SAN JOSE, Calif., RSA Conference, Booth 515 -- Feb. 14, 2006 -- Sun Microsystems, Inc. (Nasdaq: SUNW) announced Solaris Trusted Extensions for the Solaris 10 Operating System (OS). Solaris has a well known track record of exceeding government mandated security certifications, and Solaris 10, the latest commercially available release of Solaris, is the most secure operating system on the planet. Solaris Trusted Extensions will allow existing Solaris 10 customers who have specific regulatory or information protection requirements to take advantage of labeling features previously only available in highly specialized operating systems or appliances.

Solaris Trusted Extensions is an optional layer of secure labeling technology that allows data security policies to be separated from data ownership in environments where the ability of the OS to support multi-level data access policies is a requirement. Delivering Solaris Trusted Extensions as an optional layer means that existing Solaris 10 customers can meet strict government regulatory compliance goals without the need to modify their existing applications or underlying hardware platforms.

"Solaris has been the platform of choice for protecting some of the most sensitive organizations in the world," said Tom Goguen, vice president of System Software at Sun Microsystems. "For the first time ever, this highest level of security is available on the broadest range of industry standard hardware."

Solaris Trusted Extensions will be Common Criteria certified against Labeled Security Protection Profile (LSPP) at EAL 4+, an absolute requirement for some financial, healthcare and government customers who want to protect multiple classifications of data on the same system. This adds to the certification of Solaris 10, also currently in evaluation, against Controlled Access Protection Profile (CAPP) and Role Based Access Control Protection Profile (RBACPP) at EAL 4+. Sun's comprehensive Common Criteria certification, the submission for Solaris Trusted Extensions, and previously for the Solaris 10 OS, includes all the enterprise grade components necessary to help businesses and governments to run highly secure OS configurations.

Solaris Trusted Extensions for the Solaris 10 OS is the only multi-level OS to support full enterprise-class solutions which gives customers a choice of multi-level desktops through the GNOME-based Java Desktop System or CDE, multi-level printing, networking and file systems with full binary compatibility for existing applications.

By April 2006, Solaris Trusted Extensions will become available in beta and simultaneously enter evaluation for Common Criteria certification at EAL 4+, the highest globally recognized level of certification for any commercial OS component. Today, Solaris Trusted Extensions is available to customers through an early access program.

Solaris Trusted Extensions Labeling Capabilities

The labeled security capabilities in Solaris Trusted Extensions allow a strong Mandatory Access Control (MAC) security policy to be implemented in Solaris 10. This policy ensures that all objects in the OS have a well-defined, easily audited relationship to each other and access to communication between objects is strictly controlled. For example, every organization has at least two levels of information. The first is available to everyone, while the second is available only to authorized users. Solaris Trusted Extensions allows information to be processed at multiple sensitivity levels.

MAC hierarchical and compartmentalized labels correspond to the sensitivity of information that must be kept separate, even when it is stored on a single system. Since information labeling happens automatically, MAC is mandatory. Ordinary users cannot change labels unless the system administrator gives them special authorization. In fact, users with labels in separate compartments are not allowed to share information.

Additional security features provided by Solaris Trusted Extensions for the Solaris 10 OS include:

• Labeled File System - The ability to actually store files on different parts of the disk based upon their security classification, such as Top Secret, Secret and Unclassified. Owners of files cannot arbitrarily share information outside of its security classification.
• Labeled Networking - The ability to exchange data with other multi-level (labeled) systems as well as the ability to offer services, such as Web, printing and NFS that respond uniquely to a client based upon that client's classification level.
• Labeled Printing - The ability to assign a range of security classifications to a printer and thus limit what files can be sent to that printer based upon a files' security label. For example, prohibited printing of any Top Secret data or restricted Secret Printing on a public printer.
• Labeled Desktop - The ability for the Graphical User Interface (GUI) to enforce and display classifications of data. The GNOME-based Trusted Sun Java Desktop System and CDE will both support this functionality and will allow, for example, someone with the appropriate privileges to see Top Secret data and Secret data, but not accidentally drag-and-drop data from one classification to another.

Support for CIS Benchmark

Sun has also extended support services for Solaris 10 OS deployments that adhere to the Center for Internet Security (CIS) Benchmark. Named "best benchmarking effort" by Information Security Magazine, CIS Benchmarks are developed through a global consensus process involving hundreds of security professionals to determine best-practice security configurations. The CIS Level-I Benchmark for the Solaris 10 OS is a compilation of security configuration actions and settings introduced in March 2005. As a result of a close partnership between Sun and the members of CIS, Solaris 10 Service Plan customers who now implement the CIS security recommendations will have Sun support for their resulting configurations. Complementing Sun's freely available Solaris Security Toolkit, CIS will also introduce a Scoring Tool for the Solaris 10 OS later this month, giving users a quick and easy way to evaluate systems and compare their security configuration against the CIS Benchmark criteria.

