GB/T 18794.3-2003
Information technology-Open Systems Interconnection-Security frameworks for open systems-Part 3:Access Control framework (English Version)

GB/T 18794.3-2003
Standard No.
GB/T 18794.3-2003
Language
Chinese, Available in English version
Release Date
2003
Published By
General Administration of Quality Supervision, Inspection and Quarantine of the People‘s Republic of China
Latest
GB/T 18794.3-2003
Scope
This standard for an open systems security framework addresses the application of security services in an open systems environment, where the term "open systems" includes such domains as databases, distributed applications, open distributed processing, and open systems interconnection. A security framework involves defining methods for providing protection to systems and objects within systems, and to the interactions between systems. This security framework does not address methodologies for building systems or mechanisms. A security framework addresses sequences of data elements and operations (rather than protocol elements), both of which can be used to obtain specific security services. These security services apply to the entities the systems are communicating with, the data exchanged between the systems, and the data managed by the systems. As far as access control is concerned, access can be either to a system (that is, to entities that are communicating parts of the system) or to the interior of a system. The information items to be presented to obtain access, as well as the order in which such access is requested and the notification of the result of such access are all considered within the scope of this security framework. However, any information items and operations that only depend on specific applications and are strictly limited to local access within a system are not considered within the scope of this security framework. Many applications require security measures to prevent threats to resources, including information generated by open systems interconnection. In the OSI environment, some well-known threats and the security services and mechanisms that can be used to prevent these threats are described in GB/T 9387.2. The process of deciding what resources are allowed to be used in an open systems environment and, where appropriate, preventing unauthorized access is called access control. This clause defines a general framework for providing access control services. This security framework: a) defines the basic concept of access control; b) demonstrates the method of embodying the basic concept of access control to support some recognized access control services and mechanisms; C) defines these services and corresponding access control mechanisms; d ) identify the functional requirements of the protocols that support these access control services and mechanisms; e) identify the management requirements that support these access control services and mechanisms; f) address the interaction of the access control services and mechanisms with other security services and mechanisms. Like other security services, access control can only be provided within the context of a security policy defined for a particular application. The definition of an access control policy is outside the scope of this section, but some characteristics of an access control policy will be discussed in this section. This International Standard does not specify details of protocol exchanges that may be performed by providing an access control service. This International Standard does not specify specific mechanisms to support these access control services, nor does it specify details of security management services and protocols. Many different types of standards can use this framework, including: 1) standards embodying the concept of access control; 2) standards specifying abstract services that contain access control; 3) standards specifying services using access control; 5) Standards specifying access control mechanisms. These standards can use this framework in the following ways: - standard types 1), 2), 3), 4) and 5) can use the terms of this framework; - standard types 2), 3), 4) and 5) Can use the facilities defined in Clause 7 of this Framework; - standard type 5) can be based on the mechanism categories defined in Clause 8.

GB/T 18794.3-2003 history

  • 2003 GB/T 18794.3-2003 Information technology-Open Systems Interconnection-Security frameworks for open systems-Part 3:Access Control framework

GB/T 18794.3-2003 -All Parts

GB/T 18794.1-2002 Information technology--Open systems Interconnection-Security frameworks for open systems--Part 1: Overview GB/T 18794.2-2002 Information technology--Open systems interconnection--Security frameworks for open systems--Part 2: Authentication framework GB/T 18794.3-2003 Information technology-Open Systems Interconnection-Security frameworks for open systems-Part 3:Access Control framework GB/T 18794.4-2003 Information technology-Open Systems Interconnection-Security frameworks for open systems-Part 4:Non-repudiation framework GB/T 18794.5-2003 Information technology-Open Systems Interconnection-Security frameworks for open systems-Part 5:Confidentiality framework GB/T 18794.6-2003 Information technology-Open Systems Interconnection-Security frameworks for open systems-Part 6:Integrity framework GB/T 18794.7-2003 Information technology-Open Systems Interconnection-Security frameworks for open systems-Part 7:Security audit and alarms framework


Copyright ©2007-2023 ANTPEDIA, All Rights Reserved