IBM i Secure Foundation

The bedrock of IBM i's integrity and security is its MI (Machine Interface). MI is an object-based interface that exists independent of underlying hardware. MI fully defines a set of supported object types and the operations allowed on each of those object types. The only access to MI objects is through the use of the specific operations that MI defines for each of its particular object types. This encapsulation provides a level of integrity and security that is unavailable with traditional flat file systems.

Flat file systems diagram

Flat file systems diagram

Further, the benefit of this sort of design is that it allows for a tiered privilege structure. In other words, different objects can have varying levels of protection.

Since MI objects are used to build up everything from higher-level objects like files to application programs and even the operating system itself, the secure design reaches all areas of the system. In fact, no matter what language the program is compiled in it must be expressed in terms of MI at some point during its creation. Most importantly, the MI is not directly executable. Unlike flat file systems, the IBM i object-oriented architecture prevents programs from gaining unauthorized access to data storage.

Flat file systems diagram

Flat file systems diagram

New line of defense

In the 6.1 IBM i operating system releases, a new line of defense was added to protect data. All supported systems have enhanced hardware storage protection (HSP) capabilities. The hardware checks every attempted access against the protection attributes assigned to that particular storage, and more protection attributes are now provided by all hardware models on which the release can be run. Stronger hardware level protection is just another way IBM i is improving your system security.

Contact an IBM Sales Specialist