IBM Z/VM Version 6 Release 4 Security Target

Total Page:16

File Type:pdf, Size:1020Kb

IBM Z/VM Version 6 Release 4 Security Target IBM z/VM Version 6 Release 4 Security Target Version: 1.2 Status: Released Last Update: 2017-11-29 Classification: Public IBM Corporation IBM z/VM Version 6 Release 4 Security Target Trademarks The following terms are trademarks or registered trademarks of International Business Machines Corporation in the United States, other countries, or both: ● Enterprise Systems Architecture/390 ● ESA/390 ● IBM ● IBM logo ● HiperSockets ● PR/SM ● Processor Resource/Systems Manager ● RACF ● S/390 ● z System ● VM/ESA ● z/Architecture ● z/VM Other company, product, and service names may be trademarks or service marks of others. Legal Notice This document contains information of a confidential nature. Review and Approval Process: Refer to the inspection process in the z System Software Programming Process. Required Reviewers ● Brian Hugenbruch Document Distribution and Change Notification: The document is distributed to the reviewers of this line item. When reissued with changes, the document owner sends a note to the reviewers notifying them of the availability of a new document version. Revision History Revision Date Author(s) Changes to Previous Revision 1.2 2017-11-29 Brian W. Released public version Hugenbruch Version: 1.2 Classification: Public Page 2 of 125 Last update: 2017-11-29 Copyright © 2017 by atsec information security and IBM IBM Corporation IBM z/VM Version 6 Release 4 Security Target Table of Contents 1 Introduction ................................................................................................... 10 1.1 Security Target Identification ....................................................................................... 10 1.2 TOE Identification ........................................................................................................ 10 1.3 TOE Type ...................................................................................................................... 10 1.4 TOE Overview .............................................................................................................. 10 1.5 TOE Description ........................................................................................................... 11 1.5.1 Structure and concept of z/VM ............................................................................ 12 1.5.1.1 Differences from other operating systems ................................................. 12 1.5.1.2 z/VM’s Kernel and non-kernel software ....................................................... 13 1.5.1.3 User’s management of virtual machines using the Control Program ......... 14 1.5.1.4 Communication between virtual machines and with the Control Program .................................................................................................................... 15 1.5.1.5 Single System Image (SSI) Cluster ............................................................. 77 1.5.2 Intended Method of Use ...................................................................................... 18 1.5.2.1 Conversational Monitor System (CMS) ....................................................... 19 1.5.3 Summary of Security Features ............................................................................ 20 1.5.3.1 Identification and Authentication ............................................................... 20 1.5.3.2 Discretionary Access Control ...................................................................... 21 1.5.3.3 Mandatory Access Control and Support for Security Labels ....................... 21 1.5.3.4 Separation of virtual machines ................................................................... 21 1.5.3.5 Audit ........................................................................................................... 21 1.5.3.6 Object reuse functionality .......................................................................... 21 1.5.3.7 Security Management ................................................................................ 22 1.5.3.8 TSF Protection ............................................................................................ 22 1.5.3.9 SSI clustering .............................................................................................. 22 1.5.4 Configurations ..................................................................................................... 22 1.5.4.1 Software Components ................................................................................ 22 1.5.4.2 Software Privileges ..................................................................................... 23 1.5.4.3 Software Configuration ............................................................................... 23 1.5.4.4 Hardware configurations ............................................................................ 23 2 CC Conformance Claim ................................................................................... 25 3 Security Problem Definition ............................................................................ 26 3.1 Threat Environment ..................................................................................................... 26 3.1.1 Assets .................................................................................................................. 26 3.1.2 Threat agents ...................................................................................................... 26 3.1.3 Threats countered by the TOE ............................................................................ 