Oracle architect Glenn Faden has chronicled the addition of data classification features in Solaris 11.4. The enhanced capability limits the access that authorized users have to root, based on process clearances. He details the security features in a whitepaper on his blog.
In an article titled “Protecting Sensitive Data in Oracle Solaris 11.4,” Faden introduces the concepts of basic privileges and the limit privilege set. They combine to enable “the Principle of Least Privilege to be applied to any process, even those running as root,” he writes in his paper. “Oracle Solaris 11 added immutable zones, making it possible to lock down the security policy configuration. Even a process with all privileges cannot modify an immutable configuration.”
Faden developed these file- and process-labeling features in order to restrict access to sensitive data. “Inadequate information classification and policy enforcement have contributed to embarrassing and costly data breaches,” he says in the paper. “Administrators with root access have often been responsible for such data loss. Oracle Solaris 11.4 provides a set of unique access controls that can prevent processes, even with root privileges, from reading sensitive data.”
The extended security works on the bedrock of Solaris Trusted Extensions. It’s a feature that’s been a hallmark of Solaris for decades, Faden says. “However, Trusted Extensions enforces a more restrictive policy in which data labels must be preserved when data is moved or copied, even over the network. The new Oracle Solaris clearance policy is more flexible and does not prevent users with sufficient clearance from sharing labeled data with uncleared users. This flexibility is appropriate because the policy is enabled by default in Solaris 11.4.”
Photo by Markus Spiske on Unsplash