IBM Novell 10 SP1 EAL4 Linux Server Manuals

Manuals and User Guides for IBM Novell 10 SP1 EAL4 Linux Server. We have 1 IBM Novell 10 SP1 EAL4 Linux Server manual available for free PDF download: Design Manual

IBM Novell 10 SP1 EAL4 Design Manual

IBM Novell 10 SP1 EAL4 Design Manual (246 pages)

SUSE Linux Enterprise Server High-Level Design

Brand: IBM | Category: Server | Size: 3.08 MB

Table of Contents

Table of Contents
3
1 Introduction

13
- Purpose of this Document
  13
- Document Overview
  13
- Conventions Used in this Document
  13
- Terminology
  13
2 System Overview

14
- Product History
  15
  - SUSE Linux Enterprise Server
    15
  - Eserver Systems
    15
- High-Level Product Overview
  15
  - Eserver Host Computer Structure
    16
  - Eserver System Structure
    18
  - TOE Services
    18
  - Security Policy
    19
  - Operation and Administration
    20
  - TSF Interfaces
    20
- Approach to TSF Identification
  21
3 Hardware Architecture

24
- System X
  24
  - System X Hardware Overview
    24
  - System X Hardware Architecture
    24
  - System P
    24
- System P
  25
  - System P Hardware Overview
    25
  - System P Hardware Architecture
    25
- System Z
  26
  - System Z Hardware Overview
    26
  - System Z Hardware Architecture
    26
- Eserver 326
  27
  - Eserver 326 Hardware Overview
    27
  - Eserver 326 Hardware Architecture
    27
4 Software Architecture

30
- Hardware and Software Privilege
  30
  - Hardware Privilege
    30
    
    Privilege Level
    30
  - Software Privilege
    32
    
    Apparmor
    33
    
    Dac
    33
    
    Programs with Software Privilege
    34
- TOE Security Functions Software Structure
  34
  - Kernel TSF Software
    35
    
    Logical Components
    36
    
    Execution Components
    37
  - Non-Kernel TSF Software
    38
- TSF Databases
  40
- Definition of Subsystems for the CC Evaluation
  40
  - Hardware
    41
  - Firmware
    41
  - Kernel Subsystems
    41
  - Trusted Process Subsystems
    41
  - User-Level Audit Subsystem
    42
5 Functional Descriptions

44
- File and I/O Management
  44
  - Virtual File System
    45
    
    Pathname Translation
    47
    
    Open()
    49
    
    Mount()
    50
    
    Shared Subtrees
    50
    
    Write()
    50
  - Disk-Based File Systems
    51
    
    Ext3 File System
    51
    
    Data Structures
    52
    
    ISO 9660 File System for CD-ROM
    55
  - Pseudo File Systems
    56
    
    Procfs
    56
    
    Tmpfs
    56
    
    Devpts
    57
    
    Rootfs
    57
    
    Sysfs
    57
    
    Binfmt_Misc
    58
    
    Configfs
    58
    
    Securityfs
    58
  - Inotify
    58
  - Discretionary Access Control (DAC)
    58
    
    Permission Bits
    59
    
    Access Control Lists
    60
  - Asynchronous I/O
    63
  - I/O Scheduler
    63
    
    Anticipatory I/O Scheduler
    64
    
    Completely Fair Queuing Scheduler
    64
    
    Deadline I/O Scheduler
    64
    
    Noop I/O Scheduler
    65
  - I/O Interrupts
    65
    
    Bottom Halves
    65
    
    Softirqs
    65
    
    Top Halves
    65
    
    Tasklets
    66
    
    Work Queue
    66
  - Processor Interrupts
    66
  - Machine Check
    66
- Process Control and Management
  67
  - Data Structures
    67
  - Process Creation and Destruction
    69
    
    Control of Child Processes
    69
    
    DAC Controls
    69
    
    Do_Exit()
    70
    
    Execve()
    70
  - Process Switch
    70
  - Kernel Threads
    70
  - Scheduling
    71
  - Kernel Preemption
    72
- Inter-Process Communication
  73
  - Pipes
    74
    
    Data Structures and Algorithms
    74
  - First-In First-Out Named Pipes
    75
    
    FIFO Creation
    75
    
    FIFO Open
    76
  - System V IPC
    76
    
    Common Data Structures
    76
  - Common Functions
    77
  - Message Queues
    77
  - Semaphores
    78
  - Shared Memory Regions
    79
- Signals
  80
  - Data Structures
    80
  - Algorithms
    80
- Sockets
  80
- Network Subsystem
  81
  - Overview of the Network Protocol Stack
    82
  - Transport Layer Protocols
    84
    
    Tcp
    84
    
    Udp
    84
  - Network Layer Protocols
    84
    
    Internet Protocol Version 4 (Ipv4)
    84
    
    Internet Protocol Version 6 (Ipv6)
    84
    
    IP Security (Ipsec)
    86
    
    Transition between Ipv4 and Ipv6
    86
  - Internet Control Message Protocol (ICMP)
    90
    
    Link Layer Protocols
    90
  - Network Services Interface
    91
    
    Bind()
    92
    
    Socket()
    92
    
    Accept()
    93
    
    Connect()
    93
    
    Listen()
    93
    
    Access Control
    94
    
    Generic Calls
    94
- Memory Management
  94
  - Four-Level
    96
  - Memory Addressing
    97
    