27 3.2 Assumptions ................................................................................................................ 28 3.2.1 Environment of use of the TOE ........................................................................... 28 3.2.1.1 Physical ...................................................................................................... 28 3.2.1.2 Personnel .................................................................................................... 28 3.2.1.3 Procedural .................................................................................................. 29 3.2.1.4 Connectivity ............................................................................................... 29 Version: 1.2 Classification: Public Page 3 of 125 Last update: 2017-11-29 Copyright © 2017 by atsec information security and IBM IBM Corporation IBM z/VM Version 6 Release 4 Security Target 3.3 Organizational Security Policies ................................................................................... 29 4 Security Objectives ........................................................................................ 31 4.1 Objectives for the TOE ................................................................................................. 31 4.2 Objectives for the Operational Environment ................................................................ 33 4.3 Security Objectives Rationale ...................................................................................... 34 4.3.1 Security Objectives Coverage ............................................................................. 34 4.3.2 Security Objectives Sufficiency ........................................................................... 36 5 Extended Components Definition .................................................................... 42 5.1 Class FCS: Cryptographic support ................................................................................ 42 5.1.1 Random number generator (RNG) ...................................................................... 42 5.1.1.1 FCS_RNG.1 - Random number generation .................................................. 42 6 Security Requirements ................................................................................... 44 6.1 Security Requirements for the Operational Environment ............................................ 44 6.1.1 General security requirements for the abstract machine .................................... 44 6.1.1.1 Subset access control (FDP_ACC.1(E)) ........................................................ 44 6.1.1.2 Security-attribute-based access control (FDP_ACF.1(E)) ............................. 44 6.1.1.3 Static attribute initialization (FMT_MSA.3(E)) ............................................. 45 6.2 TOE Security Functional Requirements ........................................................................ 45 6.2.1 z/VM general purpose computing ........................................................................ 50 6.2.1.1 Audit data generation (FAU_GEN.1) ........................................................... 50 6.2.1.2 User identity association (FAU_GEN.2) ...................................................... 51 6.2.1.3 Audit review (FAU_SAR.1) .......................................................................... 51 6.2.1.4 Restricted audit review (FAU_SAR.2) ......................................................... 51 6.2.1.5 Selectable audit review (FAU_SAR.3) ......................................................... 51 6.2.1.6 Selective audit (FAU_SEL.1) ....................................................................... 51 6.2.1.7 Protected audit trail storage (FAU_STG.1) ................................................. 52 6.2.1.8 Action in case of possible audit data loss (FAU_STG.3) .............................. 52 6.2.1.9 Prevention of audit data loss (FAU_STG.4) ................................................. 52 6.2.1.10 Cryptographic key generation (FCS_CKM.1(SYM))
Recommended publications
  • Security on the Mainframe Stay Connected to IBM Redbooks
    Front cover Security on the IBM Mainframe Operating system and application security IBM Security Blueprint and Framework IBM mainframe security concepts Karan Singh Lennie Dymoke-Bradshaw Thomas Castiglion Pekka Hanninen Vincente Ranieri Junior Patrick Kappeler ibm.com/redbooks International Technical Support Organization Security on the IBM Mainframe April 2010 SG24-7803-00 Note: Before using this information and the product it supports, read the information in “Notices” on page ix. First Edition (April 2010) This edition applies to the IBM System z10 Enterprise Class server, the IBM System z10 Business Class server, and Version 1, Release 11, Modification 0 of z/OS (product number 5694-A01). © Copyright International Business Machines Corporation 2010. All rights reserved. Note to U.S. Government Users Restricted Rights -- Use, duplication or disclosure restricted by GSA ADP Schedule Contract with IBM Corp. Contents Notices . ix Trademarks . .x Preface . xi The team who wrote this book . xi Now you can become a published author, too! . xii Comments welcome. xii Stay connected to IBM Redbooks . xiii Part 1. Introduction . 1 Chapter 1. Introduction. 3 1.1 IBM Security Framework. 4 1.1.1 People and identity . 5 1.1.2 Data and information. 5 1.1.3 Application and process . 5 1.1.4 Network, server, and endpoint . 5 1.1.5 Physical Infrastructure . 6 1.2 Framework and Blueprint . 7 1.3 IBM Security Blueprint. 7 Chapter 2. Security of the IBM Mainframe: yesterday and today . 13 2.1 Operating systems . 14 2.1.1 z/OS operating system family . 14 2.1.2 z/VM Hypervisor family .
