Iso 7498 2 Security Architecture

1/10/2018
74 Comments

For other uses, see. Security service is a service, provided by a layer of communicating open systems, which ensures adequate security of the systems or of data transfers as defined by X.800 Recommendation. X.800 and 7498-2 (Information processing systems – Open systems interconnection – Basic Reference Model – Part 2: Security architecture) are technically aligned. This model is widely recognized A more general definition is in CNSS Instruction No. 4009 dated 26 April 2010 by of: A capability that supports one, or more, of the security requirements (Confidentiality, Integrity, Availability).

Iso 7498 2 Security Architecture

We introduce widely used security-specific concepts and. IY2760/CS3760: Part 6 security. We introduce widely used security-specific concepts and terminology. This discussion is based primarily on ISO 7498-2, the OSI security architecture. Chapter 2 (pages 13-36) of Warwick Ford's. Computer Communications Security. In the late 1970s, one project was administered by the International Organization for Standardization (ISO), while another was undertaken by the.

Iso 7498 2 Security Architecture

Examples of security services are key management, access control, and authentication. Another authoritative definition is in Glossary adopted by SP 800-95: A processing or communication service that is provided by a system to give a specific kind of protection to resources, where said resources may reside with said system or reside with other systems, for example, an authentication service or a PKI-based document attribution and authentication service. A security service is a superset of AAA services. Security services typically implement portions of security policies and are implemented via security mechanisms.

Main article: and are disciplines that are dealing with the requirements of,,, the so-called CIA Triad, of information asset of an organization (company or agency) or the information managed by computers respectively. There are that can the resources (information or devices to manage it) one or more. The resources can be protected by one or more. So security services implement part of the countermeasures, trying to achieve the security requirements of an organization. Basic OSI terminology [ ]. Main article: In order to let different devices (computers, routers, cellular phones) to communicate data in a standardized way, had been defined. The organization published a large set of protocols.

The general architecture of these protocols is defined in recommendation X.200. The different means (air, cables) and ways (protocols and ) to communicate are called a. Security requirements are applicable to the information sent over the network. The discipline dealing with security over a network is called. The X.800 Recommendation: • provides a general description of security services and related mechanisms, which may be provided by the; and • defines the positions within the Reference Model where the services and mechanisms may be provided. This Recommendation extends the field of application of Recommendation X.200, to cover between.

According to X.200 Recommendation, in the so-called there are 7, each one is generically called N layer. The N+1 entity ask for transmission services to the N entity. At each level two entities (N-entity) interact by means of the (N) protocol by transmitting (PDU). (SDU) is a specific unit of data that has been passed down from an OSI layer, to a lower layer, and has not yet been into a PDU, by the lower layer. It is a set of data that is sent by a user of the services of a given layer, and is transmitted semantically unchanged to a peer service user.

The PDU at any given layer, layer 'n', is the SDU of the layer below, layer 'n-1'. In effect the SDU is the 'payload' of a given PDU. That is, the process of changing a SDU to a PDU, consists of an encapsulation process, performed by the lower layer. All the data contained in the SDU becomes encapsulated within the PDU. The layer n-1 adds headers or footers, or both, to the SDU, transforming it into a PDU of layer n-1. The added headers or footers are part of the process used to make it possible to get data from a source to a destination.

OSI Security Services General description [ ] The following are considered to be the security services which can be provided optionally within the framework of the OSI Reference Model. The authentication services require authentication information comprising locally stored information and data that is transferred (credentials) to facilitate the authentication: Authentication These services provide for the authentication of a communicating peer entity and the source of data as described below. Peer entity authentication This service, when provided by the (N)-layer, provides corroboration to the (N + 1)-entity that the peer entity is the claimed (N + 1)-entity. This service, when provided by the (N)-layer, provides corroboration to an (N + 1)-entity that the source of the data is the claimed peer (N + 1)-entity. Access control This service provides protection against unauthorized use of resources accessible via OSI. These may be OSI or non-OSI resources accessed via OSI protocols. This protection service may be applied to various types of access to a resource (e.g., the use of a communications resource; the reading, the writing, or the deletion of an information resource; the execution of a processing resource) or to all accesses to a resource.

