ImageVerifierCode 换一换
格式:PDF , 页数:24 ,大小:1,022KB ,
资源ID:396180      下载积分:5000 积分
快捷下载
登录下载
邮箱/手机:
温馨提示:
如需开发票,请勿充值!快捷下载时,用户名和密码都是您填写的邮箱或者手机号,方便查询和重复下载(系统自动生成)。
如填写123,账号就是123,密码也是123。
特别说明:
请自助下载,系统不会自动发送文件的哦; 如果您已付费,想二次下载,请登录后访问:我的下载记录
支付方式: 支付宝扫码支付 微信扫码支付   
注意:如需开发票,请勿充值!
验证码:   换一换

加入VIP,免费下载
 

温馨提示:由于个人手机设置不同,如果发现不能下载,请复制以下地址【http://www.mydoc123.com/d-396180.html】到电脑端继续下载(重复下载不扣费)。

已注册用户请登录:
账号:
密码:
验证码:   换一换
  忘记密码?
三方登录: 微信登录  

下载须知

1: 本站所有资源如无特殊说明,都需要本地电脑安装OFFICE2007和PDF阅读器。
2: 试题试卷类文档,如果标题没有明确说明有答案则都视为没有答案,请知晓。
3: 文件的所有权益归上传用户所有。
4. 未经权益所有人同意不得将文件中的内容挪作商业或盈利用途。
5. 本站仅提供交流平台,并不能对任何下载内容负责。
6. 下载文件中如有侵权或不适当内容,请与我们联系,我们立即纠正。
7. 本站不保证下载资源的准确性、安全性和完整性, 同时也不承担用户因使用这些下载资源对自己和他人造成任何形式的伤害或损失。

版权提示 | 免责声明

本文(BS ISO IEC 10181-1-1996 Information technology - Open systems interconnection - Security frameworks for open systems - Overview《信息技术 开放式系统互连 开放式系统的安全框架 第1部分 综述》.pdf)为本站会员(registerpick115)主动上传,麦多课文库仅提供信息存储空间,仅对用户上传内容的表现方式做保护处理,对上载内容本身不做任何修改或编辑。 若此文所含内容侵犯了您的版权或隐私,请立即通知麦多课文库(发送邮件至master@mydoc123.com或直接QQ联系客服),我们立即给予删除!

BS ISO IEC 10181-1-1996 Information technology - Open systems interconnection - Security frameworks for open systems - Overview《信息技术 开放式系统互连 开放式系统的安全框架 第1部分 综述》.pdf

1、BRITISH STANDARD BS ISO/IEC 10181-1:1996 Information technology Open Systems Interconnection Security frameworks for open systems: Overview (ITU-T Rec. X.810 (1995) | ISO/IEC 10181-1:1996) ICS 35.100.01BS ISO/IEC 10181-1:1996 This British Standard, having been prepared under the direction of the DIS

2、C Board, was published under the authority of the Standards Board and comes into effect on 15 November 1996 BSI 10-1998 ISBN 0 580 26520 X National foreword This British Standard reproduces verbatim ISO/IEC 10181:1996, and implements it as the UK national standard. The UK participation in its prepar

3、ation was entrusted to Technical Committee IST/21, Open Systems Interconnection, Data Management and Open Distributed Processing, which has the responsibility to: aid enquirers to understand the text; present to the responsible international/European committee any enquiries on the interpretation, or

4、 proposals for change, and keep the UK interests informed; monitor related international and European developments and promulgate them in the UK. A list of organizations represented on this committee is available on request. Cross-references The British Standards which implement international or Eur

5、opean publications referred to in this document may be found in the BSI Standards Catalogue under the section entitled “International Standards Correspondence Index”, or using the “Find” facility of the BSI Standards Electronic Catalogue. A British Standard does not purport to include all the necess

6、ary provisions of a contract. Users of British Standards are responsible for their correct application. Compliance with a British Standard does not of itself confer immunity from legal obligations. Summary of pages This document comprises a front cover, an inside front cover, the ISO/IEC title page,

