Information processing systems? Open Systems Interconnection? Basic Reference Model? Part 2: Security Architecture. Basic Reference Model.
(Redirected from ISO 7498)
The Open Systems Interconnection model (OSI model) is a conceptual model that characterizes and standardizes the communication functions of a telecommunication or computing system without regard to its underlying internal structure and technology. Its goal is the interoperability of diverse communication systems with standard communication protocols. The model partitions a communication system into abstraction layers. The original version of the model had seven layers.
A layer serves the layer above it and is served by the layer below it. For example, a layer that provides error-free communications across a network provides the path needed by applications above it, while it calls the next lower layer to send and receive packets that constitute the contents of that path. Two instances at the same layer are visualized as connected by a horizontal connection in that layer.
The model is a product of the Open Systems Interconnection project at the International Organization for Standardization (ISO).
Communication in the OSI-Model (example with layers 3 to 5)
Iso 7498 2 Security Architecture Model NumberHistory[edit]
Prior to the inception of the OSI project, networking was largely either government-sponsored (ARPANET in the US, CYCLADES in France) or vendor-developed with proprietary standards, such as the System network architecture (SNA) of IBM, and DECnet of Digital Equipment Corporation. An Experimental Packet Switched system in the UK circa 1973, also identified the need for defining higher level protocols. The NCC (UK) publication 'Why Distributed Computing' which came from considerable research into future configurations for computer systems, resulted in the UK presenting the case for an international standards committee to cover this area at the ISO meeting in Sydney in March 1977.
In the late 1970s, the International Organization for Standardization (ISO) conducted a program to develop general standards and methods of networking. A similar process evolved at the International Telegraph and Telephone Consultative Committee (CCITT, from French: Comité Consultatif International Téléphonique et Télégraphique). Both bodies developed documents that defined similar networking models.
The OSI model was first defined in raw form in Washington, DC in February 1978 by Hubert Zimmermann of France and the refined standard was published by the ISO in 1984.[1]
In 1983, these two documents were merged to form a standard called The Basic Reference Model for Open Systems Interconnection. The standard is usually referred to as Open Systems Interconnection Reference Model, OSI Reference Model, or simply OSI model. It was published in 1984 by both the ISO, as standard ISO 7498, and the renamed CCITT (now called the Telecommunications Standardization Sector of the International Telecommunication Union or ITU-T) as standard X.200.
OSI had two major components, an abstract model of networking, called the Basic Reference Model or seven-layer model, and a set of specific protocols. The OSI reference model was a major advance in the teaching of network concepts. It promoted the idea of a consistent model of protocol layers, defining interoperability between network devices and software.
The concept of a seven-layer model was provided by the work of Charles Bachman at Honeywell Information Systems.[2] Various aspects of OSI design evolved from experiences with the ARPANET, NPLNET, EIN, CYCLADES network and the work in IFIP WG6.1. The new design was documented in ISO 7498 and its various addenda. In this model, a networking system was divided into layers. Within each layer, one or more entities implement its functionality. Each entity interacted directly only with the layer immediately beneath it, and provided facilities for use by the layer above it.
The OSI standards documents are available from the ITU-T as the X.200-series of recommendations.[3] Some of the protocol specifications were also available as part of the ITU-T X series. The equivalent ISO and ISO/IEC standards for the OSI model were available from ISO. Not all are free of charge.[4]
OSI was hence an industry effort, attempting to get industry participants to agree on common network standards to provide multi-vendor interoperability. It was common for large networks to support multiple network protocol suites, with many devices unable to interoperate with other devices because of a lack of common protocols. However, while OSI developed its networking standards, TCP/IP came into widespread use on multi-vendor networks for internetworking.[5]
Definitions[edit]
Communication protocols enable an entity in one host to interact with a corresponding entity at the same layer in another host. Service definitions, like the OSI Model, abstractly describe the functionality provided to an (N)-layer by an (N-1) layer, where N is one of the seven layers of protocols operating in the local host.
