Technically, the user program subroutine integration process is known as linkage editing. Linkage editing poses two risks: the unauthorized use of subroutines and the unauthorized suppression of subroutines that should accept utilization. In the first case, an application program might utilize a job control (script) statement requesting the services of an unauthorized subroutine that performs an illegal task. In the second case, the program might use a script statement that suppresses the services of a required subroutine. Consequently, policies and procedures should be implemented to ensure:
- error messages are displayed or other action taken when reference is made to unauthorized subroutines, or when external references are unsolved
- the operating system maintains a log of program usage
- the linkage editor of the operating system maintains a processing history of each program, including control statements utilized
Davis, Robert E. IT Auditing: Assuring Information Assets Protection. Mission Viejo, CA: Pleier Corporation, 2008. CD-ROM.
Dictionary.com Unabridged (v 1.1). rev. ed. New York, NY: Random House. http://dictionary.reference.com/browse/linkage editor (accessed: August 30, 2008).
Lyon, Lockwood and Kenniston W. Lord. CDP Review Manual: Covering the ICCP, CDP, CSP, and CCP Examinations, 5th ed. New York, NY: Van Nostrand Reinhold, 1991. 130-2
Minasi, Mark. Complete PC Upgrade and Maintenance Guide, 8th ed. San Francisco, CA: SYBEX, 1997. 263-4
Watne, Donald A. and Peter B. B. Turney. Auditing EDP Systems. Englewood Cliffs, NJ: Prentice-Hall, 1984. 239
Silbershatz, Abraham and Peter B. Galvin. Operating System Concepts, 4th ed. Gainesville, FL: Addison-Wesley, 1995. 49-50
“View Part I of the Essential Operating System Protection Mechanisms series here”
Post Note: “Essential Operating System Protection Mechanisms – Part V” was originally published through Suite101.com under the title “Essential Operating System Protection Mechanisms”