z/OS integrity is defined as the state in which the operating system is functioning correctly and according to specifications. System and user programs and functions are operating in privileged state only when they have been authorized to do so. Otherwise, they operate in problem state. Problem state usually prohibits tampering and unauthorized activity. Privileged state "opens the door" to any form of unauthorized activity, while the System/370 and System/390 architectures support two instruction sets: program and supervisor.
z/OS integrity prevents unauthorized programs from:
z/OS software provides this protection by validating program requests. Any audit of z/OS must verify that the integrity of the system has not been compromised. The audit must also validate mechanisms have not been deactivated or circumvented.
To gain authorization, a program must be link‑edited with AC(1) and must execute from an APF‑authorized library. It might then request execution in privileged supervisor state. This is accomplished by executing a privileged SVC, such as MODESET, which sets the program's PSW to supervisor state. From then on, the whole z/OS environment is open to the program, including the ability to defeat security and perform unauthorized (pre‑programmed, pre‑planned) functions.
An authorized program can perform many functions that are denied to problem programs. In addition, the properly designed, authorized program can defeat security mechanisms that are inherent in z/OS, including CA Top Secret.
Ensure that users and programs do not operate in privileged state except when it is absolutely necessary. If a privileged status is required, that they operate within certain bounds to minimize or prevent unauthorized activity.
Another way of authorizing a program is by using alter/display functions of the hardware itself; for example, modifying the PSW. The only way to control this activity is through effective physical site security.
|
Copyright © 2010 CA Technologies.
All rights reserved.
|
|