At each level N, two entities at the communicating devices (layer N peers) exchange protocol data units (PDUs) by means of a layer N protocol. Each PDU contains a payload, called the service data unit (SDU), along with protocol-related headers or footers.
Data processing by two communicating OSI-compatible devices proceeds as follows:
Standards documents[edit]
The OSI model was defined in ISO/IEC 7498 which consists of the following parts:
Layer architecture[edit]
The recommendation X.200 describes seven layers, labeled 1 to 7. Layer 1 is the lowest layer in this model.
Layer 1: Physical Layer[edit]
The physical layer is responsible for the transmission and reception of unstructured raw data between a device and a physical transmission medium. It converts the digital bits into electrical, radio, or optical signals. Layer specifications define characteristics such as voltage levels, the timing of voltage changes, physical data rates, maximum transmission distances, modulation scheme, channel access method and physical connectors. This includes the layout of pins, voltages, line impedance, cable specifications, signal timing and frequency for wireless devices. Bit rate control is done at the physical layer and may define transmission mode as simplex, half duplex, and full duplex. The components of a physical layer can be described in terms of a network topology. Bluetooth, Ethernet, and USB all have specifications for a physical layer.
Iso 7498 2 Security Architecture Model MaterialsLayer 2: Data Link Layer[edit]
The data link layer provides node-to-node data transferâa link between two directly connected nodes. It detects and possibly corrects errors that may occur in the physical layer.It defines the protocol to establish and terminate a connection between two physically connected devices. It also defines the protocol for flow control between them.
IEEE 802 divides the data link layer into two sublayers:[7]
The MAC and LLC layers of IEEE 802 networks such as 802.3Ethernet, 802.11Wi-Fi, and 802.15.4ZigBee operate at the data link layer.
The Point-to-Point Protocol (PPP) is a data link layer protocol that can operate over several different physical layers, such as synchronous and asynchronous serial lines.
The ITU-TG.hn standard, which provides high-speed local area networking over existing wires (power lines, phone lines and coaxial cables), includes a complete data link layer that provides both error correction and flow control by means of a selective-repeatsliding-window protocol.
Layer 3: Network Layer[edit]
The network layer provides the functional and procedural means of transferring variable length data sequences (called packets) from one node to another connected in 'different networks'. A network is a medium to which many nodes can be connected, on which every node has an address and which permits nodes connected to it to transfer messages to other nodes connected to it by merely providing the content of a message and the address of the destination node and letting the network find the way to deliver the message to the destination node, possibly routing it through intermediate nodes. If the message is too large to be transmitted from one node to another on the data link layer between those nodes, the network may implement message delivery by splitting the message into several fragments at one node, sending the fragments independently, and reassembling the fragments at another node. It may, but does not need to, report delivery errors.
Message delivery at the network layer is not necessarily guaranteed to be reliable; a network layer protocol may provide reliable message delivery, but it need not do so.
A number of layer-management protocols, a function defined in the management annex, ISO 7498/4, belong to the network layer. These include routing protocols, multicast group management, network-layer information and error, and network-layer address assignment. It is the function of the payload that makes these belong to the network layer, not the protocol that carries them.[8]
Layer 4: Transport Layer[edit]
The transport layer provides the functional and procedural means of transferring variable-length data sequences from a source to a destination host, while maintaining the quality of service functions.
The transport layer controls the reliability of a given link through flow control, segmentation/desegmentation, and error control. Some protocols are state- and connection-oriented. This means that the transport layer can keep track of the segments and re-transmit those that fail delivery. The transport layer also provides the acknowledgement of the successful data transmission and sends the next data if no errors occurred. Hard truck apocalypse download. The transport layer creates segments out of the message received from the application layer. Segmentation is the process of dividing a long message into smaller messages.
