|
|
|
Organizations in the business world have always had a system of checks and balances (such as separation of function) to ensure the integrity of their records. As organizations depend more and more on computers to maintain their data, they realize how the computer compromises these checks and balances. Password‑based security systems are unworkable. Only access control software can control the information that users are permitted to access.
Products such as CA ACF2, CA Top Secret, and RACF provide a high degree of control over user activity. Yet all of these products function as extensions of the operating system’s mechanisms. Every one of them is vulnerable to attack through the operating system.
For example, an APF‑authorized program can circumvent or disable any security mechanism, alter any audit trail, and access and modify any production data in the computer in spite of access control software. Once a computer virus is APF‑authorized, it can obtain supervisor state and the master storage protection key. These powers let the virus circumvent the access control software and move around the system at will.
Some data centers have over one hundred APF libraries that contain thousands of programs, and APF is just one of the operating system’s facilities. Because the operating system has ultimate control over the computer hardware, nothing is safe if it has integrity exposures.
| Copyright © 2009 CA. All rights reserved. | Tell Technical Publications how we can improve this information |