The present disclosure relates generally to mainframe computing, and more particularly to methods, systems and computer program products of testing interfaces for storage vulnerabilities including storage protection keys and buffer overflows.
Storage protection keys in various forms are utilized on many computing platforms to provide an added security mechanism. Storage protection keys have the following elements: (a) each virtual memory page is assigned a small integer key value, (b) an indication whether that key applies to fetch protection or merely protects write access, and (c) a corresponding execution key for the unit of work. Generally the execution key must match the corresponding memory. There may be a specially designated execution key value that can access any storage key, and similarly there may be a specially designated virtual memory key that can be accessed by any execution key.
An exemplary vulnerability of computer storage protected by storage protection keys may include an unauthorized user passing bad addresses to a system service. The system service could be running with an authorized key, and if it trusts the user supplied address, could indirectly provide that user read or even write access to storage to which that user should not have access. Another vulnerability of computer storage may include buffer overflows. When parameter areas include variable-length fields, transfers of data can overflow when the boundaries of those length fields are not checked. A third exemplary vulnerability of computer storage may include system-owned control blocks. When an unauthorized user passes an address to a system-owned control block, the system service must verify that block through an independently anchored chain. Otherwise an unauthorized user could spoof the control block in order to cause that system service to take various actions that it would otherwise not take.
In order to ensure system integrity, system services should be tested in their use of untrusted parameters, including parameters that are directly anchored and those that are indirectly anchored by virtual addresses within a base parameter list. Additionally system services should be tested when variable-length fields are used to prevent buffer overflows. Addresses to control block need to be independently verified from system-controlled anchors.
Therefore, heretofore unaddressed needs still exist in the art to address the aforementioned deficiencies and inadequacies.