KS X ISO IEC 10181-5-2008 Information technology－Open Systems Interconnection－Security frameworks for open systems：Confidentiality framework《信息技术 开放式系统互连 开放系统安全框架 保密性框架》.pdf

1、 KSKSKSKSKSKSKSK KSKSKS KSKSK KSKS KSK KS KS X ISO/IEC 10181 5 ： KS X ISO/IEC 10181 5:2008 2008 12 16 http:/www.kats.go.krKS X ISO/IEC 10181 5:2008 : ( ) ( ) () ()SJ ( ) : (http:/www.standard.go.kr) ： ： 2003 11 28 ： 2008 12 16 2008-0888 ： ： ( 02-509-7262) (http:/www.kats.go.kr). 10 5 , . KS X ISO/IE

2、C 10181 5:2008 i ii .1 1 1 2 2 2.1 2 2.2 .3 3 .3 4 5 5 5 5.1 5 5.2 6 5.3 7 5.4 .8 5.5 .8 6 .9 6.1 9 7 10 7.1 10 7.2 10 8 11 8.1 .11 8.2 12 8.3 13 9 14 9.1 14 A( ) OSI .15 A.1 15 A.2 15 A.3 .15 A.4 .15 A.5 OSI 15 B( ) 17 C( ) 18 D( ) 19 E( ) 21 E.1 21 KS X ISO/IEC 10181 5:2008 .22 KS X ISO/IEC 10181

3、5:2008 ii . KS X ISO/IEC 10181 5 . A( ) OSI B( ) C( ) D( ) E( ) KS X ISO/IEC 10181 “ ” . 1： 2： 3： 4： 5： 6： 7： KS X ISO/IEC 10181 5:2008 ： Information technology Open Systems Interconnection Security frameworks for open systems： Confidentiality framework 1996 1 ISO/IEC 10181 5, Information technology

4、 Open Systems Interconnection Security frameworks for open systems： Confidentiality framework . 1 . “ ” , , , OSI . , . . ( ) . , . , , . a) b) c) d) e) . . a) b) c) d) e) . KS X ISO/IEC 10181 5:2008 2 a), b), c), d), e) . b), c), d), e) 7. . e) 8. . . . . . 8. . . , . ISO KS X ISO/IEC 9979 . . . 2

5、. . ( ) . 2.1 KS X 7498 1, 1： (ITU-T Recommendation X.200(1994) | ISO/IEC 7498 1 ： 1994, Information technology Open Systems Interconnection Basic Reference Model： The Basic Model,IDT) KS X ISO/IEC 8473 1, (ITU-T Recommendation X.233(1993) | ISO/IEC 8473 1： 1994, Information technology Protocol for

6、providing the connectionless-mode Network service： Protocol specification, IDT) ITU-T Recommendation X.273(1994) | ISO/IEC 11577： 1995, Information technology Open Systems Interconnection Network layer security protocol KS X 3705, (ITU-T Recommendation X.274(1994) | ISO/IEC 10736： 1995, Information

7、technology Telecommunication and information exchange between systems Transport layer security protocol, IDT) KS X ISO/IEC 10181 1, (ITU-T Recommendation X.810(1995) | ISO/IEC 10181 1： 1996, Information technology Open Systems Interconnection Security frameworks for open systems： Overview, IDT) KS X

8、 ISO/IEC 10181 3, ： KS X ISO/IEC 10181 5:2008 3 (ITU-T Recommendation X.812(1995) | ISO/IEC 10181 3： 1996, Information technology Open Systems Interconnection Security frameworks for open systems： Access control framework, IDT) 2.2 CCITT Recommendation X.800(1991) Security architecture for Open Syst

9、ems Interconnection for CCITT applications KS X ISO 7498 2, 2： (ISO 7498 2 ： 1989 Information processing systems Open Systems Interconnection Basic Reference Model Part 2： Security Architecture, MOD) 3 . 3.1 (Basic Reference Model definitions) ITU-T Rec. X.200 | KS X SO/IEC 7498 1 . a) (N)- b) (N)-

10、c) (N)- d) (N)- e) (N)-PDU f) (N)-SDU g) (N)- h) (N)- i) (N)- j) 3.2 (Security architecture definitions) CCITT Rec. X.800 | KS X ISO/IEC 7498 2 . a) b) c) d) e) f) g) h) i) j) k) l) m) n) KS X ISO/IEC 10181 5:2008 4 3.3 (Security frameworks overview definitions) ITU-T Rec. X.810 | KS X ISO/IEC 10181

11、 1 . a) b) c) 3.4 (Additional definitions) . 3.4.1 (confidentiality-protected-environment) ( , , ). 3.4.2 (confidentiality-protected-data) ( ) . 3.4.3 (confidentiality-protected-information) ( ) . 3.4.4 (hide) 3.4.5 (reveal) 3.4.6 (hiding confidentiality information) 3.4.7 (revealing confidentiality

12、 information) 3.4.8 (direct attack) , KS X ISO/IEC 10181 5:2008 5 3.4.9 (indirect attack) ( ) 4 . HCI PDU RCI SDU 5 5.1 . ( .), . a) ( ) b) ( , , , ) c) . d) , . ( RCI ) . ( ). . . . , . , . 5.1.1 . 5.1 . . a) ( ) b) - KS X ISO/IEC 10181 5:2008 6 c) . a) . b) . , . 5.1.2 A C A (B) . . B . a) . b) .

13、a) . . , . a) OSI , (N-1)- , (N)- . b) , , . c) ( ). , . , . , , . 5.2 . . a) b) c) , , KS X ISO/IEC 10181 5:2008 7 , . . a) . . . A . , . b) , . . . ( D ) . ( ) . 5.3 . . a) ( ) (ITU-U Rec. X.812 | ISO/IEC 10181 3 ) . . ISO 10202( ) ANSI X9.17/ISO 8734( ) . b) . . 1) 2) 3) . ( ) . a) b) PDU (8.2 )

14、KS X ISO/IEC 10181 5:2008 8 c) 5.4 , . , . . 5.4.1 . a) . 1) 2) 3) ( A A , B ). 4) b) ( , , ) c) d) 5.4.2 . a) ( , , , ) b) c) PDU d) 5.5 . . . . . a) (eavesdropping and wiretapping) b) c) PDU d) PDU KS X ISO/IEC 10181 5:2008 9 e) . a) ( .) b) c) , ( ), , d) 6 . . . . , . . . 6.1 . . . , . . , . 6.1

15、.1 . a) b) c) d) ( ) 6.1.2 . , . . (ITU-T Rec. X.812 | KS X ISO/IEC 10181 3 ). KS X ISO/IEC 10181 5:2008 10 7 7.1 5.1.2 . B B.1 . . (HCI) (RCI) . 7.1.1 (HCI) . . a) b) c) d) 7.1.2 (RCI) . . a) b) c) d) 7.2 E . . 7.2.1 7.2.1.1 . . a) ( ) b) HCI c) E . KS X ISO/IEC 10181 5:2008 11 a) b) c) 7.2.1.2 . . a) b) RCI c) E . a) ( ) b) c) 7.2.2 HCI RCI ( ) . , . a) b)