ISO INTERNATIONAL STANDARD 7498-2 First edition 1989-02-15 Information processing systems - Open Systems Interconnection -- Basic Reference Model - Part 2 : Security Architecture Systemes de traitement de I'information - Interconnexion de systemes ouverts Modele dereférencede base Partie 2 : Architecture de sécurité Reference number ISO 7498-2 : 1989 (E) Copyright International Organization for Standardization orking permitted without license from IHS Not for Resale ISO 7498-2 : 1989 (E) Foreword ISo (the International Organization for Standardization) is a worldwide federation of national standards bodies (ISO member bodies). The work of preparing International Standards is normally carried out through ISO technical committees. Each member body interested in a subject for which a technical committee has been established has mental and non-governmental, in liaison with ISO, also take part in the work. ISO collaborates closely with the International Electrotechnical Commission (IEC) on all matters of electrotechnicai standardization. Draft International Standards adopted by the technical committees are circulated to the member bodies for approval before their acceptance as International Standards by least 75 % approval by the member bodies voting. International Standard ISO 7498-2 was prepared by Technicat Committee ISO/TC 97, Information processing systems. Users should note that all International Standards undergo revision from time to time and that any reference made herein to any other International Standard implies its latest edition, unless otherwise stated. 1nternational Organization for Standardization, 1989 Printed in Switzerland ii CopyrightInternational Oorganization for Standardization tted without license from IHS Not for Resale ISO 7498-2 : 1989 (E) Contents Page o Introduction 1 Scope and Field of Application 1 References 2 3 Definitions Notation 4 General description of security services and mechanisms 4 5 4 5.1 Overview Security services . 4 5.2 5.3 Specific security mechanisms Pervasive security mechanisms 5.4 8 5.5 Ilustration of relationship of security services and mechanisms 8 The relationship of services, mechanisms and layers . 8 6.1 Security layering principles 9 6.2 Model of Invocation, Management and Use of Protected (N)-Services 12 Placement of security services and mechanisms Physical layer 12 7.1 12 7.2 Data link layer 12 7.3 Network layer 14 7.4 Transport layer 14 7.5 Session layer 14 7.6 Presentation layer 15 7.7 Application layer 16 Illustration of relationship of security services and layers 7.8 17 Security management 8 17 8.1 General 17 8.2 Categories of Osl security management 18 8.3 Specific system security management activities 18 8.4 Security mechanism management functions Annexes 21 Background information on security in Os! . . . . A Justification for security service placement in clause 32 Choice of position of encipherment for applications . ii Copyright International Organization for Standardization Not for Resale rorking permitted without license from IHS