ImageVerifierCode 换一换
格式:PDF , 页数:31 ,大小:2.33MB ,
资源ID:590201      下载积分:10000 积分
快捷下载
登录下载
邮箱/手机:
温馨提示:
如需开发票,请勿充值!快捷下载时,用户名和密码都是您填写的邮箱或者手机号,方便查询和重复下载(系统自动生成)。
如填写123,账号就是123,密码也是123。
特别说明:
请自助下载,系统不会自动发送文件的哦; 如果您已付费,想二次下载,请登录后访问:我的下载记录
支付方式: 支付宝扫码支付 微信扫码支付   
注意:如需开发票,请勿充值!
验证码:   换一换

加入VIP,免费下载
 

温馨提示:由于个人手机设置不同,如果发现不能下载,请复制以下地址【http://www.mydoc123.com/d-590201.html】到电脑端继续下载(重复下载不扣费)。

已注册用户请登录:
账号:
密码:
验证码:   换一换
  忘记密码?
三方登录: 微信登录  

下载须知

1: 本站所有资源如无特殊说明,都需要本地电脑安装OFFICE2007和PDF阅读器。
2: 试题试卷类文档,如果标题没有明确说明有答案则都视为没有答案,请知晓。
3: 文件的所有权益归上传用户所有。
4. 未经权益所有人同意不得将文件中的内容挪作商业或盈利用途。
5. 本站仅提供交流平台,并不能对任何下载内容负责。
6. 下载文件中如有侵权或不适当内容,请与我们联系,我们立即纠正。
7. 本站不保证下载资源的准确性、安全性和完整性, 同时也不承担用户因使用这些下载资源对自己和他人造成任何形式的伤害或损失。

版权提示 | 免责声明

本文(CAN CSA-ISO IEC 10181-1-2000 Information technology - Open Systems Interconnection - Security frameworks for open systems Overview.pdf)为本站会员(registerpick115)主动上传,麦多课文库仅提供信息存储空间,仅对用户上传内容的表现方式做保护处理,对上载内容本身不做任何修改或编辑。 若此文所含内容侵犯了您的版权或隐私,请立即通知麦多课文库(发送邮件至master@mydoc123.com或直接QQ联系客服),我们立即给予删除!

CAN CSA-ISO IEC 10181-1-2000 Information technology - Open Systems Interconnection - Security frameworks for open systems Overview.pdf

1、CSA I NTE RNAT IO N A1 / 1 National Standard of Canada CAN/CSA-ISODEC 10181-1-00 (ISO/IEC 10181-1 :1996) International Standard ISO/IEC 10181-1:1996 (first edition 1996-08-01) has been adopted without modification as CSA Standard CAN/CSA-ISO/IEC 10181-1-00, which has been approved as a National Stan

2、dard of Canada by the Standards Council of Canada. ISBN 1-55324-090-1 March 2000 Information technology - Open Systems Interconnection - Security frameworks for open systems: Overview (Reaff i r med 2004) Technologies de Iin formation - lnterconnexiun de s ystgrnes ouverts (OS,) - Cadre pour fa s8cu

3、rit6 dans les s yst this remains the continuing responsibility of the accredited standards-development organization. Those who have a need to apply standards are encouraged to use National Standards of Canada whenever practicable. These standards are subject to periodic review; therefore, users are

4、cautioned to obtain the latest edition from the organization preparing the standard. The responsibility for approving National Standards of Canada rests with the Standards Council of Canada 45 OConnor Street, Suite 1200 Ottawa, Ontario, K1 P 6N7 Canada A National Standard of Canada is a standard whi

5、ch CSA INTERNATIONAL c . Les normes nationales du Canada sont publi6es en versions frangaise et anglaise. Although the intended primary application of this Standard is stated in its Scope, it is important to note that it remains the responsibility of the users to judge its suitability for their part

6、icular purpose. lnformation technology - Open Systems Interconnection - Security frameworks for open systems: Overview CAN/CSA-150/1EC 7 0 78 7 - 7-00 CAN/CSA-ISO/IEC 101 81 -1 -00 Information technology - Open Systems Interconnection - Security tkmwworks for open systems: Overview CSA Preface Stand

