http://www.oracle.com/technetwork/articles/servers-storage-a...
https://en.wikipedia.org/wiki/Solaris_Trusted_Extensions
The whole idea of encapsulated data paths with labeled domains, etc. were all pioneered first in Solaris.
The unique spin here with Qubes OS seems to be do something similar, but using virtualization.
They actually came from the high assurance field that created the Orange and Red Books for endpoints and networking respectively. Earliest, fielded systems like that were in the mid-80's. Later, since nobody wanted real security, they dropped the assurance but kept & expanded features in so-called Compartmented Mode Workstations described here:
http://web.ornl.gov/~jar/doecmw.pdf
Trusted Solaris, which started as Sun MLS, conformed to low-to-mid grade of Orange Book:
http://www.cse.psu.edu/~trj1/cse544-s10/slides/cse544-lec12-...
Others included Trusted IRIX, SEVMS version of OpenVMS, Trusted Xenix around same time as Sun MLS, and so on. Many of those weak OS's with security retrofits. Today, there's Argus Pitbull, Trustifier, maybe others I don't know about.
Over time, due to security failures, DOD once again wanted high assurance desktops built on secure isolation. Turned to separation kernels (MILS) built to high assurance requirements. INTEGRITY-178B, LynxSecure, and VxWorks MILS built on that model with labeled, color-defined, virtualized desktops showing up starting around 2005. Nizza security architecture and TUDOS demo did stuff similar to high-assurance work for OSS in 2005-2006. QubesOS showed up later building on insecure Xen stack w/ VM-level separation and CMW-like features. GenodeOS built on Nizza/TUDOS work around 2007 while continuing to integrate high-assurance stuff like seL4 where possible.
So, no, Sun didn't invent these concepts or even design a high assurance system that I'm aware of. It was SCOMP, GEMSOS, XTS-300, and likely Trusted Xenix that proved most of the concepts out. Sun copied and improved on a watered down version of that. Separation kernels like INTEGRITY-178B and architectures like Nizza showed how it was supposed to be done. Then, Qubes later copied CMW's w/ a weak virtualization scheme and components but better usability (administration & hardware support) than separation kernels.
There's the lineage and history lesson for you.
Solaris contains the only surviving commercial implementation that I'm aware of that is still available and being updated and was last shipping in Solaris 11.3.
As far as I know, Solaris is also the last general (not tied to specific hardware), commercial UNIX.
Yes, we can nitpick all day about certification levels, but I never mentioned any of that.
Your statement implies they came up with it, led the way, first to market... stuff like that. They didn't on any count. They did end up with highest market share for CMW's and so-called Trusted OS's. They were copycats on the important stuff, though. Not pioneers. They played it pretty safe.
"Solaris contains the only surviving commercial implementation that I'm aware of that is still available and being updated and was last shipping in Solaris 11.3."
RHEL w/ SELinux and security add-ons. Argus on Solaris and Linux. Trustifier on Linux. Seems like there's four on two OS's depending on your measurement.
"Yes, we can nitpick all day about certification levels, but I never mentioned any of that."
You definitely didn't. The product you referenced wouldn't have been on the evaluated products list on any high standard had you referenced one. It would also look like a knockoff of stuff before it with selective advances. Referencing certification levels or criteria would've defeated your point when people read what was in those. Smart move.
Copycats? You're going to resort to name calling in an attempt to discredit actual success and reality?
Name another commercial UNIX operating system today that has an equivalent to Solaris role-based access control fully integrated throughout the entire operating system and components, especially one that supports the "two-person" rule:
https://blogs.oracle.com/gbrunett/entry/enforcing_a_two_man_...
"RHEL w/ SELinux and security add-ons. Argus on Solaris and Linux. Trustifier on Linux. Seems like there's four on two OS's depending on your measurement."
RHEL isn't UNIX and their security model is nothing compared to Solaris.
"Smart move."
Apparently not as smart as quoting lots of facts not relevant to the given context (desktop operating system) and then dismissing decades of R&D and actual commercial success of Solaris in a snide manner.
Enjoy your pyrrhic victory.
We were talking about trusted extensions. Basically every feature they had came from Orange Book. CMW's like Trusted Solaris were watered down versions of high-security products like GEMSOS, XTS-300/400, and Boeing SNS Server. They had more features and prettier interfaces due to lack of rigor in implementation. Tons of 0-days but checked the right boxes. That with COTS push by DOD killed off high-security while letting crap like Trusted Solaris proliferate. Preventable 0-days and covert channels still abound in Solaris and Linux. Its market share was an accident of policy and economics combined.
"Name another commercial UNIX operating system today"
"Apparently not as smart as quoting lots of facts not relevant to the given context (desktop operating system) and then dismissing decades of R&D and actual commercial success of Solaris in a snide manner."
That's a different discussion than we were having about whether Trusted Solaris invented or pioneered the security concepts Qubes is implementing. It didn't for key concepts and wasn't even on list of high-security stuff. The best in CMW model is probably Argus's tech baked into either Solaris or RHEL. The best in UNIX/Linux is stuff coming out of CompSci where prototypes make BSD's or Linux immune to most code injections and/or leaks. The best in commercial are separation kernels that run Linux or POSIX apps untrusted with security-critical stuff on dedicated runtimes w/ secure middleware. The ideal would be a combo of that with CompSci stuff.
Unfortunately, Trusted OS's w/ huge amounts of kernel code are a broken model that never worked. I mean, they were known to be broken when CMW's were introduced as a compromise to get insecurity-loving OS users to adopts some features of high-security. It was bait. Solaris's risky, 0-day-filled TCB might be better than RHEL's or another's 0-day-filled TCB but that's a weak comparison if one wants low vulnerability, eh?
Far as commercial success, I you would similarly count (original) Windows NT process isolation and security architecture as more secure than Trusted Solaris due to "decades of R&D" from Microsoft and Microsoft's "actual commercial success." Heck, one had millions to tens of millions while the other had billions. Yet, I realize that's marketing and lock-in in action rather than $$$ made = better security. Actually, more money and market share usually means less security. Sad fact.
"Enjoy your pyrrhic victory"
We didn't win: low quality and security with high-lockin abounds. Expanded with web app silos. If anything, the mainstream OS's are getting pyrrhic victories for themselves at long-term expense in technical debt and damage to users.