HP-UX 11i Security Containment

HP-UX 11i Security Containment provides two core technologies, compartments and fine-grained privileges. Together, these components provide a highly secure operating environment without requiring applications to be modified.

Summary of Change

What’s New for Customers Migrating from HP-UX 11i v1 September 2005?

Compartments
Compartments isolate unrelated resources on a system to prevent catastrophic system damage if one compartment is penetrated. When configured in a compartment, an application (processes, binaries, data files and communication channels used) has restricted access to resources outside its compartment. This restriction is enforced by the HP-UX kernel and cannot be overridden unless specifically configured to do so. If the application is compromised, it will not be able to damage other parts of the system because it is isolated by the compartment configuration.
Fine-Grained Privileges
Traditional UNIX operating systems grant “all or nothing” administrative privileges based on the effective UID of the process that is running. If the process is running with the effective uid=0, it is granted all privileges. With fine-grained privileges, processes are granted only the privileges needed for the task and, optionally, only for the time needed to complete the task. Applications that are privilege-aware can elevate their privilege to the required level for the operation, and lower it after the operation completes.

What’s New for Customers Migrating from HP-UX 11i v2 June 2006?

Fine-grained privileges and compartments are now part of core.

Impact

Applications developed to fine-grained feature are more secure than those developed to a simpler administrative model of monolithic privilege model (“effective uid of 0”). Customers can compartmentalize applications so that they use only pre-defined files, IPCs, and network interfaces. Using SRP (Secure Resource Partitions), a compartment can also be restricted from using too much resources (CPU, disk bandwidth etc).

Compatibility

The features are compatible: e.g., the fine-grained privilege is implemented such that applications developed to monolithic privilege model do not see any behavioral difference.

Performance

Compartment feature is optional. Turning it on may result in a performance loss depending on how the compartment rules are configured. A typical loss is around 10% for non-trivial rule setup. Fine-grained privilege is part of the kernel. It cannot be turned off. There is no performance loss.

Documentation

For further information see the privileges(3), compartments(4), compartments(5), and cmpt_tune(1M) manpages.

Obsolescence

Not applicable.