Control program and user data accessibility

Important in maintaining system integrity is the consideration of what system data is sensitive and must be protected from the user, and what data can be exposed to user manipulation. The implications of the exposure of the wrong type of data are obvious.

In general, it is necessary to store protect the following types of data:
  • Code, and the location of code, that is to receive control in an authorized state.
  • Work areas for such code, including areas where it saves the contents of registers.
  • Control blocks that represent the allocation or use of system resources.

The operating system maintains such items in its storage, or in a separate address space in the case of some APF-authorized programs.

It might also be necessary to protect, for a limited period, certain data that is normally under the control of the user (for example, to prevent its modification during a critical operation). In this case the system provides fetch protection for such data if:
  • The data consists of proprietary information (such as passwords).
  • The control program cannot determine the nature of the contents of the data area.
Parent topic: Elimination of potential integrity exposures