Generally, the term "secure operating system" refers to a system that falls into one of the following two categories: hardened and trusted OSes. Although the end goal -- a secure operating environment -- is the same, each approach is different. But do these offerings really deliver on their promises, or is "secure operating system" just another vendor buzzword?

Different Paths

In a nutshell, a hardened operating system is one that has been locked down to prevent attacks. How well the system is locked down is largely subjective, and the methods used vary from company to company. According to Jim Hurley, vice president of security and privacy at Aberdeen Group, "what has largely happened is network ports and services have been removed, and certain system-level services have been removed to make [the system] less vulnerable when attached to a network attached to the Internet."

Trusted systems take a different, more defined approach. "Trusted operating systems are developed along a formalism that was first theorized and proven over many years from 1984 to 1995," Hurley told NewsFactor. "Much theory and testing took place at the National Security Agency in the U.S., along with a very large coterie of companies that supply to security agencies and the Department of Defense, as well as agencies throughout the world. The theory for all that stuff is from books known as the Rainbow Series."

What Trust Means

The main focus of a trusted system is to manage information -- to ensure information can only be viewed, altered or moved by individuals with appropriate access rights. Ravi Iyer, group marketing manager of Solaris marketing at Sun Microsystems, told NewsFactor that a trusted system is primarily used in "areas where you are dealing with proprietary and private information ... where extremely high levels of accountability come into play." Sun's Trusted Solaris is one of the most widely deployed trusted operating systems.

On a normal system, an attacker who gains root or administrator access can run rampant. Not so on a trusted system -- at least so long as it is properly configured. According to Iyer, "with Trusted Solaris, you get root access, you get squat. It's just another role.... That's the beauty in Trusted Solaris. Root is just another user." (continued...)

1  |  2  |  Next Page >