Solaris Trusted Extensions and Red Hat Enterprise Linux: Multilevel Security Policy Feature Summary Comparison

Glenn Faden (Distinguished Engineer, Sun Microsystems), February 2007

The following table provides a very high-level feature comparison of the multilevel security (MLS) features of the Solaris Trusted Extensions and the Red Hat Enterprise Linux systems. For the details, see Comparing the Multilevel Security Policies of the Solaris Trusted Extensions and Red Hat Enterprise Linux Systems.

Feature Comparison
Feature
Solaris Trusted Extensions
RHEL5 LSPP
Multiple policy configurations
Supports Secure by Default (labeled and unlabeled) and Trusted Extensions (labeled).
Supports Targeted (unlabeled), Strict (unlabeled), and MLS (labeled).
Policy hooks
Uses a private set of policy hooks.
Uses the Linux Security Module framework.
Integration with the OS
Tightly coupled with the Solaris OS.
SELinux module is not available in all Linux distributions.
Flexible policy
  • Implements consistent and reliable MLS policies in the kernel so policies are always in effect when labeling is enabled.
  • Enhances the X11 server with MLS policy and provides some limited flexibility to address older X11 implementations.
  • Relies on policy language primitives to explicitly declare the MLS rules for all object classes and data flows.
  • Does not support any windowing system components.
File systems
  • Supports all the file systems that the Solaris OS supports.
  • Provides MLS support for NFS clients and servers.
  • Supports a heterogeneous system environment in conformance with MLS policy.
  • Supports only the customized file systems.
  • Does not include MLS support for NFS clients and servers.
  • Does not support a heterogeneous system environment.
Device allocation
Supports CD-ROM, diskette, and USB devices.
Supports CD-ROM and diskette devices.
Protection of higher-level file names
Prevents a lower-level process from determining the existence or the name of higher-level files.
Does not sufficiently protect names of higher-level files from being seen in a directory that is read-accessible to a process.
Performance
Does not impact the performance of file I/O operations when labeling is enabled.
Imposes a pronounced performance overhead to file I/O operations when the SELinux module is loaded. [1]
Resource management
Enables a security administrator to assign system resources to labeled zones based on sensitivity labels.
Supports no comparable feature.
Resource polyinstantiation versus resource sharing
  • Polyinstantiates all resources in a zone by default and specifies the sharing of individual file systems as part of the zone configuration.
  • Supports polyinstantiated network ports.
  • Uses a configuration file to enumerate the list of polyinstantiated directories and how they are polyinstantiated.
  • Does not support polyinstantiated network ports.
Trusted processes
  • Uses LDAP to support a distributed TCB in the global zone, which eases administration.
  • Prevents privilege escalation by protecting root-owned objects.
  • Restricts access to the global zone by means of Trusted Path interfaces, such as the windowing system.
  • Does not support a distributed TCB for SELinux policies.
  • Uses the newrole command with the sysadm_r role to transition the user to the sysadm_t domain.
  • Associates the root user ID with most SELinux roles because all capabilities are required to perform operations prior to invoking the SELinux policy module.
Security context transitions
Provides a one-way transition from the global zone to labeled zones.
Provides a transition mechanism in which the execution of an application transitions the process to a new domain.
Label specifications
Conforms to the U.S. Government label encoding specification.
Has minimal label translation functionality.
User authorizations
Uses authorizations to enable trusted programs to determine whether a user may perform a special function.
Defines object classes and permissions that correspond to kernel-maintained objects but are not oriented to trusted application policy decisions.
Trusted networking
  • Provides multilevel networking support with strategies to implicitly and explicitly label network packets.
  • Supports CIPSO for IPv4 and IPv6.
  • Uses IPsec with CIPSO.
  • Provides network port polyinstantiation.
  • Allows specification of explicit labels and ranges to include disjoint labels.
  • Provides uniform APIs to determine the label of the network peer for any local or remote connection-oriented protocol.
  • Provides multilevel networking support with strategies to implicitly and explicitly label network packets.
  • Supports CIPSO for IPv4 only.
  • Uses IPsec with labeled SAs.
  • Does not provide network port polyinstantiation.
  • Does not allow specification of explicit labels and ranges to include disjoint labels.
  • Provides APIs to determine the label of the network peer, but only for IPsec and local connections.
Auditing and policy violations
  • Adds subject and object labels to Solaris audit events and records policy violations.
  • Supports XML output format.
  • Provides a permissive policy interpretation mode in which violations are permitted and logged in the audit trail.
  • Must relabel file systems after running in permissive mode to properly record new file labels.
Multilevel printing
Provides an RBAC authorization infrastructure.
Does not provide an RBAC authorization infrastructure.
Multilevel desktop environment
Supports single-level and multilevel desktop environments.
Does not support single-level or multilevel desktop environments.
Product maturity
  • Continues a long tradition of trusted operating systems from Sun.
  • Implements a new architecture based on zones, yet retains essentially all the features of its predecessor.
  • Introduces the latest of the four multilevel windowing systems.
  • Offers support, training, and extensive high-quality documentation.
  • Discourages the use of the MLS policy configuration for general-purpose cases.
  • Implements a significantly more complex solution for MLS and RBAC.
  • Offers minimal documentation.
 

[1] SELinux and grsecurity: A Case Study Comparing Linux Security Kernel Enhancements (pdf), Michael Fox, et al., University of Virginia


Unless otherwise licensed, code in all technical manuals herein (including articles, FAQs, samples) is provided under this License.


Left Curve
Popular Downloads
Right Curve
Untitled Document
Left Curve
More Systems Downloads
Right Curve