DOCSLIB.ORG

Case Study: Solaris Trusted Extensions Glenn Faden and Christoph Schuba, Sun Microsystems, Inc

Total Page:16

File Type:pdf, Size:1020Kb

Download full-text PDF Read full-text
Case Study: Solaris Trusted Extensions Glenn Faden and Christoph Schuba, Sun Microsystems, Inc 103 C H A P T E R 8 Case Study: Solaris Trusted Extensions Glenn Faden and Christoph Schuba, Sun Microsystems, Inc. Solaris (TM) Trusted Extensions is a feature of the Sun Microsystems’s Solaris operating system that enforces multilevel security (MLS) policies [23]. It is the latest in a series of MLS workstation and server operating systems that have been under development at Sun since 1988.The first version, SunOS MLS 1.0, which appeared in 1990, was based on the SunView window system. It was designed to meet the TCSEC B1 level [304], see Chapter 12. However, it was replaced in 1992 by SunOS CMW, which was designed to meet the Compartmented Mode Workstation Requirements, CMWREQS [25, 340]. SunOS CMW was based on OpenWindows and X11/NeWS. It supported both sensitivity labels for Mandatory Access Control, and floating information labels for human consumption. It was first certified using the ITSEC Scheme at the E3/FB1 level in 1992. Trusted Solaris 2.5 through Trusted Solaris 8 were based on the Common Desktop Environ- ment (CDE) and X11 [227].Trusted Solaris 2.5.1 was also certified using the ITSEC scheme at the E3/FB1 level in 1996. Trusted Solaris 8 was evaluated using the Common Criteria scheme in 2000, with an assurance level of EAL4+. It was certified to meet the Controlled Access (CAPP) [230], Role-Based Access (RBACPP) [256], and Label Security Protection (LSPP) [231] Profiles. The RBAC features of Trusted Solaris were incorporated into the standard Solaris OS at that time. As- surance is detailed in Chapter 12, but in general, the assurance validates the correct low-level design for enforcing MLS requirements. Based on this assurance, Trusted Solaris has a dominant share in the U.S. Department of Defense and intelligence communities. In 2001 Sun began work to unify its two Solaris versions, which was completed in 2006, with the release of Solaris 10, update 3, which included the Trusted Extensions [1]. Also at that time, Sun contributed the source code for the kernel and window system to the OpenSolaris community. In addition to removing the need for separate kernels, the integration also made it possible to support MLS on x86, x64, and SPARC platforms. Trusted Extensions includes an MLS version of the GNOME desktop. The combined Solaris system with Trusted Extensions received Common Criteria certification at the EAL4+ assurance level in June 2008, using the same three protection profiles. The authors of this chapter would like to thank their colleagues in the Sun Solaris Security Organization, especially Casper Dik, Gary Winiger, Darren Moffat, and Glenn Brunette, for their contributions and reviews. 104 CHAPTER 8. CASE STUDY: SOLARIS TRUSTED EXTENSIONS This new approach enables the Solaris operating system to support both traditional Dis- cretionary Access Control (DAC) policies based on ownership, as well as label-based, Multilevel Security (MLS) policies. The MLS label-based policies for file systems and networks have been implemented throughout the standard Solaris 10 kernel, its services and utilities. Unless the Trusted Extensions layer is enabled, all labels are equal, so the kernel does not have any MLS requirements to enforce. The Trusted Extensions systems provide a reference monitor implementation for Solaris that enforces an MLS policy.The reference monitor extends the Solaris (and traditional UNIX) enforce- ment by providing complete mediation and extending file enforcement to network, printing, and devices. Further,Trusted Extensions provides extensive support for labeling objects in the first place. Trusted Extensions does not need to enable transition of process or resource labels, a mechanism commonly used in Domain Type Enforcement (DTE). Tamperproofing is improved by reducing the rights on root processes, using limited domains similar to those in DTE. Finally, verification of correctness is limited, as for all retrofitted UNIX systems, by the amount of code reused from insecure systems. However, the focus of the security policy is primarily on secrecy, so the correctness of the secrecy policy can be verified, but understanding the integrity of the system data is an ad hoc process. The trusted computing base of Trusted Extensions included the kernel and a variety of admin- istrative applications. Importantly, a variety of administrative applications also have to be modified to be MLS-aware, so that they can assist the operating system in the enforcement of MLS require- ments. For example, authentication services must be capable of determining MLS labels for users as they login. 