ImageVerifierCode 换一换
格式:PDF , 页数:43 ,大小:2.41MB ,
资源ID:805764      下载积分:10000 积分
快捷下载
登录下载
邮箱/手机:
温馨提示:
如需开发票,请勿充值!快捷下载时,用户名和密码都是您填写的邮箱或者手机号,方便查询和重复下载(系统自动生成)。
如填写123,账号就是123,密码也是123。
特别说明:
请自助下载,系统不会自动发送文件的哦; 如果您已付费,想二次下载,请登录后访问:我的下载记录
支付方式: 支付宝扫码支付 微信扫码支付   
注意:如需开发票,请勿充值!
验证码:   换一换

加入VIP,免费下载
 

温馨提示:由于个人手机设置不同,如果发现不能下载,请复制以下地址【http://www.mydoc123.com/d-805764.html】到电脑端继续下载(重复下载不扣费)。

已注册用户请登录:
账号:
密码:
验证码:   换一换
  忘记密码?
三方登录: 微信登录  

下载须知

1: 本站所有资源如无特殊说明,都需要本地电脑安装OFFICE2007和PDF阅读器。
2: 试题试卷类文档,如果标题没有明确说明有答案则都视为没有答案,请知晓。
3: 文件的所有权益归上传用户所有。
4. 未经权益所有人同意不得将文件中的内容挪作商业或盈利用途。
5. 本站仅提供交流平台,并不能对任何下载内容负责。
6. 下载文件中如有侵权或不适当内容,请与我们联系,我们立即纠正。
7. 本站不保证下载资源的准确性、安全性和完整性, 同时也不承担用户因使用这些下载资源对自己和他人造成任何形式的伤害或损失。

版权提示 | 免责声明

本文(ITU-T X 812-1995 Information Technology - Open Systems Interconnection - Security Frameworks for Open Systems Access Control Framework - Data Networks and Open System Communication.pdf)为本站会员(boatfragile160)主动上传,麦多课文库仅提供信息存储空间,仅对用户上传内容的表现方式做保护处理,对上载内容本身不做任何修改或编辑。 若此文所含内容侵犯了您的版权或隐私,请立即通知麦多课文库(发送邮件至master@mydoc123.com或直接QQ联系客服),我们立即给予删除!

ITU-T X 812-1995 Information Technology - Open Systems Interconnection - Security Frameworks for Open Systems Access Control Framework - Data Networks and Open System Communication.pdf

1、ITU-T RECIN*X.BlZ 95 4862591 Ob13308 T50 a INTERNATIONAL TELECOMMUNICATION UNION ITU-T TELECOMMUNICATION STANDARDIZATION SECTOR OF ITU DATA NETWORKS AND OPEN SYSTEM COMMUNICATIONS SECURITY X.812 (1 1/95) INFORMATION TECHNOLOGY - OPEN SYSTEMS INTERCONNECTION - SECURITY FRAMEWORKS FOR OPEN SYSTEMS: AC

2、CESS CONTROL FRAMEWORK ITU-T Recommendation X.812 (Previously “CCITT Recommendation”) COPYRIGHT International Telecommunications Union/ITU TelecommunicationsLicensed by Information Handling ServicesITU-T RECNN*X*832 95 W 4862593 Ob33309 997 FOREWORD ITU (International Telecommunication Union) is the

3、 United Nations Specialized Agency in the field of telecommunications. The ITU Telecommunication Standardization Sector (ITU-T) is a permanent organ of the ITU. Some 179 member countries, 84 telecom operating entities, 145 scientific and industrial organizations and 38 international organizations pa

4、rticipate in ITU-T which is the body which sets world telecommunications standards (Recommendations). The approval of Recommendations by the Members of ITU-T is covered by the procedure laid down in WTSC Resolution No. 1 (Helsinki, 1993). In addition, the World Telecommunication Standardization Conf

5、erence (WTSC), which meets every four years, approves Recommendations submitted to it and establishes the study programme for the following period. In some areas of information technology which fall within ITU-Ts purview, the necessary standards are prepared on a collaborative basis with IS0 and IEC

6、. The text of ITU-T Recommendation X.812 was approved on 21st of November 1995. The identical text is also published as ISO/IEC International Standard 10181-3. NOTE In this Recommendation, the expression “Administration” is used for conciseness to indicate both a telecommunication administration and