    [Show full text]
  • - -:§';'§: ISG PROGRAM INDEX (Alphabetic)
    --- - Do not reproduce without written permission PI.1 ------ ---- Jan 84 :: - -:§';'§: ISG PROGRAM INDEX (Alphabetic) Program Name Number Available Type Page No. A Departmental Reporting System II (ADRS) 5796-PLN Now IUP 5796-PLK.1 A8CS Format Distribution Services - 4700 5799-8QZ Now PRPQ 5799-8QZ.1 Access Method Services Cryptographic Option Re1.1.0 5740-AM8 Now PP 5740-AM8.1 Accounting Applications - 5120 - Accounts Payable 5721-X83 Now PP 5721-X81.1 Accounting Applications - 5120 - Accounts Receivable 5721-X84 Now PP 5721-XB1.1 Accounting Applications - 5120 - Billing 5721-XB1 Now PP 5721-XB1.1 Accounting Applications - 5120 - General Ledger 5721-XB6 Now PP 5721-XB1.1 Accounting Applications - 5120 - Inventory Reporting 5721-XB5 Now PP 5721-XB1.1 Accounting Applications - 5120 - Payroll 5721-XB2 Now PP 5721-XB1.1 Account Network Management Programs - CICS/DOS/VS 5798-DAT Now FDP 5798-DAP.1 Account Network Management Programs - CICS/OS/VS 5798-DAQ Now FDP 5798-DAP.1 Account Network Management Program - IMS/VS 5798-DBP Now FDP 5798-DBJ.1 Accounts Payable 5798-CAC Now FDP 5798-BCT.1 Accounts Receivable 5798-CAE Now FDP 5798-BCT.1 ACF/NCP Version 2 5735-XX9 Now PP 5735-XX9.1 ACF/NCP Version 2 for the 3275 5735-XX9 Now PP 5735-XX9.1 ACF/NCP Version 3 for 3705/3725 5667-124 4/84 PP 5667-124.1 ACF/NCP/VS Releases 1, 2, 2.1 & 3 5735-XX1 Now PP 5735-XX1.1 ACF/NCP/VS Releases 2,2.1 & 3 Sys. Supp. Prog. 5735-XX3 Now PP 5735-XX3.1 ACF/System Support Programs V2 5735-XXA Now PP 5735-XXA.1 ACF /System Support Programs V2 R1.1 5735-XXA Now PP 5735-XXA.1
    [Show full text]
  • Database Machines in Support of Very Large Databases
    Rochester Institute of Technology RIT Scholar Works Theses 1-1-1988 Database machines in support of very large databases Mary Ann Kuntz Follow this and additional works at: https://scholarworks.rit.edu/theses Recommended Citation Kuntz, Mary Ann, "Database machines in support of very large databases" (1988). Thesis. Rochester Institute of Technology. Accessed from This Thesis is brought to you for free and open access by RIT Scholar Works. It has been accepted for inclusion in Theses by an authorized administrator of RIT Scholar Works. For more information, please contact [email protected]. Rochester Institute of Technology School of Computer Science Database Machines in Support of Very large Databases by Mary Ann Kuntz A thesis. submitted to The Faculty of the School of Computer Science. in partial fulfillment of the requirements for the degree of Master of Science in Computer Systems Management Approved by: Professor Henry A. Etlinger Professor Peter G. Anderson A thesis. submitted to The Faculty of the School of Computer Science. in partial fulfillment of the requirements for the degree of Master of Science in Computer Systems Management Approved by: Professor Henry A. Etlinger Professor Peter G. Anderson Professor Jeffrey Lasky Title of Thesis: Database Machines In Support of Very Large Databases I Mary Ann Kuntz hereby deny permission to reproduce my thesis in whole or in part. Date: October 14, 1988 Mary Ann Kuntz Abstract Software database management systems were developed in response to the needs of early data processing applications. Database machine research developed as a result of certain performance deficiencies of these software systems.
    [Show full text]
  • The IBM System/38
    8 The IBM System/38 8.1 Introduction IBM’s capability-based System38 [Berstis 80a, Houdek 81, IBM Sa, IBM 82b], announced in 1978 and delivered in 1980, is an outgrowth of work that began in the late sixties and early seventies on IBM’s future system (FS) project. Designers at the IBM Development Laboratory in Rochester, Minnesota incorporated ideas from FS, modified by their needs, to pro- duce a system for the commercial marketplace. It is interesting that such an advanced, object-based architecture has been ap- plied to a very traditional product space. Initially, only the COBOL and RPG III languages were provided. The system, which includes the CPF (Control Program Facility) operating system, is intended to support transaction processing and data- base applications constructed in commercial languages. A major goal of the System38 design is to maintain pro- grammer independence from the system implementation [Dahlby SO]; IBM wished to retain maximum flexibility to modify System38’s implementation for future technologies while supporting previously written System38 programs. The designers also wished to support a high level of integrity and security at the machine interface and to support commonly executed user and system functions efficiently, such as data- base searches and memory management [Hoffman 801. To meet these goals, IBM chose a layered machine structure with a high-level programming interface. The layers of this design are shown in Figure 8-l. At the lowest level is a hardware machine that directly exe- 137 The IBM System/38 User Applications Verticai Microcode Horizon&/ Microcode Hardware Machine Figure 8-1: System/38 Implementation Layers cutes 32-bit horizontal microcode.
