The surrogate function in CA Top Secret offers additional flexibility in extending users' security specifications to surrogate virtual machines.
Surrogacy provides a mechanism by which an authorized user may dynamically assign the authorities of specific ACIDs to virtual machines. In CA Top Secret, a virtual machine can assume the authorities of an alternate ACID -- temporarily overriding the authorities which have normally been established at logon for the virtual machine. For example, a VM batch master control machine may activate a worker machine called WRK7 with USERA's ACID when USERA requires that machine for job execution. Upon job completion, WRK7 is either reset to its original ACID or set to another submitter's ACID by the batch master control machine. At all times USERA, if logged on, always retains access to its resources.
By supporting the use of alternate ACIDs for virtual machines, CA Top Secret keeps your data secure whenever tasks are assigned to worker machines. Security violations can be traced to either the submitting ACID or the worker machine.
See the Implementation Guide for information on surrogate control.
|
Copyright © 2008 CA.
All rights reserved.
|
|