7、ards development within the Information Technology sector is harmonized with international standards development. Through the CSA Technical Committee on Information Technology (TCIT), Canadians serve as the Canadian Advisory Committee (CAC) on ISO/IEC Joint Technical Committee 7 on Information Techn

8、ology (ISO/IEC JTCI) for the Standards Councit of Canada (SCC), the IS0 member body for Canada and sponsor of the Canadian National Committee of the IEC. Also, as a member of the International Telecommunication Union (ITU), Canada participates in the International Telegraph and Telephone Consultativ

9、e Committee (ITU-T). This International Standard was reviewed by the CSA TClT under the jurisdiction of the Strategic Steering Committee on Information Technology and deemed acceptable for use in Canada. (A committee membership list is available on request from the CSA Project Manager.) From time to

10、 time, ISO/IEC may publish addenda, corrigenda, etc. The CSA TClT will review these documents for approval and publication. For a listing, refer to the CSA Information Products catalogue or CSA Info Update or contact a CSA Sales representative. This Standard has been formatly approved, without modif

11、ication, by these Committees and has been approved as a National Standard of Canada by the Standards Council of Canada. March 2000 0 CSA International - 2000 All rights reserved. No part of this publication may be reproduced in any form whatsoever without the prior permission of the publisher. lSO/C

12、 material is reprinted with permission. Inquiries regording this National Standard of Canada should be addressed to CSA lnternationa/ 7 78 Rexdale Boulevard, Toronto, Ontario, M9W 1 R3. March 2000 CSA/I INTERNATIONAL STANDARD ISO/IEC 10181-1 First edition 1996-08-01 Information technology - Open Sys

13、tems Interconnection - Security frameworks for open systems: Overview Technologies de Iinformation - lnterconnexion de s ystgmes ouverts (OS11 - Cadre pour la s6curitd dam les s ystgmes ouverts: PrGsentation I Reference number ISO/IEC 10181-1 11 996(E) EO/IEC 1018 1- 1 1996(E) CONTENTS Page 1 2 3 7

14、8 scope Normative references . 2.1 Identical Recommendations I International Standards 2.2 Paired Recommendations I International Standards equivalent in technical content Definitions 3.1 Basic Reference Model definitions . 3.2 Security architecture definitions . 3.3 Additional definitions . Abbrevi

15、ations . Notation Organization . 6.1 6.2 6.3 6.4 6.5 6.6 6. 7 Part 7 - Security audit and alarms 6.8 Key management Part 1 - Overview . Part 2 - Authentication . Part 3 - Access control . Part 4 - Non-repudiation . Part 5 - Confidentiality . Part 6 - Integrity . Common concepts 7.1 Security informat

16、ion . 7.2 Security domain 7.2.1 Security policy and security policy rules 7.2.2 Secwity domain authority . 7.2.3 Inter-relationships among security domains . 7.2.4 Establishment of secure interaction rules 7.2.5 Interdomain security information transfer . Security policy considerations for specific

17、security services 7.3 7.4 Trusted entities 7.5 Trust 7.6 Trusted third parties 8.1 Security labels . 8.3 Security certificates . Verification and chaining of security certificates . Generic security information 8.2 Cryptographic checkvalues . Introduction to security certificates . Revocation of sec

18、urity certificates Re-use of security certificates . 8.3.1 8.3.2 8.3.3 8.3.4 8.3.5 Security certificate structure . 8.4 Security tokens 1 4 4 4 4 4 5 5 5 6 6 6 6 7 7 7 8 8 9 9 9 9 10 10 10 10 11 11 fl 12 12 12 12 13 0 ISO/IEC 1996 All rights reserved . Unless otherwise specified. no part of this pub

19、lication may be reproduced or utilized in any form or by any means. electronic or mechanical. including photocopying and micro- film. without permission in writing from the publisher . ISO/IEC Copyright Office Case postale 56 CH- 121 1 Genkve 20 Switzerland 0 ISO/IEC ISO/IEC 10181-1:1996(E) 9 10 11

20、12 Generic security facilities . 9.1 Management related facilities . 9.1.1 Install SI 9.1.2 Deinstall SI . . 9.1.3 Change SI 9.1.4 Validate SI 9.1.5 Invalidate SI 9.1.6 DisableRe-enable security service . 9.1.7 Enrol 9.1.8 Un-enrol 9.1.9 Distribute SI 9.1.10 List SI 9.2 Operational related facilitie

21、s . 9.2.1 Identify trusted security authorities . 9.2.2 Identify secure interaction Nles 9.2.3 Acquire SI . 9.2.4 Generate SI 9.2.5 Verify SI . Interactions between security mechanisms Denial of service and avaiIability . Other requirements . Annex A . Some examples of protection mechanisms for secu

22、rity certificates . Protection using a parameter within the security certificate . A.1 A.2 Protection using an OS1 communications security service . A.2.1 The authentication method A.2.2 The secret key method A.2.3 The public key method A.2.4 The one-way function method Protection of the inkmaI and

23、external parameters while in transit . A.3.1 A.3.2 Transfer of external parameters among entities Use of security certificates by single entities or by groups of entities Linking a security certificate with accesses A.3 Transfer of internal parameters to the issuing security authority A.4 AS Annex B

24、 . Bibliography . 13 13 13 13 13 14 14 14 14 14 14 14 14 14 14 14 14 15 15 15 16 17 17 17 17 17 18 18 18 18 18 19 19 20 . 111 0 ISOIIEC Foreword IS0 (the International Organization for Standardization) and IEC (the Inter- national Electrotechnical Commission) form the specialized system for worldwid

25、e standardization. National bodies that are members of IS0 or EC participate in the development of International Standards through technical committees established by the respective organization to deal with particular fields of technical activity. IS0 and IEC technicd committees collaborate in fiel

26、ds of mutual interest. Other internationaI organizations, governmental and non-governmental, in liaison with IS0 and EC, also take part in the work. In the field of information technology, IS0 and EC have established a joint technical committee, ISO/IEC JTC 1. Draft International Standards adopted b

27、y the joint technicaI committee are circulated to national bodies for voting. PubIication as an International Standard requires approval by at least 75 % of the national bodies casting a vote. International Standard ISOAEC 1018 1-1 was prepared by Joint Technical Com- mittee ISO/IEC JTC 1, Informati

28、on technology, Subcommittee SC 21, Open systems interconnection, datu management and open distributed processing, in collaboration with ITU-T. The identical text is published as ITU-T Recomrnen- dation X.810. ISO/IEC 1018 1 consists of the following parts, under the genera1 title Information technol

29、ogy - Open Systems Interconnection - Security frameworks for open systems: - Purr I: Overview - Part 2: Authentication framework - Part 3: Access control framework - Part 4: Nan-repudiation framework - Part 5: Condentiality framework - Part 6: Integrity framework - Annexes A and B of this part of IS

30、O/IEC 10181 are for information only. Part 7: Security audit and alarms framework iV 0 ISO/IEC ISO/IEC 10181- 1: 1996(E) Introduction Many applications have requirements for security to protect against threats to the communication of information. Some commonly known threats, together with the securi

31、ty services and mechanisms that can be used to protect against them are described in CCIIT Rec. X.800 I IS0 7498-2. This Recommendation I International Standard defines the framework within which security services for open systems are specified. V INTERNATIONAL STANDARD XTU-T RECOMMENDATION 1 INFORM

32、ATION TECHNOLOGY - OPEN SYSTEMS INTERCONNECTION - SECURITY FRAMEWORKS FOR OPEN SYSTEMS: OVERVIEW Scope The security frameworks address the application of security services in an Open Systems environment, where the term Upen Systems is taken to include areas such as Database, Distributed Applications

33、, ODP and OSI. The security frameworks are concerned with defining the means of providing protection for systems and objects within systems, and with the interactions between systems. The security frameworks are not concerned with the methodology for constructing systems or mechanisms. The security

34、frameworks address both data elements and sequences of operations (but not protocol elements) which are used to obtain specific security services. These security services may apply to the communicating entities of systems as well as to data exchanged between systems, and to data managed by systems.

