Security Software Zone Security Software Zone
Home Contact Us
Search in
Forum SecurityToolbox Submit Software
Security Software Zone Login
Security Software Categories
News - Articles - Reviews
Free Newsletter
Join our mailing list and receive
security software news and
advice from our experts.
Submit
  Security Software Zone » Software Reviews » General Security » IBM's z-OS V1R8 Finished The World's Largest and Most Complex Operating System Evaluation

IBM's z-OS V1R8 Finished The World's Largest and Most Complex Operating System Evaluation
Category: General Security
Published: 05/24/2007, 17:18  
Editor: Remus Zoica
 
Print article
Send to a friend
Search in reviews
    atsec information security offers consulting and evaluation services that combines a business-oriented approach to data security with in-depth technical knowledge and global experience. atsec leverages its deep security, process, and standards expertise to consult on a wide range of IT security needs, offering clients the chance to establish integrated security management procedures in order to manage security risk and improve data, product, and business process reliability. The company recently completed the evaluation of IBM's z/OS V1R8 in the world's largest and most complex operating system evaluation.

    The first evaluation of z/OS, at V1R6, was performed in 2005 at EAL3, followed by a re-evaluation of V1R7 in 2006 at EAL4 with added security functions. The current re-evaluation of IBM z/OS V1R8 at EAL4+ addressed particularly enhanced security functions and offer assurance of the product in a format that is typically installed and operated. The Security Target specifying the target of evaluation is publicly available at atsec's Common Criteria evaluations page.

Among the noteable features of the evaluation we can find:

- Augmentation to ALC_FLR.3, the highest achievable assurance component for maintenance
- z System servers with all optional crypto boards
- Secure communications: in addition to SSL/TLS and IPSec, OpenSSH and Kerberos are disponible
- Full IBM Tivoli Directory Server with LDBM and SDBM back ends; LDBM offers a "traditional" LDAP database with access control known from other evaluated ITDS products, while SDBM provides access to RACF user management via LDAP interfaces
- Additional authentication mechanisms: X.509 certificates, Kerberos tickets, IBM PassTickets, and authentication based on LDAP DNS in addition to the traditional password mechanism

    "IBM's z/OS Version 1 Release 8 operating system evolved from what was, in the late 1970s, the powerful, but complex, MVS operating system. At that time, its access control mechanisms were quite weak and easily defeated. Even with the integration of RACF, the system was not only subject to compromise, but because of the complexity of its structure and implementation, it was extremely difficult and time-consuming to evaluate its security policy and mechanisms against the criteria of the US Department of Defense Trusted Computer System Evaluation Criteria (the Orange Book). Its initial evaluation by the National Computer Security Center (NCSC) took years, and was only partially successful. As a consequence, IBM made a considerable investment in restructuring MVS/RACF and integrating it with supportive hardware security mechanisms -- and more importantly, with a security policy-driven discipline of design, documentation and programming. The resulting system, z/OS, is considerably richer and more complex than its antecedent MVS. Because system security became a central design principle, and because the development effort was closely coordinated with the independent team of evaluators, the formidable task of identifying and analyzing z/OS's large set of interfaces and its management of privilege became tractable. Through close and co-operative work with its evaluators, z/OS's interfaces and management of privilege have been documented such as to permit a full and rigorous assessment to be completed in a little more than a year. Further, over the last quarter century I have collaborated with senior IBM and atsec staff and know that this evaluation was anything but superficial, thanks to the atsec evaluation team's mature knowledge of security principles as well as their corpus of techniques for identifying and exploiting security vulnerabilities. I have full confidence that z/OS and its completed evaluation represent an exceptional technological achievement," stated Marvin Schaefer, Former Chief Scientist at the National Computer Security Center at the NSA.

    "The Common Criteria Evaluation of z/OS 1.8 was a complex effort requiring cooperation between IBM and atsec. Our goal, at IBM, has been to deliver an operating system that can provide valuable server functionality and security capabilities to meet our customers' business needs. The Common Criteria provides a good definition of the development processes and protection profiles that can be deployed to satisfy those business needs. We are pleased with the results of this evaluation and our working relationship with atsec," added Jim Porell, IBM Distinguished Engineer and Chief Architect for System z Software.

