1、I NTERNAT I ONAL STANDARD ISO/IEC 10745 First edition 1995-08-1 5 (Reaffirmed 2004) Information technology - Open Systems Interconnection - Upper layers security model Technologies de Iinformation - Interconnexion de systkmes ouverts - Modele de and b) the utilization of these services and protocols
2、 to fulfil the security requirements of a wide variety of applications, so that the need for application-specific ASEs to contain internal security services is minimized. In particular, this Recommendation I International Standard specifies: a) b) the security aspects of communication in the upper l
3、ayers of 0%; the support in the upper layers of the security services defined in the OS1 Security Architecture and the Security Frameworks for Open Systems; c) the positioning of, and relationships among, security services and mechanisms in the upper layers, according to the guidelines of CCITT Rec.
4、 X.800 I IS0 7498-2 and ITU-T Rec. X.207 I ISOAEC 9545. the interactions among the upper layers, and interactions between the upper layers and the lower layers, in providing and using security services; d) e) the requirement for management of security information in the upper layers. 1.3 and mechani
5、sms for controlling access to OS1 resources and resources accessible via OSI. With respect to access control, the scope of this Recommendation I International Standard includes services 1.4 This Recommendation I International Standard does not include: a) definition of OS1 services or specification
6、of OS1 protocols; b) c) specification of security techniques and mechanisms, their operation, and their protocol requirements; or aspects of providing security which are not concerned with OS1 communications. 1.5 This Recommendation I International Standard is neither an implementation specification
7、 for systems nor a basis for appraising the conformance of implementations. NOTE - The scope of this Recommendation I International Standard includes security for connectionless applications and for distributed appIications (such as store-and-forward applications, chained applications, and applicati
8、ons acting on behalf of other applications). 2 Normative references The following Recommendations and International Standards contain provisions which, through reference in this text, constitute provisions of this Recommendation I International Standard. At the time of publication, the editions indi
9、cated were valid. All Recommendations and Standards are subject to revision, and entities to agreements based on this Recommendation I International Standard are encouraged to investigate the possibility of applying the most recent editions of the Recommendations and Standards listed below. Members
10、of IEC and IS0 maintain registers of currently valid International Standards. The Telecommunication Standardization Bureau of the ITU maintains a list of currently valid ITU-T Recommendations. ITU-T Rec. X.803 (1994 E) 1 ISO/IEC 10745 : 1995 (E) 2.1 Identical Recommendations I International Standard
11、s - ITU-T Recommendation X.207 (1993) I ISO/IEC 9545:1994, Information technology - Open Systems Interconnection - Application layer structure. ITU-T Recommendation X.811 l) (1993) I ISOflEC 10181-2 I, Information technology - Security frameworks in Open Systems: Authentication framework. ITU-T Reco
12、mmendation X.8 12l) (1993) I ISOflEC 1018 1-3 .!I, Information technology - Security frameworks in Open Systems: Access control framework. - - 2.2 Paired Recommendations I International Standards equivalent in technical content - CCITT Recommendation X.200 (19 1984/Corr. 1 : 1988, Information proces
13、sing systems - Open Systems Interconnection - Basic Reference Model. CCITT Recommendation X.2 16 (1 988), Presentation service defnition for open systems interconnection for CCIiT applications. IS0 8822: 1988, Information processing systems - Open Systems Interconnection - Connection oriented presen
14、tation service definition. - CCITT Recommendation X.217 (1988), Association control service definition for open systems interconnection for CCITT applications. IS0 8649: 1988, Information processing systems - Open Systems Interconnection - Service definition for the Association Control Service Eleme
15、nt. - CCITT Recommendation X.700 (1992), Management framework definition for Open Systems Interconnection for CCITT applications. ISOAEC 7498-4: 1989, Information processing systems - Open Systems Interconnection - Basic Reference Model - Part 4: Management framework. CCITT Recommendation X.800 (199
16、 l), Securzv architecture fur Open Systems Interconnection for CCITT applications. IS0 7498-2: 1989, Information processing systems - Open Systems Znlerconnection - Basic Reference Model -Part 2: Security architecture. - - Definitions 3.1 The following terms are used as defined in CCITT Rec. X.200 I
17、 IS0 7498: abstract syntax ; application-enti ty ; application-process; application-process-invocation; application-protocol-control-information; application-protocol-data-unit; local system environment; (N)-function ; (N)-relay ; open system; presentation context; presen tation-entity ; 1, Presentl
18、y at stage of draft. 2 ITU-T Rec. X.803 (1994 E) ISO/IEC 10745 : 1995 (E) m) real open system; n) 0) transfer syntax. The following terms are used as defined in CCITT Rec, X.800 I IS0 7498-2: a) access control; b) authentication; c) confidentiality; d) data integrity; e) data origin authentication;
