The following message is a courtesy copy of an article that has been posted to bit.listserv.ibm-main,alt.folklore.computers as well.
[email protected] (Gabe Goldberg) writes: > Speaking of ISAM doing interesting channel programming -- ISAM was > implicated in a very early VM security/integrity threat. Details elude > me and I sadly don't have the program which used ISAM to penetrate VM, > but it was discussed in this research re: http://www.garlic.com/~lynn/2009r.html#52 360 programs on a z/10 http://www.garlic.com/~lynn/2009r.html#57 360 programs on a z/10 ISAM and other kinds of (looping) channel programs were demonstrated being able to do denial-of-service attack (hanging channel). one of the things I did in paging access method on cp67 ... demonstrate that run-of-mill virtual machines (w/o special privileges for channel programs) could still do all of their disk access w/o needing channel programming capability. http://www.garlic.com/~lynn/submain.html#mmap it also significantly raised the abstraction ... eliminating the "overhead" of channel program abstraction ... and significantly reduced the overhead. Also with the higher level abstraction ... I could do significantly higher level of optimization (under the covers). In the 80s, some (otherwise on identical) CMS benchmarks against standard filesystem on same hardware configuration and same 3380 drives ... I could show three times thruput improvement with moderately i/o intensive workload. the higher level abstraction also enabled being able doing other kinds of optimization with trivially sharing executable code and other stuff. some old email about moving page-mapped stuff (and other things) from cp67 to vm370: http://www.garlic.com/~lynn/2006v.html#email731212 http://www.garlic.com/~lynn/2006w.html#email750102 http://www.garlic.com/~lynn/2006w.html#email750430 as undergraduate in the 60s ... i was doing lots of different cp67 stuff ... some of which shipped in standard product. I would also periodically get reguests for doing various kinds of enhancements from the vendor. Although I didn't hear about these guys until much later: http://www.nsa.gov/research/selinux/list-archive/0409/8362.shtml in retrospect, some of the requested features may have originated from that market segment. At the science center there, was some interesting security issues with the cp67 "service" ... since there was student and other non-employee access from various educational institutions in the boston and cambridge area. One such was the science center had ported APL\360 to CMS for CMS\APL ... redoing internal storage management so that it operated much more efficiently with multi-megabyte workspaces in a virtual memory environment ... as well as added function to access CMS system services (which caused some uproar with the APL purists as violating APL). In any case, it opened up APL use to a whole new class of applications (large modeling & "what-if" things ... some of the things that are done with spreadsheets today). In any case, some of the corporate business planning people had the highest classified and most valuable of corporate assets loaded on the cambridge system (complete cuostmer details) so they could run business modeling remote from Armonk. The security had to demonstarte that students and other non-employees (and in fact, non-authorized employees) couldn't access the most valuable of corporate assets. Something similar was required in the joint exercise with Endicott ... applying changes to cp67 to add simulation of 370 virtual memory "virtual machines" (long before virtual memory for 370 was announced). There was requirement that even the very existance of the activity to support 370 virtual memory virtual machines (on the cambridge cp67 360/67) didn't leak to student users and other non-employees in any way. Note that various of the cp67 & vm370 commercial time-sharing service bureaus provided other kinds of limitations on virtual machine capabilities to eliminate deminal-of-service kinds of exploits. Some of them had moved up to value stream into lots of online financial information ... and would have lots of customers from competing wall street firms (where potentially there was very large sums of money involved). Much later there was folklore about certain class of gov. customers requesting *ALL* the MVS source that (exactly) corresponded to specific executing MVS system (as part of a certain kind of MVS certification). Supposedly there was a corporate task force that spent $5m dollars studying the issue ... before concluding that it wasn't practical. for other drift, this is post with tale about the FS effort implementing a DRM facility for all "future system" documents ... no hard copies ... and detailed control for authorization and access: http://www.garlic.com/~lynn/2009r.html#41 While watching Biography about Bill Gates on CNBC last Night and security related precursor post http://www.garlic.com/~lynn/2009r.html#39 While watching Biography about Bill Gates on CNBC last Night -- 40+yrs virtualization experience (since Jan68), online at home since Mar1970 ---------------------------------------------------------------------- For IBM-MAIN subscribe / signoff / archive access instructions, send email to [email protected] with the message: GET IBM-MAIN INFO Search the archives at http://bama.ua.edu/archives/ibm-main.html
