Trusted virtual domains on OpenSolaris: usable secure desktop environments

Abstract

Trusted Virtual Domains (TVDs) are a security concept to create separated domains over virtual and physical platforms. Since most existing TVD implementations focus on servers and data centers, there are only few efforts on secure desktop environments. To fill this gap, we present in this paper an implementation of TVDs based on the OpenSolaris operating system. We leverage several of its existing features (e.g., lightweight virtualization, security labels and a secure graphical user interface) and extend OpenSolaris with components for automated management and policy enforcement to create a usable desktop implementation of TVDs. This includes the transparent encryption of external storage and home directories of users, restriction of copy-and-paste according to the TVD policy, efficient deployment of images for user environments, and a central management interface for the administration. Our system enables organizations to securely separate different work flows with sensitive data from each other and from untrusted environments.