KS X ISO IEC 7498-2-2007 Information processing systems－Open Systems Interconnection－Basic Reference Model－Part 2：Security Architecture《开放式系统间相互接续 基本参照模型 第2部分 安全构造》.pdf

1、KS X ISO/IEC 74982 KSKSKSKS SKSKSKS KSKSKS SKSKS KSKS SKS KS 2： KS X ISO/IEC 74982 ：2007 (2012 ) 2007 10 31 http:/www.kats.go.krKS X ISO/IEC 74982：2007 : ( ) ( ) SJ ( ) : (http:/www.standard.go.kr) ： ：1993 1 6 ：2007 10 31 ：2012 12 28 ： 2012-0829 ： ( 02-509-7262) (http:/www.kats.go.kr). 10 5 , . KS X

2、 ISO/IEC 74982：2007 (2012 ) 2： Information processing systemsOpen Systems Interconnection Basic Reference ModelPart 2：Security Architecture 1989 1 ISO 74982, Information processing systemsOpen Systems InterconnectionBasic Reference ModelPart 2：Security Architecture . 1 , . KS X 3002 , . , . , , , .

3、OSI . , OSI , , . , OSI . KS X 3002 . KS X 3002 , . 2 . . KS X 3002, ISO 7498, Information processing systemsOpen Systems InterconnectionBasic Reference Model . KS X ISO/IEC 74984, 4： KS X ISO 8648, KS X ISO/IEC 74982：2007 2 ISO 7498/Add.1 Information processing systems Open Systems Interconnection

4、Basic Reference Model Addendum 1：Connectionless-mode transmission 3 3.1 KS X 3002 . a) (N)-connection b) (N)-data-transmission c) (N)-entity d) (N)-facility e) (N)-layer f) (open system) g) (peer entity) h) (N)-protocol i) (N)-protocol-data-unit j) (N)-relay k) (routing) l) (sequencing) m) (N)-servi

5、ce n) (N)-service-data-unit o) (N)-user-data p) (subnetwork) q) OSI (OSI resource) r) (transfer syntax) 3.2 . a) (connectionless mode transmission)(ISO 7498/Add.1) b) (end system)(ISO 7498) c) (relaying and routing function)(KS X ISO 8648) d) (UNITDATA)(ISO 7498) e) Management Information Base(MIB)(

6、KS X ISO/IEC 74984) 3.3 . a) OSI Open System Interconnection b) SDU Service Data Unit c) SMIB Security Management Information Base d) MIB Management Information Base 3.4 . KS X ISO/IEC 74982：2007 3 3.4.1 (access control) ： . 3.4.2 (access control list) , 3.4.3 (accountability) (action) 3.4.4 (active

7、 threat) , , , , 3.4.5 (audit) 3.4.6 (audit trail) 3.4.7 (authentication) “ ” . “ ” . 3.4.8 (authentication information) (identity) 3.4.9 (authentication exchange) 3.4.10 (authorization) , . 3.4.11 (availability) KS X ISO/IEC 74982：2007 4 3.4.12 (capability) (identifier) 3.4.13 (channel) 3.4.14 (cip

8、hertext) . . . . 3.4.15 (cleartext) , . 3.4.16 (confidentiality) (individuals), (entity) (process) 3.4.17 (credentials) 3.4.18 (cryptanalysis) ( .) 3.4.19 (cryptographic checkvalue) , . . 3.4.20 (cryptography) , , , . , , . 3.4.21 (data integrity) KS X ISO/IEC 74982：2007 5 3.4.22 (data origin authen

9、tication) . 3.4.23 (decipherment) 3.4.24 (decryption) 3.4.25 (denial of service) (time-critical operations) (delaying) 3.4.26 (digital signature) 3.4.27 (encipherment) , . 3.4.28 (encryption) 3.4.29 (end-to-end encipherment) , . 3.4.30 (Identity-based security policy) / , (attribute) 3.4.31 (integri

10、ty) 3.4.32 (key) 3.4.33 (key management) KS X ISO/IEC 74982：2007 6 , , , , (archiving) 3.4.34 (link-by-link encipherment) . 3.4.35 (manipulation detection) ( ) 3.4.36 (masquerade) 3.4.37 (notarization) , , 3 (registration) 3.4.38 (passive threat) 3.4.39 (password) , 3.4.40 (peer-entitytl authenticat

11、ion) . 3.4.41 (physical security) , 3.4.42 (policy) 3.4.43 (privacy) , , . KS X ISO/IEC 74982：2007 7 3.4.44 (repudiation) 3.4.45 (routing control) , (rule) 3.4.46 (rule-based security policy) (global rule) . (sensitivity) . 3.4.47 (security audit) , , (record) (review) (examination) . 3.4.48 (securi

12、ty audit trail) 3.4.49 (security label) (marking) (binding) . 3.4.50 (security policy) ( ) OSI . 3.4.51 (security service) , . 3.4.52 (selective field protection) 3.4.53 (sensitivity) . KS X ISO/IEC 74982：2007 8 3.4.54 (signature) 3.4.55 (threat) 3.4.56 (traffic analysis) (, , , ) . 3.4.57 (traffic

13、flow confidentiality) 3.4.58 (traffic padding) , . 3.4.59 (trusted functionality) . 4 (notation) KS X 3002 . , . 5 5.1 OSI . , OSI . . . 5.2 OSI . () . 5.2.1 . KS X ISO/IEC 74982：2007 9 5.2.1.1 , . . . . 5.2.1.2 , . . . 5.2.2 OSI . OSI OSI OSI . (, ： , , ： ) . (6.2.1.1 ). 5.2.3 . 5.2.3.1 . , . 5.2.3

14、.2 (connectionless mode) SDU . 5.2.3.3 SDU . 5.2.3.4 . 5.2.4 KS X ISO/IEC 74982：2007 10 , . , , . 5.2.4.1 , SDU , . 5.2.4.2 5.2.4.1 . 5.2.4.3 SDU . , , . 5.2.4.4 , . SDU , SDU . , . 5.2.4.5 SDU , . 5.2.5 . 5.2.5.1 . . 5.2.5.2 . . 5.3 5.2 . 5.3.1 KS X ISO/IEC 74982：2007 11 5.3.1.1 . . 5.3.1.2 (revers

15、ible) (irreversible) . 2 . a) (symmetric)(, ). . b) (asymmetric)(, ). . “ ” “ ” . . . 5.3.1.3 . 8.4 . 5.3.2 2 . a) b) . . . 5.3.2.1 . 5.3.2.2 . 5.3.2.3 . , 3( ) . 5.3.3 5.3.3.1 . , , . . 5.3.3.2 . a) . , . . b) , . c) , KS X ISO/IEC 74982：2007 12 . . d) , . e) f) g) 5.3.3.3 . . SMIB . 5.3.4 5.3.4.1 2 . , . , , 2 . 5.3.4.2 , . (quantity) . . . . . 5.3.4.3 , , , , , . 5.3.4.4 , . 5.3.5 5.3.5.1 a) . . b) c) 5.3.5.2 . , , . 5.3.5.3 , “ ” . KS X ISO/IEC 74982：2007 13 5.3.5.4 . . a) b) 2 3 ( ) c) 5.3.6 . . 5.3.7 5.3.7.1 , , . 5.3.7.2 , . 5.3.7.3 , , . , , . 5.3.8 5.3.8.1 , , 2 . 3 , .