HP OpenVMS Guide to System Security > Chapter 2 OpenVMS Security Model

Summary: System Security Design

  Table of Contents

  Glossary

  Index

When designing an overall system security plan, ask yourself the following questions:

  • How are users associated with subjects? What is the reliability of the authentication mechanism?

  • What objects contain sensitive information in this system or application? Is access to those objects controlled?

  • Does the authorization database reflect the site's security policy? Who is authorized to gain access to sensitive objects? Are adequate restrictions in place?

  • Is the audit trail recording enough or too much information? Who will monitor it? How often will it be examined?

  • What programs are functioning as part of the reference monitor? Which users can modify the security policy and the authorization database? Is this the desired configuration?

These considerations, as well as the underlying reference monitor design, apply equally to a timesharing system, a widespread network, or a single application on a system that grants access to records in a file or database. The operating system provides general mechanisms that users and security administrators must apply to achieve system security. See Chapter 6 “Managing the System and Its Data” for more information on designing and implementing a security policy.