8.1 TRUSTED EXTENSIONS ACCESS CONTROL The Trusted Extensions access control model supports secrecy protection via MLS, process confine- ment in a manner similar to DTE, and ad hoc privileges to work around limitations of the first two policies. First, both sensitivity levels and categories are used to describe the possible information flows in a system. Second, Trusted Extensions adds roles for limiting the rights of processes that traditionally ran as root, like domains in DTE. As a result, root is only used at installation time, so no processes run with full privilege. Third, discrete rights exceptional to the above two policies may be granted to an application using Solaris privileges. There are at least 68 different kinds of discrete privileges that may be granted. The default mandatory policy ofTrusted Extensions is a mandatory,multilevel security (MLS) policy that is equivalent to that of the Bell-LaPadula Model [23] of the Lattice, the Simple Security Property, and the !-Property (Star Property), with restricted write up.The default mandatory policy is also equivalent to the Goguen and Mesegeur model [113] of Non-Interference. Labels consist of hierarchical components called classifications (or levels) and a nonhierarchi- cal components called compartments (or categories). The mapping of names to classifications and compartments is specified in a database which is private to the Trusted Path. The internal structure 8.2. SOLARIS COMPATIBILITY 105 of labels is deliberately opaque to users and applications and might change in a future release. At least 256 classifications and 256 compartment bits are supported. When two labels are compared, the first label can be greater than, less than, equal to, or disjoint from the second label. Classifications are compared as integers, and compartments are compared as bit masks. Labels are disjoint when each contains at least one compartment bit which is not present in the other. A label range can be specified by an upper bound (called a clearance), and a lower bound. Administrative roles can use the Trusted Path to assign label ranges to users, network attributes, workstations, and devices. For this MLS policy, two labels are always defined: admin_low and admin_high. The site’s security administrator defines all other labels. The label admin_low is associated with all normal user readable (viewable) Trusted Extensions objects while the label admin_high is associated with all other Trusted Extensions objects. Only administrative users have MLS read (view) access to admin_high objects and only administrative users have MLS write (modify) access to admin_low objects or admin_high objects. Users interact with labels as strings. Graphical user interfaces and command line interfaces present these strings. Human-readable labels are classified at the label that they represent. Thus, the string for a label A is only readable (viewable, translatable to or from human readable to an opaque label data type) by a subject whose label allows read (view) access to that label. In order to store labels in publicly accessible (i.e., admin_low) name service databases, an unclassified internal text form is used. This textual form is not intended to be used in any interfaces other than those that are provided with the Trusted Extensions software release that created this textual form of the label. When the label-based MLS policies are enabled, all data flows are restricted based on a comparison of the labels associated with the subjects requesting access and the objects containing the data. Like other multilevel operating systems, Trusted Extensions meets the requirements of the Common Criteria’s Labeled Security Protection Profile (LSPP) [231] and the Role-Based Access Protection Profile (RBAC) [256]. The Trusted Extensions implementation focuses on maintaining compatibility with existing UNIX systems, maintaining the high performance of UNIX systems, and simplifying administrative tasks. 8.2 SOLARIS COMPATIBILITY Compatibility with thousands of Solaris applications is achieved by building on existing Solaris features and using existing industry standards. No new protocols are required nor new file system attributes. Applications do not need to be modified nor profiled to bring them into conformance with the MLS policy. Instead, the entire application environment is virtualized for each label through the use of Solaris Containers (zones) [175], Solaris primary OS-level virtualization technology. The Solaris Containers facility provides an isolated environment for running applications. Processes running in a zone are prevented from monitoring or interfering with other activity in the system. 106 CHAPTER 8. CASE STUDY: SOLARIS TRUSTED EXTENSIONS Access to other processes, network interfaces, file systems, devices, and inter-process communication facilities are restricted to prevent interaction between processes in different zones. At the same time, each zone has access to its own network stack and name space, enabling per-zone network security enforcement, such as firewalling or IPsec. The approach to map labels with zones is referred to as polyinstantiation because there can be an instance of each resource and service available at each label. However, there is also a unification principle known as a single system image which is applied to the entire operating environment. All the zones are centrally administered from a special, protected global zone which manages the Trusted Computing Base (TCB) known as the Trusted Path. The zones share a single LDAP directory in which network-wide policy is defined, as well as a single name service cache daemon for synchronizing local databases.