    [Show full text]
  • System Design for Usability Richard A
    COMPUTING PRACTICES System Design for Usability Richard A. Demers IBM Information Systems Division 1. Introduction Computers are a major tool for SUMMARY: The factors underlying system design for usabil- increasing productivity. The accept- ity are examined and the role and responsibilities of a usability ability of computers to their users is, committee described. Under the control of a usability com- therefore, of growing importance. mittee, a balance between high levels of system function and Clerks and executives must be at- tracted to a computer system because usability was reached for the IBM System/38. The System/ of the enormous help it provides. 38 command language is presented to illustrate this balance. Martin [8] says, "To be effective, sys- tems will have to be designed from the outside in. The terminal or con- sole operator, instead of being a pe- cations and must be viewed as one of functions, however, can become a ripheral consideration, will become of the prime objectives of new com- barrier to usability unless equal at- the tail that wags the whole dog." puter systems. Ease of programming tention is paid to the quality and Ease of use is critical in making any is thus a prerequisite to increased consistency of their interfaces. tool attractive. usability on the part of clerks and Functions that eliminate con- It is primarily the application operators. cerns about the details of system op- programmer's responsibility to pro- Our paper examines the factors eration (by automating them) allow vide clerks and executives with usa- affecting system design for usability, users to concentrate on their appli- ble tools, but application program- especially for programmers.
    [Show full text]
  • Network Control Program and System Support Programs Resource Definition Guide
    SC30-3349-0 -------.......- - - ----.- ----_- _..._._ --. -- ----- Network Control Program and System Support Programs Resource Definition Guide Advanced Communications Function for Network Control Program Versions 3 and 4 Program Numbers: 5667-124, 5668-854 Advanced Communications Function for System Support Programs Version 3 Program Numbers: 5665-338 (MVS), 5666-322 (VSE), 5664-289 (VM) Advanced Communications Function for Network Control Program V4 Subset Program Number: 5668-754 SC30-3349-0 File No. S370/4300130XX-50 First Edition (May 1986) This edition applies to: • Advanced Communications Function for Network Control Program Version 3, Program Product 5667-124 • Advanced Communications Function for Network Control Program Version 4, Program Product 5668-854 • Advanced Communications Function for Network Control Program V4 Subset Program Product 5668-754 • Advanced Communications Function for System Support Programs Version 3, Program Products: 5665-338 5666-322 5664-289. This edition also applies to all subsequent releases and modifications until otherwise indicated in new editions or Technical Newsletters. Changes are made periodically to the information herein; before using this publication in connection with the operation of IBM systems, consult the latest IBM System/370, 30XX and 4300 Processors Bibliography, GC20-0001, for the editions that are applicable and current. References in this publication to IBM products, programs, or services do not imply that IBM intends to make these available in all countries in which IBM operates. Any reference to an IBM program product in this publication is not intended to state or imply that only IBM's program product may be used. Any functionally equivalent program may be used instead.
