History of Trusted Extensions Desktop (TED)
In 2005, Sun Microsystems released Solaris 10, with a choice of two desktop environments: the legacy Common Desktop Environment (CDE), and the new Java Desktop System (JDS). JDS was Sun’s brand name for GNOME 2, which was widely used on Linux systems.
In 2006 Sun added the Solaris Trusted Extensions functionality, which provided two multilevel desktops for Solaris 10: Trusted CDE, based on the legacy Trusted Solaris product line, and a multilevel version of GNOME, called Trusted JDS.
After the Oracle acquisition, Solaris 11 was released in 2011. CDE support was removed in favor of JDS and Trusted JDS. This desktop environment remained largely unchanged through the release of Solaris 11.3. By 2015, the GNOME community was no longer supporting GNOME 2, so Solaris engineering considered a variety of alternative desktops, including KDE, Xfce, and MATE. GNOME 3 was selected because it had an active community and was the default desktop for Red Hat and Oracle Linux. The underlying foundation from GNOME 2, GTK+ 2 was replaced by GTK+ 3, which provided a more portable abstraction. However, the legacy user experience, was completely revamped with a new metaphor based on the new GNOME Shell.
End of Feature
Since there was no obvious way to provide the Trusted JDS functionality in this new environment, the Trusted Desktop functionality was removed from the Solaris source code in 2015. With the release of Solaris 11.4 in 2018, the Trusted Extensions packages that provided that functionality were marked as obsolete. As a result, when 11.3 systems were upgraded to Solaris 11.4, the Trusted Desktop feature was removed. But staying on 11.3 wasn’t viable since Oracle support was winding down.
The Way Forward
Existing customers who rely on the Trusted Desktop needed a way forward. In 2019, Dynamic Systems, Inc. hired Glenn Faden to fill the gap. Glenn was the original architect for both Trusted Solaris and Trusted Extensions, and was a Distinguished Engineer at Sun and Oracle. He received the Chairman’s Award and was granted eight patents for the Trusted Extensions architecture. After 28 years with Sun and Oracle, Glenn retired in 2017, but he was recently encouraged to reconstruct the Trusted Desktop.
The new Trusted Desktop is built entirely from open source components. The MATE Desktop Environment provides the new foundation. The MATE code preserves the same look-and-feel as GNOME 2, but uses the same underlying technology as GNOME 3. So the project began by porting MATE to Solaris 11.4. Then the Trusted Extensions security policy module, SUN_TSOL, was restored to the X11 servers, Xorg and Xvnc. The obsolete SUN-DES-1 authentication protocol was replaced by the Server Interpreted protocol. The next step was to port the Trusted JDS functionality from the JDS components to the corresponding MATE components.
Finally the unique components like the Selection Manager, Device Manager, and the Trusted Stripe were ported. All the rendering code that was based on GTK+ 2 libraries was rewritten to use GTK+ 3 libraries. The audit record formats were optimized to facilitate audit reduction. The lightdm Display Manager has been provided as an alternative to gdm.
The installation and configuration procedures for the new Trusted Desktop are essentially the same as those for Trusted JDS. The look-and-feel of Trusted JDS has been preserved, but it now supports the new functionality provided by the MATE foundation and the Solaris 11.4 kernel. For example, the ability to audit, label and clone individual ZFS files provides much greater flexibility for managing sensitive data. The ability to audit all use of privilege facilitates the tracking of all administrative activity. Legacy features like the integration of Time Slider into the File Manager have been restored, enabling automated incremental backup and snapshot comparisons. Maintaining the familiar user experience protects the customer’s investment, while supporting the latest OS technology.