The OSI Security Architecture is an outline that gives a sorted-out
method for characterizing the prerequisites for security and describing the
techniques to filling those requirements.
Active security threats include data transmitted being
modified and efforts to gain unauthorized access to computer systems.
Passive security threats are usually associated with eavesdropping
on, or, monitoring, transmissions. Electronic mail, client or server exchanges
and file transfers are examples.
Active security attacks: masquerade, replay, modification of
messages and denial of service
Passive security attacks: release of message contents and
Access control: prevention of unauthorized use of a resource
that is service controls who can have access to a resource.
Authentication: it is the assurance that the communicating
entity is the one that it claims to be.
Availability service: a system being accessible upon demand
by an authorized system entity
Data confidentiality: it the protection of data from unofficial
Data integrity: the confirmation that information got are
precise as sent by an approved element.
Nonrepudiation: this provides security against denial by one
of the elements involved in a communication of having taken part in all the
May be combined into the suitable protocol layer in order to
offer some of the OSI security services.
Encipherment: the use of mathematical algorithms to change
data into a form that is not readily understandable.
Digital Signature: Data appended to a data unit that allows
a recipient of the data unit to prove the source and integrity of the data unit
and protect against forgery.
Access Control: the variety of mechanisms that enforce
access rights to resources.
Data Integrity: the variety of mechanisms used to assure the
integrity of a data unit or stream of data units.
Authentication Exchange: mechanism intended to ensure the
identity of an entity by means of information exchange.
Traffic Padding: inclusion of bits into gaps in an
information stream to disappoint traffic analysis attempts.
Routing Control: Enables determination of specific
physically secure routes for specific information.
Notarization: use of a trusted third party to data exchange.
Mechanisms that are not definite to any certain OSI security
Trusted Functionality: That which is alleged to be correct
with respect to some criteria.
Security Label: The marking bound to a resource that names the
security attributes of that resource.
Event Detection: Detection of security-relevant events.
Security Audit Trail: Data collected and used to simplify a
Security Recovery: Deals with demands from systems
Economy of Mechanism: This
principle says that the design of security measures personified in both
hardware and software should be as basic and little as could be expected under
Fail-safe defaults: This
principle says that access decisions should be based on permission rather than
Complete mediation: This principle says that every access must be checked against
the access control mechanism.
Open design: This principle says that the design of a security mechanism
should be open rather than secret
Separation of privilege: This
principle says can be defined as a practice in which multiple privilege
attributes are required to achieve access to a restricted resource.
Least privilege: This standard says that every procedure and each
client of the system should operate using the least set of freedoms necessary
to perform the duty
Least common mechanism:
This principle says that the design should to limit the
capacities shared by various clients, giving common security. This principle
helps reduce the number of unintended communication paths and reduces the
amount of hardware and software on which all users depend.
Psychological acceptability: This principle implies that the security
mechanisms should not interfere unduly with the work of users, while at the
same time meeting the needs of those who authorize access.
traits in programming so that you can make changes in one place
without having to also make changes in the other parts of an application
Modularity: design approach that divides a
system into smaller parts called modules.
numerous moderating security to protect resources and data.
least astonishment: applies to user
interface and software design, from
the ergonomics standpoint.
Attack Surface: Comprises of the reachable vulnerabilities
in a system.
Attack Tree: spreading progressive
information structure that speaks to an arrangement of potential strategies for