skip book previous and next navigation links
go up to top of book: HP Open Source Security for OpenVMS Volume 1:... HP Open Source Security for OpenVMS Volume 1:...
go to beginning of chapter: Introduction to CDSAIntroduction to CDSA
go to previous page: CDSA OverviewCDSA Overview
go to next page: Installation and InitializationInstallation and Initialization
end of book navigation links

Maintaining CDSA Integrity 



As the foundation of the security framework, CSSM providesa set of integrity services that can be used by CSSM, module managers,add-in modules, and applications to verify their own integrity,and the integrity, identity, and authorizations of other componentsin the CDSA environment.

CSSM's set of self-contained security services establishesa security perimeter around CDSA. These services incorporate techniquesto protect against malicious attacks. Because application and add-insecurity service modules are dynamic components in the system, CSSMuses and requires the use of a strong verification mechanism toscreen all components as they are added to the CSSM environment.

Applications can extend CSSM's security perimeter to includethemselves by using bilateral authentication, integrity verification,and authorization checks during dynamic binding.

The establishment of integrity between two dynamically loaded,executable objects proceeds in three phases:

Self-Check 

In the first phase, the self-check phase, the software modulechecks its own digital signature. The Embedded Integrity ServicesLibrary (EISL) defines a statically linked library procedure toperform self-check.

BilateralAuthentication 

In the second phase, bilateral authentication routines inthe EISL offer support for securely loading, verifying, and linkingto partner software modules. The process of bilateral authenticationbegins in the MDS registry, where each program can find the credentialsas well as the object code of all other CDSA modules.

Verification of other modules can be done prior to loading,or, if a module is already loaded, it can be verified in memory. Verification prior to loading prevents activating file virusesin infected modules. Verification in memory prevents stealth viralattacks where the file is healthy, but the loaded code is infected.

SecureLinkage Check 

Once verified, programs can use the verified in-memory representationof the credentials to perform validity checks of addresses to providesecure linkage to modules. The addresses of both the callers andthe procedures to be called can be verified using the Secure LinkageCheck facility.

go to previous page: CDSA OverviewCDSA Overview
go to next page: Installation and InitializationInstallation and Initialization