Decaf for Java
Essential Security for Today's Networked Computing

Decaf is a user-installable, generic systems security utility which is ideal for creating secure execution environments for Java applets and other network-borne applications or agents. Decaf is based on a new security paradigm that supplements standard security mechanisms found in most UNIX systems, including Solaris 2.x. Although designed primarily to provide security for Java, Decaf is in fact a general purpose security mechanism that can be used wherever sensitive, mission-critical and systems resources must be protected from unauthorized access by individual users or rogue processes. Standard UNIX security mechanisms are simply inadequate for today's network-centric environments. Decaf is the security solution for today, tomorrow, and beyond.

Decaf is:

Simple * Secure * Scalable * Compatible * Affordable

Decaf is simple. Users and administrators alike will be delighted with the elegant simplicity of Decaf. Its ironclad security is delivered in a totally transparent implementation. users of a Decaf enabled Solaris will detect no difference in their system, which is identical in every respect to standard Solaris, except for the additional security utilities. Decaf provides unprecedented security with no discernible effect on the operation or performance of the existing system.

Configuring and managing a Decaf security environment is as easy as setting permission bits on a text file. There are no special configuration files, databases, or daemons that must be administered and maintained and Decaf security is enforced with virtually no performance impact. Decaf requires no additional memory or any other hardware add-ons.

Decaf is secure. Decaf is your personal firewall. With Decaf installed, users and administrators can be assured that data resources of all types (text files, executable files, directories, devices) are thoroughly protected from unauthorized access from any Java applet, network agent, or local process, regardless of its origin. Decaf security mechanisms are enforced from within the operating system itself and therefore cannot be bypassed by users or rogue processes. Even processes running with root permissions are strictly controlled by Decaf security mechanisms.

Decaf provides a set of tools which allow users and administrators to assign security tags to any, or all resources on the system. Programs and processes ( such as login shell, a web browser, telnet, or sendmail) are either assigned security tags or inherit them from their start-up process. Before the operating system allows any program to act on a resource, it compares the security tags of both the program and the resource. The Decaf-enabled operating system the determines whether the request is consistent with the customizable security policy then in force and wither grants or denies the request based on that security policy. No program or process can circumvent this security enforcement. Even processes running as the all powerful root. Even if a user is otherwise authorized to access a file (correct permission bit settings), access will be denied if his active process (such as a Java-enabled browser or telnet) is operating with inappropriate Decaf security settings. The operating systems enforces the security policy. No program is exempt. Decaf is secure,

Decaf is flexible. Decaf is not just for Java. It is a flexible security tool for any environment. Its security enforcing functions are generic and apply to any applet, application program, or utility which interfaces with the operating system. A few examples of how Decaf can be used to enhance enterprise security are detailed below.

• Security against root compromise. "Root" compromise is the greatest security threat to UNIX systems. Once "root" privileges have been seized, the intruder has unlimited power over the system. Decaf offers the world's only secure root mechanism for UNIX systems. On a Deaf-enabled system, root is subject to the same security restrictions as all other accounts. While preserving 100% of the root functionality, Argus has secured the account and made it subject to the system security policy being enforced by the operating system No more root compromise
• Secure Java-enabled browser. A Java-enabled browser can be given specific Decaf security settings. any applet launched from this browser will inherit those security settings. The applet will only be able to act on files, directories, or other resources specifically marked with those same security settings. All other resources are 'off-limits' to applets launched from this browser and cannot be accessed, even is the applet is given root permissions.
• Secure sendmail. The system sendmail daemon can be set up to run in Decaf mode. Its environment is the limited to the mailboxes in the system, Even though it is running as root, neither sendmail nor any program run by sendmail is able to access inappropriately marked system resources.
• Secure Telnet/FTP. network daemons can be given Decaf security settings. users connecting over the network must use these daemons to gain system access, and thus will inherit the security settings from those daemons. The user cannot access any file, run any program, or perform any action that is not consistent with those security settings. This includes files owned by the user, but marked for 'local access' only. Access is restricted by the security settings of the telnet, FTP, or other daemon.
• Secure User Session. The user login shell can be given Decaf security settings. Once logged in, the user will be restricted by those settings which he inherits from the shell. Only files, directories, or other resources marked with the same settings are accessible to the user, even is the user logs in as root.
• Trojan Horse / Virus Protection. A program or utility can be imported onto the system through FTP, floppy disk, or other mechanism. Before the user executes the program he can set specific Decaf security settings on it. The program, and any virus or Trojan Horse resident within that program, will be restricted by those settings and can only act on resources specifically marked as accessible to that program.

Decaf is scalable. Decaf is designed to mirror the unprecedented scalability of the Solaris operating system, supporting systems ranging from desktop PCs to high-end multiprocessor servers. The product currently supports both SPARC and Intel systems. In keeping with the universality of the Java programming language, and in order to fully support all of Java's potential, ports to other operating systems are soon anticipated.

Decaf is compatible. Decaf's security enforcing functions are totally transparent to the system. The applications programming interface (API) is totally unaffected by Decaf. Decaf has no impact on application programs, system utilities, or device drivers.

Decaf is affordable. Argus introduces its revolutionary new Decaf product at a price which is affordable to both individual users and to large organizations. The Decaf base license fee (provides a single user license) is offered at $150. A 10-user license package is $595, and a 100-user license package is $2,995.