    System P
    104
    
    System P Native Mode
    110
    
    System Z
    118
    
    Kernel Memory Management
    135
    
    Reverse Map Virtual Memory
    136
    
    Support for NUMA Servers
    136
    
    Huge Translation Lookaside Buffers
    137
    
    Page Frame Management
    139
    
    Remap_File
    139
    
    Memory Area Management
    140
    
    Noncontiguous Memory Area Management
    140
    
    Process Address Space
    140
    
    Atomic Operations
    142
    
    Memory Barriers
    142
    
    Symmetric Multiprocessing and Synchronization
    142
    
    Kernel Semaphores
    143
    
    Spin Locks
    143
  - Audit Subsystem
    143
    
    Audit Components
    143
    
    Audit Kernel Components
    144
    
    File System Audit Components
    147
    
    User Space Audit Components
    148
    
    Audit Operation and Configuration Options
    149
    
    Configuration
    149
    
    Operation
    151
    
    Audit Record Generation
    152
    
    Audit Records
    152
    
    Audit Record Format
    155
    
    Audit Tools
    158
    
    Auditctl
    158
    
    Ausearch
    158
    
    Login Uid Association
    158
  - Kernel Modules
    158
    
    Linux Security Module Framework
    159
    
    LSM Apparmor Module
    161
    
    LSM Capabilities Module
    161
  - Apparmor
    161
    
    Apparmor Administrative Utilities
    162
    
    Apparmor Access Control Functions
    163
  - Securityfs
    163
- Device Drivers
  164
  - I/O Virtualization on System Z
    164
    
    Interpretive-Execution Facility
    164
    
    State Description
    165
    
    Hardware Virtualization and Simulation
    166
  - Character Device Driver
    166
  - Block Device Driver
    167
- System Initialization
  168
  - Init
    168
    
    Boot Loader
    170
    
    Boot Methods
    170
    
    Boot Process
    170
  - System P
    173
    
    Boot Loader
    173
    
    Boot Methods
    173
    
    Boot Process
    173
  - System P in LPAR
    175
    
    Boot Process
    176
  - System Z
    178
    
    Boot Methods
    178
    
    Boot Process
    178
    
    Control Program
    178
- Identification and Authentication
  183
  - Pluggable Authentication Module
    184
    
    Overview
    184
    
    Configuration Terminology
    185
    
    Modules
    185
  - Protected Databases
    187
    
    Access Control Rules
    188
  - Trusted Commands and Trusted Processes
    188
  - Network Applications
    192
    
    Interaction with Audit
    192
    
    Openssl Secure Socket-Layer Interface
    192
    
    Ssl Architecture
    197
    
    Openssl Algorithms
    200
    
    Symmetric Ciphers
    200
    
    Secure Shell
    202
    
    Ssh Client
    203
    
    Ssh Server Daemon
    203
    
    Very Secure File Transfer Protocol Daemon
    204
  - System Management
    208
    
    Account Management
    208
    
    User Management
    210
    
    Group Management
    212
    
    Groupdel
    213
    
    Groupmod
    213
    
    Amtu
    215
    
    Date
    215
    
    Hwclock
    215
    
    Other System Management
    215
    
    System Time Management
    215
    
    Star
    218
    
    I&A Support
    220
    
    Pam_Tally
    220
    
    Unix_Chkpwd
    220
  - Batch Processing
    220
    
    Batch Processing User Commands
    220
    
    Crontab
    220
    
    Atd
    222
    
    Batch Processing Daemons
    222
    
    Cron
    222
  - User-Level Audit Subsystem
    223
    
    Audit Daemon
    223
    
    Audit Utilities
    223
    
    Aureport
    223
    
    Audit Configuration Files
    224
    
    Audit Logs
    224
    
    Ausearch
    224
    
    Autrace
    224
  - Supporting Functions
    225
    
    TSF Libraries
    225
    
    Library Linking Mechanism
    227
    
    System Call Linking Mechanism
    227
    
    Eserver 326
    228
    
    System Call Argument Verification
    228
    
    System P
    228
    
    System Z
    228
6 Mapping the TOE Summary Specification to the High-Level Design

230
- User Identification and Authentication Data Management (Ia)
  230
- Common Authentication Mechanism (Ia)
  230
- Interactive Login and Related Mechanisms (Ia)
  230
- User Identity Changing (Ia)
  230
- Login Processing (Ia)
  230
- Audit Configuration (Au)
  230
- Audit Processing (Au)
  230
- Security Management
  231
  - Audit Record Format (Au)
    231
  - Audit Post-Processing (Au)
    231
- Discretionary Access Control
  231
  - General Dac Policy (Da)
    231
  - Permission Bits (Da)
    231
  - Acls (Da)
    231
  - Dac: Ipc Objects (Da)
    231
- Object Reuse
  231
- Secure Communications
  232
- Secure Protocols (Sc)
  232
- Tsf Protection
  232
  - Tsf Invocation Guarantees (Tp)
    232
  - Kernel (Tp)
    232
  - Trusted Processes (Tp)
    233
  - Tsf Databases (Tp)
    233
  - Internal Toe Protection Mechanisms (Tp)
    233
  - Testing the Toe Protection Mechanisms (Tp)
    233
- Security Enforcing Interfaces between Subsystems
  233
  - Summary of Kernel Subsystem Interfaces
    234
    
    Kernel Subsystem File and I/O
    234
    
    Data Structures
    237
    
    Kernel Subsystem Inter-Process Communication
    237
    
    Kernel Subsystem Memory Management
    239
    
    Kernel Subsystem Networking
    239
    
    Kernel Subsystem Audit
    240
    
    Kernel Subsystem Device Drivers
    241
    
    Kernel Subsystems Kernel Modules
    243
  - Summary of Trusted Processes Interfaces
    243

Advertisement

Advertisement

Related Products

IBM Categories

Desktop

Storage

Laptop

Monitor

More IBM Manuals