Introduction to security

How object reuse relates to security

Object reuse refers to the allocation or reallocation of system resources (storage objects) to a subject. Security requires that no system resource can be used to pass data from one process to another in violation of the security policy. This includes internal system resources not normally visible to users such as buffers and caches. In general, UnixWare clears these resources of residual data before assigning them to a process, thus assuring that no process intentionally or unintentionally inherits or reads the data of another process.

More specifically, the requirements for security imply the controlled sharing of these resources. For example, the lineprinter needs to be controlled so that it prints only one user's output at a time. It would be a security violation if one user's output were mixed in with that of another and printed on the same physical sheet of paper. Fortunately, keeping print jobs separate is a rather straightforward task for the lineprinter system to accomplish. In a similar way, it is easy to prevent more than one user from using a terminal at any given time. While there is nothing to prevent two people from sharing the same login session, internal mechanisms for terminal handling ensure that a terminal is flushed of residual data after a login session before another user can log on to it.

However, the controlled sharing of memory is more difficult to manage. UnixWare allows several processes to execute in memory simultaneously. Sections of memory may be allocated to one process for a while, then deallocated, then reallocated to another process. The constant reallocation of memory is a potential security problem, because residual information may remain when a section of memory is reassigned to a new process after a previous process is finished with it.

UnixWare ensures that such unintended sharing of information cannot happen. When memory is reallocated, it is zeroed out completely or reinitialized before it can be accessed by a new process. Thus, there is no residual information in memory carrying over from one process to another.

Finally, the kernel for UnixWare resides in physical memory and cannot be violated by any process or tampered with in any way. The loadable modules that make up the kernel can be loaded or unloaded as required. These are represented as files and as such are protected by the file protection mechanisms in the system.

NOTE: Note that the administrator need not do anything to enforce the secure reuse of system objects. This requirement is handled by the kernel automatically.

Object reuse and physical media

The administrator needs to be aware of some methods for reusing removable media such as floppy disks and tapes. As physical objects, these are not under the control of the system software, and it is the responsibility of the administrator to manage their reuse in a secure fashion.

All removable media should be physically labeled with a description of the sensitivity of the data they contain.

If a removable storage medium needs to be reused at a level other than that described on the physical label, such as might occur with a tape used for backups of sensitive system files being recycled for other uses when no longer needed, the medium should be bulk erased and relabeled to prevent subsequent users from retrieving data from the medium.

Next topic: Security mechanisms visible to users
Previous topic: How modularity relates to security

© 2004 The SCO Group, Inc. All rights reserved.
UnixWare 7 Release 7.1.4 - 22 April 2004