Previous topic |
Next topic |
Contents |
Glossary |
Contact z/OS |
PDF
z/OS and system integrity Security on z/OS |
|
z/OS® includes features and facilities specifically designed to protect one program from affecting another, either intentionally or accidentally. The ability of an operating system to protect data and itself from unauthorized changes is called system integrity. Protecting the system involves a number of related disciplines:
System integrity is defined as the ability of the system to protect itself against unauthorized user access to the extent that security controls cannot be compromised. That is, there is no way for an unauthorized program using any system interface to bypass store or fetch protection, bypass password checking, bypass RACF checking, or obtain control in an authorized state. An authorized program in the system is one that runs in PSW key 0-7, in supervisor state, or is authorized through the authorized program facility (APF). An unauthorized program is a problem state program that runs in PSW key 8-F. Installation Responsibility To ensure that
system integrity is effective and to avoid compromising any of the
integrity controls provided in the system, the installation must assume
responsibility for the following:
Elimination of potential integrity exposures System integrity support restricts only unauthorized problem programs.
It is the responsibility of the installation to verify that any authorized
programs added to the system control program will not introduce any
integrity exposures. To do this effectively, an installation should
consider these areas for potential integrity exposure:
|
Copyright IBM Corporation 1990, 2010
|