skip book previous and next navigation links
go up to top of book: HP Open Source Security for OpenVMS Volume 1:... HP Open Source Security for OpenVMS Volume 1:...
go to beginning of chapter: Introduction to CDSA Introduction to CDSA
go to previous page: CDSA Overview CDSA Overview
go to next page: Installation and InitializationInstallation and Initialization
end of book navigation links

Maintaining CDSA Integrity 



As the foundation of the security framework, CSSM provides a set of integrity services that can be used by CSSM, module managers, add-in modules, and applications to verify their own integrity, and the integrity, identity, and authorizations of other components in the CDSA environment.

CSSM's set of self-contained security services establishes a security perimeter around CDSA. These services incorporate techniques to protect against malicious attacks. Because application and add-in security service modules are dynamic components in the system, CSSM uses and requires the use of a strong verification mechanism to screen all components as they are added to the CSSM environment.

Applications can extend CSSM's security perimeter to include themselves by using bilateral authentication, integrity verification, and authorization checks during dynamic binding.

The establishment of integrity between two dynamically loaded, executable objects proceeds in three phases:

Self-Check 

In the first phase, the self-check phase, the software module checks its own digital signature. The Embedded Integrity Services Library (EISL) defines a statically linked library procedure to perform self-check.

Bilateral Authentication 

In the second phase, bilateral authentication routines in the EISL offer support for securely loading, verifying, and linking to partner software modules. The process of bilateral authentication begins in the MDS registry, where each program can find the credentials as well as the object code of all other CDSA modules.

Verification of other modules can be done prior to loading, or, if a module is already loaded, it can be verified in memory. Verification prior to loading prevents activating file viruses in infected modules. Verification in memory prevents stealth viral attacks where the file is healthy, but the loaded code is infected.

Secure Linkage Check 

Once verified, programs can use the verified in-memory representation of the credentials to perform validity checks of addresses to provide secure linkage to modules. The addresses of both the callers and the procedures to be called can be verified using the Secure Linkage Check facility.

go to previous page: CDSA Overview CDSA Overview
go to next page: Installation and InitializationInstallation and Initialization