1、BRITISH STANDARD BS ISO/IEC 10181-1:1996 Information technology Open Systems Interconnection Security frameworks for open systems: Overview (ITU-T Rec. X.810 (1995) | ISO/IEC 10181-1:1996) ICS 35.100.01BS ISO/IEC 10181-1:1996 This British Standard, having been prepared under the direction of the DIS
2、C Board, was published under the authority of the Standards Board and comes into effect on 15 November 1996 BSI 10-1998 ISBN 0 580 26520 X National foreword This British Standard reproduces verbatim ISO/IEC 10181:1996, and implements it as the UK national standard. The UK participation in its prepar
3、ation was entrusted to Technical Committee IST/21, Open Systems Interconnection, Data Management and Open Distributed Processing, which has the responsibility to: aid enquirers to understand the text; present to the responsible international/European committee any enquiries on the interpretation, or
4、 proposals for change, and keep the UK interests informed; monitor related international and European developments and promulgate them in the UK. A list of organizations represented on this committee is available on request. Cross-references The British Standards which implement international or Eur
5、opean publications referred to in this document may be found in the BSI Standards Catalogue under the section entitled “International Standards Correspondence Index”, or using the “Find” facility of the BSI Standards Electronic Catalogue. A British Standard does not purport to include all the necess
6、ary provisions of a contract. Users of British Standards are responsible for their correct application. Compliance with a British Standard does not of itself confer immunity from legal obligations. Summary of pages This document comprises a front cover, an inside front cover, the ISO/IEC title page,
7、 pages ii to iv, pages 1 to 17 and a back cover. This standard has been updated (see copyright date) and may have had amendments incorporated. This will be indicated in the amendment table on theinside front cover. Amendments issued since publication Amd. No. Date CommentsBS ISO/IEC 10181-1:1996 ii
8、BSI 10-1998 Contents Page Foreword iv Introduction 1 1 Scope 1 2 Normative references 1 2.1 Identical Recommendations|International Standards 1 2.2 Paired Recommendations|International Standards equivalent in technical content 1 3 Definitions 1 3.1 Basic Reference Model definitions 1 3.2 Security ar
9、chitecture definitions 2 3.3 Additional definitions 2 4 Abbreviations 4 5 Notation 4 6 Organization 4 6.1 Part 1 Overview 4 6.2 Part 2 Authentication 4 6.3 Part 3 Access control 4 6.4 Part 4 Non-repudiation 5 6.5 Part 5 Confidentiality 5 6.6 Part 6 Integrity 5 6.7 Part 7 Security audit and alarms 5
10、6.8 Key management 5 7 Common concepts 6 7.1 Security information 6 7.2 Security domain 6 7.2.1 Security policy and security policy rules 6 7.2.2 Security domain authority 7 7.2.3 Inter-relationships among security domains 7 7.2.4 Establishment of secure interaction rules 7 7.2.5 Inter-domain securi
11、ty information transfer 8 7.3 Security policy considerations for specific security services 8 7.4 Trusted entities 8 7.5 Trust 8 7.6 Trusted third parties 9 8 Generic security information 9 8.1 Security labels 9 8.2 Cryptographic checkvalues 9 8.3 Security certificates 10 8.3.1 Introduction to secur
12、ity certificates 10 8.3.2 Verification and chaining of security certificates 10 8.3.3 Revocation of security certificates 10 8.3.4 Re-use of security certificates 11 8.3.5 Security certificate structure 11 8.4 Security tokens 11 9 Generic security facilities 12 9.1 Management related facilities 12 9
13、.1.1 Install SI 12 9.1.2 Deinstall SI 12 9.1.3 Change SI 12 9.1.4 Validate SI 12BS ISO/IEC 10181-1:1996 BSI 10-1998 iii 9.1.5 Invalidate SI12 9.1.6 Disable/Re-enable security service 12 9.1.7 Enrol 12 9.1.8 Un-enrol 12 9.1.9 Distribute SI 12 9.1.10 List SI 12 9.2 Operational related facilities 12 9.
