mainframes banner

Secure Systems Secure by Design

Security is at the very core of Unisys ClearPath mainframes. In fact, the entire system has been designed from its very beginnings to offer the industry’s highest levels of security. By architecting the hardware, microcode, system software, linking system and compilers together as a whole – with security as one of the main goals – Unisys has been able to deliver systems that provide secure business operations and massive throughput that’s not encumbered by software-only security solutions as many other systems are.

 

ClearPath hardware provides isolated address spaces that keep any one process from accessing the memory of another. This keeps data private while significantly limiting any effects of bugs or attempted exploits.

 

Buffer Overflow Immunity

ClearPath mainframes are immune to the buffer overflow exploits suffered by commodity servers because of these important design features:

  • The ClearPath dual-stack architecture separates data from control information
  • Access to memory regions is controlled, in hardware, by gates, with locks. A process must possess the right key to access memory contents
  • Each process runs in a specific domain. The domain combines with locks and keys to determine the process’ memory access permissions
  • An address tree controls the level at which information can be shared
  • Each process is limited to well-defined types of memory access
    • Read
    • Write
    • Execute

Time-proven Security Architecture

These ClearPath architectural features aren’t new – they’ve been in place for decades! They provide ClearPath clients with vital protections that still aren’t available with most other server systems today.

 

In fact, the ClearPath security protections we’ve mentioned are similar to two other, much more recent technologies: Intel’s LaGrande Technology (LT), which provides a trusted execution environment with CPU and memory privilege levels, and Microsoft’s Next Generation Secure Computing Base (NGSCB), which provides curtained memory and trusted modules. While these emerging technologies are not likely to be capitalized on for commodity servers until 2010, ClearPath systems have had similar protections since 1982!

 

Foils Hackers

Computer system hacking is certainly not a recent phenomenon. Predecessor ClearPath systems experienced hacking attempts back in the 1970s. Unisys responded vigorously and effectively to this threat, addressing known problems and avoiding new ones by deploying development processes that demand thorough design and code inspections – for all code – in all ClearPath components.

 

All Components Are Secure

What’s more, every change to critical components undergoes a security review by specially trained individuals. Commodity operating system software vendors have only recently recognized the need for this intense diligence. Our attention to careful implementation, enhancing an already-secure operating system, running on hardware designed with security in mind, gives ClearPath mainframes the ultimate security needed for your business-critical core applications and your secure business operations.


 
ClearPath OS 2200: Unsurpassed Security This paper provides a fast-paced review of the inherent security features and solutions of every OS 2200 system. (eCommunity)
Protect Your Code and Data Learn more about collections of code and data banks that share common sets of protection attributes. (Information Repository)
Unisys Enterprise Security Solutions Looking for enterprise-wide security solutions, services and resources? Check out the wealth of information on these pages.
Topics on This Page You can find more detailed technical information about any of the topics on this page by looking at the supporting documents in the eCommunity.
Is it right for your business?
Contact Unisys