IBM 10 SP1 EAL4 Server User Manual

Open as PDF

of 246

This section briefly describes the functional subsystems that implement the required security functionalities

and the logical subsystems that are part of each of the functional subsystems.

The subsystems are structured into those implemented within the SLES kernel, and those implemented as

trusted processes.

4.4.1 Hardware

The hardware consists of the physical resources such as CPU, main memory, registers, caches, and devices

that effectively make up the computer system. Chapter 3 details the various hardware architectures supported

in this evaluation.

4.4.2 Firmware

The firmware consists of the software residing in the hardware that is started when the system goes through a

power-on reset. In addition to initializing the hardware and starting the operating system, on the partitioning-

capable platforms the firmware provides LPAR support as well.

4.4.3 Kernel subsystems

This section describes the subsystems implemented as part of the SLES kernel.

• File and I/O: This subsystem includes only the file and I/O management kernel subsystem.

• Process control: This subsystem includes the process control and management kernel subsystem.

• Inter-process communication: This subsystem includes the IPC kernel subsystem.

• Networking: This subsystem contains the kernel networking subsystem.

• Memory management: This subsystem contains the kernel memory management subsystem.

• Kernel modules: This subsystem contains routines in the kernel that create an infrastructure to

support loadable modules.

• Device drivers: This subsystem contains the kernel device driver subsystem.

• Audit: This subsystem contains the kernel auditing subsystem.

4.4.4 Trusted process subsystems

This section describes the subsystems implemented as trusted processes.

• System initialization: This subsystem consists of the boot loader (GRUB, LILO, Yaboot, or z/IPL)

and the init program.

• Identification and authentication: This subsystem contains the su, passwd, and login trusted

commands, as well as the agetty trusted process. This subsystem also includes PAM shared library

modules.

• Network applications: This subsystem contains vsftpd and sshd trusted processes, which interact

with PAM modules to perform authentication. It also includes the ping program.

• Batch processing: This subsystem contains the trusted programs used for the processing of batch

jobs. They are crontab and cron and at and atd.

• System management: This subsystem contains the trusted programs used for system management

activities. Those include the following programs:

previous next

Top Automotive Device Types

Top Automotive Brands

Top Baby Care Device Types

Top Baby Care Brands

Top Car Audio & Video Device Types

Top Car Audio & Video Brands

Top Cellphone Device Types

Top Cellphone Brands

Top Communications Device Types

Top Communications Brands

Top Computer Device Types

Top Computer Brands

Top Fitness Device Types

Top Fitness Brands

Top Home Audio Device Types

Top Home Audio Brands

Top Household Appliance Device Types

Top Household Appliance Brands

Top Kitchen Appliance Device Types

Top Kitchen Appliance Brands

Top Laundry Appliance Device Types

Top Laundry Appliance Brands

Top Lawn & Garden Device Types

Top Lawn & Garden Brands

Top Marine Equipment Device Types

Top Marine Equipment Brands

Top Musical Instrument Device Types

Top Musical Instrument Brands

Top Outdoor Cooking Device Types

Top Outdoor Cooking Brands

Top Personal Care Device Types

Top Personal Care Brands

Top Photography Device Types

Top Photography Brands

Top Portable Media Device Types

Top Portable Media Brands

Top Power Tools Device Types

Top Power Tools Brands

Top TV and Video Device Types

Top TV and Video Brands

Top Videogame Device Types

Top Videogame Brands

IBM 10 SP1 EAL4 Server User Manual