2

I am very intrigued as to how mainframes seem to be much more secure than the servers. Malware targeted are mainframes are very rare.

It is due to security through obscurity? Since few people have access to mainframes and in-depth knowledge on mainframes, it is difficult to develop malware for mainframes.

Or is it due to the architecture of mainframes? Certain characteristics such as read-only memory that make it difficult to penetrate or compromise.

If it is the latter, is it possible to adopt these characteristics for our modern day server architecture?

I have tried googling but it is quite difficult to find material on mainframes in general. Thanks for your response.

limbenjamin
  • 3,944
  • 50
  • 72
  • 1,281
  • Perhaps this will help? http://security.stackexchange.com/a/53674/16399 – JZeolla Nov 24 '14 at 04:24
  • the resources cover "how to use a mainframe system" and "latest news about mainframes" but nothing related to the architecture or security of mainframes – limbenjamin Nov 24 '14 at 04:33
  • 1
    I have performed several security assessments on mainframes and let me tell you, security wise it is often quite bad. It would be possible to target a mainframe with malware. Like you mentioned yourself, there are few people left that have access to mainframes and companies are trying to get them replaced. Also, people nowadays don't really have (much) knowledge of programming languages such as Cobol which makes it very unlikely to target systems like this. – Jeroen Nov 24 '14 at 06:47
  • I expect you're right about the security of mainframes. However, the design goal of machine independence means COBOL programs have no access to the hardware and very little access to the operating system, making COBOL an unlikely vehicle for malware. – Bob Brown Nov 24 '14 at 11:14
  • 1
    if you're interested in more on this topic, I'd recommend the soldier of Fortran blog http://mainframed767.tumblr.com/ . it has a lot of inforamtion on mainframe security and links to talks. – Rory McCune Nov 24 '14 at 11:21

1 Answers1

4

Most malware depends on both knowledge of the operating system and the (hardware) instruction set. That is, most malware is written for a particular class of hardware running a particular operating system. The instruction set of a typical mainframe, e.g. IBM zSeries, is quite different from the Intel x86 instruction set. Although mainframes can and do run Linux, it is much more likely that they run the z/OS operating system or an older OS. Mainframe programming skills at the OS level are relatively rare. The small number of mainframes, compared to machines running Windows, MacOS, or Linux, means they're mostly let alone. (The majority of malware comes from criminals, not "hackers" and the former are interested in maximizing profit.)

So, it's a combination of security by obscurity (instruction set and OS) and a smaller target space. That means there is very little to adopt for more common server class machines.

Many of the things mainframes have "always" had, like privileged instructions and memory protection, were introduced to single-chip processors with the Intel 386; there isn't much more that such processors can borrow from mainframe hardware architecture.

Bob Brown
  • 5,283
  • 1
  • 19
  • 28