OSI defines five classes of connection-mode transport protocols ranging from class 0 (which is also known as TP0 and provides the fewest features) to class 4 (TP4, designed for less reliable networks, similar to the Internet). Class 0 contains no error recovery, and was designed for use on network layers that provide error-free connections. Class 4 is closest to TCP, although TCP contains functions, such as the graceful close, which OSI assigns to the session layer. Also, all OSI TP connection-mode protocol classes provide expedited data and preservation of record boundaries. Detailed characteristics of TP0-4 classes are shown in the following table:[9]
Security Architecture Design
An easy way to visualize the transport layer is to compare it with a post office, which deals with the dispatch and classification of mail and parcels sent. A post office inspects only the outer envelope of mail to determine its delivery. Higher layers may have the equivalent of double envelopes, such as cryptographic presentation services that can be read by the addressee only. Roughly speaking, tunneling protocols operate at the transport layer, such as carrying non-IP protocols such as IBM's SNA or Novell's IPX over an IP network, or end-to-end encryption with IPsec. While Generic Routing Encapsulation (GRE) might seem to be a network-layer protocol, if the encapsulation of the payload takes place only at the endpoint, GRE becomes closer to a transport protocol that uses IP headers but contains complete Layer 2 frames or Layer 3 packets to deliver to the endpoint. L2TP carries PPP frames inside transport segments.
Although not developed under the OSI Reference Model and not strictly conforming to the OSI definition of the transport layer, the Transmission Control Protocol (TCP) and the User Datagram Protocol (UDP) of the Internet Protocol Suite are commonly categorized as layer-4 protocols within OSI.
Layer 5: Session Layer[edit]
The session layer controls the dialogues (connections) between computers. It establishes, manages and terminates the connections between the local and remote application. It provides for full-duplex, half-duplex, or simplex operation, and establishes procedures for checkpointing, suspending, restarting, and terminating a session. In the OSI model, this layer is responsible for gracefully closing a session, which is handled in the Transmission Control Protocol at the transport layer in the Internet Protocol Suite. This layer is also responsible for session checkpointing and recovery, which is not usually used in the Internet Protocol Suite. The session layer is commonly implemented explicitly in application environments that use remote procedure calls.
Layer 6: Presentation Layer[edit]
The presentation layer establishes context between application-layer entities, in which the application-layer entities may use different syntax and semantics if the presentation service provides a mapping between them. If a mapping is available, presentation protocol data units are encapsulated into session protocol data units and passed down the protocol stack.
This layer provides independence from data representation by translating between application and network formats. The presentation layer transforms data into the form that the application accepts. This layer formats data to be sent across a network. It is sometimes called the syntax layer.[10] The presentation layer can include compression functions.[11] The Presentation Layer negotiates the Transfer Syntax.
The original presentation structure used the Basic Encoding Rules of Abstract Syntax Notation One (ASN.1), with capabilities such as converting an EBCDIC-coded text file to an ASCII-coded file, or serialization of objects and other data structures from and to XML. ASN.1 effectively makes an application protocol invariant with respect to syntax.
Layer 7: Application Layer[edit]
The application layer is the OSI layer closest to the end user, which means both the OSI application layer and the user interact directly with the software application. This layer interacts with software applications that implement a communicating component. Such application programs fall outside the scope of the OSI model. Application-layer functions typically include identifying communication partners, determining resource availability, and synchronizing communication. When identifying communication partners, the application layer determines the identity and availability of communication partners for an application with data to transmit. The most important distinction in the application layer is the distinction between the application-entity and the application. For example, a reservation website might have two application-entities: one using HTTP to communicate with its users, and one for a remote database protocol to record reservations. Neither of these protocols have anything to do with reservations. That logic is in the application itself. The application layer per se has no means to determine the availability of resources in the network.
