|3.5 Service Complex: Security|
|SSEC07 - Reliability of Services|
LSIC07 - Zuverlässigkeit der Dienstleistung
This includes all functions ensuring that the resources are available and usable when demanded by an authorized subject (e. g. user or a process performing a user task) and all functions that prevent or restrict an influencing of time-critical operations.
The service unit comprises all functions for
|SSEC07.F.1.1||Fault-tolerant hardware and software||When software errors occur they are to bridge, i. e. the functionality of other functions must not be interfered-as far as possible. Contradictions in steering the service units by the user are detected by the software. There are error treatment procedures and there are controlled actions if errors occur in components of the SDE. The breakdown of individual hardware components (e. g. harddisk) is bridged in a way that all independent functions are continuously available still.|
|SSEC07.F.1.2||Redundant configuration of hardware and software||There are redundant components able to take over the tasks of hardware or software components in case of their breakdown. When configuring the hardware redundantly there are error correction procedures which allow the secure working in case of a breakdown of hardware components.|
|SSEC07.F.2||Limitation of user access to critical resources||
The system manager is able to limit for individual users/processes the access to resources.|
The service unit is to protect against well-aimed attacks ("denial of service attacks") as well as to protect against errors resulting out of other reasons (e. g. addressing error). These attacks/errors may concern the allocation of computing time and the generation of processes, the consumption of main and disk memory or file entries as well as the transmission load of the network. In order to limit the consumption of storage and computing time, in UNIX, for example, hard limits are set for user processes: CPU time, file size, data/stack segment size, core dump size, resident set size, number of file descriptor. "Disk quotas" are intended for controlling the disk memory size. Here it is possible to define the available size (in blocks) and the number of file entries per user.
|SSEC07.F.3||Guaranteeing "free of deadlock"||Independent of the actual load the system has to guarantee for definite actions that an upper limit for the reaction time is not exceeded. This includes the solution of occurred deadlocks in time. This is possible e. g. by means of suitable scheduling algorithms.|
|SSEC07.F.4||Regular intermediate storage||It is possible to define regular intermediate storage of the files being in work presently.|
|SSEC07.F.5||Data backup||A regular data backup on external storage media is performed in order to guarantee the availability of the data. The backup runs are automated (time, amount and storage medium are preset). The described storage media are checked for the ability to be reloaded.|
|SSEC07.F.6||Procedure for reloading stored data||It is possible to reload data that have been stored.|
|SSEC07.F.7||Protection of the system operation||
Access rights have to be defined for the system commands for a "shutdown" in order to guarantee that users do not terminate the server operation.
This measure alone is not sufficient because terminating the operation is also possible by switching off the console or by pressing a definite key combination. As far as possible this has to be prevented.
|GDPA Online Last Updated 01.Jan.2002 Updated by Webmaster Last Revised 01.Jan.2002 Revised by Webmaster|