Handbook of Information Security Management:Computer Architecture and System Security

Previous Table of Contents Next


System-Managed Storage

Many otherwise modern systems implementing archaic architectures includes a class of storage called system-managed storage. For example, IBM’s 9000 Series, which for reasons of compatibility employs S/360 principles of operation, employs this class of storage to provide users the convenience of more modern architectures while maintaining all of the flexibility that is expected from older applications. Thus, an application that includes hardware-dependent programming can function as it always has. However, a newer application that employs only symbolic references and avoids hardware dependences can enjoy the advantages of single-level storage that are enjoyed by users of such modern architectures as IBM’s AS/400 or Digital Equipment Corp.’s VAX/VMS.

Although the components of system-managed storage are similar to those employed for primary and secondary storage, its use and management are fully automatic. It is not managed by or visible to users or to procedures implemented in software. The automatic facilities may include paging, allocation, and backup. System-managed storage is accessed by means of symbolic addressing. As a consequence, data in such storage is usually immune from outside interference or contamination.

Expanded Storage

IBM uses a class of storage that it calls expanded storage, which has some interesting characteristics. This storage is implemented using the same kind of hardware as that used for primary storage. Unlike primary storage and like other system-managed storage, however, expanded storage is not visible to the operating system or application programs; it is visible only to the hardware.

Although it has almost as big an impact on performance as primary storage, it is cheaper, partly because it can be addressed only at the page level and not at the word or byte level. This is possible because expanded storage does not need some of the control features required by primary storage. For example, because it cannot be addressed by processes implemented in software, it need not have any storage protection features.

Storage Objects

A storage object is an abstraction for containing data. In primary storage, the abstract object is usually a word or a similar, arbitrary group of bits. In the traditional Von Neumann architecture machine, the paradigm that is used to help the user understand storage objects is the bank of pigeon holes, which are stacked, orderly, symmetric, and the same size, inside and out. These pigeon holes are reusable; they are allocated to one process at a time, but they are used many times.

In more modern systems, it is not necessary for all storage objects to be the same size. The paradigm used for these machines is that of named boxes with locks. To use the contents, users must know the name of the box and have the key to the lock. Although all these boxes are the same size on the outside, the inside of each is an arbitrary size, as determined by the data object placed in it. Thus, a short vector and a large data base are each given their own numbered box.

Although these boxes are strong, they are so cheap that they are used only once. Users may remove the contents from the box, yet they can put the contents back only if the identity of the contents remains the same. If the identity is changed, the user must throw away the old box and use a new one. (The identity of data may be independent of its contents; however, the identity of a program changes when the program is changed as little as 1 bit. Therefore, the identity of the program and the name of the box are so bound that changing the program requires a new box.)

Data Objects

Data is information recorded and stored in symbolic form. In computer science, the term refers to information recorded in such a manner that it can be read by a machine. However, today’s machines can read almost anything. Historically, data was used to refer to digitally encoded information as opposed to analog information (e.g., images or sounds). In modern systems, however, almost everything is digitally encoded.

In general, a data object is a named and bound collection of data that is dealt with as a unit, similar to a book. In computers, the most common data object is a file. Other data objects include bit, bytes, words, double words, messages, records, files, volumes, programs, data bases, tables, and views. The following sections discuss different types of data objects.

Typed Data Objects

A typed data object is a special data object on which only limited and previously specified set of operations is valid. The procedures for these operations are implied by the name of the type. For example, program data is executable but may not be modifiable. Such systems as Digital Equipment’s VAX/VMS and IBM’s AS/400 manage all data in typed data objects.

Typed data is usually managed by a process known as type management. As a rule, typed data can be accessed only by means of the type manager, which is responsible for enforcing the rules of the type. Access to the data that bypasses the type manager presents problems.


Previous Table of Contents Next



The CISSP Open Study Guide Web Site

We are proud to bring to all of our members a legal copy of this outstanding book. Of course this version is getting a bit old and may not contain all of the info that the latest version are covering, however it is one of the best tool you have to review the basics of security. Investing in the latest version would help you out in your studies and also show your appreciation to Auerbach for letting me use their book on the site.