ISO/IEC INTERNATIONAL STANDARD 10181-5 First edition 1996-09-15 Information technology Open Systems Interconnection Security frameworks for open systems: Confidentiality framework Technologies de I'information --Interconnexion de systemes ouverts (Osl) - Cadres géneraux pour la sécurite des systemes ouverts: Cadre général de confidentialite IEC ISO Reference number ISO/IEC 10181-5:1996(E) Copyright Intermational Organization for Standardization rovided by IHS ense with rmitted without license from IHS Not for Resale ISO/IEC 10181-5:1996(E) Contents Page 1 Scope 1 2 Normative references . 2.1 IdenticalRecommendationsIInternationalStandards... 2 2.2 Paired Recommendations I International Standards equivalent in technical content .. 2 3 Definitions... 2 3.1 Basic Reference Model definitions ... 2 3.2 Security architecture definitions .... 3 3.3 Security frameworks overview definitions.... 3 3.4 Additional definitions ..... 3 4 Abbreviations.. 4 5 General discussion of confidentiality .... 4 5.1 Basic concepts..... 4 5.1.1 Protection of information .... 4 5.1.2 Hide and reveal operations... 5 5.2 Classes of confidentiality services... 5 5.3 Types of confidentiality mechanisms.. 6 5.4 Threats to confidentiality ...... 6 5.4.1 Threats when confidentiality is provided through access prevention 6 5.4.2 Threats when confidentiality is provided through information hiding 7 5.5 Types of confidentiality attacks... 7 6 Confidentiality policies 7 6.1 Policy expression ... 8 6.1.1 8 6.1.2 Entity characterization......... 8 7 Confidentiality information and facilities 8 7.1 8 7.1.1 Hiding confidentiality information .... 8 7.1.2 Revealing confidentiality information .. 9 7.2 Confidentiality facilities... 9 7.2.1 Operation related facilities . 9 7.2.1.1 Hide...... 9 7.2.1.2 Reveal 9 7.2.2 Management related facilities 9 ISO/IEC1996 All rights reserved. Unless otherwise specified, no part of this publication may be reproduced or utilized in any form or by any means, electronic or mechanical, including photocopying and microfilm, without permission in writing from the publisher. ISO/IEC Copyright Office · Case postale 56 · CH-1211 Geneve 20 · Switzerland Printed in Switzerland Copyright Intermational Organization for Standardization ing permitted without license from IHS Not for Resale ISO/IEC ISO/IEC 10181-5:1996(E) 8 Confidentiality mechanisms. 10 8.1 Confidentiality provision through access prevention 10 8.1.1 Confidentiality protection through physical media protection. 10 8.1.2 Confidentiality protection through routing control.. 10 8.2 Confidentiality provision through encipherment.. 10 8.2.1 Confidentiality provision through data padding .. 10 8.2.2 Confidentiality provision through dummy events.. 11 8.2.3 Confidentiality provision through PDUheaderprotection. 11 8.2.4 Confidentiality provision through time varying fields... 11 8.3 Confidentiality provision through contextual location ... 11 9 Interactions with other security services and mechanisms.. 12 9.1 Access Control.. 12 Annex A - Confidentiality in the OSI Reference Model 13 Annex B - Example of a sequence of movements through different confidentiality protected environments . 15 Annex C- Representation of Information 16 Annex D - Covert Channels.. 17 Annex E - Confidentiality Facilities Outline 18 ii No reproduction or networking permtted withoutlicense from IHS Not for Resale