For more information visit www.atsec.com.
Bookmark to:
Add 'IBM's z-OS V1R8 Finished The World's Largest and Most Complex Operating System Evaluation' to Del.icio.us Add 'IBM's z-OS V1R8 Finished The World's Largest and Most Complex Operating System Evaluation' to digg Add 'IBM's z-OS V1R8 Finished The World's Largest and Most Complex Operating System Evaluation' to FURL Add 'IBM's z-OS V1R8 Finished The World's Largest and Most Complex Operating System Evaluation' to reddit Add 'IBM's z-OS V1R8 Finished The World's Largest and Most Complex Operating System Evaluation' to Technorati Add 'IBM's z-OS V1R8 Finished The World's Largest and Most Complex Operating System Evaluation' to Yahoo My Web Add 'IBM's z-OS V1R8 Finished The World's Largest and Most Complex Operating System Evaluation' to Stumble Upon Add 'IBM's z-OS V1R8 Finished The World's Largest and Most Complex Operating System Evaluation' to Google Bookmarks Add 'IBM's z-OS V1R8 Finished The World's Largest and Most Complex Operating System Evaluation' to RawSugar Add 'IBM's z-OS V1R8 Finished The World's Largest and Most Complex Operating System Evaluation' to Squidoo Add 'IBM's z-OS V1R8 Finished The World's Largest and Most Complex Operating System Evaluation' to Spurl Add 'IBM's z-OS V1R8 Finished The World's Largest and Most Complex Operating System Evaluation' to Netvouz Add 'IBM's z-OS V1R8 Finished The World's Largest and Most Complex Operating System Evaluation' to Rojo Add 'IBM's z-OS V1R8 Finished The World's Largest and Most Complex Operating System Evaluation' to Bloglines Add 'IBM's z-OS V1R8 Finished The World's Largest and Most Complex Operating System Evaluation' to Tailrank
Add comment
Security Software Zone is not responsible for the content of these User comments. The views and opinions expressed are those of the individual poster and not the Security Software Zone.
User comments (0):

There is no comment for this review.
 
Reviews related to IBM's z-OS V1R8 Finished The World's Largest and Most Complex Operating System Evaluation
 

docmetrics™ Leveraged by Market Media to Prevent Unauthorized PDF Usage
 The release of a new case study highlighting the success an electronic publishing company has had using the web-based docmetrics application to identify and prevent unauthorized content sharing has been announced today by the leading name in smart document technology for PDF security and tracking, Vitrium Systems.
Read More >
10/02/2008, 17:43
 

New Customized Service to Fulfill Mobile Investors' Financial Needs Launched by iMoblife
 The new service offers investors the possibility to create a customized edition of MobFinance by selecting his favorite exchanges from 50 major exchanges worldwide.
Read More >
05/07/2007, 16:35
 

Approva Honored with Star Award for Best Practices in Customer Support
 Approva Corporation has been named earlier this month the winner of the 2008 SSPA STAR Award for Best Emerging Company Support by the largest and most influential association for technology service and support professionals, the Service & Support Professionals Association (SSPA).
Read More >
06/04/2008, 09:53
 

Telecom Audit Service Introduced by Vonya Global
 In addition to passing on Federal, State, and Local taxes to the consumer, as telecom taxes, charges, and fees have become quite complicated, telecom companies often charge access fees and line charges.
Read More >
05/20/2008, 12:58
 

Oxygen Forensic Suite 2 Launched
 The availability of Oxygen Forensic Suite 2, which is designed for forensic extraction of electronic evidence from cell phones, smartphones and other mobile devices, was announced by Oxygen Software.
Read More >
05/22/2008, 09:43

Sponsored


Copyright © 2007 Security Software Zone. All Rights Reserved. Forum Submit Software Site Map
Our websites: Titan Backup Software Invisible Secrets Encryption Software System LifeGuard Cleaner
AlphaZip Compression Tool SafeBit Disk Encryption Security Software Zone PC District