• There are no items in your cart
We noticed you’re not on the correct regional site. Switch to our AMERICAS site for the best experience.
Dismiss alert

ECMA/TR 46 : 1ED 88

Current
Current

The latest, up-to-date edition.

SECURITY IN OPEN SYSTEMS - A SECURITY FRAMEWORK
Published date

12-01-2013

1. INTRODUCTION
   1.1 Need and Application
   2.2 Scope of Security in this Report
   1.3 The Application Layer Security Framework
   1.4 References
   1.5 Definitions
        1.5.1 General Terminology
        1.5.2 Specific Terminology
        1.5.3 Acronyms
2. REQUIREMENTS
   2.1 Requirements on this Report
   2.2 Environment Compatibility
   2.3 General Security Requirements
        2.3.1 User View Of Security
        2.3.2 Threats to be addressed
        2.3.3 Methods of Attack
   2.4 Security Policies and Domains
        2.4.1 Security Policy
        2.4.2 Security Administration Domains
        2.4.3 Cooperation between Security Domains
        2.4.4 Levels of Policy
        2.4.5 Implementation of Policies
   2.5 Functional Security Requirements
        2.5.1 Access Control
        2.5.2 Resource Protection
        2.5.3 Information Protection
        2.5.4 Security Management
   2.6 Implementation Considerations
        2.6.1 Use of Supportive Applications
        2.6.2 Cryptography
   2.7 Design Requirements
        2.7.1 Separation of Functionality
        2.7.2 Distributed Operation
        2.7.3 Robustness/Resilience
        2.7.4 Selective Implementation
        2.7.5 Usability
        2.7.6 Evaluation and Testing
        2.7.7 Certification and Accreditation
3. SECURITY CONCEPTS AND MODELS
   3.1 The Security Domain Concept
        3.1.1 Introduction
        3.1.2 Autonomous Peer Domains
        3.1.3 The Security Subdomain
        3.1.4 Types of Security Domain
   3.2 The Security Facility Concept
        3.2.1 Introduction
4. DETAILED DESCRIPTION OF SECURITY FACILITIES
   4.1 Subject Sponsor
        4.1.1 Introduction
        4.1.2 Functionality
        4.1.3 Interaction With Other Facilities
        4.1.4 Interactions with Communications Layer
               Management
        4.1.5 Use of Other Applications
        4.1.6 Facility Management
        4.1.7 Characteristics of the Subject Sponsor
   4.2 Authentication Facility
        4.2.1 Introduction
        4.2.2 Functions Of the Authentication Facility
        4.2.3 Interactions With other Facilities
        4.2.4 Interactions with Communications Layer
               Management
        4.2.5 Use of Other Applications
        4.2.6 Facility Management
   4.3 Association Management Facility
        4.3.1 Introduction
        4.3.2 Functions of Association Management
        4.3.3 Interaction With Other Facilities
        4.3.4 Interactions With Communication Layer
               Management
        4.3.5 Interactions With Other Applications
        4.3.6 Facility Management
   4.4 Security State Facility
        4.4.1 Introduction
        4.4.2 Functions Of the Security State Facility
        4.4.3 Interactions with other Facilities
        4.4.4 Interactions with Communication Layer
               Management
        4.4.5 Use Of Other Applications
        4.4.6 Facility Management
   4.5 Security Attribute Management Facility
        4.5.1 Introduction
        4.5.2 Functions Of the Facility
        4.5.3 Interactions With other Facilities
        4.5.4 Interactions with Communications Layer
               Management
        4.5.5 Use of Other Applications
        4.5.6 Facility Management
   4.6 Authorization Facility
        4.6.1 Introduction
        4.6.2 Functions Of the Authorization Facility
        4.6.3 Interactions With other Facilities
        4.6.4 Interactions with Communications Layer
               Management
        4.6.5 Use of Other Applications
        4.6.6 Facility Management
   4.7 Inter-Domain Facility
        4.7.1 Introduction
        4.7.2 Functions Of the Inter-Domain Facility
        4.7.3 Interactions With other Facilities
        4.7.4 Interactions with Communication Layer
               Management
        4.7.5 Use of Other Applications
        4.7.6 Facility Management
   4.8 Security Audit Facility
        4.8.1 Introduction
        4.8.2 Functions Of The Security Audit Facility
        4.8.3 Interactions With other Facilities
        4.8.4 Interactions with Communications Layer
               Management
        4.8.5 Use of Other Applications
        4.8.6 Facility Management
   4.9 Security Recovery Facility
        4.9.1 Introduction
        4.9.2 Functions Of the Facility
        4.9.3 Interactions With other Facilities
        4.9.4 Interactions with Communications Layer
               Management
        4.9.5 Use of Other Applications
        4.9.6 Facility Management
   4.10 Cryptographic Support Facility
        4.10.1 Introduction
        4.10.2 Functions Of The Cryptographic Support
               Facility
        4.10.3 Interactions With other Facilities
        4.10.4 Interactions with Communications Layer
               Management
        4.10.5 Use of Other Applications
        4.10.6 Facility Management
   4.11 Facility Interaction Matrix
5. RELATIONSHIP TO THE OSI REFERENCE MODEL
   5.1 Security Facilities and Application Service
        Elements
   5.2 Single Associates Objects
   5.3 Security Application Entity Types
6. SUPPORTIVE SECURITY APPLICATIONS
   6.1 Role in The Distributed Environment
   6.2 Client and Servers
        6.2.1 Client/Server Interaction Within a
               Supportive Security Application
        6.2.2 Server/Server Interaction within a
               Supportive Security Application
   6.3 Supportive Security Applications and the OSI
        Reference Model
   6.4 Supportive Security Application Process Structure
   6.5 Service and Management Aspects
7. SECURITY MANAGEMENT
   7.1 Operational Security Management
        7.1.1 Security Management Functions
        7.1.2 Security Management Structures
        7.1.3 Consistency and Synchronization of Security
                Management
   7.2 Security Configuration Management
   7.3 Ordering of Security Management
8. CONCLUSION
APPENDIX A - DETAILED EXAMPLE OF THE USE OF SECURITY
             FACILITIES IN ELECTRONICAL MAIL
APPENDIX B - DISCUSSION OF SECURITY ATTRIBUTES
APPENDIX C - MANDATORY VERSUS DISCRETIONARY
             AUTHORIZATION POLICIES