7、 pages ii to iv, pages 1 to 17 and a back cover. This standard has been updated (see copyright date) and may have had amendments incorporated. This will be indicated in the amendment table on theinside front cover. Amendments issued since publication Amd. No. Date CommentsBS ISO/IEC 10181-1:1996 ii

8、BSI 10-1998 Contents Page Foreword iv Introduction 1 1 Scope 1 2 Normative references 1 2.1 Identical Recommendations|International Standards 1 2.2 Paired Recommendations|International Standards equivalent in technical content 1 3 Definitions 1 3.1 Basic Reference Model definitions 1 3.2 Security ar

9、chitecture definitions 2 3.3 Additional definitions 2 4 Abbreviations 4 5 Notation 4 6 Organization 4 6.1 Part 1 Overview 4 6.2 Part 2 Authentication 4 6.3 Part 3 Access control 4 6.4 Part 4 Non-repudiation 5 6.5 Part 5 Confidentiality 5 6.6 Part 6 Integrity 5 6.7 Part 7 Security audit and alarms 5

10、6.8 Key management 5 7 Common concepts 6 7.1 Security information 6 7.2 Security domain 6 7.2.1 Security policy and security policy rules 6 7.2.2 Security domain authority 7 7.2.3 Inter-relationships among security domains 7 7.2.4 Establishment of secure interaction rules 7 7.2.5 Inter-domain securi

11、ty information transfer 8 7.3 Security policy considerations for specific security services 8 7.4 Trusted entities 8 7.5 Trust 8 7.6 Trusted third parties 9 8 Generic security information 9 8.1 Security labels 9 8.2 Cryptographic checkvalues 9 8.3 Security certificates 10 8.3.1 Introduction to secur

12、ity certificates 10 8.3.2 Verification and chaining of security certificates 10 8.3.3 Revocation of security certificates 10 8.3.4 Re-use of security certificates 11 8.3.5 Security certificate structure 11 8.4 Security tokens 11 9 Generic security facilities 12 9.1 Management related facilities 12 9

13、.1.1 Install SI 12 9.1.2 Deinstall SI 12 9.1.3 Change SI 12 9.1.4 Validate SI 12BS ISO/IEC 10181-1:1996 BSI 10-1998 iii 9.1.5 Invalidate SI12 9.1.6 Disable/Re-enable security service 12 9.1.7 Enrol 12 9.1.8 Un-enrol 12 9.1.9 Distribute SI 12 9.1.10 List SI 12 9.2 Operational related facilities 12 9.

14、2.1 Identify trusted security authorities 12 9.2.2 Identify secure interaction rules 12 9.2.3 Acquire SI 13 9.2.4 Generate SI 13 9.2.5 Verify SI 13 10 Interactions between security mechanisms 13 11 Denial of service and availability 14 12 Other requirements 14 Annex A Some examples of protection mec

15、hanisms for security certificates 15 A.1 Protection using an OSI communications security service 15 A.2 Protection using a parameter within the security certificate 15 A.2.1 The authentication method 15 A.2.2 The secret key method 15 A.2.3 The public key method 15 A.2.4 The one-way function method 1

16、6 A.3 Protection of the internal and external parameters while in transit 16 A.3.1 Transfer of internal parameters to the issuing security authority 16 A.3.2 Transfer of external parameters among entities 16 A.4 Use of security certificates by single entities or by groups of entities 16 A.5 Linking

17、a security certificate with accesses 17 Annex B Bibliography 17BS ISO/IEC 10181-1:1996 iv BSI 10-1998 Foreword ISO (the International Organization for Standardization) and IEC (the International Electrotechnical Commission) form the specialized system for worldwide standardization. National bodies t

18、hat are members of ISO or IEC participate in the development of International Standards through technical committees established by the respective organization to deal with particular fields of technical activity. ISO and IEC technical committees collaborate in fields of mutual interest. Other inter