Cross-layer functions[edit]
Cross-layer functions are services that are not tied to a given layer, but may affect more than one layer.[citation needed] Some orthogonal aspects, such as management and security, involve all of the layers (See ITU-T X.800 Recommendation[12]). These services are aimed at improving the CIA triad â confidentiality, integrity, and availability â of the transmitted data. Cross-layer functions are the norm, in practice, because the availability of a communication service is determined by the interaction between network design and network management protocols. Appropriate choices for both of these are needed to protect against denial of service.[citation needed]
Specific examples of cross-layer functions include the following:
Retrieved from 'https://en.wikipedia.org/w/index.php?title=OSI_model&oldid=911501754'
Security service is a service, provided by a layer of communicating open systems, which ensures adequate security of the systems or of data transfers[1] as defined by ITU-T X.800 Recommendation.
X.800 and ISO 7498-2 (Information processing systems â Open systems interconnection â Basic Reference Model â Part 2: Security architecture)[2] are technically aligned. This model is widely recognized [3][4]
A more general definition is in CNSS Instruction No. 4009 dated 26 April 2010 by Committee on National Security Systems of United States of America:[5]
Another authoritative definition is in W3CWeb service Glossary [6] adopted by NIST SP 800-95:[7]
Basic security terminology[edit]
Information security and Computer security are disciplines that are dealing with the requirements of Confidentiality, Integrity, Availability, the so-called CIA Triad, of information asset of an organization (company or agency) or the information managed by computers respectively.
There are threats that can attack the resources (information or devices to manage it) exploiting one or more vulnerabilities. The resources can be protected by one or more countermeasures or security controls.[8]
So security services implement part of the countermeasures, trying to achieve the security requirements of an organization.[3][9]
Basic OSI terminology[edit]
In order to let different devices (computers, routers, cellular phones) to communicate data in a standardized way, communication protocols had been defined.
The ITU-T organization published a large set of protocols. The general architecture of these protocols is defined in recommendation X.200.[10]
The different means (air, cables) and ways (protocols and protocol stacks) to communicate are called a communication network.
Security requirements are applicable to the information sent over the network. The discipline dealing with security over a network is called Network security.[11]
The X.800 Recommendation:[1]
This Recommendation extends the field of application of Recommendation X.200, to cover secure communications between open systems.
According to X.200 Recommendation, in the so-called OSI Reference model there are 7 layers, each one is generically called N layer. The N+1 entity ask for transmission services to the N entity.[10]
At each level two entities (N-entity) interact by means of the (N) protocol by transmitting Protocol Data Units (PDU).Service Data Unit (SDU) is a specific unit of data that has been passed down from an OSI layer, to a lower layer, and has not yet been encapsulated into a PDU, by the lower layer. It is a set of data that is sent by a user of the services of a given layer, and is transmitted semantically unchanged to a peer service user .The PDU at any given layer, layer 'n', is the SDU of the layer below, layer 'n-1'. In effect the SDU is the 'payload' of a given PDU. That is, the process of changing a SDU to a PDU, consists of an encapsulation process, performed by the lower layer. All the data contained in the SDU becomes encapsulated within the PDU. The layer n-1 adds headers or footers, or both, to the SDU, transforming it into a PDU of layer n-1. The added headers or footers are part of the process used to make it possible to get data from a source to a destination.[10]
OSI security services description[edit]
The following are considered to be the security services which can be provided optionally within the framework of the OSI Reference Model. The authentication services require authentication information comprising locally stored information and data that is transferred (credentials) to facilitate the authentication:[1][4]
Specific security mechanisms[edit]
The security services may be provided by means of security mechanism:[1][3][4]
The table1/X.800 shows the relationships between services and mechanisms
Some of them can be applied to connection oriented protocols, other to connectionless protocols or both.
The table 2/X.800 illustrates the relationship of security services and layers:[4]
Other related meanings[edit]What Is Security ArchitectureManaged security service[edit]
Managed security service (MSS) are network security services that have been outsourced to a service provider. History of india book pdf.
See also[edit]References[edit]
Security Architecture TrainingExternal links[edit]Iso 7498 2 Security Architecture Models
Retrieved from 'https://en.wikipedia.org/w/index.php?title=Security_service_(telecommunication)&oldid=909989756'
Comments are closed.
|
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |