Security on z/OS
Previous topic | Next topic | Contents | Glossary | Contact z/OS | PDF


z/OS and system integrity

Security on z/OS

z/OS® includes features and facilities specifically designed to protect one program from affecting another, either intentionally or accidentally. The ability of an operating system to protect data and itself from unauthorized changes is called system integrity.

Protecting the system involves a number of related disciplines:
  • Maintenance of system integrity
  • Use of the authorized programming facility
  • Use of the resource access control facility (RACF®),
  • Changing system status
  • Protecting low storage.

System integrity is defined as the ability of the system to protect itself against unauthorized user access to the extent that security controls cannot be compromised. That is, there is no way for an unauthorized program using any system interface to bypass store or fetch protection, bypass password checking, bypass RACF checking, or obtain control in an authorized state.

An authorized program in the system is one that runs in PSW key 0-7, in supervisor state, or is authorized through the authorized program facility (APF). An unauthorized program is a problem state program that runs in PSW key 8-F.

Installation Responsibility

To ensure that system integrity is effective and to avoid compromising any of the integrity controls provided in the system, the installation must assume responsibility for the following:
  • Physical environment of the computing system.
  • Adoption of certain procedures (for example, the password protection of appropriate system data sets) that are a necessary complement to the integrity support within the operating system itself.
  • That its own modifications and additions to the system do not introduce any integrity exposures. That is, all installation-written authorized code (for example, an installation SVC) must perform the same or an equivalent type of validity checking and control that the system uses to maintain its integrity.

Elimination of potential integrity exposures

System integrity support restricts only unauthorized problem programs. It is the responsibility of the installation to verify that any authorized programs added to the system control program will not introduce any integrity exposures. To do this effectively, an installation should consider these areas for potential integrity exposure:
  • User-supplied addresses for user storage areas.
  • User-supplied addresses for protected control blocks.
  • Resource identification.
  • SVC routines calling SVC routines.
  • Control program and user data accessibility.
  • Resource serialization (for example, through locking).
  • What is the authorized program facility?
    The authorized program facility or APF is used to allow the installation to identify system or user programs that can use sensitive system functions. To maintain system security and integrity, a program must be authorized by the APF before it can access restricted functions, such as supervisor calls (SVC) or SVC paths. APF helps to avoid integrity exposures; the installation identifies which libraries contain special functions or programs. These libraries are then called APF libraries.
  • What is storage protection?
    Mainframe hardware has a storage protection function, which is normally used to prevent unauthorized alteration of storage. Storage protection is also used to prevent unauthorized reading of storage areas, although z/OS protects only small areas of storage this way.
  • Controlling cross-memory communication
    In z/OS, cross-memory communication allows a program in one address space to communicate with a program in another address space.

Go to the previous page   |   Go to the next page

Notices | Terms of use | Support | Contact z/OS



Copyright IBM Corporation 1990, 2010