19、national organizations, governmental and non-governmental, in liaison with ISO and IEC, also take part in the work. In the field of information technology, ISO and IEC have established a joint technical committee, ISO/IEC JTC 1. Draft International Standards adopted by the joint technical committee

20、are circulated to national bodies for voting. Publication as an International Standard requires approval by at least 75 % of the national bodies casting a vote. International Standard ISO/IEC 10181-1 was prepared by Joint Technical Committee ISO/IEC JTC 1, Information technology, Subcommittee SC 21,

21、 Open systems interconnection, data management and open distributed processing, in collaboration with ITU-T. The identical text is published as ITU-T Recommendation X.810. ISO/IEC 10181 consists of the following parts, under the general title Information technology Open Systems Interconnection Secur

22、ity frameworks for open systems: Part 1: Overview; Part 2: Authentication framework; Part 3: Access control framework; Part 4: Non-repudiation framework; Part 5: Confidentiality framework; Part 6: Integrity framework; Part 7: Security audit and alarms framework. Annexes A and B of this part of ISO/I

23、EC 10181 are for information only.BS ISO/IEC 10181-1:1996 BSI 10-1998 1 Introduction Many applications have requirements for security to protect against threats to the communication of information. Some commonly known threats, together with the security services and mechanisms that can be used to pr

24、otect against them are described in CCITT Rec. X.800|ISO 7498-2. This Recommendation|International Standard defines the framework within which security services for open systems are specified. 1 Scope The security frameworks address the application of security services in an Open Systems environment

25、, where the term Open Systems is taken to include areas such as Database, Distributed Applications, ODP and OSI. The security frameworks are concerned with defining the means of providing protection for systems and objects within systems, and with the interactions between systems. The security frame

26、works are not concerned with the methodology for constructing systems or mechanisms. The security frameworks address both data elements and sequences of operations (but not protocol elements) which are used to obtain specific security services. These security services may apply to the communicating

27、entities of systems as well as to data exchanged between systems, and to data managed by systems. The security frameworks provide the basis for further standardization, providing consistent terminology and definitions of generic abstract service interfaces for specific security requirements. They al

28、so categorize the mechanisms that can be used to achieve those requirements. One security service frequently depends on other security services, making it difficult to isolate one part of security from the others. The security frameworks address particular security services, describe the range of me

29、chanisms that can be used to provide the security services, and identify interdependancies between the services and the mechanisms. The description of these mechanisms may involve a reliance on a different security service, and it is in this way that the security frameworks describe the reliance of

30、one security service on another. This part of the security frameworks: describes the organization of the security frameworks; defines security concepts which are required in more than one part of the security frameworks; describes the inter-relationship of the services and mechanisms identified in o

31、ther parts of the frameworks. 2 Normative references The following Recommendations and International Standards contain provisions, which through reference in this text, constitute provisions of this Recommendation|International Standard. At the time of publication, the editions indicated were valid.

32、 All Recommendations and Standards are subject to revision, and parties to agreements based on this Recommendation|International Standard are encouraged to investigate the possibility of applying the most recent edition of the Recommendations and Standards indicated below. Members of IEC and ISO mai

33、ntain registers of currently valid International Standards. The Telecommunication Standardization Bureau of the ITU maintains a list of currently valid ITU Recommendations. 2.1 Identical Recommendations|International Standards ITU-T Recommendation X.200 (1994)| ISO/IEC 7498-1:1994, Information techn

34、ology Open Systems Interconnection Basic Reference Model: The Basic Model. 2.2 Paired Recommendations | International Standards equivalent in technical content CCITT Recommendation X.800 (1991), Security architecture for Open Systems Interconnection for CCITT applications. ISO 7498-2:1989, Informati

35、on processing systems Open Systems Interconnection Basic Reference Model Part 2: Security Architecture. 3 Definitions The following definitions are used either in the overview or are common to two or more of the subsequent parts of the security frameworks. For the purposes of this Recommendation | I

