Hello. Sign In
Standards Store

CSA ISO/IEC 10181-5

March 1, 2000

Complete Document

Information technology - Open Systems Interconnection - Security frameworks for open systems: Confidentiality framework

Includes all amendments and changes through Reaffirmation Notice , 2013

Detail Summary

Active, Most Current

Additional Comments:
Price (USD)
Secure PDF
Single User
In Stock
Add to Cart

Product Details:

  • Revision: March 1, 2000
  • Published Date: January 2013
  • Status: Active, Most Current
  • Document Language: English
  • Published By: CSA Group (CSA)
  • Page Count: 29
  • ANSI Approved: No
  • DoD Adopted: No

Description / Abstract:

This Recornmendation I International Standard on Security Frameworks for Open Systems addresses the application of security services in an Open Systems environment, where the term "Open System" is taken to include areas such as Database, Distributed Applications, Open Distributed Processing and OX. The Security Frameworks are concerned with defining the means of providing protection for systems and objects within systems, and with the interactions between systems. The Security Frameworks are not concerned with the methodology for constructing systems or mechanisms.

The Security Frameworks address both data elements and sequences of operations (but not protocol elements) which may be used to obtain specific security services. These security services may apply to the communicating entities of systems as well as to data exchanged between systems, and to data managed by systems.

This Recommendation I International Standard addresses the confidentiality of information in retrieval, transfer and management. It:

1) defines the basic concepts of confidentiality;

2) identifies possible classes of confidentiality mechanisms;

3) classifies and identifies facilities for each class of confidentiality mechanisms;

4) identifies management required to support the classes of confidentiality mechanism; and

5) addresses the interaction of confidentidity mechanism and the supporting services with other security services and mechanisms. A number of different types of standards can use this framework, including:

1) standards that incorporate the concept of confidentiality;

2) standards that specify abstract services that include confidentiality;

3) standards that specify uses of a confidentiality service;

4) standards that specify means of providing confidentiality within an open system architecture; and

5) standards that specify confidentiaIity mechanisms.

Such standards can use this framework as follows:

- standards of type I), 2), 3), 4) and 5) can use the terminology of this framework;

- standards of type 2), 3), 4) and 5) can use the facilities defined in clause 7 of this framework;

- standards of type 5) can be based upon the classes of mechanism defined in clause 8 of this framework.

As with other security services, confidentiality can only be provided within the context of a defined security policy for a particular application. The definitions of specific security policies are outside the scope of this Recommendation I International Standard.

It is not a matter for this Recommendation I International Standard to specify details of the protocol exchanges which need to be performed in order to achieve confidentiality.

This Recommendation I International Standard does not specify particular mechanisms to support these confidentiality services nor the full details of security management services and protocols. Generic mechanisms to support confidentiality are described in clause 8.

Some of the procedures described in this security framework achieve confidentiality by the application of cryptographic techniques. This framework is not dependent on the use of particular cryptographic or other algorithms, although certain classes of confidentiality mechanisms may depend on particular algorithm properties.

NOTE - Although IS0 does not standardize cryptographic algorithms, it does standardize the procedures used to register them in ISOlIEC 9979: 199 I, Procedures for the registration of criptographic algorithms.

This framework addresses the provision of confidentiality when the information is represented by data that are readaccessible to potential attackers. Its scope includes trafik flow confidentiality.