Jim Laurent's Weblog

Red Hat and IBM recently announced the completion of an EAL4+ CC evaluation.  Those who follow my blog religiously (I know that you're out there), know that I have discussed the Common Criteria several times before here and here.  What most don't know is that there are a wide range of features that can result in a completed CC evaluation.

RH and IBM indeed have the same certification tests done on paper that Sun plans to achieve for the Open Source Solaris 10 with Trusted Extensions; however, WHAT they tested and WHAT customers can use and be in compliance with the test parameters is NOT AT ALL on par with what we are doing in Solaris 10 with Trusted Extensions.

The most important part of a CC Evaluation is the "Security Target."  The ST defines what will and what will NOT be considered part of the evaluation.  Red Hat and IBM's Security Target eliminates a number of key features and significantly reduces the functions available to the user.

The evaluation doesn't tell the whole story at all. Each evaluation must be looked at very closely to see exactly what was tested and what was claimed.

• Red Hat's LSPP security policy file can be hundreds or thousands of lines long and thus potential prone to more error. Solaris Trusted Extensions uses a series of small, easily verified files and enforcement of the policy always take place, even with administrative processes.
• Solaris Trusted Extensions include the Solaris Management Console GUI for configuration.
  
• Sun's Solaris with Trusted Extensions can be deployed very rapidly using existing applications in a matter of minutes. This keeps the security policy simple and easy to verify and the protection provided is automatic regardless of the application being deployed.
• RHEL 5 with it's LSPP security policy has some serious, practical deployment issues that customers need to be aware of including:
• The GUI and X-Windows components are excluded from the security target.  This is a server and command line offering ONLY.
  
• No multi-level GUI. Solaris with Trusted Extensions provides both Trusted Java Desktop System (GNOME-based) and Trusted CDE
• No multi-level file sharing. Solaris with Trusted Extensions provides multi-level NFS file sharing
• No easy interoperability with other non-labeled OSs, such as MS Windows, Mac OS X, etc. Solaris with Trusted Extensions works in multi-platform environments without issue - we do not require communication only with other 'trusted' OSs.
• No guarantee of application compatibility for non-Label-aware applications. Solaris with Trusted Extensions will run all existing applications, even allowing them to run in a 'multi-level' manner without modification to the code.
• Hot Pluggable storage devices (USB and Firewire) are excluded from the evaluation.  Solaris Trusted Extensions includes these devices in our evaluation.
• Network Printers are excluded.  Solaris Trusted Extensions supports the labeling of network printers.
  
• No use of LDAP as a naming service for centralized management of user identities. Solaris Trusted Extensions supports industry standard LDAP protocols for centrally managing user id and security policy information.
• The RHEL evaluation only applies to IBM hardware.  Sun's certifications include a variety of AMD-64 and Sparc-based plaforms. 
• The RHEL evaluation only supports the ext3 and selinuxfs file systems.  Sun's evaluation for Solaris Trusted Extensions supports UFS, ZFS, PCFS. NFS, lofs, hsfs.  In addition, Solaris allows you to use QFS and VXFS as well although these were not part of the evaluated platform.
  

Sun has achieved CAPP & RBACPP @ EAL 4+ for Solaris 10 3/05 and is about to announce Solaris 10 11/06 has repeated this achievement and we will have our LSPP certification by the end of the CY 07.

For other comparisons, please review these useful links:

Comparing the Multilevel Security Policies of Solaris Trusted Extensions and Red Hat Enterprise Linux
http://www.sun.com/bigadmin/features/hub_articles/mls_trusted_exts.jsp

Sun Solaris Security Web Site :
www.sun.com/solaris/security/

Comparative Study of Containment Technology : a Thesis from Sweden :
http://opensolaris.org/os/community/security/news/20070601-thesis-bs-eriksson-palmroos.pdf

Glenn Faden's Blog : Chief Architect of Solaris Trusted Extensions (and Trusted Solaris 8):
http://blogs.sun.com/gfaden/

Thanks to Mark Thacker and Jane Medefesser for input to this article 

Why should you care?

Sun believes that when you deploy a OS in a secure, multi-level environment, that you will want all the features, third party software and support to be the same as a standard environment.  We believe that Solaris 10 with Trusted Extensions provides a  richer, more capable, easier to use platform for our security minded customers.  It is a deployment platform developed in an open source methodology, that supports a wide variety of Sparc, Intel and AMD based platforms and is freely available.