The following concepts are common to all of the security functions.
15.1.1 Security policy: A set of rules that constrains one or more sets of activities of one or more sets of objects.
15.1.2 Security authority: The administrator responsible for the implementation of a security policy.
15.1.3 Security domain: A domain in which the members are obliged to follow a security policy established and administered by a security authority.
NOTE - The security authority is the controlling object for the security domain.
15.1.4 Security interaction policy: Those aspects of the security policies of different security domains that are necessary in order for interactions to take place between those domains.
The access control function prevents unauthorized interactions with an object. It includes both an access control decision function and an access control enforcement function. Within the context of access control, objects fulfil the roles of either target or initiator. The function requires access control information about the target, the initiator and the interaction.
The initiator requests an interaction with the target from the access control function. The action control decision function decides whether access is permitted or denied on the basis of the access control information and the decision is enforced by the access control enforcement function.
NOTE - The access control decision function and the access control enforcement function can be provided by the object which has the role of target, or by other objects.
The security audit function provides monitoring and collection of information about security-related actions, and subsequent analysis of the information to review security policies, controls and procedures.
The security audit function includes each of the following elements:
-- alarm collector function;
-- alarm examiner function;
-- audit trail analyser function;
-- audit trail archiver function;
-- audit recorder function;
-- audit trail examiner function;
-- audit trail collector function.
The authentication function provides assurance of the claimed identity of an object. In the context of authentication, objects fulfil one or more of the following roles:
-- principal;
-- claimant;
-- trusted third party.
Authentication requires use of exchange authentication information.
NOTES
1 Any identifiable object in an ODP system can be the principal for authentication, including both objects that model people and those that model computer systems.
2 The object initiating an authentication is not necessarily the claimant.
There are two forms of authentication:
-- peer entity authentication, providing corroboration of the identity of a principal within the context of a communication relationship;
-- data origin authentication, providing corroboration of the identity of the principal responsible for a specific data unit.
NOTE - Authentication mechanisms are categorized in ITU-T Rec. X.811 | ISO/IEC 10181-2.
In an authentication involving two objects, either or both objects can have the role of claimant. Where both objects have the role of claimant the style of authentication is known as mutual authentication. Exchange authentication information is passed from the initiating object to the responding object and further exchange authentication information may then be passed in the reverse direction. Additional exchanges may also take place: different authentication mechanisms require different numbers of exchanges. Peer entity authentication always involves interaction with the claimant. Data origin authentication need not involve interaction with the claimant.
A claimant supports operations to acquire information needed for an instance of authentication and to generate exchange authentication information. A verifier supports operations to acquire information needed for an instance of authentication, and to verify received exchange authentication information and/or to generate it. Information may be exchanged with an authentication server and either the claimant or the verifier (or both) either prior to or during authentication exchanges.
The authentication function may use the key management function.
The integrity function detects and/or prevents the unauthorized creation, alteration or deletion of data.
The integrity function includes the all following functions:
-- shield;
-- validate;
-- unshield.
In the context of integrity, objects fulfil one or more of the following roles:
-- integrity-protected data originator;
-- integrity-protected data recipient.
Integrity-protected data is passed from originator to recipient. An integrity-protected data originator supports an interface providing the shield function. An integrity-protected data recipient supports an interface providing the validate or unshield functions.
The integrity function may use the key management function.
The confidentiality function prevents the unauthorized disclosure of information.
The confidentiality function includes the functions hide and reveal.
In the context of confidentiality, objects fulfil either or both of the following roles:
-- confidentiality-protected information originator;
-- confidentiality-protected information recipient.
Confidentiality-protected information is passed from originator to recipient. A confidentiality-protected information originator supports an interface providing the hide function. A confidentiality-protected information recipient supports an interface providing the reveal function.
The confidentiality function may use the key management function.
The non-repudiation function prevents the denial by one object involved in an interaction of having participated in all or part of the interaction.
In the context of non-repudiation, objects fulfil one or more of the following roles:
-- (non-repudiable data) originator;
-- (non-repudiable data) recipient;
-- evidence generator;
-- evidence user;
-- evidence verifier;
-- non-repudiation service requester;
-- notary;
-- adjudicator.
The non-repudiation function makes use of non-repudiation evidence. In non-repudiation with proof of origin, the originator has the role of non-repudiation evidence generator for the origination interaction and includes this evidence in an acknowledgement of participation in the interaction. The recipient has the role of evidence user and uses the services of an evidence verifier (which may be itself) to gain confidence in the adequacy of the evidence. In non-repudiation with proof of delivery, the recipient has the role of non-repudiation evidence generator for the delivery interaction and includes this evidence in an acknowledgement of participation in the interaction. The originator has the role of evidence user and uses the services of an evidence verifier (which may be itself) to gain confidence in the adequacy of the evidence.
A notary provides functions required by the originator and/or recipient. These may include notarization, time stamping, monitoring, certification, certificate generation, signature generation, signature verification and delivery as identified in ITU-T Rec. X.813 | ISO/IEC 10181-4.
In the event of a dispute, an adjudicator collects information and evidence from the disputing parties (and optionally from notaries) and applies a resolution function as described in ITU-T Rec. X.813 | ISO/IEC 10181-4.
The non-repudiation function may use the key management function.
The key management function provides facilities for the management of cryptographic keys and includes all of the following elements:
-- key generation;
-- key registration;
-- key certification;
-- key deregistration;
-- key distribution;
-- key storage;
-- key archiving;
-- key deletion.
Within the context of key management, objects can have one or more of the following roles:
-- certification authority;
-- key distribution centre;
-- key translation centre.
A certification authority is a trusted third party which creates and assigns certificates as defined in ISO/IEC 11770 -1. A key distribution centre provides means to establish key management information securely between objects authorized to obtain it. A key translation centre is a specific form of key distribution centre which establishes key management information between objects in different security domains.