7、 a recognized private operating agency. O ITU 1996 All rights reserved. No part of this publication may be reproduaced or utilized in any form or by any means, electronic or mechanical, including photocopying and microfilm, without permission in writing from the ITU. COPYRIGHT International Telecomm

8、unications Union/ITU TelecommunicationsLicensed by Information Handling ServicesITU-T X-SERIES RECOMMENDATIONS DATA NETWORKS AND OPEN SYSTEM COMMUNICATIONS (February 1994) ORGANIZATION OF X-SERIES RECOMMENDATIONS Subject area PUBLIC DATA NETWORKS Recommendation Series I Services and Facilities I X.1

9、-X. 19 I Interfaces Transmission, Signalling and Switching X.20-X.49 X.50-X.89 - Network Aspects Maintenance X.90-X. 149 X.150-X.179 I Model and Notation I x.200-x.209 I Administrative Arrangements OPEN SYSTEMS INTERCONNECTION I Service Definitions X.180-X.199 1 Connectionless-mode Protocol Specific

10、ations PICS Proformas - X.210-X.2 19 X.230-X.239- X.240-X.259 I Connection-mode Protocol Specifications I 1 Protocol Identification Security Protocols X.260-X.269 X.270-X.279 - - Conformance Testing INTERWORKING BETWEEN NETWORKS I Layer Managed Objects I X.280-X.289 I X.290-X.299 General Mobile Data

11、 Transmission Systems X.300-X.349 X.350-X.369 Management MESSAGE HANDLING SYSTEMS X.370-X.399 x.400-x.499 Networking I X.600-X. 649 I DIRECTORY OS1 NETWORKING AND SYSTEM ASPECTS x.500-x.599 Naming, Addressing and Registration Abstract Syntax Notation One (ASN. 1) X.650-X.679 X.680-X.699 OS1 MANAGEME

12、NT SECURITY OS1 APPLICATIONS X.700-X.799 X.800-X.849 Commitment, Concurrency and Recovery - - X.850-X.859 Remote Operations OPEN DISTRIBUTED PROCESSING X.880-X. 899 X.900-X.999 COPYRIGHT International Telecommunications Union/ITU TelecommunicationsLicensed by Information Handling Services ITU-T RECM

13、N*X.812 95 4862593 Ob13311 545 = 1 2 3 4 5 6 7 CONTENTS Scope Normative references . 2.1 Identical Recommendations I International Standards 2.2 Paired Recommendations I International Standards equivalent in technical content Definitions Abbreviations . General discussion of access control 5.1 Goal

14、of access control . 5.2 5.2.1 Performing access control functions . 5.2.2 Other access control activities . 5.2.3 AC1 forwarding . Basic aspects of access control . 5.3 Distribution of access control components . 5.3.1 Incoming access control 5.3.2 Outgoing access control 5.3.3 Interposed access con

15、trol Distribution of access control components across multiple security domains Threats to access control . Access control policies . Access control policy categories . 6.1.2 Groups and roles . 5.4 5.5 6.1 Access control policy expression 6.1.1 6.1.3 Security labels . 6.1.4 Multiple initiator access

16、 control policies 6.2.1 Fixed policies 6.2.2 Administratively-imposed policies . 6.2.3 User-selected policies . 6.4 Inheritance rules 6.5 Precedence among access control policy rules . 6.6 Default access control policy rules . 6.7 Policy mapping through cooperating security domains Access control in

17、formation and facilities . 6.2 Policy management . 6.3 Granularity and containment . 7.1 7.2 7.3 AC1 . 7.1.1 Initiator AC1 7.1.3 Access request AC1 . 7.1.4 Operand AC1 . 7.1.5 Contextual information . 7.1.6 Initiator-bound AC1 7.1.7 Target-bound AC1 . 7.1.8 Access request-bound AC1 . Protection of A

18、C1 7.2.1 Access control certificates 7.2.2 Access control tokens . Access control facilities 7.3.1 Management related facilities . 7.3.2 Operation related facilities 7.1.2 Target AC1 IW-T Rec . X.812 (1995 E) Page 1 2 2 2 2 4 4 4 5 5 7 8 9 10 10 10 10 10 11 11 11 11 11 12 12 12 12 12 12 12 13 13 13