Solaris 10 OS Security

Solaris 10 is the most advanced and secure operating system on the planet with security features that include:

• Standards-based Cryptographic Framework - Makes life simpler for developers by integrating high speed, high strength cryptographic libraries directly into the OS. Use of open and industry standard APIs allows almost all applications to utilize the framework without any modification.
• Integrated Firewall - A fully supported firewall to protect systems from unwanted intrusion is built right into the Solaris IP Stack and is based on the popular IP Filter open source firewall.
• Verification of Secure Execution -- An upcoming feature of Solaris 10 that allows the OS itself to validate any application, script, etc. before it runs. Hacked, trojaned or modified applications simply won't run on Solaris 10. The system protects itself at all times, not just when the virus scanner was last updated.
• Basic Audit and Reporting Tools (BART) - The Solaris 10 OS introduced a file integrity checking application for data files and customer applications known as BART. In addition, Sun continues to publicly provide digital hashes for all files shipped in the Solaris OS as part of the Solaris Fingerprint Database project. These signatures allow customers to check the integrity of Solaris files to ensure that no hacker has modified critical system files. Together, these tools give users powerful, flexible ways to monitor and protect against changes to the OS platform.
• Services Secured With Least Privileges - Solaris 10 utilizes Process Rights Management on almost all of its services, such as printing and file sharing, so that critical system services or applications do not have full super-user rights to the system. No system administration or training is required; it's the out-of-the-box configuration for all Solaris 10 systems.
• Flexible Enterprise Authentication - The Solaris 10 OS delivers flexible and commonly requested authentication features. Kerberos-based protocols allow for enterprise single sign-on and have been enhanced for better scalability, a truly standards-based way of providing enterprise single sign on across multiple platforms. Solaris includes all components (server, client, applications) to achieve Kerberos-based single sign on out-of-the-box. In addition, Pluggable Authentication Modules (PAMs) allow you to add your own authentication services and support smart card-based authentication.
• Secure Data Center Consolidation - Solaris Containers provide a way to consolidate multiple users and applications onto a single system, while actually reducing the security risk by isolating data and processes from each other.
• Centrally Managed User Rights Management (URM) - Solaris URM allows for delegated administration and creation of roles that are stored in a central naming service (NIS, NIS+ or LDAP), so that errors are reduced, administration is simplified and auditability is enhanced. Competing offerings typically use a per-system 'sudo' profile that is very error prone at the enterprise scale.
• Minimized Install Option - The Reduced Networking Metacluster install option creates a minimized Solaris OS image to which security administrators can then add functionality. Additionally, the Service Manager technology is designed for administrators to create dynamic profiles for all Solaris users of just those network services needed.
• Fine grained Process Rights Management - Solaris 10 does away with the concept that operating systems must have one all-powerful super-user with the ability to do much harm to the system. Process Rights Management is an expandable privileges based system that allows applications to be granted just the privileges they need to operate, but no more than is necessary. This reduces risk and exposure of the application and system.

The addition of Solaris Trusted Extensions for the Solaris 10 OS strengthens the Solaris Enterprise System. The Solaris Enterprise System is the only comprehensive and open infrastructure software platform available today. It consists of the Solaris OS, Sun Java Enterprise System, Sun developer tools and Sun N1 management software. The Solaris Enterprise System provides a single, complete and integrated platform that includes the operating system, infrastructure software, system management and developer tools, available at no cost for unlimited use to developers and users.

The Center for Internet Security

The Center for Internet Security is a non-profit enterprise whose mission is to help organizations reduce the risk of business and e-commerce disruptions resulting from inadequate technical security controls. CIS members develop and encourage the widespread use of security configuration benchmarks through a global consensus process involving participants from the public and private sectors. For additional information: www.cisecurity.org

About Sun Microsystems, Inc.

A singular vision -- "The Network Is The Computer" -- guides Sun in the development of technologies that power the world's most important markets. Sun's philosophy of sharing innovation and building communities is at the forefront of the next wave of computing: the Participation Age. Sun can be found in more than 100 countries and on the Web at http://sun.com.

Sun, Sun Microsystems, the Sun logo, Solaris, Trusted Solaris, Java, and The Network Is The Computer are trademarks or registered trademarks of Sun Microsystems, Inc. in the United States and other countries. All SPARC trademarks are used under license and are trademarks or registered trademarks of SPARC International, Inc. in the United States and other countries. Products bearing SPARC trademarks are based upon an architecture developed by Sun Microsystems, Inc. AMD, Opteron, the AMD arrow logo, the AMD Opteron logo are trademarks or registered trademarks of Advanced Micro Devices.