    [Show full text]
  • Systems Application Architecture N
    Systems Application Architecture GC26-4341-2 An Overview Please Return To Room 330 n Systems Application Architecture GC26-4341-2 An Overview n Third Edition (February 1988) This edition applies to IBM's Systems Application Architecture as announced in March 1987, and expanded in October of that year. Changes are made periodically to this publication; before using this publication in connection with the operation of IBM systems, consult the latest IBM System/370. SOxx, 4300, and 9370 Processors Bibliography, GC20-0001, IBM System/36 Guide to Publications, GC21-9015, or IBM System/38 Guide to Publications, GC21-7726, for the editions that are applicable and current. References in this publication to IBM products, programs, or services do not imply that IBM intends to make these available in all countries in which IBM operates. Requests for IBM publications should be made to your IBM representative or to the IBM branch office serving your locality. If you request publications from the address given below, your order will be delayed because publications are not stocked there. A Reader's Comment Form is provided at the back of this publication. If the form has been removed, com- ments may be addressed to IBM Corporation, Programming Publishing, P. O. Box 49023, San Jose, \ ) California, U.S.A. 95161-9023. IBM may use or distribute whatever information you supply in any way it believes appropriate without incurring any obligation to you. © Copyright International Business Machines Corporation 1987,1988. All rights reserved. Contents Parti.
    [Show full text]
  • IBM Z Performance and Capacity Analytics: IBM I System Performance Feature Guide and Reference Introducing the SP400 Feature
    IBM Z Performance and Capacity Analytics Version 3 Release 1 IBM i System Performance Feature Guide and Reference IBM SC28-3212-00 Note Before using this information and the product it supports, read the information in “Notices” on page 129 . This edition applies to version 3, release 1 of IBM Z Performance and Capacity Analytics (program number 5698-AS3) and to all subsequent releases and modifications until otherwise indicated in new editions. Last updated: August 2020 © Copyright International Business Machines Corporation 1994, 2017. US Government Users Restricted Rights – Use, duplication or disclosure restricted by GSA ADP Schedule Contract with IBM Corp. © Teracloud S.A. 2018, 2020. Contents Figures................................................................................................................ vii Tables.................................................................................................................. xi Preface...............................................................................................................xiii Who should read this book .......................................................................................................................xiii What this book contains............................................................................................................................ xiii Publications............................................................................................................................................... xiv Accessing publications
    [Show full text]
  • System Overview
    SYSTEM OVERVIEW ---- - ------ ---- --- ---------- - - _.----_..... - 3) System Modularity IBM's System/38 is a general purpose data processing system designed to significantly improve the user's productivity in developing, maintaining and enhancing applications in an interactive workstation environment. The system provides 5l2K to 1 ,536K positions of main storage, 64.5 to more than 2672.6 million bytes of nonremovable auxiliary (disks) storage, a diskette magazine facility, and a system console with keyboard and display. A mUlti-function 96-columm card reader/punch, up to two 650 line per minute system printers and up to four 3410 magnetic tape subsystems may be attached. The system supports direct attachment of up to 40 local 5250 workstation displays and printers and a large number of remotely attached workstations through SOLe teleprocessing lines. The workstations can be placed where they are needed in the organization (in the offices, departments, plants and the warehouses) so that company personnel can share a common data base and the processing power of a computer. System/38 supports this workstation environment with the function required to maintain up-to-date business data available for retrieval on request by any of the workstation users. By providing these users with information that is current and accurate, the efficiency of an organization can be greatly improved. The workstation environment requires many unique functions such as the ability for workstation users to share programs, data files, and system resources without significant delays to any user. This environment also requires the ability to access data records by more than one access path (index). For example, one user may need to access inventory item records by item stock number while another user is accessing the same records by vendor number.
    [Show full text]
  • System/38 Employs Both Advanced Tech­ Nology and Many New Data Processing Concepts
    Preface The IBM System/38 employs both advanced tech­ nology and many new data processing concepts. While the laboratory in Rochester, Minnesota, had primary responsibility for design and development, IBM people in laboratories in Boeblingen, Germany, Burlington, Vermont, and East Fishkill, New York, made important contributions. Our mutual objective was to produce a system that would be both accessible and extendable, and at the same time offer efficient conversion facilities. Function menus, help keys, multilayer messages, and a system-wide control language are essential elements of System/38, along with a flexible "user authoriza­ tion" scheme for system integrity and security. We chose to avoid traditional hardware-dependent addressing and storage management and instead to readily accommodate new technologies and storage organizations through a high-level machine archi­ tecture that not only frees the user from earlier restrictions but also supports a new kind of data base facility. Finally, because System/38 is viewed as a growth path from present systems, especially the IBM System/3, we developed conversion techniques rather than an emulator to give these users an opportunity The papers in this volume are not intended to replace IBM to benefit from the novel, even unique, capabilities of publications in describing the capabilities of the system the System/38. components and how to use them. Keep in mind that the papers are for general technical communication purposes; they do not represent an IBM warranty or commitment to Some 50 authors are represented in this special specific capabilities in the referenced products. collection of papers. I want to thank them and their Different structures and levels of detail may exist in the many colleagues whose combined efforts made papers because they were written as technical articles by System/38 a distinguished family of IBM products.
