This section briefly describes the functional subsystems that implement the required security functionalities and the logical subsystems that are part of each of the functional subsystems.

The subsystems are structured into those implemented within the SLES kernel, and those implemented as trusted processes.

4.4.1Hardware

The hardware consists of the physical resources such as CPU, main memory, registers, caches, and devices that effectively make up the computer system. Chapter 3 details the various hardware architectures supported in this evaluation.

4.4.2Firmware

The firmware consists of the software residing in the hardware that is started when the system goes through a power-on reset. In addition to initializing the hardware and starting the operating system, on the partitioning- capable platforms the firmware provides LPAR support as well.

4.4.3Kernel subsystems

This section describes the subsystems implemented as part of the SLES kernel.

File and I/O: This subsystem includes only the file and I/O management kernel subsystem.

Process control: This subsystem includes the process control and management kernel subsystem.

Inter-process communication: This subsystem includes the IPC kernel subsystem.

Networking: This subsystem contains the kernel networking subsystem.

Memory management: This subsystem contains the kernel memory management subsystem.

Kernel modules: This subsystem contains routines in the kernel that create an infrastructure to support loadable modules.

Device drivers: This subsystem contains the kernel device driver subsystem.

Audit: This subsystem contains the kernel auditing subsystem.

4.4.4Trusted process subsystems

This section describes the subsystems implemented as trusted processes.

System initialization: This subsystem consists of the boot loader (GRUB, LILO, Yaboot, or z/IPL) and the init program.

Identification and authentication: This subsystem contains the su, passwd, and login trusted commands, as well as the agetty trusted process. This subsystem also includes PAM shared library modules.

Network applications: This subsystem contains vsftpd and sshd trusted processes, which interact with PAM modules to perform authentication. It also includes the ping program.

Batch processing: This subsystem contains the trusted programs used for the processing of batch

jobs. They are crontab and cron and at and atd.

System management: This subsystem contains the trusted programs used for system management activities. Those include the following programs:

29

Page 40 Page 42
Page 41
Image 41
IBM 10 SP1 EAL4 manual Hardware, Firmware, Kernel subsystems, Trusted process subsystems
Page 40 Page 42
Top Page Image Contents