z/VM Statement of Integrity
Updated: 29 January 2015
|The z/VM Statement of Integrity is published in the z/VM V6.3 General Information manual. This excerpt is published here for your convenience.|
System Integrity Statement for z/VM
System integrity is an important characteristic of z/VM. This statement extends IBM's previous statements on system integrity to the z/VM environment. IBM has implemented specific design and coding guidelines for maintaining system integrity in the development of z/VM. Procedures have also been established to make the application of these design and coding guidelines a formal part of the design and development process. However, because it is not possible to certify that any system has perfect integrity, IBM will accept APARs that describe exposures to the system integrity of z/VM or that describe problems encountered when a program running in a virtual machine not authorized by a mechanism under the customer's control introduces an exposure to the system integrity of z/VM, as defined in the following "z/VM System Integrity Definition" section. IBM will continue its efforts to enhance the integrity of z/VM and to respond promptly when exposures are identified in the specified operating environment on releases of z/VM that have not reached their end of support (EOS) date .
Footnote: IBM reserves the right to change, modify or withdraw its offerings, policies and practices at any time. All products and support obligations are subject to the terms of the applicable license and services agreements.
z/VM System Integrity Definition
The z/VM control program system integrity is the inability of any program running in a virtual machine not authorized by a z/VM control program mechanism under the customer's control or a guest operating system mechanism under the customer's control to:
- Circumvent or disable the control program real or auxiliary storage protection.
- Access a resource protected by RACF. Resources protected by RACF include virtual machines, minidisks, and terminals.
- Access a control program password-protected resource.
- Obtain control in real supervisor state or with privilege class authority or directory capabilities greater than those it was assigned.
- Circumvent the system integrity of any guest operating system that itself has system integrity as the result of an operation by any z/VM control program facility.
Auxiliary storage protection refers to the disk extent isolation implemented for minidisks and virtual disks through channel program translation.
Password-protected resource refers to a resource protected by CP logon passwords and minidisk passwords.
Guest operating system refers to a control program that operates under the z/VM control program.
Directory capabilities refer to those directory options that control functions intended to be restricted by specific assignment, such as those that permit system integrity controls to be bypassed or those not intended to be generally granted to users.
While protection of the customer's data remains the customer's responsibility, data security continues to be an area of vital importance to IBM. IBM's commitment to the system integrity of the z/VM environment, as described in this statement, represents a further significant step to help customers protect their data. Product documentation, subject to change, describes the actions that must be taken and the facilities that must be restricted to complement the system integrity support provided by z/VM. Such actions and restrictions may vary depending on the system, configuration, or environment. The customer is responsible for the selection, application, adequacy, and implementation of these actions and restrictions, and for appropriate application controls.