Load more

Recommended publications
  • Oracle Solaris: the Carrier-Grade Operating System Technical Brief
    An Oracle White Paper February 2011 Oracle Solaris: The Carrier-Grade Operating System Oracle White Paper—Oracle Solaris: The Carrier-Grade OS Executive Summary.............................................................................1 ® Powering Communication—The Oracle Solaris Ecosystem..............3 Integrated and Optimized Stack ......................................................5 End-to-End Security ........................................................................5 Unparalleled Performance and Scalability.......................................6 Increased Reliability ........................................................................7 Unmatched Flexibility ......................................................................7 SCOPE Alliance ..............................................................................7 Security................................................................................................8 Security Hardening and Monitoring .................................................8 Process and User Rights Management...........................................9 Network Security and Encrypted Communications .......................10 Virtualization ......................................................................................13 Oracle VM Server for SPARC .......................................................13 Oracle Solaris Zones .....................................................................14 Virtualized Networking...................................................................15
    [Show full text]
  • New/Usr/Src/Cmd/Mdb/Common
    new/usr/src/cmd/mdb/common/modules/genunix/findstack.c 1 new/usr/src/cmd/mdb/common/modules/genunix/findstack.c 2 ********************************************************** 642 return (DCMD_USAGE); 21346 Thu Feb 18 08:40:37 2016 new/usr/src/cmd/mdb/common/modules/genunix/findstack.c 644 if (interesting) { 6583 remove whole-process swapping 645 if (sobj != NULL || excl_sobj != NULL || ********************************************************** 646 tstate_str != NULL || excl_tstate_str != NULL) { ______unchanged_portion_omitted_ 647 mdb_warn( 648 "stacks: -i is incompatible with -[sStT]\n"); 583 /*ARGSUSED*/ 649 return (DCMD_USAGE); 584 int 650 } 585 stacks(uintptr_t addr, uint_t flags, int argc, const mdb_arg_t *argv) 651 excl_sobj = "CV"; 586 { 652 excl_tstate_str = "FREE"; 587 size_t idx; 653 } 589 char *seen = NULL; 655 if (caller_str != NULL) { 656 mdb_set_dot(0); 591 const char *caller_str = NULL; 657 if (mdb_eval(caller_str) != 0) { 592 const char *excl_caller_str = NULL; 658 mdb_warn("stacks: evaluation of \"%s\" failed", 593 uintptr_t caller = 0, excl_caller = 0; 659 caller_str); 594 const char *module_str = NULL; 660 return (DCMD_ABORT); 595 const char *excl_module_str = NULL; 661 } 596 stacks_module_t module, excl_module; 662 caller = mdb_get_dot(); 597 const char *sobj = NULL; 663 } 598 const char *excl_sobj = NULL; 599 uintptr_t sobj_ops = 0, excl_sobj_ops = 0; 665 if (excl_caller_str != NULL) { 600 const char *tstate_str = NULL; 666 mdb_set_dot(0); 601 const char *excl_tstate_str = NULL; 667 if (mdb_eval(excl_caller_str) !=
    [Show full text]
  • Ubuntu Kung Fu
