Important in maintaining system integrity is the consideration
of what system data is sensitive and must be protected from the user,
and what data can be exposed to user manipulation. The implications
of the exposure of the wrong type of data are obvious.
In general, it is necessary to store protect the following types
of data:
- Code, and the location of code, that is to receive control in
an authorized state.
- Work areas for such code, including areas where it saves the contents
of registers.
- Control blocks that represent the allocation or use of system
resources.
The operating system maintains such items in its storage, or in
a separate address space in the case of some APF-authorized programs.
It might also be necessary to protect, for a limited period, certain
data that is normally under the control of the user (for example,
to prevent its modification during a critical operation). In this
case the system provides fetch protection for such data if:
- The data consists of proprietary information (such as passwords).
- The control program cannot determine the nature of the contents
of the data area.