Data confidentiality These services provide for the protection of data from unauthorized disclosure as described below Connection confidentiality This service provides for the confidentiality of all (N)-user-data on an (N)-connection Connectionless confidentiality This service provides for the confidentiality of all (N)-user-data in a single connectionless (N)-SDU Selective field confidentiality This service provides for the confidentiality of selected fields within the (N)-user-data on an (N)-connection or in a single connectionless (N)-SDU. Traffic flow confidentiality This service provides for the protection of the information which might be derived from observation of traffic flows. Data integrity These services counter active and may take one of the forms described below. Connection integrity with recovery This service provides for the integrity of all (N)-user-data on an (N)-connection and detects any modification, insertion, deletion or replay of any data within an entire SDU sequence (with recovery attempted). Connection integrity without recovery As for the previous one but with no recovery attempted. Selective field connection integrity This service provides for the integrity of selected fields within the (N)-user data of an (N)-SDU transferred over a connection and takes the form of determination of whether the selected fields have been modified, inserted, deleted or replayed. Connectionless integrity This service, when provided by the (N)-layer, provides integrity assurance to the requesting (N + 1)-entity.

Comment Telecharger Jeux Nintendo Dsi Xl Gratuitous Definition. This service provides for the integrity of a single connectionless SDU and may take the form of determination of whether a received SDU has been modified. Additionally, a limited form of detection of replay may be provided. Selective field connectionless integrity This service provides for the integrity of selected fields within a single connectionless SDU and takes the form of determination of whether the selected fields have been modified. Non-repudiation This service may take one or both of two forms. Non-repudiation with proof of origin The recipient of data is provided with proof of the origin of data.

This will protect against any attempt by the sender to falsely deny sending the data or its contents. Non-repudiation with proof of delivery The sender of data is provided with proof of delivery of data. This will protect against any subsequent attempt by the recipient to falsely deny receiving the data or its contents. Specific security mechanisms [ ] The security services may be provided by means of security mechanism: • Encipherment • • • • Authentication exchange • • • Notarization The table1/X.800 shows the relationships between services and mechanisms Illustration of relationship of security services and mechanisms Service Mechanism Encipherment Digital signature Access control Data integrity Authentication exchange Traffic padding Routing control Notarization Peer entity authentication Y Y Y Data origin authentication Y Y Access control service Y Connection confidentiality Y. Y Connectionless confidentiality Y Y Selective field confidentiality Y Traffic flow confidentiality Y Y Y Connection Integrity with recovery Y Y Connection integritywithout recovery Y Y Selective field connection integrity Y Y Connectionless integrity Y Y Y Selective field connectionless integrity Y Y Y Non-repudiation. Origin Y Y Y Non-repudiation. Delivery Y Y Y Some of them can be applied to connection oriented protocols, other to connectionless protocols or both.

Scope and field of application This part of ISO 7498: a) provides a general description of security services and related mechanisms, which may be provided by the Reference Model; and b) defines the positions within the Reference Model where the services and mechanisms may be provided. This part of ISO 7498 extends the field of application of ISO 7498, to cover secure communications between open systems. Basic security services and mechanisms and their appropriate placement have been identified for all layers of the Basic Reference Model.

In addition, the architectural relationships of the security services and mechanisms to the Basic Reference Model have been identified. Additional security measures may be needed in endsystems, installations and organizations. These measures apply in various application contexts.

The definition of security services needed to support such additional security measures is outside the scope of this standard. OSI security functions are concerned only with those visible aspects of a communications path which permit end systems to achieve the secure transfer of information between them. OSI Security is not concerned with security measures needed in end systems, installations, and organizations, except where these have implications on the choice and position of security services visible in OSI. These latter aspects of security may be standardized but not within the scope of OSI standards.

This part of ISO 7498 adds to the concepts and principles defined in ISO 7498; it does not modify them. It is not an implementation specification, nor is it a basis for appraising the conformance of actual implementations.