    Prepared exclusively for Alison Tyler Download at Boykma.Com What readers are saying about Ubuntu Kung Fu Ubuntu Kung Fu is excellent. The tips are fun and the hope of discov- ering hidden gems makes it a worthwhile task. John Southern Former editor of Linux Magazine I enjoyed Ubuntu Kung Fu and learned some new things. I would rec- ommend this book—nice tips and a lot of fun to be had. Carthik Sharma Creator of the Ubuntu Blog (http://ubuntu.wordpress.com) Wow! There are some great tips here! I have used Ubuntu since April 2005, starting with version 5.04. I found much in this book to inspire me and to teach me, and it answered lingering questions I didn’t know I had. The book is a good resource that I will gladly recommend to both newcomers and veteran users. Matthew Helmke Administrator, Ubuntu Forums Ubuntu Kung Fu is a fantastic compendium of useful, uncommon Ubuntu knowledge. Eric Hewitt Consultant, LiveLogic, LLC Prepared exclusively for Alison Tyler Download at Boykma.Com Ubuntu Kung Fu Tips, Tricks, Hints, and Hacks Keir Thomas The Pragmatic Bookshelf Raleigh, North Carolina Dallas, Texas Prepared exclusively for Alison Tyler Download at Boykma.Com Many of the designations used by manufacturers and sellers to distinguish their prod- ucts are claimed as trademarks. Where those designations appear in this book, and The Pragmatic Programmers, LLC was aware of a trademark claim, the designations have been printed in initial capital letters or in all capitals. The Pragmatic Starter Kit, The Pragmatic Programmer, Pragmatic Programming, Pragmatic Bookshelf and the linking g device are trademarks of The Pragmatic Programmers, LLC.
    [Show full text]
  • Ebook - Informations About Operating Systems Version: August 15, 2006 | Download
    eBook - Informations about Operating Systems Version: August 15, 2006 | Download: www.operating-system.org AIX Internet: AIX AmigaOS Internet: AmigaOS AtheOS Internet: AtheOS BeIA Internet: BeIA BeOS Internet: BeOS BSDi Internet: BSDi CP/M Internet: CP/M Darwin Internet: Darwin EPOC Internet: EPOC FreeBSD Internet: FreeBSD HP-UX Internet: HP-UX Hurd Internet: Hurd Inferno Internet: Inferno IRIX Internet: IRIX JavaOS Internet: JavaOS LFS Internet: LFS Linspire Internet: Linspire Linux Internet: Linux MacOS Internet: MacOS Minix Internet: Minix MorphOS Internet: MorphOS MS-DOS Internet: MS-DOS MVS Internet: MVS NetBSD Internet: NetBSD NetWare Internet: NetWare Newdeal Internet: Newdeal NEXTSTEP Internet: NEXTSTEP OpenBSD Internet: OpenBSD OS/2 Internet: OS/2 Further operating systems Internet: Further operating systems PalmOS Internet: PalmOS Plan9 Internet: Plan9 QNX Internet: QNX RiscOS Internet: RiscOS Solaris Internet: Solaris SuSE Linux Internet: SuSE Linux Unicos Internet: Unicos Unix Internet: Unix Unixware Internet: Unixware Windows 2000 Internet: Windows 2000 Windows 3.11 Internet: Windows 3.11 Windows 95 Internet: Windows 95 Windows 98 Internet: Windows 98 Windows CE Internet: Windows CE Windows Family Internet: Windows Family Windows ME Internet: Windows ME Seite 1 von 138 eBook - Informations about Operating Systems Version: August 15, 2006 | Download: www.operating-system.org Windows NT 3.1 Internet: Windows NT 3.1 Windows NT 4.0 Internet: Windows NT 4.0 Windows Server 2003 Internet: Windows Server 2003 Windows Vista Internet: Windows Vista Windows XP Internet: Windows XP Apple - Company Internet: Apple - Company AT&T - Company Internet: AT&T - Company Be Inc. - Company Internet: Be Inc. - Company BSD Family Internet: BSD Family Cray Inc.