19、13 13 14 14 14 14 14 15 15 15 15 15 16 16 16 17 1 COPYRIGHT International Telecommunications Union/ITU TelecommunicationsLicensed by Information Handling Services. ITU-T RECMN*X.812 75 = 48b2591 Ob13312 481 8 Classification of access control mechanisms . 8.1 8.2 8.3 8.4 8.5 Introduction . ACL scheme

20、 8.2.1 Basic features 8.2.2 AC1 8.2.3 Supporting mechanisms 8.2.4 Variations of this scheme Capability scheme . 8.3.1 Basic features 8.3.2 AC1 8.3.3 Supporting mechanisms 8.3.4 Variation of this scheme - Capabilities without specific operations Label based scheme 8.4.1 Basic features 8.4.2 AC1 8.4.3

21、 Supporting mechanisms 8.4.4 Labeled channels as targets . Context based scheme . 8.5.1 Basic features 8.5.2 ACX 8.5.3 Supporting mechanisms 8.5.4 Variations of this scheme 9 Interaction with other security services and mechanisms 9.1 Authentication . 9.2 Data integrity 9.3 Data confidentiality . 9.

22、4 Audit . 9.5 Other access-related services Annex A - Exchange of access control certificates among components . A.l Introduction . A.2 Forwarding access control certificates A.3 Forwarding multiple access control certificates A.3.1 Example A.3.2 Generalization . A.3.3 Simplifications Annex B - Acce

23、ss control in the OS1 reference model B.l General B.2 Use of access control within the OS1 layers B.2.1 Use of access control at the network layer B.2.2 Use of access control at the transport layer . B.2.3 Use of access control at the application layer . Annex C - Non-uniqueness of access control id

24、entities Annex D - Distribution of access control components D.l Aspects considered D.2 AEC and ADC locations . D.3 Interactions among access control components Annex E - Rule-based versus identity-based policies Annex F - A mechanism to support AC1 forwarding through an initiator . Annex G - Access

25、 control security service outline 11 ITU-T Rec . X.812 (1995 E) Page 19 19 20 20 20 20 21 22 22 22 22 22 23 23 23 23 24 24 24 25 25 25 25 25 25 26 26 26 27 27 27 27 27 28 28 29 29 29 29 29 29 30 31 31 31 32 34 35 36 COPYRIGHT International Telecommunications Union/ITU TelecommunicationsLicensed by I

26、nformation Handling ServicesITU-T RECMN*X.BLZ 95 = YBb2591 Ob13313 318 Summary This Recommendation I International Standard defines a general framework for the provision of access control. The primary goal of access control is to counter the threat of unauthorized operations involving a computer or

27、communications system; these threats are frequently subdivided into classes known as unauthorized use, disclosure, modification, destruction and denial of service. ITU-T Rec. X.812 (1995 E) iii COPYRIGHT International Telecommunications Union/ITU TelecommunicationsLicensed by Information Handling Se

28、rvicesITU-T RECMNxX.812 95 m 4862591 Ob13314 254 COPYRIGHT International Telecommunications Union/ITU TelecommunicationsLicensed by Information Handling ServicesISO/IEC 10181-3 : 1996 (E) INTERNATIONAL STANDARD ITU-T RECOMMENDATION INFORMATION TECHNOLOGY - OPEN SYSTEMS INTERCONNECTION - SECURITY FRA

29、MEWORKS FOR OPEN SYSTEMS: ACCESS CONTROL FRAMEWORK 1 Scope The Security Frameworks are intended to address the application of security services in an Open Systems environment, where the term Open Systems is taken to include areas such as Database, Distributed Applications, ODP and OSI. The Security

30、Frameworks are concerned with defining the means of providing protection for systems and objects within systems, and with the interactions between systems. The Security Frameworks are not concerned with the methodology for constructing systems or mechanisms. The Security Frameworks address both data

31、 elements and sequences of operations (but not protocol elements) that are used to obtain specific security services. These security services may apply to the communicating entities of systems as well as to data exchanged between systems, and to data managed by systems. In the case of Access Control

32、, accesses may either be lo a system (Le. to an entity that is the communicating part of a system) or within a system. The information items that need to be presented to obtain the access, as well as the sequence of operations to request the access and for notification of the results of the access,

