OSIRM Security Architecture

The part of the OSIRM [I7498-2] that specifies the security services and security mechanisms that can be applied to protect communications between two systems. (See: security architecture.)

Tutorial: This part of the OSIRM includes an allocation of security services to protocol layers. The following table shows which security services (see definitions in this Glossary) are permitted by the OSIRM in each of its layers. (Also, an application process that operates above the Application Layer may itself provide security services.) Similarly, the table suggests which services are suitable for each IPS layer. However, explaining and justifying these allocations is beyond the scope of this Glossary.

Legend for Table Entries: O = Yes, [I7498-2] permits the service in this OSIRM layer. I = Yes, the service can be incorporated in this IPS layer.

• = This layer subsumed by Application Layer in IPS.

IPS Protocol Layers +-----------------------------------------+ |Network| Net |In-| Trans | Application | | H/W |Inter|ter| -port | | | |-face|net| | | OSIRM Protocol Layers +-----------------------------------------+ | 1 | 2 | 3 | 4 | 5 | 6 | 7 | Confidentiality +-----------------------------------------+

• Datagram | O I | O I | O I | O I | | O * | O I |
• Selective Field | | | I | | | O * | O I |
• Traffic Flow | O | | O | | | | O | -- Full | I | | | | | | | -- Partial | | I | I | | | | I | Integrity +-----------------------------------------+
• Datagram | I | I | O I | O I | | | O I |
• Selective Field | | | I | | | | O I |
• Stream | | | O I | O I | | | O I | Authentication +-----------------------------------------+
• Peer Entity | | I | O I | O I | | | O I |
• Data Origin | | I | O I | O I | | | O I | Access Control +-----------------------------------------+
• type as appropriate | | I | O I | O I | | | O I | Non-Repudiation +-----------------------------------------+
• of Origin | | | | | | | O I |
• of Receipt | | | | | | | O I | +-----------------------------------------+