make the entire operating system crash or potentially take control of the operating system because of the root’s universal access rights.
The Trusted Solaris and Solaris architectures will also come closer together, Iyer said, to simplify and speed-up the upgrade process between Solaris and Trusted Solaris. Iyer said customers running Solaris would not need to re-install the operating system to get Trusted Solaris, and would instead installs a few packages.
The next edition of Trusted Solaris, meanwhile, will see the ability to run N1 grid containers, that are planned for Solaris 10. N1 grid containers mean there is less competition for operating system resources between separate applications, improved data privacy and if an application fails it is less likely to take down the entire operating system.
On security in general, Sun is expected to announce at RSA multi-function Java card authentication will be used across the company’s entire product line.
Multi-factor authentication means the recognition of various user log-ins, such as personal identification number, password and hardware authentication, and bi-directional validation in order to accept digital content from online services or remote applications.
Multifactor authentication is an important step in Digital Rights Management (DRM) and appears to be Sun’s answer to Microsoft Corp’s chip-based RDM story, Next Generation Secure Computing Base (NGSCB) recently backed by Disney.
On a standards front, Sun will announce Liberty Alliance Project phase two specifications have been ratified as an official standard. Approved by the Organization for the Advancement of Structured Information standards (OASIS), phase two covers sharing of personal identity between approved partners.
This article is based on material originally published by ComputerWire