33、are considered to be within the scope of the Security Frameworks. However, any information items and operations that are dependent solely on a particular application and that are strictly concerned with local access within a system are considered to be outside the scope of the Security Frameworks. M

34、any applications have requirements for security to protect against threats to resources, including information, resulting from the interconnection of Open Systems. Some commonly known threats, together with the security services and mechanisms that can be used to protect against them, in an OS1 envi

35、ronment, are described in CCIT Rec. X.800 I The process of determining which uses of resources within an Open System environment are permitted and, where appropriate, preventing unauthorized access is called access control. This Recommendation I International Standard defines a general framework for

36、 the provision of access control services. This Security Framework: IS0 7498-2. a) b) c) d) e) f) defines the basic concepts for access control; demonstrates the manner in which the basic concepts of access control can be specialized to support some commonly recognized access control services and me

37、chanisms; defines these services and corresponding access control mechanisms; identifies functional requirements for protocols to support these access control services and mechanisms; identifies management requirements to support these access control services and mechanisms; addresses the interactio

38、n of access control services and mechanisms with other security services and mechanisms. As with other security services, access control can be provided only within the context of a defined security policy for a particular application. The definition of access control policies is outside the scope o

39、f this Recommendation I International Standard, however, some characteristics of access control policies are discussed. It is not a matter for this Recommendation I International Standard to specify details of the protocol exchanges which may need to be performed in order to provide access control s

40、ervices. This Recommendation I International Standard does not specify particular mechanisms to support these access control services nor the details of security management services and protocols. ITU-T Rec. X.812 (1995 E) 1 COPYRIGHT International Telecommunications Union/ITU TelecommunicationsLice

41、nsed by Information Handling ServicesISO/IEC 10181-3 : 1996 (E) A number of different types of standard can use this framework including: a) b) c) d) e) standards that incorporate the concept of access control; standards that specify abstract services that include access control; standards that spec

42、ify uses of an access control service; standards that specify the means of providing access control within an Open System environment; and standards that specify access control mechanisms. Such standards can use this framework as follows: - - - standard types a, b, c, d, and e can use the terminolog

43、y of this framework; standard types b, c, d, and e can use the facilities defined in clause 7 of this framework; and standard type e can be based upon the classes of mechanism defined in clause 8. 2 Normative references The following Recommendations and International Standards contain provisions, wh

44、ich through reference in this text, constitute provisions of this Recommendation I International Standard. At the time of publication, the editions indicated were valid. All Recommendations and Standards are subject to revision, and parties to agreements based on this Recommendation I International

45、Standard are encouraged to investigate the possibility of applying the most recent edition of the Recommendations and Standards listed below. Members of IEC and IS0 maintain registers of currently valid International Standards. The Telecommunication Standardization Bureau of the ITU maintains a list

46、 of currently valid ITU-T Recommendations. 2.1 Identical Recommendations I International Standards - IT-T Recommendation X.200 (1994) I ISO/IEC 7498-1:1994, Information technology - Open Systems Interconnection - Basic Reference Model: The Basic Model. ITU-T Recommendation X.810 (1995) I ISO/IEC 101

47、81-1:1996, Information technology - Open Systems Interconnection - Security frameworks for open systems: Overview. IT-T Recommendation X.81 l(1995) I ISO/IEC 10181-2: 1996, Informafion technology - Open Systems Interconnection - Security frameworks for open systems: Authentication framework. IT-T Re

48、commendation X.880 (1994) I ISO/IEC 13712-1: 1995, Information technology - Remote Operations: Concepts model and notation. - - - 2.2 Paired Recommendations I International Standards equivalent in technical content - CCIT Recommendation X.800 (199 1), Security Architecture for Open Systems Interconn

49、ection for CCITT applications. IS0 7498-2: 1989, Information processing systems - Open Systems Interconnection - Basic Reference Model - Part 2: Security Architecture. 3 Definitions For the purposes of this Recommendation I International Standard, the following definitions apply. 3.1 Rec. X.800 I IS0 7498-2: This Recommendation I International Standard makes use of the following terms defined in a) access control; b) access control list; c) accountability; d) authentication; e) authentication information; f) authorization; C

copyright@ 2008-2019 麦多课文库(www.mydoc123.com)网站版权所有
备案/许可证编号:苏ICP备17064731号-1