    [Show full text]
  • Tivoli Decision Support for Z/OS Library
    IBM Z Decision Support Version 1.9.0 AS/400 System Performance Feature Guide and Reference SC27-9060 IBM Z Decision Support Version 1.9.0 AS/400 System Performance Feature Guide and Reference SC27-9060 Note Before using this information and the product it supports, read the information in “Notices” on page 135. Sixteenth Edition (July 2018) This edition applies to version 1, release 9 of IBM Z Decision Support (program number 5698-B06) and to all subsequent releases and modifications until otherwise indicated in new editions. © COPYRIGHT 21ST CENTURY SOFTWARE and © COPYRIGHT INTERNATIONAL BUSINESS MACHINES CORPORATION. ALL RIGHTS RESERVED. Note to U.S. Government Users -- Documentation related to restricted rights -- Use, duplication or disclosure is subject to restrictions set forth in GSA ADP Schedule Contract with IBM Corp. 1994, 2018 Contents Figures ..............vii 2. Updating OS400_DASDTYPE ......16 3. Updating OS400_JOBGROUP ......16 Tables ...............ix 4. Updating OS400_DATE_FORMAT .....16 Step 4: Test the SP400 feature installation ....17 Step 5: Put the SP400 feature into production . 17 Preface ...............xi Who should read this book .........xi Chapter 4. Using the SP400 feature on What this book contains ..........xi Publications ..............xii the AS/400 .............19 Tivoli Decision Support for z/OS library . xii Description of the OS/400 log files ......19 Accessing terminology online .......xiii Collecting data on the AS/400 ........20 Using LookAt to look up message explanations xiv Start SP400 Monitor ..........21 Accessing publications online .......xiv Collection Services ...........21 Ordering publications..........xiv Start SP400 data capturing ........22 Accessibility ..............xv Transferring the captured performance data files Tivoli technical training ..........xv to z/OS ..............24 Support information ...........xv Conventions used in this book ........xv Part 2.
    [Show full text]
  • ..:.: == ';' == ISG PRODUCT SUMMARY - SOFTWARE New
    -------- - Do not reproduce without written permission PSS.1 --- ---- ------ Aug 83 ..:. ..:.: == ';' == ISG PRODUCT SUMMARY - SOFTWARE New This section lists the software title as shown in the PP, SCP, and PO pages and the text included under "Purpose". IVP and FDP text is omitted. The software products are in product number sequence. IMPLEMENTATION PACKAGES for the 65S0 DISPLAYWRITER SYSTEM 65S0 DISPLAYWRITER SYSTEM DATA STREAM COMPATIBILITY 5608-SR6 ADMINISTRATIVE SUPPORT ... 560S-AX1 The 6580 Displaywriter 3270 Data Stream Compatibility enables a APPLICANT PROCESSING ." 560S-AX2 properly configured 6580 Displaywriter System to appear as a specific PERSONNEL REPORTING ... 560S-AX3 configuration of a 3274 Control Unit to supported host systems. Those These 6580 Implementation Packages assist 6580 Displaywriter System host systems currently supported are the S/370, 4331, 4341, 3031, users in setting up specific applications using 6580 Displaywriter 3032, 3033, 3081, and 8100. The 3274 configuration supported is the System Textpack 4 (5608-TR4) or Textpack 6 (5608-TR6). Each mdl 51 C (with Configuration Support C), with a single 3278 mdl 2 or package consists of three components: A procedure guide for the mdl 4 Display (with an 87-key EBCDIC typewriter keyboard). operator, a prerecorded diskette and a catalog of reports for principals. SNA/SDLC communications may be by switched network at up to The prerecorded diskette can be used to establish files with unique data 4800 bps, or by nonswitched, point-to-point or multipoint at up to for each ap~lication. The Operator's Guide can be used to step through 9600 bps. all the functions necessary to implement and maintain specific files and produce the identified application reports or letters.
    [Show full text]