Defines the functions which will affect the interactions between users and productive applications, and between productive applications and supportive applications which will also affect the installation, maintenance and management of applications and of the underlying system.

DocumentType
Technical Report
PublisherName
European Computer Manufacturers Association
Status
Current

ECMA 205 : 1ED 93 COMMERCIALLY ORIENTED FUNCTIONALITY CLASS FOR SECURITY EVALUATION (COFC)
ECMA/TR 64 : 1ED 93 SECURE INFORMATION PROCESSING VERSUS THE CONCEPT OF PRODUCT EVALUATION
ECMA 206 : 1ED 93 ASSOCIATION CONTEXT MANAGEMENT INCLUDING SECURITY CONTEXT MANAGEMENT
CEN/TR 15300 : 2006 HEALTH INFORMATICS - FRAMEWORK FOR FORMAL MODELLING OF HEALTHCARE SECURITY POLICIES
ECMA 179 : 1ED 92 SERVICES FOR COMPUTER SUPPORTED TELECOMMUNICATIONS APPLICATIONS (CSTA) PHASE 1
ECMA 218 : 1994 ERRATA 1999 PROTOCOL FOR COMPUTER SUPPORTED TELECOMMUNICATIONS APPLICATIONS (CSTA) PHASE 2
I.S. CEN TR 15300:2006 HEALTH INFORMATICS - FRAMEWORK FOR FORMAL MODELLING OF HEALTHCARE SECURITY POLICIES
ECMA 217 : 1ED 94 SERVICES FOR COMPUTER SUPPORTED TELECOMMUNICATIONS APPLICATIONS (CSTA) PHASE 2

ISO 7498-2:1989 Information processing systems Open Systems Interconnection Basic Reference Model Part 2: Security Architecture
ECMA/TR 37 : 1986 FRAMEWORK FOR OSI MANAGEMENT

View more information
Sorry this product is not available in your region.

Access your standards online with a subscription

Features

  • Simple online access to standards, technical information and regulations.

  • Critical updates of standards and customisable alerts and notifications.

  • Multi-user online standards collection: secure, flexible and cost effective.