Oracle Solaris 11.3 安全扩展开发者指南

需积分: 5 48 浏览量更新于2024-06-24 收藏 854KB PDF 举报

"Oracle Solaris 11.3 Trusted Extensions Developer's Guide-122" Oracle Solaris 11.3 是一个强大的操作系统，尤其在安全性方面，它提供了Trusted Extensions功能，这是一个全面的安全增强机制，旨在提供多级别的安全性和隐私保护。Trusted Extensions Developer's Guide 是针对开发人员的指南，帮助他们理解和利用这些高级特性来构建和维护更安全的应用程序和服务。该指南的Part No. E54842发布于2017年10月，涵盖的内容可能包括但不限于以下几个核心知识点： 1. **Trusted Computing Base (TCB)**：Trusted Extensions 基于Trusted Computing Base概念，这是系统中所有必须保持可信的组件集合。开发者需要了解如何确保TCB的完整性和安全性。 2. **Namespace and Labeling**：Oracle Solaris 11.3 提供了命名空间和标签系统，允许在单个系统上创建多个独立的安全域。开发者需要学习如何创建和管理这些命名空间以及分配安全标签。 3. **强制访问控制 (MAC)**：Trusted Extensions 实现了一种强制访问控制策略，超越了传统的用户权限。开发者需要掌握如何定义和实施细粒度的访问规则。 4. **Zones with Trusted Extensions**：在Solaris中，Zones 提供了虚拟化环境。结合Trusted Extensions，开发者可以创建安全隔离的Zone实例，每个都有自己的安全标签和命名空间。 5. **Software Development Kit (SDK)**：Oracle Solaris 11.3 的SDK可能包含了针对Trusted Extensions的开发工具和库。开发者需要熟悉这些工具，如编译器、调试器以及安全相关的API。 6. **Policy Configuration**：理解并编写安全策略是开发过程中关键的一部分。开发者需要学习如何创建和修改策略文件，以满足应用程序的安全需求。 7. **Interoperability and Compliance**：对于美国政府或任何其他需要遵循特定安全标准的机构，开发者需要了解如何确保他们的软件与这些规定兼容。 8. **Error Handling and Debugging**：由于Trusted Extensions的复杂性，错误处理和调试可能更加复杂。开发者应学习如何识别和解决与安全策略相关的错误。 9. **Best Practices and Guidelines**：指南可能提供了最佳实践，帮助开发者遵循安全编码原则，避免常见的安全漏洞。 10. **Documentation Updates**：由于信息可能会有变更，开发者需要知道如何获取最新的文档更新，以确保他们使用的安全策略和技术是最新的。这个开发者指南旨在使开发者能够充分利用Oracle Solaris 11.3的Trusted Extensions特性，创建出符合高级安全标准的应用程序，同时理解这些安全特性的实现和限制。对于那些处理敏感数据或需要提供高安全服务的组织，这样的知识是至关重要的。

Trusted Extensions APIs

information about users, roles, authorizations, and profiles. These databases can restrict who

can run a program. Privileges are coded into various Oracle Solaris programs and can also be

coded into third-party applications.

For more information about these Oracle Solaris OS security APIs, see “Developing Privileged

Applications,” in Solaris Security for Developers Guide.

The Oracle Solaris OS provides discretionary access control (DAC), in which the owner of the

data determines who is permitted access to the data. The Trusted Extensions software provides

additional access control, which is called mandatory access control (MAC). In MAC, ordinary

users cannot specify or override the security policy. The security administrator sets the security

policy.

Applications use Trusted Extensions APIs to obtain labels for hosts, zones, users, and roles.

Where the security policy permits, the APIs enable you to set labels on user processes or on

role processes. Setting a label on a zone or on a host is an administrative procedure, not a

programmatic procedure.

The label APIs operate on opaque labels. In an opaque label, the internal structure of the label

is not exposed. Using an opaque label enables existing programs that are created with the APIs

to function even if the internal structure of the label changes. For example, you cannot use the

label APIs to locate particular bits in a label. The label APIs enable you to obtain labels and to

set labels. You can only set labels if you are permitted to do so by the security policy.

Label APIs

Labels, label ranges, and a label limit determine who can access information on a system that is

configured with Trusted Extensions.

The label APIs are used to access, convert, and perform comparisons for labels, label ranges

and limits, and the relationship between labels. A label can dominate another label, or a label

can be disjoint from another label.

The label_encodings file defines the sensitivity labels, clearance labels, label ranges, and label

relationships that pertain to your Trusted Extensions environment. This file also controls the

appearance of labels. The security administrator is responsible for creating and maintaining the

label_encodings file. See the label_encodings(4) man page.

The label of a process is determined by the zone in which the process executes.

All objects are associated with a label or sometimes with a label range. An object can be

accessed at a particular label within the defined label range. The objects that are associated with

a label range include the following:

■

All users and all roles

16 Trusted Extensions Developer's Guide • October 2017

Trusted Extensions Security Policy

The following sections describe how the Trusted Extensions security policy affects multilevel

operations, zones, and labels.

Multilevel Operations

When you create an operation that runs at multiple security levels, you must consider the

following issues:

■

Write-down policy in the global zone

■

Default security attributes

■

Default network policy

■

Multilevel ports

■

MAC-exempt sockets

Operations that run at multiple security levels are controlled by the global zone because only

processes in the global zone can initiate processes at specified labels.

Write-Down Policy in the Global Zone

The ability of a subject, such as a process, to write an object whose label it dominates is referred

to as writing down. The write-down policy in the global zone is specified administratively.

Because global zone processes run at the ADMIN_HIGH label, certain file systems that are

associated with other labels can be mounted read-write in the global zone. However, these

special file system mounts must be administratively specified in automount maps, and they

must be mounted by the global zone automounter. These mounts must have mount points within

the zone path of the zone that has the same label as the exported file system. However, these

mount points must not be visible from within the labeled zone.

For example, if the PUBLIC zone has a zone path of /zone/public, a writable mount point of

/zone/public/home/mydir is permitted. However, a writable mount point of /zone/public/

root/home/mydir is not permitted because it can be accessed by the labeled zone and not by

the global zone. No cross-zone NFS mounts are permitted, which means that the NFS-mounted

files can only be accessed by processes that run in the zone that mounted the file system. Global

zone processes can write down to such files, subject to the standard discretionary access control

(DAC) policy.

Local file systems associated with zones are protected from access by global zone processes

by DAC, which uses file permissions and access control lists (ACLs). The parent directory of

each zone's root (/) directory is only accessible by root processes or by processes that assert

the file_dac_search privilege.

20 Trusted Extensions Developer's Guide • October 2017

剩余121页未读，继续阅读

weixin_40191861_zj

粉丝: 83
资源: 1万+

Oracle Solaris 11.3 安全扩展开发者指南

Oracle Solaris 11.3 Trusted Extensions User's Guide-82

Oracle Solaris 11.3 Trusted Extensions Label Administration-136

Oracle Solaris 11.1 Trusted Extensions Developer's Guide-110

Oracle Solaris 11 Trusted Extensions Developer's Guide-114

Oracle Solaris 11.2 Trusted Extensions Developer's Guide-116

Oracle Solaris 11.3 Trusted Extensions Configuration and Admini

Oracle Solaris 10 Trusted Extensions Configuration Guide-176

Oracle Solaris 11.1 Trusted Extensions Label Administration-122

Oracle Solaris 11.2 Trusted Extensions Label Administration-122

Oracle Solaris 11.1 Trusted Extensions User's Guide-78

最新资源