As the foundation of the security framework, CSSM provides
a set of integrity services that can be used by CSSM, module managers,
add-in modules, and applications to verify their own integrity,
and the integrity, identity, and authorizations of other components
in the CDSA environment.
CSSM's set of self-contained security services establishes
a security perimeter around CDSA. These services incorporate techniques
to protect against malicious attacks. Because application and add-in
security service modules are dynamic components in the system, CSSM
uses and requires the use of a strong verification mechanism to
screen all components as they are added to the CSSM environment.
Applications can extend CSSM's security perimeter to include
themselves by using bilateral authentication, integrity verification,
and authorization checks during dynamic binding.
The establishment of integrity between two dynamically loaded,
executable objects proceeds in three phases:
In the first phase, the self-check phase, the software module
checks its own digital signature. The Embedded Integrity Services
Library (EISL) defines a statically linked library procedure to
In the second phase, bilateral authentication routines in
the EISL offer support for securely loading, verifying, and linking
to partner software modules. The process of bilateral authentication
begins in the MDS registry, where each program can find the credentials
as well as the object code of all other CDSA modules.
Verification of other modules can be done prior to loading,
or, if a module is already loaded, it can be verified in memory.
Verification prior to loading prevents activating file viruses
in infected modules. Verification in memory prevents stealth viral
attacks where the file is healthy, but the loaded code is infected.
Once verified, programs can use the verified in-memory representation
of the credentials to perform validity checks of addresses to provide
secure linkage to modules. The addresses of both the callers and
the procedures to be called can be verified using the Secure Linkage