(Sun Microsystems, Inc.)(1997).iso/products/Argus/images/image44.gif)
Secure Solutions for Solaris 2.x
Argus Enhanced C2+ Security Foundation Module
The Argus C2+ Security Foundation enhances a standard Solaris 2.x operating environment by adding several system security features to the base operating system. Solaris 2.x enhanced with the Argus C2+ Foundation Module exceeds the US Orange Book C2 and the ITSEC F-C2 security criteria. The Argus C2+ Foundation Module also serves as the foundation for all other Argus security enhancement modules.
Security Features provided with the Argus Enhanced C2+ Security Foundation module include:
Argus B1+ MLS Security Module
The Argus B1+ MLS Security Module builds upon a Solaris 2.x which has been upgraded with the Argus C2+ Foundation Module. The B1+ MLS Module adds system security features to the base operating system which enables the system to meet US Orange Book B1 and ITSEC F-B1 E3 security criteria.
A Solaris system upgraded with the B1+ MLS Security Module employs:
Argus Trusted Desktop Module
In order to ensure total system security and to meet published security criteria (C2, B1, B1/CMW) appropriate security features must be applied to the entire trusted computing base. When added to a base operating system (such as Solaris 2.4), the X Window system becomes an integral part of the trusted computing base. Consequently, system security enhancements must be extended to the X Window system (in particular the X server, window manager, and various X clients) so that malicious users cannot exploit the window system to subvert system security. X Window system security enhancements are also required to meet US Orange Book (TCSEC) and European (ITSEC) security criteria.
Argus has extended C2 and B1/CMW security features to the X Window system to create the Argus Trusted Desktop Environment security module which can be added to a base Solaris 2.x operating environment which has been enhanced with Argus system security modules. With the addition of the Argus Trusted Desktop security module, users and administrators are afforded the many benefits of the X Windows-based desktop metaphor while preserving the integrity and security of the total operating environment.
Argus Trusted Desktop supports secure cut-and-paste utilities with "floating"security labels. The module continuously monitors the information displayed in each window label bar to reflect the current security attributes of the displayed data (sensitivity label, information label, any special markings or handling caveats).
A Solaris 2.x system upgraded with the Argus Trusted Desktop Module employs all of the security features listed above for the C2+ Security Foundation and/or the B1+ MLS Security Module plus the following additional features:
Advanced Secure Networking (ASN) Module
Argus's Advanced Secure Networking builds upon the industry standard ONC+, SunSoft's open system distributed computing environment networking technology. ASN provides network security enhancements which facilitate the transfer of data security information between hosts.
Argus ASN provides support for several multi-level network security standards to provide secure interoperability with standard (non-secure) hosts as well as with secure systems from other vendors. In addition to supporting full interoperability with commercial Solaris ONC+ platforms and with other standard TCP/IP systems, Argus ASN supports the US Department of Defense RIPSO RFC 1108 protocol used on the Internet.
To support the more sophisticated security attributes associated with CMW's, secure servers, and secure X terminals, Argus has developed the ASN Compartmented Mode Operation (ASN/CMO) protocol set. Argus ASN/CMO uses the Security Attribute Modulation Protocol (SAMP) as defined by the Trusted Systems Interoperability Group (TSIG). Argus ASN/CMO fully supports the TSIG TSIX(RE) networking specifications and the Common Internet Protocol Security Options (CIPSO). Other vendors supporting the TSIG CIPSO standard include Sun Microsystems, Digital Equipment Corporation, Sequent Computer, Harris Corporation, Cray Research, AT&T, Hewlett-Packard, and others. Argus ASN/CMO also fully supports Trusted NFS.
Argus ASN can be installed with all Solaris 2.x-based Argus enhanced security products on ethernet networks. As an option, Argus provides ASN support for GKI's B2-evaluated VSLAN network encryption product. Argus plans to provide ASN support for SunLink X.25 and public-key encryption in the near future for secure WAN connectivity.
Argus Trusted Windows Module
SunSoft's WABI provides Solaris 2.x users with the ability to run multiple, simultaneous Microsoft Windows applications and utilize Solaris network resources such as file servers and printers. Argus C2/TMW and B1/CMW system provide full enhanced security support for WABI.
Argus Trusted Windows provides the ability to use Windows application programs within the security policy enforced by the Argus-enhanced Solaris 2.x platform. Because the security is implemented within the Solaris operating environment, the security mechanisms cannot be by passed by Windows application programs.
When combined with the Argus B1+ MLS or Argus B1/CMW systems, users can log on at multiple security levels and create Windows files that are appropriately labeled and protected by the label enforcement mechanisms of the operating environment.
Argus Trusted Windows for Intel and SPARC, combined with the Argus Enhanced C2+ Security Foundation or the Argus B1+ MLS Security Module provides a fully secure Windows computing environment which meets the published C2 or B1 security criteria respectively.