ISO 7498-2:1989 Information processing systems - Open Systems Interconnection - Basic Reference Model - Part 2: Security Architecture. Provides a general description of security services and related mechanisms, which can be ensured by the Reference Model, and of the positions within the Reference Model where the services and mechanisms may be provided.
![]() Information processing systems - Open Systems Interconnection - Basic Reference Model - Part 2: Security Architecture
Provides a general description of security services and related mechanisms, which can be ensured by the Reference Model, and of the positions within the Reference Model where the services and mechanisms may be provided. Extends the field of application of ISO 7498 to cover secure communications between open systems. Adds to the concepts and principles included in ISO 7498 but does not modify them. Is no implementation specification, nor a basis for assessing the conformance of actual implementations.
Content Provider Please first log in with a verified email before subscribing to alerts.
International Organization for Standardization [ISO]
Your Alert Profile lists the documents that will be monitored. If the document is revised or amended, you will be notified by email. You may delete a document from your Alert Profile at any time. To add a document to your Profile Alert, search for the document and click “alert me”.
Please first verify your email before subscribing to alerts.
Your Alert Profile lists the documents that will be monitored. If the document is revised or amended, you will be notified by email. You may delete a document from your Alert Profile at any time. To add a document to your Profile Alert, search for the document and click “alert me”.
Already Subscribed to this document.
Your Alert Profile lists the documents that will be monitored. If the document is revised or amended, you will be notified by email. You may delete a document from your Alert Profile at any time. To add a document to your Profile Alert, search for the document and click “alert me”.
Documents sold on the ANSI Webstore are in electronic Adobe Acrobat PDF format, however some ISO and IEC standards are available from Amazon in hard copy format.
Some PDF files are protected by Digital Rights Management (DRM) at the request of the copyright holder. You can download and open this file to your own computer but DRM prevents opening this file on another computer, including a networked server. Some copyright holders may impose other restrictions that limit document printing and copy/paste of documents.
Those documents cannot be printed at the request of the copyright holder.
Security service is a service, provided by a layer of communicating open systems, which ensures adequate security of the systems or of data transfers[1] as defined by ITU-T X.800 Recommendation.
X.800 and ISO 7498-2 (Information processing systems – Open systems interconnection – Basic Reference Model – Part 2: Security architecture)[2] are technically aligned. This model is widely recognized [3][4]
A more general definition is in CNSS Instruction No. 4009 dated 26 April 2010 by Committee on National Security Systems of United States of America:[5]
Another authoritative definition is in W3CWeb service Glossary [6] adopted by NIST SP 800-95:[7]
Basic security terminology[edit]
Information security and Computer security are disciplines that are dealing with the requirements of Confidentiality, Integrity, Availability, the so-called CIA Triad, of information asset of an organization (company or agency) or the information managed by computers respectively.
There are threats that can attack the resources (information or devices to manage it) exploiting one or more vulnerabilities. The resources can be protected by one or more countermeasures or security controls.[8]
So security services implement part of the countermeasures, trying to achieve the security requirements of an organization.[3][9]
Basic OSI terminology[edit]
In order to let different devices (computers, routers, cellular phones) to communicate data in a standardized way, communication protocols had been defined.
The ITU-T organization published a large set of protocols. The general architecture of these protocols is defined in recommendation X.200.[10]
The different means (air, cables) and ways (protocols and protocol stacks) to communicate are called a communication network.
Security requirements are applicable to the information sent over the network. The discipline dealing with security over a network is called Network security.[11]
The X.800 Recommendation:[1]
This Recommendation extends the field of application of Recommendation X.200, to cover secure communications between open systems.
According to X.200 Recommendation, in the so-called OSI Reference model there are 7 layers, each one is generically called N layer. The N+1 entity ask for transmission services to the N entity.[10]
At each level two entities (N-entity) interact by means of the (N) protocol by transmitting Protocol Data Units (PDU).Service Data Unit (SDU) is a specific unit of data that has been passed down from an OSI layer, to a lower layer, and has not yet been encapsulated into a PDU, by the lower layer. It is a set of data that is sent by a user of the services of a given layer, and is transmitted semantically unchanged to a peer service user .The PDU at any given layer, layer 'n', is the SDU of the layer below, layer 'n-1'. In effect the SDU is the 'payload' of a given PDU. That is, the process of changing a SDU to a PDU, consists of an encapsulation process, performed by the lower layer. All the data contained in the SDU becomes encapsulated within the PDU. The layer n-1 adds headers or footers, or both, to the SDU, transforming it into a PDU of layer n-1. The added headers or footers are part of the process used to make it possible to get data from a source to a destination.[10]
OSI security services description[edit]
The following are considered to be the security services which can be provided optionally within the framework of the OSI Reference Model. The authentication services require authentication information comprising locally stored information and data that is transferred (credentials) to facilitate the authentication:[1][4]
Specific security mechanisms[edit]
The security services may be provided by means of security mechanism:[1][3][4]
The table1/X.800 shows the relationships between services and mechanisms
Some of them can be applied to connection oriented protocols, other to connectionless protocols or both.
The table 2/X.800 illustrates the relationship of security services and layers:[4]
Other related meanings[edit]Managed security service[edit]
Managed security service (MSS) are network security services that have been outsourced to a service provider.
See also[edit]![]() References[edit]
External links[edit]
Retrieved from 'https://en.wikipedia.org/w/index.php?title=Security_service_(telecommunication)&oldid=909989756'
![]() Comments are closed.
|
AuthorWrite something about yourself. No need to be fancy, just an overview. Archives
December 2022
Categories |