The following security enhancements have been added to the Oracle Solaris 10 9/10 release.
The net_access privilege has been added to the basic privilege set. This privilege enables processes to create a network endpoint. By denying this privilege, an administrator can restrict network access and interprocess communication (IPC).
For more information, see the privileges(5) man page.
The Advanced Encryption Standard (AES) is a widely used encryption standard adopted by the U.S. government in 2001. Intel accelerated the AES cryptographic algorithm by introducing the AES New Instructions (AES-NI) into its instruction set beginning with the Intel Xeon processor 5600 series. These six new instructions offer a significant increase in performance on AES. For example, AES-NI significantly reduces CPU overhead when a system is using IPsec. Preliminary testing on Oracle Solaris systems shows that when IPsec is enabled, there is approximately a 50 percent decrease in CPU utilization in a system based on Intel Xeon processor 5600 series as compared to a similar system based on the previous generation Intel Xeon processor 5500 series.
The AES-NI instructions are automatically detected and used by the Oracle Solaris Cryptographic Framework, which provides seamless services to the end user through the industry-standard PCKS#11 API, command–line interfaces (CLIs), and kernel modules.
For more information about the instruction set, see Intel Advanced Encryption Standard (AES) Instruction Set (2010) by Shay Gueron.