Identity Unbound

April 17, 2012
Cyber Security
No Comment

Editor’s Note: This post was written by  , a highly regarded security professional and inventor in the UK with a focus on design and implementation of multilevel and cross-domain IT security (“MLS”)-bg.  

This is something I posted to a Sun internal discussion group a while back; it stirred a little interest back then, but given the way that the world has moved on, I figured it would be worth revising and reprising it here.

The issue of identity has been bothering me for a while. While identity can clearly be applied to human consumers of services – and expressed as a subset of information held about them in various places – I also wonder how the concept of identity could be used for various other entities, and indeed how the properties of identity as applied to humans could potentially be mapped onto them.

Hence the table below, which is a first attempt at making this mapping in the context of servers and services, for files, running processes, OS instances, Solaris zones (and to some degree BSD jails and IBM LPARs), hardware domains and services. Cells with question marks in them are areas where I currently don’t see a mapping – this could mean that a mapping is not appropriate, or that an appropriate technology does not exist today, and could point the way for a bit of fundamental research.

I suspect I’m heading down a path which has been well-trodden already, but you might find some parts of this interesting and thought-provoking. For clarity, FMRIs (Fault Management Resource Identifiers) are Solaris Service Management Framework constructs resembling URLs, which uniquely describe an instance of a service in terms of processes needed to provide the service and their dependencies. For more info, see .

Also, labels refer to the data structures in Solaris Trusted Extensions, which are usually mapped to protective markings.



Human File Process OS Instance Zone Host / Domain Service
Name Leafname pid Nodename Zonename Hostid Nodename, [port|app]
Address Full pathname, maybe hostname too pid, ppid, tracked back to init (or zsched) process – maybe zone / hostname too ? Hostname of global zone? ? FMRI with host / zonename prefixed
Family tree OS instance / zone and pathname / elfsign signature pid, ppid, tracked back to init (or zsched) process ? Hostname of global zone? ? FMRI with host / zonename prefixed
Biometrics Strong checksum / elfsign signature Strong checksum of code pages (Harvard arch only) Solaris Fingerprint Database checksum Solaris Fingerprint Database checksum Hostid Strong checksum of available content?
UserIDs / passwds Owner Owner ? ? ? Same as process?
Certs / keys ? TCG attestation pass Key (WANBoot miniroot), TCG attestation pass ? TPM key Certs / keys
Kerberos principals ? ? Kerberos host principal Kerberos host principal ? Kerberos service principal
Govt baggage (social sec no, driving licence no, etc) Signed metadata trackable to root CA TCG attestation pass(?) Accreditation (Common Criteria etc?) ? ? Certificate trackable to root CA
Privileges Privileges (forced, allowed) Privileges (inherited, saved, effective, permitted) all Zone-restricted limit set all (/ TCG?) Privileges of serving process
Clearances Label Labels / polyinstantiation label_encodings Label (1 per zone) ? Labels / polyinstantiation


Noting the appearance of Trusted Computing technology (attestation, Trusted Platform Modules) in several places, this gives further weight to the sound (but currently unofficial) advice from Bromium, to the effect of “don’t buy any more servers that don’t have TPMs in them”.

Original Source