1 HP-UX 11i Security Containment Introduction

This chapter contains overview information about the features of HP-UX 11i Security Containment. It addresses the following topics:

“Conceptual Overview”

“Defined Terms”

“Features and Benefits”

Conceptual Overview

HP-UX 11i Security Containment uses three core technologies: compartments, fine-grained privileges, and role-based access control. Together, these three components provide a highly secure operating environment without requiring existing applications to be modified. In addition, HP-UX 11i Security Containment makes several newly enhanced trusted mode security features available on standard mode HP-UX systems. These features are called HP-UX Standard Mode Security Extensions (HP-UX SMSE).

With HP-UX 11i Security Containment, the HP-UX 11i v2 operating system provides a highly secure, easy-to-maintain, and backwards-compatible environment for business applications. HP-UX 11i Security Containment implements several important security concepts. The following sections describe these concepts as implemented by security containment:

“Authorization”

“Account Policy Management”

“Privileges”

“Isolation”

“Auditing”

Authorization

Authorization is the concept of limiting the actions a user is allowed to perform on a system, often based on the user's business needs. A traditional UNIX system offers only two levels of authorization:

regular user

Limited access to system resources

superuser

Unlimited access to system resources

HP-UX Role-Based Access Control (HP-UX RBAC) creates many different levels of authorization, based on roles. You can configure roles based on business need, for a user or group of users to perform specific actions on the system. Then you assign users to the roles you configured.

Account Policy Management

Account policy management is the concept of maintaining user and system security attributes used for authorization. Some user and system attributes include the time of day a user is allowed to log on, how long a user can remain inactive before being automatically logged out, and how long a user's password remains valid.

Account policy management is implemented using HP-UX Standard Mode Security Extensions features of HP-UX 11i Security Containment.

Privileges

Privileges are similar to authorization, except that instead of limiting the actions a user can perform on a system, privileges limit the actions a program can perform on a system. On a traditional UNIX system, a program can run as though owned by the invoking user or by the file owner (for example, a setuid program). Access to certain system resources require the

Conceptual Overview

17

Page 16 Page 18
Page 17
Image 17
HP UX 11i Role-based Access Control (RBAC) Software manual HP-UX 11i Security Containment Introduction, Conceptual Overview
Page 16 Page 18
Top Page Image Contents