JavaScript is required to for searching.
Skip Navigation Links
Exit Print View
Trusted Extensions User's Guide     Oracle Solaris 11 Information Library
search filter icon
search icon

Document Information


1.  Introduction to Trusted Extensions

What Is Trusted Extensions?

Trusted Extensions Protects Against Intruders

Access to the Trusted Computing Base Is Limited

Mandatory Access Control Protects Information

Peripheral Devices Are Protected

Programs That Spoof Users Are Prevented

Trusted Extensions Provides Discretionary and Mandatory Access Control

Discretionary Access Control

Mandatory Access Control

Sensitivity Labels and Clearances

Containers and Labels

Labels and Transactions

User Responsibilities for Protecting Data

Trusted Extensions Separates Information by Label

Single-Level or Multilevel Sessions

Session Selection Example

Labeled Workspaces

Enforcing MAC for Email Transactions

Erasing Data on Objects Prior to Object Reuse

Trusted Extensions Enables Secure Administration

Accessing Applications in Trusted Extensions

Administration by Role in Trusted Extensions

2.  Logging In to Trusted Extensions (Tasks)

3.  Working in Trusted Extensions (Tasks)

4.  Elements of Trusted Extensions (Reference)



Trusted Extensions Protects Against Intruders

Trusted Extensions adds features to the Oracle Solaris OS that protect against intruders. Trusted Extensions also relies on some Oracle Solaris features, such as password protection. Trusted Extensions adds a password change GUI for roles. By default, users must be authorized to use a peripheral device, such as a microphone or camera.

Access to the Trusted Computing Base Is Limited

The term trusted computing base (TCB) refers to the part of Trusted Extensions that handles events that are relevant to security. The TCB includes software, hardware, firmware, documentation, and administrative procedures. Utilities and application programs that can access security-related files are all part of the TCB. Your administrator sets limits on all potential interactions that you can have with the TCB. Such interactions include programs that you need to perform your job, files that you are allowed to access, and utilities that can affect security.

Mandatory Access Control Protects Information

If an intruder manages to successfully log in to the system, further obstacles prevent access to information. Files and other resources are protected by access control. As in the Oracle Solaris OS, access control can be set by the owner of the information. In Trusted Extensions, access is also controlled by the system. For details, see Trusted Extensions Provides Discretionary and Mandatory Access Control.

Peripheral Devices Are Protected

In Trusted Extensions, administrators control access to local peripheral devices such as tape drives, CD-ROM drives, USB devices, printers, and microphones. Access can be granted on a user-by-user basis. The software restricts access to peripheral devices as follows:

Programs That Spoof Users Are Prevented

To “spoof” means to imitate. Intruders sometimes spoof login or other legitimate programs to intercept passwords or other sensitive data. Trusted Extensions protects you from hostile spoofing programs by displaying the following trusted symbol, a clearly recognizable, tamper-proof icon at the top of the screen.

Figure 1-1 Trusted Symbol

image:Graphic shows the Trusted Symbol.

This symbol is displayed whenever you interact with the trusted computing base (TCB). The presence of the symbol ensures the safety of performing security-related transactions. No visible symbol indicates a potential security breach. Figure 1-1 shows the trusted symbol.