    [Show full text]
  • Downloading a Package
    man pages section 4: File Formats Part No: E29042 October 2012 Copyright © 2012, 2013, Oracle and/or its affiliates. All rights reserved. This software and related documentation are provided under a license agreement containing restrictions on use and disclosure and are protected by intellectual property laws. Except as expressly permitted in your license agreement or allowed by law, you may not use, copy, reproduce, translate, broadcast, modify, license, transmit, distribute, exhibit, perform, publish, or display any part, in any form, or by any means. Reverse engineering, disassembly, or decompilation of this software, unless required by law for interoperability, is prohibited. The information contained herein is subject to change without notice and is not warranted to be error-free. If you find any errors, please report them to us in writing. If this is software or related documentation that is delivered to the U.S. Government or anyone licensing it on behalf of the U.S. Government, the following notice is applicable: U.S. GOVERNMENT END USERS. Oracle programs, including any operating system, integrated software, any programs installed on the hardware, and/or documentation, delivered to U.S. Government end users are "commercial computer software" pursuant to the applicable Federal Acquisition Regulation and agency-specific supplemental regulations. As such, use, duplication, disclosure, modification, and adaptation of the programs, including anyoperating system, integrated software, any programs installed on the hardware, and/or documentation, shall be subject to license terms and license restrictions applicable to the programs. No other rights are granted to the U.S. Government. This software or hardware is developed for general use in a variety of information management applications.
    [Show full text]
  • An Introduction to the X Window System Introduction to X's Anatomy
    An Introduction to the X Window System Robert Lupton This is a limited and partisan introduction to ‘The X Window System’, which is widely but improperly known as X-windows, specifically to version 11 (‘X11’). The intention of the X-project has been to provide ‘tools not rules’, which allows their basic system to appear in a very large number of confusing guises. This document assumes that you are using the configuration that I set up at Peyton Hall † There are helpful manual entries under X and Xserver, as well as for individual utilities such as xterm. You may need to add /usr/princeton/X11/man to your MANPATH to read the X manpages. This is the first draft of this document, so I’d be very grateful for any comments or criticisms. Introduction to X’s Anatomy X consists of three parts: The server The part that knows about the hardware and how to draw lines and write characters. The Clients Such things as terminal emulators, dvi previewers, and clocks and The Window Manager A programme which handles negotiations between the different clients as they fight for screen space, colours, and sunlight. Another fundamental X-concept is that of resources, which is how X describes any- thing that a client might want to specify; common examples would be fonts, colours (both foreground and background), and position on the screen. Keys X can, and usually does, use a number of special keys. You are familiar with the way that <shift>a and <ctrl>a are different from a; in X this sensitivity extends to things like mouse buttons that you might not normally think of as case-sensitive.
    [Show full text]
  • NSA Security-Enhanced Linux (Selinux)
    Integrating Flexible Support for Security Policies into the Linux Operating System http://www.nsa.gov/selinux Stephen D. Smalley [email protected] Information Assurance Research Group National Security Agency ■ Information Assurance Research Group ■ 1 Outline · Motivation and Background · What SELinux Provides · SELinux Status and Adoption · Ongoing and Future Development ■ Information Assurance Research Group ■ 2 Why Secure the Operating System? · Information attacks don't require a corrupt user. · Applications can be circumvented. · Must process in the clear. · Network is too far. · Hardware is too close. · End system security requires a secure OS. · Secure end-to-end transactions requires secure end systems. ■ Information Assurance Research Group ■ 3 Mandatory Access Control · A ªmissing linkº of security in current operating systems. · Defined by three major properties: ± Administratively-defined security policy. ± Control over all subjects (processes) and objects. ± Decisions based on all security-relevant information. ■ Information Assurance Research Group ■ 4 Discretionary Access Control · Existing access control mechanism of current OSes. · Limited to user identity / ownership. · Vulnerable to malicious or flawed software. · Subject to every user©s discretion (or whim). · Only distinguishes admin vs. non-admin for users. · Only supports coarse-grained privileges for programs. · Unbounded privilege escalation. ■ Information Assurance Research Group ■ 5 What can MAC offer? · Strong separation of security domains · System, application, and data integrity · Ability to limit program privileges · Processing pipeline guarantees · Authorization limits for legitimate users ■ Information Assurance Research Group ■ 6 MAC Implementation Issues · Must overcome limitations of traditional MAC ± More than just Multi-Level Security / BLP · Policy flexibility required ± One size does not fit all! · Maximize security transparency ± Compatibility for applications and existing usage.