19、f) decipherment; g) encipherment; h) key; s y s tem s-managemen t; 3.2 i) non-repudiation; j) notarization; k) 1) security audit; m) Security Management Information Base; n) security policy; 0) selective field protection; p) signature; q) traffic flow confidentiality; c) trusted functionality. The f
20、ollowing terms are used as defined in CCITT Rec. X.700 I ISO/IEC 7498-4: a) Management Information; b) OS1 Management. The following terms are used as defined in Rec. ETU-T Rec. X.207 I ISO/IEC 9545 a) application-association; b) application-context; c) application-en ti ty -invoc ation (AEI) ; d) a
21、pplication-service-element (ASE); e) ASE-type; f) application-service-object (ASO); g) ASO-association; h) ASO-context; i) ASO-invocation; j) ASO-type; k) control function (CF). The following term is used as defined in CCITT Rec. X.216 I IS0 8822: - presentation data value. The following terms are u
22、sed as defined in ITU-T Rec. X.811 I ISO/IEC 10181-2: a) authentication exchange; b) claim authentication information; c) claimant; peer-en ti ty authentic ation; 3.3 3.4 3.5 3.6 ITU-T Rec. X.803 (1994 E) 3 ISO/IEC 10745 : 1995 (E) d) exchange authentication information; e) entity authentication; f,
23、 principal; g) verification authentication information; f) verifier. 3.7 3.8 The following terms are used as defined in ITU-T Rec. X.812 I ISOAEC 10181-3: a) access control certificate; b) access control information. For the purposes of this Recommendation 1 International Standard, the following def
24、initions apply: association security state: Security state relating to a security association. protecting presentation context: A presentation context that associates a protecting transfer syntax with an abstract syntax. protecting transfer syntax: A transfer syntax based on encoding/decoding proces
25、ses that employ a security transformation. seal: A cryptographic check value that supports integrity but does not protect against forgery by the recipient (i.e. it does not support non-repudiation). security association: A relationship between two or more entities for which there exist attributes (s
26、tate information and rules) to govern the provision of security services involving those entities. security communication function: A function supporting the transfer of security-related information between open systems. security domain: A set of elements, a security policy, a security authority and
27、 a set of security relevant activities in which the set of elements are subject to the security policy, administered by the security authority, for the specified activities. security exchange: A transfer or sequence of transfers of application-protocol-control-information between open systems as par
28、t of the operation of one or more security mechanisms. security exchange item: A logically-distinct piece of information corresponding to a single transfer (in a sequence of transfers) in a security exchange. security exchange function: A security communication function, located in the Application L
29、ayer, that provides the means for communicating security information between AE-invocations. secure interaction rules: Common aspects of the rules necessary in order for interactions to take place between security domains. security state: State information that is held in an open system and that is
30、required for the provision of security services. system security function: A capability of an open system to perform security-related processing. system security object: An object that represents a set of related system security functions. security transformation: A set of functions (system security
31、 functions and security communication functions) which, in combination, operate upon user data items to protect those data items in a particular way during communication or storage. NOTE - Specifications of system security functions and system security object are not part of OS1 layer service defini
32、tions or protocol specifications. 4 Abbreviations For the purposes of this Recommendation I International Standard, the following abbreviations apply: ACSE Association control service element AE Application-entity AEI Application-entity-invocation 4 ITU-T Rec. X.803 (1994 E ISO/IEC 10745 : 1995 (E)
33、5 ASE ASN. 1 AS0 CF FTAM os1 PE PEI PDV SEI sso Application-service-element Abstract Syntax Notation One Application-service-object Control function File transfer, access and management Open Systems Interconnection Presentation-entity Presentation-enti ty-invocation Presentation data value Security
34、exchange item System security object Concepts This Security Model addresses the provision of security services to counter threats relating to the upper layers of OS1 such as those described in Annex A of CCITT Rec. X.800 I IS0 7498-2. It includes protection of information passing through application
35、-relay systems. 5.1 Security policy If two or more real open systems are to communicate securely, they must be subject to the security policies in effect in their respective security domains, as well as a secure interaction policy if communication is to take place between different security domains.
