Object signing, what's that all about?

All of the security measures you implement could easily be brought down if someone can introduce tampered data or programs into your system without your knowledge.


Rich Loeber
All of the security measures you implement could easily be brought down if someone can introduce tampered data or programs into your system without your knowledge. To address this, i5/OS (OS/400) has supported object signing ever since release V5R1 became available. Object signing, simply stated, works by having each object on your system signed by the originator that guarantees that the object is what it claims to be and that it has not been altered.

More Information

Most systems today, several years after release of this feature, still only have the IBM operating system carrying signatures. Run the WRKOBJ for *PGM objects on your system in the QSYS library. When the list comes up, place and '8' next to one of the objects and then scroll up to the second panel. You should see the following fields displayed:

 
    Auditing/Integrity information: 
      Object auditing value  . . . . . . :   *NONE 
      Digitally signed . . . . . . . . . :   YES 
        System-trusted source  . . . . . :   YES 
        Multiple signatures  . . . . . . :   NO 

Note that the object is showing as being digitally signed and that it is from a system-trusted source.

Similarly, if you do the same for some of your own programs, you will most likely find that there is no signing in effect. In fact, most System i family implementations today that are not from IBM carry no signature.

So, what's the big deal and how can this help you?

For now, probably not much. The current implementation of this is clearly designed to help IBM protect its operating system. IBM has provided some tools in the operating system to give users control. The system value QVFYOBJRST can be set to only allow restore of objects that are signed. You can differentiate this for objects that are system state and user state. In fact, the recommended setting level of three will prevent any unsigned system state programs from being loaded onto your system, thereby adding a level of protection to the operating system's integrity.

There is also the ability to scan your system for object integrity by using the Check Object Integrity (CHKOBJITG) command. An option on this command will let you verify objects that are signed to make sure that operating system components have not been tampered with since they were loaded. Scanning the operating system on your server can produce a database list of all objects on the system that have bad signatures. Finding these could indicate that the operating system has been tampered with.

To add an additional layer of security to your own applications, this technology is available for user state programs, as well. But, seeing that the software developer community has not embraced this to date, you may just be asking for a headache by doing your own implementation while other third-party software on your system does not comply.

If you have specific questions about this topic, e-mail me at rich@kisco.com. All e-mail messages will be answered.

---------------------------
About the author: Rich Loeber is president of Kisco Information Systems Inc. in Saranac Lake, N.Y. The company is a provider of various security products for the iSeries market.


This was first published in May 2006

Dig deeper on iSeries system and application security

0 comments

Oldest 

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to:

-ADS BY GOOGLE

SearchEnterpriseLinux

SearchDataCenter

Close