35、The security frameworks provide the basis for further standardization, providing consistent terminology and definitions of generic abstract service interfaces for specific security requirements. They also categorize the mechanisms that can be used to achieve those requirements. One security service

36、frequently depends on other security services, making it difficult to isolate one part of security Erom the others. The security frameworks address particular security services, describe the range of mechanisms that can be used to provide the security services, and identify interdependancies between

37、 the services and the mechanisms. The description of these mechanisms may involve a reliance on a different security service, and it is in this way that the security frameworks describe the refiance of one security service on another. This part of the security frameworks: - describes the organizatio

38、n of the security frameworks; - - defines security concepts which are required in more than one part of the security frameworks; describes the inter-relationship of the services and mechanisms identified in other parts of the frameworks. 2 Normative references The following Recommendations and Inter

39、national Standards contain provisions, which through reference in this text, constitute provisions of this Recommendation I International Standard. At the time of publication, the editions indicated were vdid. A11 Recommendations and Standards are subject to revision, and parties to agreements based

40、 on this Recommendation I International Standard are encouraged to investigate the possibility of applying the most recent edition of the Recommendations and Standards indicated below. Members of EC and IS0 maintain registers of currently valid International Standards. The Telecommunication Standard

41、ization Bureau of the ITU maintains a list of currently valid ITU Recommendations. 2.1 2.2 Identical Recommendations I International Standards - ITU-T Recommendation X.200 (1994) 1 ISO/IEC 7498-1:1994, Infomtion technology - Open Systems Interconnection -Basic Reference Model: The Basic Model. Paire

42、d Recommendations I International Standards equivalent in technical content - CCI“ Recommendation X.800 (199I), Security architecture for Open Systems Interconnection for CCllT applications. IS0 7490-2: 1989, Infomtion processing systems - Open System Interconnection - Basic Reference Model - Part 2

43、: Security Architecture. ITU-T RE. X.810 (1995 E) 1 ISO/IEC 10181-1 : 1996 (E) 3 Definitions The following definitions are used either in the overview or are common to two or more of the subsequent parts of the security frameworks. For the purposes of this Recommendation I International Standard, th

44、e following definitions apply. 3.1 Basic Reference Model definitions This Recommendation I International Standard makes use of the following terms defined in ITU-T Rec. X.200 I ISO/EC 7498- 1: - 0-layer; - 0-entity; - (N)-protocol-data-unit; - application process; - red open system; - real system. 3

45、.2 Security architecture definitions This Recommendation I International Standard makes use of the following terms defined in CCI?T RE. X.800 1 IS0 7498-2: access control; availability; ciphertext; cryptographic checkvalue; decipherment; denial of service; digital signature; enciphennen t; insider t

46、hreat; key; key management; pIaintext ; outsider threat; security audit; security label; security poIicy; sensitivity; threat. 3.3 Additional definitions For the purposes of this Recommendation I International Standard, the following definitions apply: 33.1 decipherment in which the keys used for en

47、cipherment and decipherment differ. signature requires the use of more than one private key. 33.2 certificates containing one or more classes of security-relevant data. 33.3 violate the security policy without being detected. asymmetric cryptographic algorithm: An algorithm for performing encipherme

48、nt or the corresponding NOTE - With some asymmetric cryptographic algorithms, decipherment of ciphertext or the generation of a digital certification authority: An entity that is trusted (in the context of a security policy) to create security conditionally trusted entity: An entity that is trusted

49、in the context of a security policy, but which cannot 2 ITU-T RHL X.810 (1995 E) ISO/IEC 10181-1 : 1996 (E) 33.4 cryptographic chaining: A mode of use of a cryptographic algorithm in which the transformation performed by the algorithm depends on the values of previous inputs or outputs. 33.5 digital fmgerprint: A characteristic of a data item, such as a cryptographic checkvalue or the result of performing a one-way hash function on the data, that is sufficiently peculiar to the data item that it is computationally infeasible to find another data item that will possess the same charact

copyright@ 2008-2019 麦多课文库(www.mydoc123.com)网站版权所有
备案/许可证编号:苏ICP备17064731号-1