36、 A secure interaction policy embodies the common aspects of security policies in different security domains and determines the conditions under which communications between them can take place. The provisions of a secure interaction policy can be described by a set of secure interaction rules. These
37、 rules govern, amongst other things, the selection of ASO-contexts (including application-contexts) to be used for particular instances of communication. 5.2 Security associations A security association is a relationship between two or more entities for which there exist attributes (state informatio
38、n and rules) to govern the provision of security services invoIving those entities. A security association implies the existence of secure interaction rules, and the maintenance of consistent security state in both systems. From the OS1 upper layers perspective, a security association maps to an ASO
39、-association. Two special cases are: - application-association security association - A security association between two systems to support protected commrnunication via an application-association; - relay securit;ll association - A security association between two systems to support protected commm
40、unication via an application-relay (e.g. in store-and-forward or chaining applications); Other examples of different types of security associations are: - a security association between two systems which communicate directly with each other via multiple application-associations and/or the the commun
41、ication of multiple connectionless data units; a security association between an entity writing protected information to a data store (e.g. a file store or directory) and entities reading that information; - - a security association between two peer lower layer security protocol entities. Within an
42、application-process, one security association may be dependent upon the maintenance of another security association with another system, such as an authentication server or other type of trusted third party. 5.3 Security state Security state is state infomation that is held in a real open system and
43、 that is required for the provision of security services. Existence of a security association between application-processes implies the existence of shared security state. ITU-T Rec. X.803 (1994 E) 5 ISO/IEC 10745 : 1995 (E) Certain security state information may be required to be available to one o
44、r more application-processes prior to attempting to establish Communications, maintained while these communications are active, and/or retained after the end of communications. The exact nature of this state information depends upon the particular security mechanisms and applications. Two categories
45、 of security state are: a) System security state - Security-related state information that is established and maintained in a real open system, regardless of the existence or state of any communication activities; bj Associadon security state - Security state relating to a security association. In t
46、he OS1 upper layers, the shared security state governs the (security properties of) ASO-contexts used between ASO-invocations andor the initial security state of newly established application-associations. Two special cases are: when the security association maps to a single application-association
47、- The security state is denoted application-association security state. It pertains to the control of communications security for that application-association. when the security association maps to an ASO-association which involves information transfer between two end-user systems via an application
48、-relay system - The shared security state pertains to the use of security mechanisms between the end-user systems, independently of security mechanisms relating to individual application-associations established with the application-relay system. Examples of security state include: a) b) state infor
49、mation associated with cryptographic chaining or integrity recovery; the set of security labels for information permitted to be exchanged; c) key(s) or key identifier(s) to be employed in the provision of security services in the upper layers. This might include keys for known trusted certification authorities (see CCITT Rec. X.509 I ISOAEC 9594-8 Directory Authentication Framework), or keys enabling communications with a key distribution centre; d) previously authenticated identities; d) sequence numbers and cryptographic synchronization variables. Security state may be initialized in v
