The Trusted Extensions feature of Oracle Solaris is an optionally enabled layer of secure labeling technology that enables data security policies to be separated from data ownership. Trusted Extensions supports both traditional discretionary access control (DAC) policies based on ownership, as well as label-based mandatory access control (MAC) policies. Unless the Trusted Extensions layer is enabled, all labels are equal so the kernel is not configured to enforce the MAC policies. When the label-based MAC policies are enabled, all data flows are restricted based on a comparison of the labels associated with the processes (subjects) requesting access and the objects containing the data.
The Trusted Extensions implementation is unique in its ability to provide high assurance, while maximizing compatibility and minimizing overhead. Trusted Extensions is part of the Oracle Solaris 11 Common Criteria EAL4+ Certification.
Trusted Extensions meets the requirements of the Common Criteria Labeled Security Package (LSP). See Oracle Solaris 11 Common Criteria EAL4+ Certification.
For more information, see the following:
For information about configuring and maintaining Trusted Extensions, see Trusted Extensions Configuration and Administration .
Selected man pages include trusted_extensions (5) , labeladm(1M), and labeld (1M) .