14、2.1 Identify trusted security authorities 12 9.2.2 Identify secure interaction rules 12 9.2.3 Acquire SI 13 9.2.4 Generate SI 13 9.2.5 Verify SI 13 10 Interactions between security mechanisms 13 11 Denial of service and availability 14 12 Other requirements 14 Annex A Some examples of protection mec
15、hanisms for security certificates 15 A.1 Protection using an OSI communications security service 15 A.2 Protection using a parameter within the security certificate 15 A.2.1 The authentication method 15 A.2.2 The secret key method 15 A.2.3 The public key method 15 A.2.4 The one-way function method 1
16、6 A.3 Protection of the internal and external parameters while in transit 16 A.3.1 Transfer of internal parameters to the issuing security authority 16 A.3.2 Transfer of external parameters among entities 16 A.4 Use of security certificates by single entities or by groups of entities 16 A.5 Linking
17、a security certificate with accesses 17 Annex B Bibliography 17BS ISO/IEC 10181-1:1996 iv BSI 10-1998 Foreword ISO (the International Organization for Standardization) and IEC (the International Electrotechnical Commission) form the specialized system for worldwide standardization. National bodies t
18、hat are members of ISO or IEC participate in the development of International Standards through technical committees established by the respective organization to deal with particular fields of technical activity. ISO and IEC technical committees collaborate in fields of mutual interest. Other inter
19、national organizations, governmental and non-governmental, in liaison with ISO and IEC, also take part in the work. In the field of information technology, ISO and IEC have established a joint technical committee, ISO/IEC JTC 1. Draft International Standards adopted by the joint technical committee
20、are circulated to national bodies for voting. Publication as an International Standard requires approval by at least 75 % of the national bodies casting a vote. International Standard ISO/IEC 10181-1 was prepared by Joint Technical Committee ISO/IEC JTC 1, Information technology, Subcommittee SC 21,
21、 Open systems interconnection, data management and open distributed processing, in collaboration with ITU-T. The identical text is published as ITU-T Recommendation X.810. ISO/IEC 10181 consists of the following parts, under the general title Information technology Open Systems Interconnection Secur
22、ity frameworks for open systems: Part 1: Overview; Part 2: Authentication framework; Part 3: Access control framework; Part 4: Non-repudiation framework; Part 5: Confidentiality framework; Part 6: Integrity framework; Part 7: Security audit and alarms framework. Annexes A and B of this part of ISO/I
23、EC 10181 are for information only.BS ISO/IEC 10181-1:1996 BSI 10-1998 1 Introduction Many applications have requirements for security to protect against threats to the communication of information. Some commonly known threats, together with the security services and mechanisms that can be used to pr
24、otect against them are described in CCITT Rec. X.800|ISO 7498-2. This Recommendation|International Standard defines the framework within which security services for open systems are specified. 1 Scope The security frameworks address the application of security services in an Open Systems environment
25、, where the term Open Systems is taken to include areas such as Database, Distributed Applications, ODP and OSI. The security frameworks are concerned with defining the means of providing protection for systems and objects within systems, and with the interactions between systems. The security frame
26、works are not concerned with the methodology for constructing systems or mechanisms. The security frameworks address both data elements and sequences of operations (but not protocol elements) which are used to obtain specific security services. These security services may apply to the communicating
27、entities of systems as well as to data exchanged between systems, and to data managed by systems. The security frameworks provide the basis for further standardization, providing consistent terminology and definitions of generic abstract service interfaces for specific security requirements. They al
28、so categorize the mechanisms that can be used to achieve those requirements. One security service frequently depends on other security services, making it difficult to isolate one part of security from the others. The security frameworks address particular security services, describe the range of me
29、chanisms that can be used to provide the security services, and identify interdependancies between the services and the mechanisms. The description of these mechanisms may involve a reliance on a different security service, and it is in this way that the security frameworks describe the reliance of
30、one security service on another. This part of the security frameworks: describes the organization of the security frameworks; defines security concepts which are required in more than one part of the security frameworks; describes the inter-relationship of the services and mechanisms identified in o
31、ther parts of the frameworks. 2 Normative references The following Recommendations and International Standards contain provisions, which through reference in this text, constitute provisions of this Recommendation|International Standard. At the time of publication, the editions indicated were valid.