    [Show full text]
  • An Access Control Model for Preventing Virtual Machine Escape Attack
    future internet Article An Access Control Model for Preventing Virtual Machine Escape Attack Jiang Wu ,*, Zhou Lei, Shengbo Chen and Wenfeng Shen School of Computer Engineering and Science, Shanghai University, Shanghai 200444, China; [email protected] (Z.L.); [email protected] (S.C.); [email protected] (W.S.) * Correspondence: [email protected]; Tel: +86-185-0174-6348 Academic Editor: Luis Javier Garcia Villalba Received: 26 March 2017; Accepted: 23 May 2017; Published: 2 June 2017 Abstract: With the rapid development of Internet, the traditional computing environment is making a big migration to the cloud-computing environment. However, cloud computing introduces a set of new security problems. Aiming at the virtual machine (VM) escape attack, we study the traditional attack model and attack scenarios in the cloud-computing environment. In addition, we propose an access control model that can prevent virtual machine escape (PVME) by adapting the BLP (Bell-La Padula) model (an access control model developed by D. Bell and J. LaPadula). Finally, the PVME model has been implemented on full virtualization architecture. The experimental results show that the PVME module can effectively prevent virtual machine escape while only incurring 4% to 8% time overhead. Keywords: virtual security; virtual machine escape; access control; BLP model; PVME model 1. Introduction Cloud computing treats IT resources, data and applications as a service provided to the user through network, which is a change in the way of how data is modeled. Currently, the world’s leading IT companies have developed and published their own cloud strategies, such as Google, Amazon, and IBM.
    [Show full text]
  • Modelsim SE Tutorial T-3
    ModelSim® SE Tutorial Version 5.6d Published: 6/Aug/02 The world’s most popular HDL simulator T-2 ModelSim /VHDL, ModelSim /VLOG, ModelSim /LNL, and ModelSim /PLUS are produced by Model Technology™ Incorporated. Unauthorized copying, duplication, or other reproduction is prohibited without the written consent of Model Technology. The information in this manual is subject to change without notice and does not represent a commitment on the part of Model Technology. The program described in this manual is furnished under a license agreement and may not be used or copied except in accordance with the terms of the agreement. The online documentation provided with this product may be printed by the end-user. The number of copies that may be printed is limited to the number of licenses purchased. ModelSim is a registered trademark and ChaseX and TraceX are trademarks of Model Technology Incorporated. Model Technology is a trademark of Mentor Graphics Corporation. PostScript is a registered trademark of Adobe Systems Incorporated. UNIX is a registered trademark of AT&T in the USA and other countries. FLEXlm is a trademark of Globetrotter Software, Inc. IBM, AT, and PC are registered trademarks, AIX and RISC System/6000 are trademarks of International Business Machines Corporation. Windows, Microsoft, and MS-DOS are registered trademarks of Microsoft Corporation. OSF/Motif is a trademark of the Open Software Foundation, Inc. in the USA and other countries. SPARC is a registered trademark and SPARCstation is a trademark of SPARC International, Inc. Sun Microsystems is a registered trademark, and Sun, SunOS and OpenWindows are trademarks of Sun Microsystems, Inc.
    [Show full text]
  • Solaris 10 End of Life
    Solaris 10 end of life Continue Oracle Solaris 10 has had an amazing OS update, including ground features such as zones (Solaris containers), FSS, Services, Dynamic Tracking (against live production operating systems without impact), and logical domains. These features have been imitated in the market (imitation is the best form of flattery!) like all good things, they have to come to an end. Sun Microsystems was acquired by Oracle and eventually, the largest OS known to the industry, needs to be updated. Oracle has set a retirement date of January 2021. Oracle indicated that Solaris 10 systems would need to raise support costs. Oracle has never provided migratory tools to facilitate migration from Solaris 10 to Solaris 11, so migration to Solaris has been slow. In September 2019, Oracle decided that extended support for Solaris 10 without an additional financial penalty would be delayed until 2024! Well its March 1 is just a reminder that Oracle Solaris 10 is getting the end of life regarding support if you accept extended support from Oracle. Combined with the fact gdpR should take effect on May 25, 2018 you want to make sure that you are either upgraded to Solaris 11.3 or have taken extended support to obtain any patches for security issues. For more information on tanningix releases and support dates of old and new follow this link ×Sestive to abort the Unix Error Operating System originally developed by Sun Microsystems SolarisDeveloperSun Microsystems (acquired by Oracle Corporation in 2009)Written inC, C'OSUnixWorking StateCurrentSource ModelMixedInitial release1992; 28 years ago (1992-06)Last release11.4 / August 28, 2018; 2 years ago (2018-08-28)Marketing targetServer, PlatformsCurrent: SPARC, x86-64 Former: IA-32, PowerPCKernel typeMonolithic with dynamically downloadable modulesDefault user interface GNOME-2-LicenseVariousOfficial websitewww.oracle.com/solaris Solaris is the own operating system Of Unix, originally developed by Sunsystems.
