In today's world of hackers and genuine attempts to disrupt a business, you should not rely on software alone to block intrusions and attacks. The MCP system architecture, the MCP operating system, and security software work in combination to provide an environment that is secure from intrusion. The MCP system deploys an in-depth security architecture in which concentric rings of security are used to repel a variety of attacks.
The primary type of intrusion is an injection of malicious code into a server. In general, vulnerabilities are exploited through buffer overflows in which unauthorized areas of memory are seeded with malicious code that is executed. This intrusion method—used by most worms, viruses, and malware—is defeated by the MCP system architecture.
The MCP architecture prevents buffer overflows by the following methods:
-
Tagging an area of memory to indicate the purpose, which constrains the usage of each word. A malicious code file cannot be written to an area designated for a data segment.
-
Automatic bounds checking, thus preventing a buffer overflow.
-
No assembly language or assembler; all system software written in high-level languages
-
A well-defined stack architecture, with inter-process communications only allowed through predefined interfaces
The concept of tagging is extended to the MCP file system, in which each file is tagged with a FILEKIND file attribute. The FILEKIND file attribute defines the type or purpose of the file and imposes restrictions for the use of the file and data. Certain FILEKIND file attribute values, such as object code, are restricted and can be created only by trusted applications. The FILEKIND file attribute can also denote the structure of the file.
Through this tag and other file attributes, files are classified and marked by type and allowable usage.
The MCP operating system ensures that only properly certified files can be executed, that only properly authorized compilers can create code files, and that code files deemed unsafe are executable only with additional administrative authorization.
For information on how security has been ingrained in the MCP system, refer to the Unisys white paper titled “ClearPath MCP – Unsurpassed Security” available at www.unisys.com.
For details on how the MCP system repels intrusion by preventing buffer overflows through tag architecture, refer to the Unisys white paper titled “Resisting Cyber Attacks Using the ClearPath MCP Web Server” available at www.unisys.com.