36、nternational Standard, the following definitions apply. 3.1 basic reference model definitions this Recommendation|International Standard makes use of the following terms defined in ITU-T Rec. X.200|ISO/IEC 7498-1: (N)-layer; (N)-entity; (N)-protocol-data-unit; application process; real open system;

37、real system.BS ISO/IEC 10181-1:1996 2 BSI 10-1998 3.2 security architecture definitions this Recommendation|International Standard makes use of the following terms defined in CCITT Rec. X.800|ISO 7498-2: access control; availability; ciphertext; cryptographic checkvalue; decipherment; denial of serv

38、ice; digital signature; encipherment; insider threat; key; key management; plaintext; outsider threat; security audit; security label; security policy; sensitivity; threat. 3.3 Additional definitions For the purposes of this Recommendation | International Standard, the following definitions apply: 3

39、.3.1 asymmetric cryptographic algorithm an algorithm for performing encipherment or the corresponding decipherment in which the keys used for encipherment and decipherment differ NOTEWith some asymmetric cryptographic algorithms, decipherment of ciphertext or the generation of a digital signature re

40、quires the use of more than one private key. 3.3.2 certification authority an entity that is trusted (in the context of a security policy) to create security certificates containing one or more classes of security-relevant data 3.3.3 conditionally trusted entity an entity that is trusted in the cont

41、ext of a security policy, but which cannot violate the security policy without being detected 3.3.4 cryptographic chaining a mode of use of a cryptographic algorithm in which the transformation performed by the algorithm depends on the values of previous inputs or outputs 3.3.5 digital fingerprint a

42、 characteristic of a data item, such as a cryptographic checkvalue or the result of performing a one-way hash function on the data, that is sufficiently peculiar to the data item that it is computationally infeasible to find another data item that will possess the same characteristics 3.3.6 distingu

43、ishing identifier data that uniquely identifies an entity 3.3.7 hash function a (mathematical) function that maps values from a (possibly very) large set of values into a smaller range of values 3.3.8 one-way function a (mathematical) function that is easy to compute but, when knowing a result, it i

44、s computationally infeasible to find any of the values that may have been supplied to obtain it 3.3.9 one-way hash function a (mathematical) function that is both a one-way function and a hash function 3.3.10 private key a key that is used with an asymmetric cryptographic algorithm and whose possess

45、ion is restricted (usually to only one entity) 3.3.11 public key a key that is used with an asymmetric cryptographic algorithm and that can be made publicly available 3.3.12 revocation certificate a security certificate issued by a security authority to indicate that a particular security certificat

46、e has been revoked 3.3.13 revocation list certificate a security certificate that identifies a list of security certificates that have been revokedBS ISO/IEC 10181-1:1996 BSI 10-1998 3 3.3.14 seal a cryptographic checkvalue that supports integrity but does not protect against forgery by the recipien

47、t (i.e. it does not provide non-repudiation). When a seal is associated with a data element, that data element is said to be sealed NOTEAlthough a seal does not by itself provide non-repudiation, some non-repudiation mechanisms make use of the integrity service provided by seals, e.g. to protect com

48、munications with trusted third parties. 3.3.15 secret key a key that is used with a symmetric cryptographic algorithm. Possession of a secret key is restricted (usually to two entities) 3.3.16 security administrator a person who is responsible for the definition or enforcement of one or more parts o

49、f a security policy 3.3.17 security authority an entity that is responsible for the definition, implementation or enforcement of security policy 3.3.18 security certificate a set of security-relevant data issued by a security authority or trusted third party, together with security information which is used to provide the integrity and data origin authentication services for the data NOTEAll certificates are deemed to be security certificates (see the relevant definitio

copyright@ 2008-2019 麦多课文库(www.mydoc123.com)网站版权所有
备案/许可证编号:苏ICP备17064731号-1