    [Show full text]
  • Tms320c3x Workstation Emulator Installation Guide
    TMS320C3x Workstation Emulator Installation Guide 1994 Microprocessor Development Systems Printed in U.S.A., December 1994 2617676-9741 revision A TMS320C3x Workstation Emulator Installation Guide SPRU130 December 1994 Printed on Recycled Paper IMPORTANT NOTICE Texas Instruments (TI) reserves the right to make changes to its products or to discontinue any semiconductor product or service without notice, and advises its customers to obtain the latest version of relevant information to verify, before placing orders, that the information being relied on is current. TI warrants performance of its semiconductor products and related software to the specifications applicable at the time of sale in accordance with TI’s standard warranty. Testing and other quality control techniques are utilized to the extent TI deems necessary to support this warranty. Specific testing of all parameters of each device is not necessarily performed, except those mandated by government requirements. Certain applications using semiconductor products may involve potential risks of death, personal injury, or severe property or environmental damage (“Critical Applications”). TI SEMICONDUCTOR PRODUCTS ARE NOT DESIGNED, INTENDED, AUTHORIZED, OR WARRANTED TO BE SUITABLE FOR USE IN LIFE-SUPPORT APPLICATIONS, DEVICES OR SYSTEMS OR OTHER CRITICAL APPLICATIONS. Inclusion of TI products in such applications is understood to be fully at the risk of the customer. Use of TI products in such applications requires the written approval of an appropriate TI officer. Questions concerning potential risk applications should be directed to TI through a local SC sales offices. In order to minimize risks associated with the customer’s applications, adequate design and operating safeguards should be provided by the customer to minimize inherent or procedural hazards.
    [Show full text]
  • Solaris Zones: Operating System Support for Consolidating Commercial Workloads Daniel Price and Andrew Tucker – Sun Microsystems, Inc
    Solaris Zones: Operating System Support for Consolidating Commercial Workloads Daniel Price and Andrew Tucker – Sun Microsystems, Inc. ABSTRACT Server consolidation, which allows multiple workloads to run on the same system, has become increasingly important as a way to improve the utilization of computing resources and reduce costs. Consolidation is common in mainframe environments, where technology to support running multiple workloads and even multiple operating systems on the same hardware has been evolving since the late 1960’s. This technology is now becoming an important differentiator in the UNIX and Linux server market as well, both at the low end (virtual web hosting) and high end (traditional data center server consolidation). This paper introduces Solaris Zones (zones), a fully realized solution for server consolidation projects in a commercial UNIX operating system. By creating virtualized application execution environments within a single instance of the operating system, the facility strikes a unique balance between competing requirements. On the one hand, a system with multiple workloads needs to run those workloads in isolation, to ensure that applications can neither observe data from other applications nor affect their operation. It must also prevent applications from over-consuming system resources. On the other hand, the system as a whole has to be flexible, manageable, and observable, in order to reduce administrative costs and increase efficiency. By focusing on the support of multiple application environments rather than multiple operating system instances, zones meets isolation requirements without sacrificing manageability. Introduction mutually incompatible when run on the same server. In one real-world example, two poorly written appli- Within many IT organizations, driving up system utilization (and saving money in the process) has cations at a customer site both wanted to bind a net- become a priority.
    [Show full text]