NCJ Number
79396
Journal
IBM Systems Journal Volume: 14 Issue: 2 Dated: (1975) Pages: 188-202
Date Published
1975
Length
15 pages
Annotation
The software security and reliability attainable through the use of the Virtual Machine Facility/370 (VM/370), a three-level structure which can easily be extended to more levels, are discussed, as compared to the security and reliability possible in the conventional two-level multiprogramming system.
Abstract
An operating system's reliability is its ability to supply service despite all abnormal software (and most abnormal hardware) conditions, whether accidental or malicious. Operating system integrity exists when the system functions correctly under all circumstances. Since there is no major software system that has withstood determined penetration efforts, the most that can be currently achieved is to develop as much security and reliability into the software as possible and minimize the impact of a malfunction. In efforts to maximize these goals, numerous computer scientists have observed that it is possible to simplify the design of an operating system and improve its integrity by a careful decomposition, separating the most critical functions from the successively less critical functions, as well as separating systemwide functions from user-related functions. The VM/370 system accomplishes this by enabling a single System/370 to appear functionally as if it were multiple independent System/370's. Thus, a VMM can make one computer system function as if it were multiple physically isolated systems. In the conventional two-level operating system approach, a single logical error in the operating system software can invalidate the entire security mechanism. Furthermore, there is no more protection between the programs of differing application subsystems or the operating system than there is between the programs of a single application subsystem. A virtual machine facility, such as the VM/370, can convert a two-level conventional operating system into a three-level hierarchically structured operating system. In so doing, redundant security mechanisms are provided. Illustrations and 30 references are provided.