Trusted AIX programming

System security depends on the trusted computing base (TCB) software, hardware, and firmware. This includes the entire operating system kernel, all device drivers and System V STREAMS modules, kernel extensions, and all trusted programs. All files used by these programs in making security decisions are also considered a part of the TCB.

The creation of trusted software requires a thorough understanding of the basic system security principles and features. Almost all security flaws in UNIX-based systems are due to poorly written trusted software. However, with Trusted AIX® kernel security checks, you can write applications that use enhanced security features. An application written for Trusted AIX can be sensitive to files and processes at different security levels and can behave differently depending on the level of process or file that the application is using. Such an application is known as a multilevel-aware (MLS) application.

A trusted system programmer must be thoroughly versed in Trusted AIX security features and must understand all new Trusted AIX system calls and security-relevant commands and libraries. This information is intended for programmers who create or modify trusted software. It contains guidelines, principles, and cautions for the modification and creation of trusted software. While this offers introductory explanations to some security principles and methods, it is recommended that trusted system programmers read other material on secure systems.