32、 All Recommendations and Standards are subject to revision, and parties to agreements based on this Recommendation|International Standard are encouraged to investigate the possibility of applying the most recent edition of the Recommendations and Standards indicated below. Members of IEC and ISO mai
33、ntain registers of currently valid International Standards. The Telecommunication Standardization Bureau of the ITU maintains a list of currently valid ITU Recommendations. 2.1 Identical Recommendations|International Standards ITU-T Recommendation X.200 (1994)| ISO/IEC 7498-1:1994, Information techn
34、ology Open Systems Interconnection Basic Reference Model: The Basic Model. 2.2 Paired Recommendations | International Standards equivalent in technical content CCITT Recommendation X.800 (1991), Security architecture for Open Systems Interconnection for CCITT applications. ISO 7498-2:1989, Informati
35、on processing systems Open Systems Interconnection Basic Reference Model Part 2: Security Architecture. 3 Definitions The following definitions are used either in the overview or are common to two or more of the subsequent parts of the security frameworks. For the purposes of this Recommendation | I
36、nternational Standard, the following definitions apply. 3.1 basic reference model definitions this Recommendation|International Standard makes use of the following terms defined in ITU-T Rec. X.200|ISO/IEC 7498-1: (N)-layer; (N)-entity; (N)-protocol-data-unit; application process; real open system;
37、real system.BS ISO/IEC 10181-1:1996 2 BSI 10-1998 3.2 security architecture definitions this Recommendation|International Standard makes use of the following terms defined in CCITT Rec. X.800|ISO 7498-2: access control; availability; ciphertext; cryptographic checkvalue; decipherment; denial of serv
38、ice; digital signature; encipherment; insider threat; key; key management; plaintext; outsider threat; security audit; security label; security policy; sensitivity; threat. 3.3 Additional definitions For the purposes of this Recommendation | International Standard, the following definitions apply: 3
39、.3.1 asymmetric cryptographic algorithm an algorithm for performing encipherment or the corresponding decipherment in which the keys used for encipherment and decipherment differ NOTEWith some asymmetric cryptographic algorithms, decipherment of ciphertext or the generation of a digital signature re
40、quires the use of more than one private key. 3.3.2 certification authority an entity that is trusted (in the context of a security policy) to create security certificates containing one or more classes of security-relevant data 3.3.3 conditionally trusted entity an entity that is trusted in the cont
41、ext of a security policy, but which cannot violate the security policy without being detected 3.3.4 cryptographic chaining a mode of use of a cryptographic algorithm in which the transformation performed by the algorithm depends on the values of previous inputs or outputs 3.3.5 digital fingerprint a
42、 characteristic of a data item, such as a cryptographic checkvalue or the result of performing a one-way hash function on the data, that is sufficiently peculiar to the data item that it is computationally infeasible to find another data item that will possess the same characteristics 3.3.6 distingu
43、ishing identifier data that uniquely identifies an entity 3.3.7 hash function a (mathematical) function that maps values from a (possibly very) large set of values into a smaller range of values 3.3.8 one-way function a (mathematical) function that is easy to compute but, when knowing a result, it i
44、s computationally infeasible to find any of the values that may have been supplied to obtain it 3.3.9 one-way hash function a (mathematical) function that is both a one-way function and a hash function 3.3.10 private key a key that is used with an asymmetric cryptographic algorithm and whose possess
45、ion is restricted (usually to only one entity) 3.3.11 public key a key that is used with an asymmetric cryptographic algorithm and that can be made publicly available 3.3.12 revocation certificate a security certificate issued by a security authority to indicate that a particular security certificat
46、e has been revoked 3.3.13 revocation list certificate a security certificate that identifies a list of security certificates that have been revokedBS ISO/IEC 10181-1:1996 BSI 10-1998 3 3.3.14 seal a cryptographic checkvalue that supports integrity but does not protect against forgery by the recipien
47、t (i.e. it does not provide non-repudiation). When a seal is associated with a data element, that data element is said to be sealed NOTEAlthough a seal does not by itself provide non-repudiation, some non-repudiation mechanisms make use of the integrity service provided by seals, e.g. to protect com
48、munications with trusted third parties. 3.3.15 secret key a key that is used with a symmetric cryptographic algorithm. Possession of a secret key is restricted (usually to two entities) 3.3.16 security administrator a person who is responsible for the definition or enforcement of one or more parts o
49、f a security policy 3.3.17 security authority an entity that is responsible for the definition, implementation or enforcement of security policy 3.3.18 security certificate a set of security-relevant data issued by a security authority or trusted third party, together with security information which is used to provide the integrity and data origin authentication services for the data NOTEAll certificates are deemed to be security certificates (see the relevant definitio