Generally a computer system is formed of five major functional parts: input assembly, memory, arithmetic and logic circuitry, output assembly and control unit. The input assembly includes devices such as a keyboard and/or mouse which transfer information between user and computer memory. The information is stored in memory and subsequentially fetched by user programs for processing by the arithmetic and logic circuitry. That is, the arithmetic and logic circuitry performs operations on stored data according to a memory stored user program (i.e., a set of processing steps). Results of this processing are made accessible to a user through the output assembly which includes devices such as a display unit (CRT), printer and the like. The control unit coordinates the foregoing actions of the input assembly, memory, arithmetic and logic circuitry and output assembly, by transmitting timing and control signals to these parts.
Typically the arithmetic and logic circuitry and the control unit are referred together as the central processing unit (CPU) . Also, the input assembly and output assembly are commonly combined under the term "I/O devices". Various bus structures or channels are used to interconnect the different parts.
Depending on size, speed and cost, computers are called "minicomputers" (for low cost, size and computing power), "microcomputers" or PC's (for small machines, of low cost, formed of large scale integrated circuits), or "mainframes" (for large, expensive and increased computing power). Generally minicomputers or microcomputers are used by individuals in domestic and small-scale commercial situations for example, while mainframes are used almost exclusively in industry and for commercial purposes.
User programs are programs which allow users to manipulate and process desired information to solve applicable problems, and hence are commonly referred to as a computer application. Software for general ledger bookkeeping, word processing, and controlling inventory are examples of popular mainframe computer applications. Application security is the component of a computer application that controls user access to specific data and functions of the application.
Computer system programs or systems software is distinguished from user programs/computer applications and include programs that translate user programs into machine language, programs that load translated programs into memory, and operating system programs. Operating system programs (or more commonly "the operating system") are a set of routines that manage the operation of the CPU, memory, I/O devices and other physical resources of the computer system. In particular, the operating system supervises the sharing of the CPU (and I/O devices) among a number of independent user programs/applications so that the computer system is utilized as efficiently as possible. Ease of use for computer users must be balanced against the efficiency of the operating system software. This tradeoff often results in computer users experiencing difficulty in accessing and using application programs. One example of this is shown in the use of operating system security programs in conjunction with application security.
Of particular interest is the operating system security software. The operating system security software is a component of the operating system which controls global user access to large information structures such as files, and to large program structures such as applications. The Resource Access Control Facility (RACF), the Access Control Facility Two (ACF2) and Top-Secret Security (TSS) are examples of popular operating system security software packages. Most mainframe computer environments currently use both application security and operating system security programs. While the operating system security software controls global access to applications and to files, the application security controls granular access to application specific subfunctions and to smaller information structures, such as records or fields. This relationship is illustrated in FIG. 1.
As shown in FIG. 1, a user accesses an application 13, for example a general ledger user program, through the operating system security 11. In particular, the user employs an ID/password combination for which the operating system security 11 allows access to the application 13. Once the user has accessed the application 13, functions 19 and records 17 (e.g., illustrated Function 1, Function 2, Function 3 and/or Record 1, Record 2, Record 3) are accessed by the user through the application security 15. Specifically, the user employs a separate ID/password recognized by the application security 15 for accessing the functions 19 and records 17 of the application 13. In addition, to access the master file 38 of the general ledger application 13 the user must go through the operating system security 11.
To that end, a user must remember an operating system user-ID/password combination plus a number of application security user-ID/password combinations corresponding to every application the user must access. Further, security administration is complicated and expensive due to the split security configuration of the computer system. That is, each user of the computer system must be given ID/password under the operating system security as well as an ID/password under application security for desired applications. Different users will need different ID/passwords for the operating system security as well as for the application security where some users are allowed access to certain applications and other users allowed access to other applications. Further, such split security configurations are difficult to audit, and the difficulty of administration often results in security exposures, data corruption and computer fraud.
Therefore there is need for improvement in the operating system security and application security configuration of computer systems.