(Sun Microsystems, Inc.)(1997).iso/products/Argus/images/image44.gif)
Fortify Security Framework
for Solaris 2.x
A unique, user-installable software utility package that allows users and administrators to 'quarantine' personal, sensitive, or mission-critical resources from access by Java applets or other network-borne programs and agents. This simple utility provides total assurance that downloaded programs cannot maliciously assault Decaf-protected resources which may include static files, system files, executable files, system utilities, and devices. Decaf takes the worry out of executing 'untrusted' programs regardless of their origin and allows administrators to establish safe domains for Java execution.
Security Foundation Module
The Argus Fortify Security Foundation Module enhances a standard Solaris 2.x operating environment by adding several system security features to the base operating system as discussed below. Solaris 2.x enhanced with the Fortify Security Foundation Module exceeds the US Orange Book C2 and the ITSEC F-C2 E3 security criteria. The Argus Security Foundation Module also serves as the foundation for all other Argus security enhancement modules.
Security Features provided with the Argus Security Foundation module include:
Extended Security Module
The Extended Security Module builds upon a Solaris 2.x which has been upgraded with the Security Foundation Module. The Extended Security Module adds system security features to the base operating system which enables the system to meet US Orange Book B1 and ITSEC F-B1 E3 security criteria.
A Solaris system upgraded with the Extended Security Module employs:
Argus Trusted Desktop Module
In order to ensure total system security and to meet published security criteria (C2, B1, B1/CMW) appropriate security features must be applied to the entire trusted computing base. When added to a base operating system (such as Solaris 2.5), the X Window system becomes an integral part of the trusted computing base. Consequently, system security enhancements must be extended to the X Window system (in particular the X server, window manager, and various X clients) so that malicious users cannot exploit the window system to subvert system security. X Window system security enhancements are also required to meet US Orange Book (TCSEC) and European (ITSEC) security criteria.
Argus has extended the security features of the Security Foundation and Extended Security Modules to the X Window system to create the Argus Trusted Desktop Environment Module. This module can be added to any base Solaris 2.x operating environment which has been enhanced with Argus system security modules. With the addition of the Argus Trusted Desktop security module, users and administrators are afforded the many benefits of the X Windows-based desktop metaphor while preserving the integrity and security of the total operating environment.
Argus Trusted Desktop supports secure cut-and-paste utilities with "floating"security labels. The module continuously monitors the information displayed in each window label bar to reflect the current security attributes of the displayed data (sensitivity label, information label, any special markings or handling caveats).
A Solaris 2.x system upgraded with the Argus Trusted Desktop Module employs all of the security features listed above for the Security Foundation and/or the Extended Security Module plus the following additional features:
Advanced Secure Networking (ASN) Module
Argus's Advanced Secure Networking builds upon SunSoft's market-leading TCP/IP networking technology. ASN provides network security enhancements which extend the security of the Argus-enhanced Solaris platform to the entire network. ASN allows the creation of secure local and wide area networks using open, industry-standard protocols. With ASN installed, as data is sent over a network connection, the security attributes of the data are preserved and sent along with the data. Only those systems on the network that are authorized to process such data are able to access the data as it traverses the network. ASN can be used to segregate and compartmentalize data within multiple "virtual" internal networks.
Argus ASN provides support for several multi-level network security standards to provide secure interoperability with standard (non-secure) hosts as well as with secure systems from other vendors.
ASN is being integrated with Sun Microsystems' SKIP network encryption protocol to provide an additional level of security for network data packets.
Argus Trusted Windows Module
SunSoft's WABI provides Solaris 2.x users with the ability to run multiple, simultaneous Microsoft Windows applications and utilize Solaris network resources such as file servers and printers. Argus Fortify systems provide full enhanced security support for WABI.
Argus Trusted Windows provides the ability to use Windows application programs within the security policy enforced by the Argus-enhanced Solaris 2.x platform. Because the security is implemented within the Solaris operating environment, the security mechanisms cannot be by-passed by Windows application programs.
When combined with the Security Foundation Module or the Extended Security Module, users can log on at multiple security levels and create Windows files that are appropriately labeled and protected by the label enforcement mechanisms of the operating environment.
Argus Trusted Windows for Intel and SPARC, combined with the Argus Security Foundation or the Argus Extended Security Module provides a fully secure Windows computing environment which meets the published C2 or B1 security criteria respectively.