Manualshelf

Reference Guide

ManualsBrandsDell ManualsBSAFEBSAFE Micro Edition Suite
11121314151617181920
12 Crypto-C ME Cryptographic Toolkit
RSA BSAFE Crypto-C Micro Edition 4.1.4 Security Policy Level 1
with Level 2 Roles, Services and Authentication
Multi-user Operating Systems
For the following supported multi-user operating systems, the operating system and
hardware enforce a single operator mode of operation by enforcing process isolation
and CPU scheduling:
Apple OS X and macOS
Canonical Ubuntu
CentOS Project CentOS
FreeBSD Foundation FreeBSD
HPE HP-UX
IBM AIX
Micro Focus SUSE
Microsoft Windows
Oracle Solaris
Red Hat Enterprise Linux.
On these operating systems, running on a general purpose computer, dynamically
loaded shared libraries, including the cryptographic module, are loaded into the
address space of a process. Each instance of the cryptographic module functions
entirely within the process space of the process containing the module.
The single operator for a given instance of the cryptographic module is the identity
associated with the process containing the module. The operating system and
hardware enforce process isolation including memory, where keys and intermediate
key data are stored, and CPU scheduling. The writable memory areas of the
cryptographic module, data and stack segments, are accessible only to the process
containing the module.
The operating system is responsible for multitasking operations so that other processes
cannot access the address space of the process containing the cryptographic module.
Consequently, with the exception of privileged user accounts, no additional steps are
required to restrict the operating system to a single operator mode of operation. That
is, concurrent operators are explicitly excluded.
Privileged user accounts
Multi-user operating systems provide tracing and debugging utilities through which
one process can control another, enabling the controller process to inspect and
manipulate the internal state of its target process.
With the exception of privileged user accounts, root user/administrator user, the
controller process must be running as the same user id as the target process for these
utilities to work. This usage does not contravene the single operator mode of operation
as both the controller and target processes are operating on behalf of a single operator.