Access Manager ТорСМ is an optional licensed software product, designed to improve the information security level of the operating system z/OS and its applications. ТорСМ 1.1 consist of the monitor and tools of data integrity control.

The ТорСМ's monitor provides an additional level of control and surveillance of the functioning of the operating system z/OS and its applications in the process of their implementation. ТорСМ' tools of data integrity control provide the opportunities for monitoring data integrity of the operating system z/OS and its applications.

The functioning of  the TopCM's monitor is based on the use of the hardware capabilities of servers IBM z Systems. ТорСМ uses a special interpretive program execution mode z/Architecture (z/Architecture Interpretive Execution Mode) for the execution of the operating system z/OS with all its applications. In this mode, the monitor has the capability to intercept most of the events from level z/Architecture (interrupts, instructions), which are usually used by the system and/or its applications to access the server's physical resources or logical software resources of the operating system z/OS, and also to control the display thiese events of the z/OS. The ТорСМ's monitor can allow a normal execution of any from these events or not to let this event happen and to simulate the unsuccessful execution of the event for the operating system.

An interception of OS events and transfer of control to TopCM's programs are carried by hardware of server's interpretive execution, the operating system z/OS has no influence on these actions.

The TopCM's monitor features allow to organize an additional level of control and surveillance of the functioning of the operating system z/OS and its applications on the hardware level and are the foundation for building a private security service TopCM.

However, the "independence" of the TopCM's monitor programs does not allow them to use the service of the operating system z/OS, such as access method z/OS, tools of memory's dynamic management, etc. Therefore, TopCM's security service could not be a new full-fledged tool of resources' protection of the operating system z/OS. It is an addition to the powerful protection, that the operating system z/OS provides with such additional tools of resources' protection as RACF, ACF2, or TSS. TopCM's security service can provide a protection of the most critical server resourses and the the basic system in cases where the protection of the base system was disconnected accidentally or intentionally.

Access Manager ТорСМ incorporates its own tools of data integrity control that can be used to monitor data integrity of the base system as well as data of TopCM. The main function of the tools of data integrity control TopCM is counting checksums for data, stored in the specific data sets of the operating system z/OS, and comparing results with the pattern values of checksums, established for these data sets. These tools are realized as a set  utilities and procedures, running from the operating system z/OS  in a separate virtual address space. Launch of these programs and procedures can be performed in the typical mode of the operating system z/OS and in the interpretive execution mode z/Architecture of the operating system z/OS, established by the TopCM's monitor. The tools of data integrity control are the TopCM's applications.

ТорСМ's features:

  • in term of the access control to the server's physical resources:
    • use control of special operations of the operating system z/OS and its applications;
    • access control to volumes of  magnet tapes; for volumes with standard labels IBM provides discretionary access control to volumes with certain serial numbers.
  • in term of the access to software resources of the operating system z/OS:
    • software access control to services of the operating system z/OS, governing the use of authorized software of the operating system z/OS.
  • in term of the integrity control of the operating system z/OS:
    • verification of data integrity of the operating system z/OS on its load step;
    • verification of data integrity of the operating system z/OS during operations;
    • switching of the operating system z/OS to inoperable state, when a violating of the system's integrity was found.

ТорСМ - patented software, which has its own trademark.

Свидетельство на товарный знак TopCM Свидетельство о регистрации TopCM